From 30d26d42d817f2a9a04096f0de9a3ecdcd3fd70a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 13:34:09 -0300 Subject: [PATCH 001/517] chore(deps): bump golang from `cdc86d9` to `cdc86d9` (#3423) Bumps golang from `cdc86d9` to `cdc86d9`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tilt.debug.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index c24a71470e1..f3366ec7661 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.2@sha256:450e3822c7a135e1463cd83e51c8e2eb03b86a02113c89424e6f0f8344bb4168 +FROM golang:1.22.2@sha256:d5302d40dc5fbbf38ec472d1848a9d2391a13f93293a6a5b0b87c99dc0eaa6ae WORKDIR / COPY ./bin/external-secrets /external-secrets From 13099fca23c59b72963a27ff718b0257c9e04263 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 13:35:31 -0300 Subject: [PATCH 002/517] chore(deps): bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 (#3425) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 4.0.0 to 5.0.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/3cfe3a4abbb849e10058ce4af15d205b6da42804...82d40c283aeb1f2b6595839195e95c2d6a49081b) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 81d295d7c2f..9b6994f447a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -59,7 +59,7 @@ jobs: run: go mod download - name: Lint - uses: golangci/golangci-lint-action@3cfe3a4abbb849e10058ce4af15d205b6da42804 # v4.0.0 + uses: golangci/golangci-lint-action@82d40c283aeb1f2b6595839195e95c2d6a49081b # v5.0.0 with: version: ${{ env.GOLANGCI_VERSION }} skip-pkg-cache: true From 29021f235fc3b5b83e9c9768df46e536cbeb4388 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 13:35:51 -0300 Subject: [PATCH 003/517] chore(deps): bump actions/checkout from 4.1.3 to 4.1.4 (#3426) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.3 to 4.1.4. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/1d96c772d19495a3b5c517cd2bc0cb401ea0529f...0ad4b8fadaa221de15dcec353f45205ec38ea70b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- .github/workflows/dlc.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/e2e-managed.yml | 2 +- .github/workflows/e2e.yml | 4 ++-- .github/workflows/helm.yml | 4 ++-- .github/workflows/publish.yml | 4 ++-- .github/workflows/rebuild-image.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- .github/workflows/update-deps.yml | 4 ++-- 11 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9b6994f447a..c0d85a396c1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Setup Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Setup Go uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 @@ -100,7 +100,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Fetch History run: git fetch --prune --unshallow diff --git a/.github/workflows/dlc.yml b/.github/workflows/dlc.yml index a26f8448eb4..a8caed74f88 100644 --- a/.github/workflows/dlc.yml +++ b/.github/workflows/dlc.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout Code" - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: "Run FOSSA Scan" uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # main diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 2d622795ff0..a307c3ecd36 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -15,7 +15,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 diff --git a/.github/workflows/e2e-managed.yml b/.github/workflows/e2e-managed.yml index 11088cc5d31..7e225f314d6 100644 --- a/.github/workflows/e2e-managed.yml +++ b/.github/workflows/e2e-managed.yml @@ -64,7 +64,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test-managed checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: ref: 'refs/pull/${{ env.GITHUB_PR_NUMBER }}/merge' diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 004788a0d9c..6db72f15b18 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -58,7 +58,7 @@ jobs: steps: - name: Branch based PR checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Fetch History run: git fetch --prune --unshallow @@ -77,7 +77,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge' diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 41a30e40416..769ac5ecab8 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 2f98bcfa46a..0aea8067450 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -50,7 +50,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: ref: ${{ inputs.ref }} @@ -140,7 +140,7 @@ jobs: needs: build-publish steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Sign image if: env.IS_FORK == 'false' uses: ./.github/actions/sign diff --git a/.github/workflows/rebuild-image.yml b/.github/workflows/rebuild-image.yml index 045f96bd8cb..681ce252ca0 100644 --- a/.github/workflows/rebuild-image.yml +++ b/.github/workflows/rebuild-image.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 24d473e2120..2d7c3dbeae5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 ref: ${{ github.event.inputs.source_ref }} @@ -71,7 +71,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 63830b0a07b..c5a67d87dd9 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -20,7 +20,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: persist-credentials: false diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index 12f4f48311d..d3f0a389a05 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} @@ -52,7 +52,7 @@ jobs: with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.PRIVATE_KEY }} - - uses: actions/checkout@1d96c772d19495a3b5c517cd2bc0cb401ea0529f # v4.1.3 + - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 with: token: ${{ steps.generate_token.outputs.token }} ref: ${{ matrix.branch }} From 9e4215478b6314e4fa6c1661ebba713d75d084bf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 13:36:11 -0300 Subject: [PATCH 004/517] chore(deps): bump github/codeql-action from 3.25.1 to 3.25.3 (#3427) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.1 to 3.25.3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c7f9125735019aa87cfc361530512d50ea439c71...d39d31e687223d841ef683f52467bd88e9b21c14) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c5a67d87dd9..94bf8699d4d 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1 + uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 with: sarif_file: results.sarif From 39252760a6b81873b1fe1dac13f57c3bb94f8d84 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 13:36:25 -0300 Subject: [PATCH 005/517] chore(deps): bump helm/kind-action from 1.9.0 to 1.10.0 (#3428) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.9.0 to 1.10.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/99576bfa6ddf9a8e612d83b513da5a75875caced...0025e74a8c7512023d06dc019c617aa3cf561fde) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/helm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 769ac5ecab8..a5964ebccfe 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -56,7 +56,7 @@ jobs: run: ct lint --config=.github/ci/ct.yaml - name: Create kind cluster - uses: helm/kind-action@99576bfa6ddf9a8e612d83b513da5a75875caced # v1.9.0 + uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) From b7b4c9af7e585b476e6b4f3e3bf69e5aa09c6323 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 13:36:38 -0300 Subject: [PATCH 006/517] chore(deps): bump platformdirs from 4.2.0 to 4.2.1 in /hack/api-docs (#3429) Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 4.2.0 to 4.2.1. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](https://github.com/platformdirs/platformdirs/compare/4.2.0...4.2.1) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 5e222b4f868..31f3ae77c65 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -25,7 +25,7 @@ packaging==24.0 paginate==0.5.6 pathspec==0.12.1 pep562==1.1 -platformdirs==4.2.0 +platformdirs==4.2.1 Pygments==2.17.2 pymdown-extensions==10.8 python-dateutil==2.9.0.post0 From 4276d0339ad5dc59598bba8e6d608567fc2d722e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 13:36:56 -0300 Subject: [PATCH 007/517] chore(deps): bump pymdown-extensions in /hack/api-docs (#3430) Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.8 to 10.8.1. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.8...10.8.1) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 31f3ae77c65..3521baea7ac 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -27,7 +27,7 @@ pathspec==0.12.1 pep562==1.1 platformdirs==4.2.1 Pygments==2.17.2 -pymdown-extensions==10.8 +pymdown-extensions==10.8.1 python-dateutil==2.9.0.post0 PyYAML==6.0.1 pyyaml_env_tag==0.1 From f83c355478e79d000f4bb70bd38ddd1132395c3c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 13:37:13 -0300 Subject: [PATCH 008/517] chore(deps): bump regex from 2024.4.16 to 2024.4.28 in /hack/api-docs (#3431) Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2024.4.16 to 2024.4.28. - [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt) - [Commits](https://github.com/mrabarnett/mrab-regex/compare/2024.4.16...2024.4.28) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 3521baea7ac..4d4889a0236 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -31,7 +31,7 @@ pymdown-extensions==10.8.1 python-dateutil==2.9.0.post0 PyYAML==6.0.1 pyyaml_env_tag==0.1 -regex==2024.4.16 +regex==2024.4.28 requests==2.31.0 six==1.16.0 termcolor==2.4.0 From bfea380daa82aca8f21244d88515c598f1d6ff85 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 13:37:27 -0300 Subject: [PATCH 009/517] chore(deps): bump golang from `b03f3ba` to `d0902ba` in /e2e (#3432) Bumps golang from `b03f3ba` to `d0902ba`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index d8a43828948..7a5c5384b85 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.2-bookworm@sha256:b03f3ba515751657c75475b20941fef47341fccb3341c3c0b64283ff15d3fb46 as builder +FROM golang:1.22.2-bookworm@sha256:d0902bacefdde1cf45528c098d14e55d78c107def8a22d148eabd71582d7a99f as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From e32233f40193485272911c69a04ebb23c56c2254 Mon Sep 17 00:00:00 2001 From: Tyki6 <57527739+tyki6@users.noreply.github.com> Date: Tue, 30 Apr 2024 19:15:10 +0200 Subject: [PATCH 010/517] Update common-k8s-secret-types.md to fix get secret jsonpath (#3434) Signed-off-by: Tyki6 <57527739+tyki6@users.noreply.github.com> --- docs/guides/common-k8s-secret-types.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/guides/common-k8s-secret-types.md b/docs/guides/common-k8s-secret-types.md index 48ef1a4b72a..c4883948d27 100644 --- a/docs/guides/common-k8s-secret-types.md +++ b/docs/guides/common-k8s-secret-types.md @@ -32,7 +32,7 @@ This will generate a valid dockerconfigjson secret for you to use! You can get the final value with: ```bash -kubectl get secret secret-to-be-created -n -o jsonpath="{.data\.dockerconfigjson}" | base64 -d +kubectl get secret secret-to-be-created -n -o jsonpath="{.data.\.dockerconfigjson}" | base64 -d ``` Alternately, if you only have the container registry name and password value, you can take advantage of the advanced ExternalSecret templating functions to create the secret: From 34b4ff10da8edd25539c143f65f93d0b618fd576 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 14:52:59 -0300 Subject: [PATCH 011/517] chore: update dependencies (#3433) * update dependencies Signed-off-by: External Secrets Operator * bump alibaba Signed-off-by: Gustavo Carvalho * bump kube to 0.30 Signed-off-by: Gustavo Carvalho --------- Signed-off-by: External Secrets Operator Signed-off-by: Gustavo Carvalho Co-authored-by: External Secrets Operator Co-authored-by: Gustavo Carvalho --- ...nal-secrets.io_clusterexternalsecrets.yaml | 6 +- ...ternal-secrets.io_clustersecretstores.yaml | 4 +- .../external-secrets.io_externalsecrets.yaml | 2 +- .../external-secrets.io_pushsecrets.yaml | 4 +- .../external-secrets.io_secretstores.yaml | 4 +- ...s.external-secrets.io_acraccesstokens.yaml | 2 +- ...nal-secrets.io_ecrauthorizationtokens.yaml | 2 +- .../generators.external-secrets.io_fakes.yaml | 2 +- ...s.external-secrets.io_gcraccesstokens.yaml | 2 +- ...xternal-secrets.io_githubaccesstokens.yaml | 2 +- ...erators.external-secrets.io_passwords.yaml | 2 +- ...ternal-secrets.io_vaultdynamicsecrets.yaml | 2 +- ...nerators.external-secrets.io_webhooks.yaml | 2 +- deploy/crds/bundle.yaml | 36 ++-- e2e/go.mod | 116 +++++------ e2e/go.sum | 135 ++++++------- go.mod | 88 ++++----- go.sum | 181 +++++++++--------- pkg/provider/alibaba/client.go | 22 +-- pkg/provider/alibaba/kms.go | 2 +- 20 files changed, 312 insertions(+), 304 deletions(-) diff --git a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml index 9445a9feb06..435fd85aae9 100644 --- a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -547,11 +547,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -597,11 +599,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 9ec502620e9..11eac0c40c6 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -1673,11 +1673,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index 3bb615d5088..4f2e129e699 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io diff --git a/config/crds/bases/external-secrets.io_pushsecrets.yaml b/config/crds/bases/external-secrets.io_pushsecrets.yaml index 24016035ac0..c7b93b884f5 100644 --- a/config/crds/bases/external-secrets.io_pushsecrets.yaml +++ b/config/crds/bases/external-secrets.io_pushsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -138,11 +138,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index 6cc50bc0105..b4e19aaabea 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -1673,11 +1673,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string diff --git a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml index f9aa2a25ba6..1db45fdae82 100644 --- a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml index 8869c950e58..41214dff347 100644 --- a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_fakes.yaml b/config/crds/bases/generators.external-secrets.io_fakes.yaml index 272d8aec678..891dcc2b89f 100644 --- a/config/crds/bases/generators.external-secrets.io_fakes.yaml +++ b/config/crds/bases/generators.external-secrets.io_fakes.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml index 09265e13354..202571d0ea1 100644 --- a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml index 36c6867daa2..6f5b70f1ec6 100644 --- a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: githubaccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_passwords.yaml b/config/crds/bases/generators.external-secrets.io_passwords.yaml index 869120ed74f..13c672c667f 100644 --- a/config/crds/bases/generators.external-secrets.io_passwords.yaml +++ b/config/crds/bases/generators.external-secrets.io_passwords.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml index 6fccb81eb9a..fef6aafc429 100644 --- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml +++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_webhooks.yaml b/config/crds/bases/generators.external-secrets.io_webhooks.yaml index 9f3f532130a..b2c4545e7e2 100644 --- a/config/crds/bases/generators.external-secrets.io_webhooks.yaml +++ b/config/crds/bases/generators.external-secrets.io_webhooks.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: webhooks.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 40d7fb18370..f3fb0942a1f 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -519,11 +519,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -566,11 +568,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -654,7 +658,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -2222,11 +2226,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -4816,7 +4822,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -5620,7 +5626,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -5751,11 +5757,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -5995,7 +6003,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -7563,11 +7571,13 @@ spec: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string @@ -10157,7 +10167,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -10352,7 +10362,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -10518,7 +10528,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -10593,7 +10603,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -10720,7 +10730,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: githubaccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -10821,7 +10831,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -10918,7 +10928,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11609,7 +11619,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: webhooks.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/e2e/go.mod b/e2e/go.mod index 5141c51a290..fd381d31e45 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -7,32 +7,32 @@ replace github.com/external-secrets/external-secrets => ../ replace ( github.com/external-secrets/external-secrets v0.0.0 => ../ github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127 - k8s.io/api => k8s.io/api v0.28.1 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.28.1 - k8s.io/apimachinery => k8s.io/apimachinery v0.28.1 - k8s.io/apiserver => k8s.io/apiserver v0.28.1 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.28.1 - k8s.io/client-go => k8s.io/client-go v0.28.1 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.28.1 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.28.1 - k8s.io/code-generator => k8s.io/code-generator v0.28.1 - k8s.io/component-base => k8s.io/component-base v0.28.1 - k8s.io/component-helpers => k8s.io/component-helpers v0.28.1 - k8s.io/controller-manager => k8s.io/controller-manager v0.28.1 - k8s.io/cri-api => k8s.io/cri-api v0.28.1 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.28.1 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.28.1 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.28.1 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.28.1 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.28.1 - k8s.io/kubectl => k8s.io/kubectl v0.28.1 - k8s.io/kubelet => k8s.io/kubelet v0.28.1 - k8s.io/kubernetes => k8s.io/kubernetes v1.27.1 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.28.1 - k8s.io/metrics => k8s.io/metrics v0.28.1 - k8s.io/mount-utils => k8s.io/mount-utils v0.28.1 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.28.1 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.28.1 + k8s.io/api => k8s.io/api v0.30.0 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.0 + k8s.io/apimachinery => k8s.io/apimachinery v0.30.0 + k8s.io/apiserver => k8s.io/apiserver v0.30.0 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.30.0 + k8s.io/client-go => k8s.io/client-go v0.30.0 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.0 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.30.0 + k8s.io/code-generator => k8s.io/code-generator v0.30.0 + k8s.io/component-base => k8s.io/component-base v0.30.0 + k8s.io/component-helpers => k8s.io/component-helpers v0.30.0 + k8s.io/controller-manager => k8s.io/controller-manager v0.30.0 + k8s.io/cri-api => k8s.io/cri-api v0.30.0 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.0 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.0 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.0 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.0 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.0 + k8s.io/kubectl => k8s.io/kubectl v0.30.0 + k8s.io/kubelet => k8s.io/kubelet v0.30.0 + k8s.io/kubernetes => k8s.io/kubernetes v1.30.0 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.0 + k8s.io/metrics => k8s.io/metrics v0.30.0 + k8s.io/mount-utils => k8s.io/mount-utils v0.30.0 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.0 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.0 ) require ( @@ -44,38 +44,39 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.51.21 + github.com/aws/aws-sdk-go v1.51.30 github.com/cyberark/conjur-api-go v0.11.1 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 github.com/fluxcd/pkg/apis/meta v1.2.0 github.com/fluxcd/source-controller/api v1.2.3 github.com/golang-jwt/jwt/v4 v4.5.0 - github.com/hashicorp/vault/api v1.12.2 - github.com/onsi/ginkgo/v2 v2.17.1 - github.com/onsi/gomega v1.30.0 - github.com/oracle/oci-go-sdk/v65 v65.63.1 + github.com/hashicorp/vault/api v1.13.0 + github.com/onsi/ginkgo/v2 v2.17.2 + github.com/onsi/gomega v1.33.0 + github.com/oracle/oci-go-sdk/v65 v65.64.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.26 - github.com/xanzy/go-gitlab v0.102.0 + github.com/xanzy/go-gitlab v0.103.0 golang.org/x/oauth2 v0.19.0 - google.golang.org/api v0.172.0 - k8s.io/api v0.29.3 - k8s.io/apiextensions-apiserver v0.29.3 - k8s.io/apimachinery v0.29.3 + google.golang.org/api v0.176.1 + k8s.io/api v0.30.0 + k8s.io/apiextensions-apiserver v0.30.0 + k8s.io/apimachinery v0.30.0 k8s.io/client-go v1.5.2 - k8s.io/utils v0.0.0-20240310230437-4693a0247e57 - sigs.k8s.io/controller-runtime v0.17.3 + k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 + sigs.k8s.io/controller-runtime v0.18.0 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/compute v1.25.1 // indirect - cloud.google.com/go/compute/metadata v0.2.3 // indirect + cloud.google.com/go/auth v0.3.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect + cloud.google.com/go/compute/metadata v0.3.0 // indirect cloud.google.com/go/iam v1.1.7 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect @@ -103,13 +104,13 @@ require ( github.com/fluxcd/pkg/apis/acl v0.1.0 // indirect github.com/fluxcd/pkg/apis/kustomize v1.2.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/go-jose/go-jose/v3 v3.0.3 // indirect + github.com/go-jose/go-jose/v4 v4.0.1 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/swag v0.23.0 // indirect - github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect + github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/goccy/go-json v0.10.2 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.8.1 // indirect @@ -121,11 +122,12 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd // indirect + github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/googleapis/gax-go/v2 v2.12.3 // indirect + github.com/gorilla/websocket v1.5.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect @@ -156,13 +158,14 @@ require ( github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect + github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_golang v1.19.0 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.52.3 // indirect - github.com/prometheus/procfs v0.13.0 // indirect + github.com/prometheus/common v0.53.0 // indirect + github.com/prometheus/procfs v0.14.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/segmentio/asm v1.2.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect @@ -176,13 +179,13 @@ require ( github.com/tidwall/sjson v1.2.5 // indirect github.com/zalando/go-keyring v0.2.4 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.50.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.50.0 // indirect - go.opentelemetry.io/otel v1.25.0 // indirect - go.opentelemetry.io/otel/metric v1.25.0 // indirect - go.opentelemetry.io/otel/trace v1.25.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect + go.opentelemetry.io/otel v1.26.0 // indirect + go.opentelemetry.io/otel/metric v1.26.0 // indirect + go.opentelemetry.io/otel/trace v1.26.0 // indirect golang.org/x/crypto v0.22.0 // indirect - golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 // indirect + golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect golang.org/x/net v0.24.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.19.0 // indirect @@ -191,9 +194,9 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.20.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240412170617-26222e5d3d56 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240412170617-26222e5d3d56 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240412170617-26222e5d3d56 // indirect + google.golang.org/genproto v0.0.0-20240415180920-8c6c420018be // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect google.golang.org/grpc v1.63.2 // indirect google.golang.org/protobuf v1.33.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -201,9 +204,8 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect - k8s.io/component-base v0.29.3 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3 // indirect + k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index 949fdaeb868..47d4c20de56 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,17 +20,19 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.112.2 h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw= cloud.google.com/go v0.112.2/go.mod h1:iEqjp//KquGIJV/m+Pk3xecgKNhV+ry+vVTsy4TbDms= +cloud.google.com/go/auth v0.3.0 h1:PRyzEpGfx/Z9e8+lHsbkoUVXD0gnu4MNmm7Gp8TQNIs= +cloud.google.com/go/auth v0.3.0/go.mod h1:lBv6NKTWp8E3LPzmO1TbiiRKc4drLOfHsgmlH9ogv5w= +cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= +cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.25.1 h1:ZRpHJedLtTpKgr3RV1Fx23NuaAEN1Zfx9hw1u4aJdjU= -cloud.google.com/go/compute v1.25.1/go.mod h1:oopOIR53ly6viBYxaDhBfJwzUAxf1zE//uf3IB011ls= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= -cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= +cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= +cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/iam v1.1.7 h1:z4VHOhwKLF/+UYXAJDFwGtNF0b6gjsW1Pk9Ml0U/IoM= @@ -58,8 +60,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0 h1:sUFnFjzDUie80h24I7mrKtwCKgLY9L8h5Tp2x9+TWqk= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0/go.mod h1:52JbnQTp15qg5mRkMBHwp0j0ZFwHJ42Sx3zVV5RE9p0= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= @@ -112,8 +114,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.51.21 h1:UrT6JC9R9PkYYXDZBV0qDKTualMr+bfK2eboTknMgbs= -github.com/aws/aws-sdk-go v1.51.21/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.51.30 h1:RVFkjn9P0JMwnuZCVH0TlV5k9zepHzlbc4943eZMhGw= +github.com/aws/aws-sdk-go v1.51.30/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -178,8 +180,8 @@ github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyT github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= -github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= +github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -193,8 +195,8 @@ github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= @@ -284,8 +286,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd h1:gbpYu9NMq8jhDVbvlGkMFWCjLFlqqEZjEmObmhUy6Vo= -github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -302,6 +304,8 @@ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5m github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA= github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= +github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= +github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -326,8 +330,8 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= -github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE= -github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE= +github.com/hashicorp/vault/api v1.13.0 h1:RTCGpE2Rgkn9jyPcFlc7YmNocomda44k5ck8FKMH41Y= +github.com/hashicorp/vault/api v1.13.0/go.mod h1:0cb/uZUv1w2cVu9DIvuW1SMlXXC6qtATJt+LXJRx+kg= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= @@ -399,14 +403,16 @@ github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3P github.com/montanaflynn/stats v0.7.0/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= +github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/gomega v1.33.0 h1:snPCflnZrpMsy94p4lXVEkHo12lmPnc3vY5XBbreexE= +github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.63.1 h1:dYL7sk9L1+C9LCmoq+zjPMNteuJJfk54YExq/4pV9xQ= -github.com/oracle/oci-go-sdk/v65 v65.63.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.64.0 h1:tsoFQS8TC2RJ55RM9zBVN/aD8wC/BVV3kxyNn7qsMiQ= +github.com/oracle/oci-go-sdk/v65 v65.64.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -419,10 +425,10 @@ github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdU github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.52.3 h1:5f8uj6ZwHSscOGNdIQg6OiZv/ybiK2CO2q2drVZAQSA= -github.com/prometheus/common v0.52.3/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= -github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o= -github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g= +github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE= +github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= +github.com/prometheus/procfs v0.14.0 h1:Lw4VdGGoKEZilJsayHf0B+9YgLGREba2C6xr+Fdfq6s= +github.com/prometheus/procfs v0.14.0/go.mod h1:XL+Iwz8k8ZabyZfMFHPiilCniixqQarAy5Mu67pHlNQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= @@ -475,8 +481,8 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= -github.com/xanzy/go-gitlab v0.102.0 h1:ExHuJ1OTQ2yt25zBMMj0G96ChBirGYv8U7HyUiYkZ+4= -github.com/xanzy/go-gitlab v0.102.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.103.0 h1:J9pTQoq0GsEFqzd6srCM1QfdfKAxSNz6mT6ntrpNF2w= +github.com/xanzy/go-gitlab v0.103.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -493,18 +499,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.50.0 h1:zvpPXY7RfYAGSdYQLjp6zxdJNSYD/+FFoCTQN9IPxBs= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.50.0/go.mod h1:BMn8NB1vsxTljvuorms2hyOs8IBuuBEq0pl7ltOfy30= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.50.0 h1:cEPbyTSEHlQR89XVlyo78gqluF8Y3oMeBkXGWzQsfXY= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.50.0/go.mod h1:DKdbWcT4GH1D0Y3Sqt/PFXt2naRKDWtU+eE6oLdFNA8= -go.opentelemetry.io/otel v1.25.0 h1:gldB5FfhRl7OJQbUHt/8s0a7cE8fbsPAtdpRaApKy4k= -go.opentelemetry.io/otel v1.25.0/go.mod h1:Wa2ds5NOXEMkCmUou1WA7ZBfLTHWIsp034OVD7AO+Vg= -go.opentelemetry.io/otel/metric v1.25.0 h1:LUKbS7ArpFL/I2jJHdJcqMGxkRdxpPHE0VU/D4NuEwA= -go.opentelemetry.io/otel/metric v1.25.0/go.mod h1:rkDLUSd2lC5lq2dFNrX9LGAbINP5B7WBkC78RXCpH5s= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 h1:A3SayB3rNyt+1S6qpI9mHPkeHTZbD7XILEqWnYZb2l0= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0/go.mod h1:27iA5uvhuRNmalO+iEUdVn5ZMj2qy10Mm+XRIpRmyuU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 h1:Xs2Ncz0gNihqu9iosIZ5SkBbWo5T8JhhLJFMQL1qmLI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0/go.mod h1:vy+2G/6NvVMpwGX/NyLqcC41fxepnuKHk16E6IZUcJc= +go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= +go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= +go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= +go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw= go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= -go.opentelemetry.io/otel/trace v1.25.0 h1:tqukZGLwQYRIFtSQM2u2+yfMVTgGVeqRLPUYx1Dq6RM= -go.opentelemetry.io/otel/trace v1.25.0/go.mod h1:hCCs70XM/ljO+BeQkyFnbK28SBIJ/Emuha+ccrCRT7I= +go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= +go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= @@ -527,7 +533,6 @@ golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -540,8 +545,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 h1:ESSUROHIBHg7USnszlcdmjBEwdMj9VUvU+OPk4yl2mc= -golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= +golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY= +golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -691,7 +696,6 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -702,7 +706,6 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -805,8 +808,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.172.0 h1:/1OcMZGPmW1rX2LCu2CmGUD1KXK1+pfzxotxyRUCCdk= -google.golang.org/api v0.172.0/go.mod h1:+fJZq6QXWfa9pXhnIzsjx4yI22d4aI9ZpLb58gvXjis= +google.golang.org/api v0.176.1 h1:DJSXnV6An+NhJ1J+GWtoF2nHEuqB1VNoTfnIbjNvwD4= +google.golang.org/api v0.176.1/go.mod h1:j2MaSDYcvYV1lkZ1+SMW4IeF90SrEyFA+tluDYWRrFg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -854,12 +857,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240412170617-26222e5d3d56 h1:LlcUFJ4BLmJVS4Kly+WCK7LQqcevmycHj88EPgyhNx8= -google.golang.org/genproto v0.0.0-20240412170617-26222e5d3d56/go.mod h1:n1CaIKYMIlxFt1zJE/1kU40YpSL0drGMbl0Idum1VSs= -google.golang.org/genproto/googleapis/api v0.0.0-20240412170617-26222e5d3d56 h1:KuFzeG+qPmpT8KpJXcrKAyeHhn64dgEICWlccP9qp0U= -google.golang.org/genproto/googleapis/api v0.0.0-20240412170617-26222e5d3d56/go.mod h1:wTHjrkbcS8AoQbb/0v9bFIPItZQPAsyVfgG9YPUhjAM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240412170617-26222e5d3d56 h1:zviK8GX4VlMstrK3JkexM5UHjH1VOkRebH9y3jhSBGk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240412170617-26222e5d3d56/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/genproto v0.0.0-20240415180920-8c6c420018be h1:g4aX8SUFA8V5F4LrSY5EclyGYw1OZN4HS1jTyjB9ZDc= +google.golang.org/genproto v0.0.0-20240415180920-8c6c420018be/go.mod h1:FeSdT5fk+lkxatqJP38MsUicGqHax5cLtmy/6TAuxO4= +google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be h1:Zz7rLWqp0ApfsR/l7+zSHhY3PMiH2xqgxlfYfAfNpoU= +google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be/go.mod h1:dvdCTIoAGbkWbcIKBniID56/7XHTt6WfxXNMxuziJ+w= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be h1:LG9vZxsWGOmUKieR8wPAUR3u3MpnYFQZROPIMaXh7/A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -925,27 +928,25 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.28.1 h1:i+0O8k2NPBCPYaMB+uCkseEbawEt/eFaiRqUx8aB108= -k8s.io/api v0.28.1/go.mod h1:uBYwID+66wiL28Kn2tBjBYQdEU0Xk0z5qF8bIBqk/Dg= -k8s.io/apiextensions-apiserver v0.28.1 h1:l2ThkBRjrWpw4f24uq0Da2HaEgqJZ7pcgiEUTKSmQZw= -k8s.io/apiextensions-apiserver v0.28.1/go.mod h1:sVvrI+P4vxh2YBBcm8n2ThjNyzU4BQGilCQ/JAY5kGs= -k8s.io/apimachinery v0.28.1 h1:EJD40og3GizBSV3mkIoXQBsws32okPOy+MkRyzh6nPY= -k8s.io/apimachinery v0.28.1/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEvw= -k8s.io/client-go v0.28.1 h1:pRhMzB8HyLfVwpngWKE8hDcXRqifh1ga2Z/PU9SXVK8= -k8s.io/client-go v0.28.1/go.mod h1:pEZA3FqOsVkCc07pFVzK076R+P/eXqsgx5zuuRWukNE= -k8s.io/component-base v0.28.1 h1:LA4AujMlK2mr0tZbQDZkjWbdhTV5bRyEyAFe0TJxlWg= -k8s.io/component-base v0.28.1/go.mod h1:jI11OyhbX21Qtbav7JkhehyBsIRfnO8oEgoAR12ArIU= +k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= +k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= +k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= +k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= +k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= +k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3 h1:SbdLaI6mM6ffDSJCadEaD4IkuPzepLDGlkd2xV0t1uA= -k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= -k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 h1:Q8Z7VlGhcJgBHJHYugJ/K/7iB8a2eSxCyxdVjJp+lLY= +k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 h1:ao5hUqGhsqdm+bYbjH/pRkCs0unBGe9UyDahzs9zQzQ= +k8s.io/utils v0.0.0-20240423183400-0849a56e8f22/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.17.3 h1:65QmN7r3FWgTxDMz9fvGnO1kbf2nu+acg9p2R9oYYYk= -sigs.k8s.io/controller-runtime v0.17.3/go.mod h1:N0jpP5Lo7lMTF9aL56Z/B2oWBJjey6StQM0jRbKQXtY= +sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= +sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/go.mod b/go.mod index c646daff382..d3c14c3d49c 100644 --- a/go.mod +++ b/go.mod @@ -10,51 +10,51 @@ require ( github.com/Azure/go-autorest/autorest/adal v0.9.23 github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 - github.com/IBM/go-sdk-core/v5 v5.16.5 + github.com/IBM/go-sdk-core/v5 v5.17.0 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/sprig/v3 v3.2.3 github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.51.21 + github.com/aws/aws-sdk-go v1.51.30 github.com/go-logr/logr v1.4.1 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 github.com/google/uuid v1.6.0 github.com/googleapis/gax-go/v2 v2.12.3 - github.com/hashicorp/vault/api v1.12.2 + github.com/hashicorp/vault/api v1.13.0 github.com/hashicorp/vault/api/auth/approle v0.6.0 github.com/hashicorp/vault/api/auth/kubernetes v0.6.0 github.com/hashicorp/vault/api/auth/ldap v0.6.0 github.com/huandu/xstrings v1.4.0 // indirect - github.com/onsi/ginkgo/v2 v2.17.1 - github.com/onsi/gomega v1.30.0 - github.com/oracle/oci-go-sdk/v65 v65.63.1 + github.com/onsi/ginkgo/v2 v2.17.2 + github.com/onsi/gomega v1.33.0 + github.com/oracle/oci-go-sdk/v65 v65.64.0 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.0 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.1 - github.com/xanzy/go-gitlab v0.102.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240401111333-b9ee0d3d9e6b - github.com/yandex-cloud/go-sdk v0.0.0-20240318084659-dfa50323a0b4 - github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a + github.com/xanzy/go-gitlab v0.103.0 + github.com/yandex-cloud/go-genproto v0.0.0-20240425114406-68c9b49389a1 + github.com/yandex-cloud/go-sdk v0.0.0-20240425115054-85caccb84041 + github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.22.0 golang.org/x/oauth2 v0.19.0 - google.golang.org/api v0.172.0 - google.golang.org/genproto v0.0.0-20240412170617-26222e5d3d56 + google.golang.org/api v0.176.1 + google.golang.org/genproto v0.0.0-20240415180920-8c6c420018be google.golang.org/grpc v1.63.2 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 - k8s.io/api v0.29.3 - k8s.io/apiextensions-apiserver v0.29.3 - k8s.io/apimachinery v0.29.3 - k8s.io/client-go v0.29.3 - k8s.io/utils v0.0.0-20240310230437-4693a0247e57 - sigs.k8s.io/controller-runtime v0.17.3 - sigs.k8s.io/controller-tools v0.14.0 + k8s.io/api v0.30.0 + k8s.io/apiextensions-apiserver v0.30.0 + k8s.io/apimachinery v0.30.0 + k8s.io/client-go v0.30.0 + k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 + sigs.k8s.io/controller-runtime v0.18.0 + sigs.k8s.io/controller-tools v0.15.0 ) require github.com/1Password/connect-sdk-go v1.5.3 @@ -70,8 +70,8 @@ require ( github.com/alibabacloud-go/openapi-util v0.1.0 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.5 - github.com/aliyun/credentials-go v1.3.2 - github.com/avast/retry-go/v4 v4.5.1 + github.com/aliyun/credentials-go v1.3.3 + github.com/avast/retry-go/v4 v4.6.0 github.com/cyberark/conjur-api-go v0.11.1 github.com/fortanix/sdkms-client-go v0.4.0 github.com/go-openapi/strfmt v0.23.0 @@ -85,7 +85,7 @@ require ( github.com/passbolt/go-passbolt v0.7.0 github.com/pulumi/esc v0.8.3 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.26 - github.com/sethvargo/go-password v0.2.0 + github.com/sethvargo/go-password v0.3.0 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 sigs.k8s.io/yaml v1.4.0 @@ -93,12 +93,14 @@ require ( ) require ( - cloud.google.com/go/compute/metadata v0.2.3 // indirect + cloud.google.com/go/auth v0.3.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect + cloud.google.com/go/compute/metadata v0.3.0 // indirect dario.cat/mergo v1.0.0 // indirect - github.com/Microsoft/go-winio v0.6.1 // indirect + github.com/Microsoft/go-winio v0.6.2 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect - github.com/ProtonMail/gopenpgp/v2 v2.7.4 // indirect + github.com/ProtonMail/gopenpgp/v2 v2.7.5 // indirect github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/alessio/shellescape v1.4.2 // indirect @@ -123,7 +125,7 @@ require ( github.com/charmbracelet/lipgloss v0.10.0 // indirect github.com/cheggaaa/pb v1.0.29 // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect - github.com/cloudflare/circl v1.3.7 // indirect + github.com/cloudflare/circl v1.3.8 // indirect github.com/containerd/console v1.0.4 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/danieljoos/wincred v1.2.1 // indirect @@ -134,9 +136,10 @@ require ( github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.5.0 // indirect github.com/go-git/go-git/v5 v5.12.0 // indirect - github.com/go-jose/go-jose/v3 v3.0.3 // indirect + github.com/go-jose/go-jose/v4 v4.0.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-playground/validator/v10 v10.19.0 // indirect + github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.8.1 // indirect github.com/golang/glog v1.2.1 // indirect @@ -161,7 +164,7 @@ require ( github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.112.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.114.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect @@ -176,23 +179,22 @@ require ( github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/zalando/go-keyring v0.2.4 // indirect github.com/zclconf/go-cty v1.14.4 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.50.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.50.0 // indirect - go.opentelemetry.io/otel v1.25.0 // indirect - go.opentelemetry.io/otel/metric v1.25.0 // indirect - go.opentelemetry.io/otel/trace v1.25.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect + go.opentelemetry.io/otel v1.26.0 // indirect + go.opentelemetry.io/otel/metric v1.26.0 // indirect + go.opentelemetry.io/otel/trace v1.26.0 // indirect golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240412170617-26222e5d3d56 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240412170617-26222e5d3d56 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect gopkg.in/warnings.v0 v0.1.2 // indirect - k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3 // indirect + k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 // indirect lukechampine.com/frand v1.4.2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) require ( - cloud.google.com/go/compute v1.25.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect @@ -223,7 +225,6 @@ require ( github.com/go-openapi/swag v0.23.0 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect github.com/gobuffalo/flect v1.0.2 // indirect github.com/goccy/go-json v0.10.2 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -232,7 +233,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd // indirect + github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -270,8 +271,8 @@ require ( github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/common v0.52.3 // indirect - github.com/prometheus/procfs v0.13.0 // indirect + github.com/prometheus/common v0.53.0 // indirect + github.com/prometheus/procfs v0.14.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect @@ -285,7 +286,7 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 + golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f golang.org/x/mod v0.17.0 // indirect golang.org/x/net v0.24.0 // indirect golang.org/x/sys v0.19.0 // indirect @@ -298,7 +299,6 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/component-base v0.29.3 // indirect k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 // indirect k8s.io/klog v1.0.0 // indirect k8s.io/klog/v2 v2.120.1 // indirect diff --git a/go.sum b/go.sum index e255c153bca..7796e2e1f8d 100644 --- a/go.sum +++ b/go.sum @@ -20,17 +20,19 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.112.2 h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw= cloud.google.com/go v0.112.2/go.mod h1:iEqjp//KquGIJV/m+Pk3xecgKNhV+ry+vVTsy4TbDms= +cloud.google.com/go/auth v0.3.0 h1:PRyzEpGfx/Z9e8+lHsbkoUVXD0gnu4MNmm7Gp8TQNIs= +cloud.google.com/go/auth v0.3.0/go.mod h1:lBv6NKTWp8E3LPzmO1TbiiRKc4drLOfHsgmlH9ogv5w= +cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= +cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.25.1 h1:ZRpHJedLtTpKgr3RV1Fx23NuaAEN1Zfx9hw1u4aJdjU= -cloud.google.com/go/compute v1.25.1/go.mod h1:oopOIR53ly6viBYxaDhBfJwzUAxf1zE//uf3IB011ls= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= -cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= +cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= +cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/iam v1.1.7 h1:z4VHOhwKLF/+UYXAJDFwGtNF0b6gjsW1Pk9Ml0U/IoM= @@ -62,8 +64,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2 h1:LqbJ/WzJUwBf8UiaSzgX7aMclParm9/5Vgp+TY51uBQ= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.2/go.mod h1:yInRyqWXAuaPrgI7p70+lDDgh3mlBohis29jGMISnmc= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0 h1:sUFnFjzDUie80h24I7mrKtwCKgLY9L8h5Tp2x9+TWqk= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0/go.mod h1:52JbnQTp15qg5mRkMBHwp0j0ZFwHJ42Sx3zVV5RE9p0= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= @@ -100,8 +102,8 @@ github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59Bp github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2/go.mod h1:tNlpIXJlIwQlRbobXDPme4qv/Rc8+a1GbuUhE3m4JhQ= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= -github.com/IBM/go-sdk-core/v5 v5.16.5 h1:5ZltNcryRI8kVcuvNJGR2EXKqb7HtM4atA0Nm5QwAFE= -github.com/IBM/go-sdk-core/v5 v5.16.5/go.mod h1:GatGZpxlo1KaxiRN6E10/rNgWtUtx1hN/GoHSCaSPKA= +github.com/IBM/go-sdk-core/v5 v5.17.0 h1:J/8by7r70JmCYqXL/NHFcgpneFAqv16oKMtif+syA14= +github.com/IBM/go-sdk-core/v5 v5.17.0/go.mod h1:GatGZpxlo1KaxiRN6E10/rNgWtUtx1hN/GoHSCaSPKA= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 h1:xa9e+POVqaXxXHXkSMCOVAbKdUNEu86jQmo5hcpd+L4= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4/go.mod h1:5gq8D8uWOIbqOm1uztay6lpOysgJaxxEsaVZLWGWb40= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -112,8 +114,8 @@ github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYr github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= -github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= -github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= +github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= +github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d h1:V7xPdg5XgCcUJgL57zfZSNOIvrDPWA4SpWuRJ0UVwKs= github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d/go.mod h1:WI6HYqD62DSW+C0gMS0zHe/vXhZVCUg2ecVosnglPNc= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -128,8 +130,8 @@ github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0k github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw= -github.com/ProtonMail/gopenpgp/v2 v2.7.4 h1:Vz/8+HViFFnf2A6XX8JOvZMrA6F5puwNvvF21O1mRlo= -github.com/ProtonMail/gopenpgp/v2 v2.7.4/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g= +github.com/ProtonMail/gopenpgp/v2 v2.7.5 h1:STOY3vgES59gNgoOt2w0nyHBjKViB/qSg7NjbQWPJkA= +github.com/ProtonMail/gopenpgp/v2 v2.7.5/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= @@ -186,8 +188,8 @@ github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzY github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8= github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= -github.com/aliyun/credentials-go v1.3.2 h1:L4WppI9rctC8PdlMgyTkF8bBsy9pyKQEzBD1bHMRl+g= -github.com/aliyun/credentials-go v1.3.2/go.mod h1:tlpz4uys4Rn7Ik4/piGRrTbXy2uLKvePgQJJduE+Y5c= +github.com/aliyun/credentials-go v1.3.3 h1:pFUKbHxHprjaMkEkYquCmUdU9t3bSGBeA4TFyUtLozc= +github.com/aliyun/credentials-go v1.3.3/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= @@ -200,14 +202,14 @@ github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3d github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4= github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= -github.com/avast/retry-go/v4 v4.5.1 h1:AxIx0HGi4VZ3I02jr78j5lZ3M6x1E0Ivxa6b0pUUh7o= -github.com/avast/retry-go/v4 v4.5.1/go.mod h1:/sipNsvNB3RRuT5iNcb6h73nw3IBmXJ/H3XrCQYSOpc= +github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinRJA= +github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.49.22/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go v1.51.21 h1:UrT6JC9R9PkYYXDZBV0qDKTualMr+bfK2eboTknMgbs= -github.com/aws/aws-sdk-go v1.51.21/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.51.30 h1:RVFkjn9P0JMwnuZCVH0TlV5k9zepHzlbc4943eZMhGw= +github.com/aws/aws-sdk-go v1.51.30/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -243,8 +245,8 @@ github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyM github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= -github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= +github.com/cloudflare/circl v1.3.8 h1:j+V8jJt09PoeMFIu2uh5JUyEaIHTXVOHslFoLNAKqwI= +github.com/cloudflare/circl v1.3.8/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -326,8 +328,8 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= -github.com/go-jose/go-jose/v3 v3.0.3 h1:fFKWeig/irsp7XD2zBxvnmA/XaRWp5V3CBsZXJF7G7k= -github.com/go-jose/go-jose/v3 v3.0.3/go.mod h1:5b+7YgP7ZICgJDBdfjZaIt+H/9L9T/YQrVfLAMboGkQ= +github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= +github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -356,8 +358,8 @@ github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91 github.com/go-playground/validator/v10 v10.19.0 h1:ol+5Fu+cSq9JD7SoSqe04GMI92cbn0+wvQ3bZ8b/AU4= github.com/go-playground/validator/v10 v10.19.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI= -github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls= +github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= +github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= @@ -455,8 +457,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd h1:gbpYu9NMq8jhDVbvlGkMFWCjLFlqqEZjEmObmhUy6Vo= -github.com/google/pprof v0.0.0-20240409012703-83162a5b38cd/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= +github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -519,8 +521,8 @@ github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06A github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc= github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4= github.com/hashicorp/vault/api v1.12.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck= -github.com/hashicorp/vault/api v1.12.2 h1:7YkCTE5Ni90TcmYHDBExdt4WGJxhpzaHqR6uGbQb/rE= -github.com/hashicorp/vault/api v1.12.2/go.mod h1:LSGf1NGT1BnvFFnKVtnvcaLBM2Lz+gJdpL6HUYed8KE= +github.com/hashicorp/vault/api v1.13.0 h1:RTCGpE2Rgkn9jyPcFlc7YmNocomda44k5ck8FKMH41Y= +github.com/hashicorp/vault/api v1.13.0/go.mod h1:0cb/uZUv1w2cVu9DIvuW1SMlXXC6qtATJt+LXJRx+kg= github.com/hashicorp/vault/api/auth/approle v0.6.0 h1:ELfFFQlTM/e97WJKu1HvNFa7lQ3tlTwwzrR1NJE1V7Y= github.com/hashicorp/vault/api/auth/approle v0.6.0/go.mod h1:CCoIl1xBC3lAWpd1HV+0ovk76Z8b8Mdepyk21h3pGk0= github.com/hashicorp/vault/api/auth/aws v0.6.0 h1:L4mBSAW44EjgX4OJ3w6aDXQeehuGE9OMY9ldNbKgGXM= @@ -662,17 +664,17 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.17.1 h1:V++EzdbhI4ZV4ev0UTIj0PzhzOcReJFyJaLjtSF55M8= -github.com/onsi/ginkgo/v2 v2.17.1/go.mod h1:llBI3WDLL9Z6taip6f33H76YcWtJv+7R3HigUjbIBOs= -github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= -github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= +github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/gomega v1.33.0 h1:snPCflnZrpMsy94p4lXVEkHo12lmPnc3vY5XBbreexE= +github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY= github.com/opentracing/basictracer-go v1.1.0 h1:Oa1fTSBvAl8pa3U+IJYqrKm0NALwH9OsgwOqDv4xJW0= github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS69fQMD+MNP1mRs6mBQc= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.63.1 h1:dYL7sk9L1+C9LCmoq+zjPMNteuJJfk54YExq/4pV9xQ= -github.com/oracle/oci-go-sdk/v65 v65.63.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.64.0 h1:tsoFQS8TC2RJ55RM9zBVN/aD8wC/BVV3kxyNn7qsMiQ= +github.com/oracle/oci-go-sdk/v65 v65.64.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= @@ -693,16 +695,16 @@ github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdU github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.52.3 h1:5f8uj6ZwHSscOGNdIQg6OiZv/ybiK2CO2q2drVZAQSA= -github.com/prometheus/common v0.52.3/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= -github.com/prometheus/procfs v0.13.0 h1:GqzLlQyfsPbaEHaQkO7tbDlriv/4o5Hudv6OXHGKX7o= -github.com/prometheus/procfs v0.13.0/go.mod h1:cd4PFCR54QLnGKPaKGA6l+cfuNXtht43ZKY6tow0Y1g= +github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE= +github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= +github.com/prometheus/procfs v0.14.0 h1:Lw4VdGGoKEZilJsayHf0B+9YgLGREba2C6xr+Fdfq6s= +github.com/prometheus/procfs v0.14.0/go.mod h1:XL+Iwz8k8ZabyZfMFHPiilCniixqQarAy5Mu67pHlNQ= github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0= github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.8.3 h1:myeDL6dD/mz34zZjCL8s7d/tWHBJYxfMxDCL11MHoqc= github.com/pulumi/esc v0.8.3/go.mod h1:v5VAPxYDa9DRwvubbzKt4ZYf5y0esWC2ccSp/AT923I= -github.com/pulumi/pulumi/sdk/v3 v3.112.0 h1:cq2x5N6iuYhSLdeOdRs+LIq0EneB0Cb54WOlD/VaX3E= -github.com/pulumi/pulumi/sdk/v3 v3.112.0/go.mod h1:JWSzKBoHd8rlncC1DhXLf7YdV+Bk/Qf+hSZOOQh0WwQ= +github.com/pulumi/pulumi/sdk/v3 v3.114.0 h1:KPBSvm04wE2/AdS8PlABxZAW4o7pSAnar0QOooH13no= +github.com/pulumi/pulumi/sdk/v3 v3.114.0/go.mod h1:d6LZJHqEfpgXUd8rFSSsbaPJcocZObXeaUr87jbA5MY= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -732,8 +734,8 @@ github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= -github.com/sethvargo/go-password v0.2.0 h1:BTDl4CC/gjf/axHMaDQtw507ogrXLci6XRiLc7i/UHI= -github.com/sethvargo/go-password v0.2.0/go.mod h1:Ym4Mr9JXLBycr02MFuVQ/0JHidNetSgbzutTr3zsYXE= +github.com/sethvargo/go-password v0.3.0 h1:OLFHZ91Z7NiNP3dnaPxLxCDXlb6TBuxFzMvv6bu+Ptw= +github.com/sethvargo/go-password v0.3.0/go.mod h1:p6we8DZ0eyYXof9pon7Cqrw98N4KTaYiadDml1dUEEw= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= @@ -798,17 +800,16 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= -github.com/xanzy/go-gitlab v0.102.0 h1:ExHuJ1OTQ2yt25zBMMj0G96ChBirGYv8U7HyUiYkZ+4= -github.com/xanzy/go-gitlab v0.102.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.103.0 h1:J9pTQoq0GsEFqzd6srCM1QfdfKAxSNz6mT6ntrpNF2w= +github.com/xanzy/go-gitlab v0.103.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/yandex-cloud/go-genproto v0.0.0-20240318083951-4fe6125f286e/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-genproto v0.0.0-20240401111333-b9ee0d3d9e6b h1:mOhpdzir8wyeM0AzMPKj6RteKpRjaP661fBPzJcRD+g= -github.com/yandex-cloud/go-genproto v0.0.0-20240401111333-b9ee0d3d9e6b/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240318084659-dfa50323a0b4 h1:wtzLQJmghkSUb1YkeFphIh7ST7NNVDaVOJZSAJcjMdw= -github.com/yandex-cloud/go-sdk v0.0.0-20240318084659-dfa50323a0b4/go.mod h1:9d1MV6u4lK715YXnZceKqhP4L0bKBKmv4mSLnVSjJaM= -github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a h1:fZHgsYlfvtyqToslyjUt3VOPF4J7aK/3MPcK7xp3PDk= -github.com/youmark/pkcs8 v0.0.0-20201027041543-1326539a0a0a/go.mod h1:ul22v+Nro/R083muKhosV54bj5niojjWZvU8xrevuH4= +github.com/yandex-cloud/go-genproto v0.0.0-20240425114406-68c9b49389a1 h1:VDGcTxVXpQ6N2sKdKVzSrt1Rp6xm4thrCH5TeqMoWtY= +github.com/yandex-cloud/go-genproto v0.0.0-20240425114406-68c9b49389a1/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240425115054-85caccb84041 h1:CJFVkjTl0Jxgx7ha9rNgG4y7YCcZqCl1lZDkk8Kw3ac= +github.com/yandex-cloud/go-sdk v0.0.0-20240425115054-85caccb84041/go.mod h1:gf3YxmV6R09JmNxOQrfoeV8mRIXqr7EQ7Yh7sAG2UhA= +github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 h1:tBiBTKHnIjovYoLX/TPkcf+OjqqKGQrPtGT3Foz+Pgo= +github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76/go.mod h1:SQliXeA7Dhkt//vS29v3zpbEwoa+zb2Cn5xj5uO4K5U= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -830,18 +831,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.50.0 h1:zvpPXY7RfYAGSdYQLjp6zxdJNSYD/+FFoCTQN9IPxBs= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.50.0/go.mod h1:BMn8NB1vsxTljvuorms2hyOs8IBuuBEq0pl7ltOfy30= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.50.0 h1:cEPbyTSEHlQR89XVlyo78gqluF8Y3oMeBkXGWzQsfXY= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.50.0/go.mod h1:DKdbWcT4GH1D0Y3Sqt/PFXt2naRKDWtU+eE6oLdFNA8= -go.opentelemetry.io/otel v1.25.0 h1:gldB5FfhRl7OJQbUHt/8s0a7cE8fbsPAtdpRaApKy4k= -go.opentelemetry.io/otel v1.25.0/go.mod h1:Wa2ds5NOXEMkCmUou1WA7ZBfLTHWIsp034OVD7AO+Vg= -go.opentelemetry.io/otel/metric v1.25.0 h1:LUKbS7ArpFL/I2jJHdJcqMGxkRdxpPHE0VU/D4NuEwA= -go.opentelemetry.io/otel/metric v1.25.0/go.mod h1:rkDLUSd2lC5lq2dFNrX9LGAbINP5B7WBkC78RXCpH5s= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 h1:A3SayB3rNyt+1S6qpI9mHPkeHTZbD7XILEqWnYZb2l0= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0/go.mod h1:27iA5uvhuRNmalO+iEUdVn5ZMj2qy10Mm+XRIpRmyuU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 h1:Xs2Ncz0gNihqu9iosIZ5SkBbWo5T8JhhLJFMQL1qmLI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0/go.mod h1:vy+2G/6NvVMpwGX/NyLqcC41fxepnuKHk16E6IZUcJc= +go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= +go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= +go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= +go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw= go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= -go.opentelemetry.io/otel/trace v1.25.0 h1:tqukZGLwQYRIFtSQM2u2+yfMVTgGVeqRLPUYx1Dq6RM= -go.opentelemetry.io/otel/trace v1.25.0/go.mod h1:hCCs70XM/ljO+BeQkyFnbK28SBIJ/Emuha+ccrCRT7I= +go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= +go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= @@ -857,7 +858,6 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -875,7 +875,6 @@ golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= -golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -888,8 +887,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8 h1:ESSUROHIBHg7USnszlcdmjBEwdMj9VUvU+OPk4yl2mc= -golang.org/x/exp v0.0.0-20240409090435-93d18d7e34b8/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= +golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY= +golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1067,7 +1066,6 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -1081,7 +1079,6 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1191,8 +1188,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.172.0 h1:/1OcMZGPmW1rX2LCu2CmGUD1KXK1+pfzxotxyRUCCdk= -google.golang.org/api v0.172.0/go.mod h1:+fJZq6QXWfa9pXhnIzsjx4yI22d4aI9ZpLb58gvXjis= +google.golang.org/api v0.176.1 h1:DJSXnV6An+NhJ1J+GWtoF2nHEuqB1VNoTfnIbjNvwD4= +google.golang.org/api v0.176.1/go.mod h1:j2MaSDYcvYV1lkZ1+SMW4IeF90SrEyFA+tluDYWRrFg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1242,12 +1239,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240412170617-26222e5d3d56 h1:LlcUFJ4BLmJVS4Kly+WCK7LQqcevmycHj88EPgyhNx8= -google.golang.org/genproto v0.0.0-20240412170617-26222e5d3d56/go.mod h1:n1CaIKYMIlxFt1zJE/1kU40YpSL0drGMbl0Idum1VSs= -google.golang.org/genproto/googleapis/api v0.0.0-20240412170617-26222e5d3d56 h1:KuFzeG+qPmpT8KpJXcrKAyeHhn64dgEICWlccP9qp0U= -google.golang.org/genproto/googleapis/api v0.0.0-20240412170617-26222e5d3d56/go.mod h1:wTHjrkbcS8AoQbb/0v9bFIPItZQPAsyVfgG9YPUhjAM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240412170617-26222e5d3d56 h1:zviK8GX4VlMstrK3JkexM5UHjH1VOkRebH9y3jhSBGk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240412170617-26222e5d3d56/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/genproto v0.0.0-20240415180920-8c6c420018be h1:g4aX8SUFA8V5F4LrSY5EclyGYw1OZN4HS1jTyjB9ZDc= +google.golang.org/genproto v0.0.0-20240415180920-8c6c420018be/go.mod h1:FeSdT5fk+lkxatqJP38MsUicGqHax5cLtmy/6TAuxO4= +google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be h1:Zz7rLWqp0ApfsR/l7+zSHhY3PMiH2xqgxlfYfAfNpoU= +google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be/go.mod h1:dvdCTIoAGbkWbcIKBniID56/7XHTt6WfxXNMxuziJ+w= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be h1:LG9vZxsWGOmUKieR8wPAUR3u3MpnYFQZROPIMaXh7/A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1323,16 +1320,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw= -k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80= -k8s.io/apiextensions-apiserver v0.29.3 h1:9HF+EtZaVpFjStakF4yVufnXGPRppWFEQ87qnO91YeI= -k8s.io/apiextensions-apiserver v0.29.3/go.mod h1:po0XiY5scnpJfFizNGo6puNU6Fq6D70UJY2Cb2KwAVc= -k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU= -k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU= -k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg= -k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0= -k8s.io/component-base v0.29.3 h1:Oq9/nddUxlnrCuuR2K/jp6aflVvc0uDvxMzAWxnGzAo= -k8s.io/component-base v0.29.3/go.mod h1:Yuj33XXjuOk2BAaHsIGHhCKZQAgYKhqIxIjIr2UXYio= +k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= +k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= +k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= +k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= +k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= +k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= +k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 h1:wBIDZID8ju9pwOiLlV22YYKjFGtiNSWgHf5CnKLRUuM= k8s.io/gengo v0.0.0-20240404160639-a0386bf69313/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= @@ -1342,10 +1337,10 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3 h1:SbdLaI6mM6ffDSJCadEaD4IkuPzepLDGlkd2xV0t1uA= -k8s.io/kube-openapi v0.0.0-20240411171206-dc4e619f62f3/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240310230437-4693a0247e57 h1:gbqbevonBh57eILzModw6mrkbwM0gQBEuevE/AaBsHY= -k8s.io/utils v0.0.0-20240310230437-4693a0247e57/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 h1:Q8Z7VlGhcJgBHJHYugJ/K/7iB8a2eSxCyxdVjJp+lLY= +k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= +k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 h1:ao5hUqGhsqdm+bYbjH/pRkCs0unBGe9UyDahzs9zQzQ= +k8s.io/utils v0.0.0-20240423183400-0849a56e8f22/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= lukechampine.com/frand v1.4.2 h1:RzFIpOvkMXuPMBb9maa4ND4wjBn71E1Jpf8BzJHMaVw= lukechampine.com/frand v1.4.2/go.mod h1:4S/TM2ZgrKejMcKMbeLjISpJMO+/eZ1zu3vYX9dtj3s= pgregory.net/rapid v0.5.5 h1:jkgx1TjbQPD/feRoK+S/mXw9e1uj6WilpHrXJowi6oA= @@ -1353,10 +1348,10 @@ pgregory.net/rapid v0.5.5/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.17.3 h1:65QmN7r3FWgTxDMz9fvGnO1kbf2nu+acg9p2R9oYYYk= -sigs.k8s.io/controller-runtime v0.17.3/go.mod h1:N0jpP5Lo7lMTF9aL56Z/B2oWBJjey6StQM0jRbKQXtY= -sigs.k8s.io/controller-tools v0.14.0 h1:rnNoCC5wSXlrNoBKKzL70LNJKIQKEzT6lloG6/LF73A= -sigs.k8s.io/controller-tools v0.14.0/go.mod h1:TV7uOtNNnnR72SpzhStvPkoS/U5ir0nMudrkrC4M9Sc= +sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= +sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/controller-tools v0.15.0 h1:4dxdABXGDhIa68Fiwaif0vcu32xfwmgQ+w8p+5CxoAI= +sigs.k8s.io/controller-tools v0.15.0/go.mod h1:8zUSS2T8Hx0APCNRhJWbS3CAQEbIxLa07khzh7pZmXM= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/pkg/provider/alibaba/client.go b/pkg/provider/alibaba/client.go index ab77a58886a..55b0c91218c 100644 --- a/pkg/provider/alibaba/client.go +++ b/pkg/provider/alibaba/client.go @@ -123,29 +123,19 @@ func (s *secretsManagerClient) GetSecretValue( func (s *secretsManagerClient) doAPICall(ctx context.Context, action string, request any) (any, error) { - accessKeyID, err := s.config.Credential.GetAccessKeyId() + creds, err := s.config.Credential.GetCredential() if err != nil { - return nil, fmt.Errorf("error getting AccessKeyId: %w", err) - } - - accessKeySecret, err := s.config.Credential.GetAccessKeySecret() - if err != nil { - return nil, fmt.Errorf("error getting AccessKeySecret: %w", err) - } - - securityToken, err := s.config.Credential.GetSecurityToken() - if err != nil { - return nil, fmt.Errorf("error getting SecurityToken: %w", err) + return nil, fmt.Errorf("could not get credentials: %w", err) } apiRequest := newOpenAPIRequest(s.endpoint, action, methodTypeGET, request) - apiRequest.query["AccessKeyId"] = accessKeyID + apiRequest.query["AccessKeyId"] = creds.AccessKeyId - if utils.Deref(securityToken) != "" { - apiRequest.query["SecurityToken"] = securityToken + if utils.Deref(creds.SecurityToken) != "" { + apiRequest.query["SecurityToken"] = creds.SecurityToken } - apiRequest.query["Signature"] = openapiutil.GetRPCSignature(apiRequest.query, utils.Ptr(apiRequest.method.String()), accessKeySecret) + apiRequest.query["Signature"] = openapiutil.GetRPCSignature(apiRequest.query, utils.Ptr(apiRequest.method.String()), creds.AccessKeySecret) httpReq, err := newHTTPRequestWithContext(ctx, apiRequest) if err != nil { diff --git a/pkg/provider/alibaba/kms.go b/pkg/provider/alibaba/kms.go index 5df02356d7e..258fbc8f919 100644 --- a/pkg/provider/alibaba/kms.go +++ b/pkg/provider/alibaba/kms.go @@ -250,7 +250,7 @@ func (kms *KeyManagementService) Close(_ context.Context) error { func (kms *KeyManagementService) Validate() (esv1beta1.ValidationResult, error) { err := retry.Do( func() error { - _, err := kms.Config.Credential.GetSecurityToken() + _, err := kms.Config.Credential.GetCredential() if err != nil { return err } From ddb8dbd3ed5bd880b53cef94dca9083404fffa1b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 30 Apr 2024 14:53:10 -0300 Subject: [PATCH 012/517] chore(deps): bump distroless/static from `6d31326` to `4197211` (#3424) Bumps distroless/static from `6d31326` to `4197211`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho --- Dockerfile | 2 +- Dockerfile.standalone | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index ac464f8c268..eac528e8f89 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM gcr.io/distroless/static@sha256:6d31326376a7834b106f281b04f67b5d015c31732f594930f2ea81365f99d60c +FROM gcr.io/distroless/static@sha256:41972110a1c1a5c0b6adb283e8aa092c43c31f7c5d79b8656fbffff2c3e61f05 ARG TARGETOS ARG TARGETARCH COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 52e62570905..bb0e3fdee96 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -12,7 +12,7 @@ COPY . /app/ RUN go build -o external-secrets main.go -FROM gcr.io/distroless/static@sha256:6d31326376a7834b106f281b04f67b5d015c31732f594930f2ea81365f99d60c AS app +FROM gcr.io/distroless/static@sha256:41972110a1c1a5c0b6adb283e8aa092c43c31f7c5d79b8656fbffff2c3e61f05 AS app COPY --from=builder /app/external-secrets /bin/external-secrets # Run as UID for nobody From 297e55d3af90c60d1253a611163e923c9f33ba10 Mon Sep 17 00:00:00 2001 From: Steven I Date: Tue, 30 Apr 2024 20:04:14 +0200 Subject: [PATCH 013/517] Improve bitwarden example (#3435) * Add bitwarden-attachment example Signed-off-by: Steven I. * Fix nav list Signed-off-by: Steven I. --------- Signed-off-by: Steven I. --- docs/examples/bitwarden.md | 62 ++++++++++++----------- docs/snippets/bitwarden-secret-store.yaml | 10 ++++ docs/snippets/bitwarden-secret.yaml | 14 ++++- hack/api-docs/mkdocs.yml | 4 +- 4 files changed, 56 insertions(+), 34 deletions(-) diff --git a/docs/examples/bitwarden.md b/docs/examples/bitwarden.md index e5653c69ee2..f1e81f9d029 100644 --- a/docs/examples/bitwarden.md +++ b/docs/examples/bitwarden.md @@ -2,27 +2,23 @@ Bitwarden is an integrated open source password management solution for individuals, teams, and business organizations. -## How is it working ? +## How does it work? -To make external-secret compatible with BitWarden, we need: +To make external-secrets compatible with Bitwarden, we need: -* External-Secret >= 0.8.0 -* To use the Webhook Provider -* 2 (Cluster)SecretStores +* External Secrets Operator >= 0.8.0 +* Multiple (Cluster)SecretStores using the webhook provider * BitWarden CLI image running `bw serve` -When you create a new external-secret object, -External-Secret Webhook provider will do a query to the Bitwarden CLI pod, -which is synced with the BitWarden server. +When you create a new external-secret object, the External Secrets webhook provider will query the Bitwarden CLI pod that is synced with the Bitwarden server. ## Requirements -* Bitwarden account (it works also with VaultWarden) -* A Kubernetes secret which contains your BitWarden Credentials -* You need a Docker image with BitWarden CLI installed. - You could use `ghcr.io/charlesthomas/bitwarden-cli:2023.12.1` or build your own. +* Bitwarden account (it also works with Vaultwarden!) +* A Kubernetes secret which contains your Bitwarden credentials +* A Docker image running the Bitwarden CLI. You could use `ghcr.io/charlesthomas/bitwarden-cli:2023.12.1` or build your own. -Here an example of Dockerfile use to build this image: +Here is an example of a Dockerfile used to build the image: ```dockerfile FROM debian:sid @@ -41,7 +37,7 @@ COPY entrypoint.sh / CMD ["/entrypoint.sh"] ``` -And the content of `entrypoint.sh` +And the content of `entrypoint.sh`: ```bash #!/bin/bash @@ -57,8 +53,7 @@ echo 'Running `bw server` on port 8087' bw serve --hostname 0.0.0.0 #--disable-origin-protection ``` - -## Deploy Bitwarden Credentials +## Deploy Bitwarden credentials ```yaml {% include 'bitwarden-cli-secrets.yaml' %} @@ -70,30 +65,37 @@ bw serve --hostname 0.0.0.0 #--disable-origin-protection {% include 'bitwarden-cli-deployment.yaml' %} ``` -> NOTE: Deploying a network policy is recommended since, there is no authentication to query the BitWarden CLI, which means that your secrets are exposed. +> NOTE: Deploying a network policy is recommended since there is no authentication to query the Bitwarden CLI, which means that your secrets are exposed. -> NOTE: In this example the Liveness probe is quering /sync to ensure that the BitWarden CLI is able to connect to the server and also to sync secrets. (The secret sync is only every 2 minutes in this example) +> NOTE: In this example the Liveness probe is querying /sync to ensure that the Bitwarden CLI is able to connect to the server and is also synchronised. (The secret sync is only every 2 minutes in this example) -## Deploy ClusterSecretStore (Or SecretStore) +## Deploy (Cluster)SecretStores -Here the two ClusterSecretStore to deploy +There are four possible (Cluster)SecretStores to deploy, each can access different types of fields from an item in the Bitwarden vault. It is not required to deploy them all. ```yaml {% include 'bitwarden-secret-store.yaml' %} ``` +## Usage + +(Cluster)SecretStores: + +* `bitwarden-login`: Use to get the `username` or `password` fields +* `bitwarden-fields`: Use to get custom fields +* `bitwarden-notes`: Use to get notes +* `bitwarden-attachments`: Use to get attachments + +remoteRef: -## How to use it ? +* `key`: ID of a secret, which can be found in the URL `itemId` parameter: + `https://myvault.com/#/vault?type=login&itemId=........-....-....-....-............`s -* If you need the `username` or the `password` of a secret, you have to use `bitwarden-login` -* If you need a custom field of a secret, you have to use `bitwarden-fields` -* If you need to use a Bitwarden Note for multiline strings (SSH keys, service account json files), you have to use `bitwarden-notes` -* The `key` is the ID of a secret, which can be find in the URL with the `itemId` value: - `https://myvault.com/#/vault?itemId=........-....-....-....-............` -* The `property` is the name of the field: - * `username` for the username of a secret (`bitwarden-login` SecretStore) - * `password` for the password of a secret (`bitwarden-login` SecretStore) - * `name_of_the_custom_field` for any custom field (`bitwarden-fields` SecretStore) +* `property`: Name of the field to access + * `username` for the username of a secret (`bitwarden-login` SecretStore) + * `password` for the password of a secret (`bitwarden-login` SecretStore) + * `name_of_the_custom_field` for any custom field (`bitwarden-fields` SecretStore) + * `id_or_name_of_the_attachment` for any attachment (`bitwarden-attachment`, SecretStore) ```yaml {% include 'bitwarden-secret.yaml' %} diff --git a/docs/snippets/bitwarden-secret-store.yaml b/docs/snippets/bitwarden-secret-store.yaml index 05201c1ce96..d398e976fb7 100644 --- a/docs/snippets/bitwarden-secret-store.yaml +++ b/docs/snippets/bitwarden-secret-store.yaml @@ -34,4 +34,14 @@ spec: url: "http://bitwarden-cli:8087/object/item/{{ .remoteRef.key }}" result: jsonPath: "$.data.notes" +--- +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: bitwarden-attachments +spec: + provider: + webhook: + url: "http://bitwarden-cli:8087/object/attachment/{{ .remoteRef.property }}?itemid={{ .remoteRef.key }}" + result: {} {% endraw %} diff --git a/docs/snippets/bitwarden-secret.yaml b/docs/snippets/bitwarden-secret.yaml index 81e279a2327..d91d67ccae3 100644 --- a/docs/snippets/bitwarden-secret.yaml +++ b/docs/snippets/bitwarden-secret.yaml @@ -2,11 +2,11 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: my-db-secrets + name: my-secrets namespace: default spec: target: - name: my-db-secrets + name: my-secrets deletionPolicy: Delete template: type: Opaque @@ -23,6 +23,8 @@ spec: postgresql://{{ .username }}:{{ .password }}@my-postgresql:5432/mydb service_account_key: |- {{ .service_account_key }} + ssh_pub_key: |- + {{ .ssh_pub_key }} data: - secretKey: username sourceRef: @@ -63,4 +65,12 @@ spec: kind: ClusterSecretStore # or SecretStore remoteRef: key: service_account_key + - secretKey: ssh_pub_key + sourceRef: + storeRef: + name: bitwarden-attachments + kind: ClusterSecretStore # or SecretStore + remoteRef: + key: aaaabbbb-cccc-dddd-eeee-000011112222 + property: id_rsa.pub {% endraw %} diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index c1de698ea97..974d6ea6d73 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -73,8 +73,8 @@ nav: - Find Secrets by Name or Metadata: guides/getallsecrets.md - Rewriting Keys: guides/datafrom-rewrite.md - Advanced Templating: - v2: guides/templating.md - v1: guides/templating-v1.md + - v2: guides/templating.md + - v1: guides/templating-v1.md - Kubernetes Secret Types: guides/common-k8s-secret-types.md - "Lifecycle: ownership & deletion": guides/ownership-deletion-policy.md - Decoding Strategies: guides/decoding-strategy.md From c54974ba630cd114db02c266e4be11d80ea47beb Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho Date: Wed, 1 May 2024 14:57:09 -0300 Subject: [PATCH 014/517] bump helm charts (#3439) Signed-off-by: Gustavo Carvalho --- deploy/charts/external-secrets/Chart.yaml | 4 ++-- deploy/charts/external-secrets/README.md | 2 +- .../__snapshot__/cert_controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/crds_test.yaml.snap | 4 +++- .../tests/__snapshot__/webhook_test.yaml.snap | 14 +++++++------- 6 files changed, 23 insertions(+), 21 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index 71c1260efd8..776fbae9e70 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.9.16" -appVersion: "v0.9.16" +version: "0.9.17" +appVersion: "v0.9.17" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index 4ff90e395fb..13c67a966b6 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.16](https://img.shields.io/badge/Version-0.9.16-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.17](https://img.shields.io/badge/Version-0.9.17-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 07d0b75bcfb..07121053f14 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.16 - helm.sh/chart: external-secrets-0.9.16 + app.kubernetes.io/version: v0.9.17 + helm.sh/chart: external-secrets-0.9.17 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.16 - helm.sh/chart: external-secrets-0.9.16 + app.kubernetes.io/version: v0.9.17 + helm.sh/chart: external-secrets-0.9.17 spec: automountServiceAccountToken: true containers: @@ -38,7 +38,7 @@ should match snapshot of default values: - --secret-namespace=NAMESPACE - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.16 + image: ghcr.io/external-secrets/external-secrets:v0.9.17 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index d8fa3ba2560..b2496364918 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.16 - helm.sh/chart: external-secrets-0.9.16 + app.kubernetes.io/version: v0.9.17 + helm.sh/chart: external-secrets-0.9.17 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,15 +24,15 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.16 - helm.sh/chart: external-secrets-0.9.16 + app.kubernetes.io/version: v0.9.17 + helm.sh/chart: external-secrets-0.9.17 spec: automountServiceAccountToken: true containers: - args: - --concurrent=1 - --metrics-addr=:8080 - image: ghcr.io/external-secrets/external-secrets:v0.9.16 + image: ghcr.io/external-secrets/external-secrets:v0.9.17 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 8f4ee544edd..36800fe363c 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -4,7 +4,7 @@ should match snapshot of default values: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.14.0 + controller-gen.kubebuilder.io/version: v0.15.0 name: secretstores.external-secrets.io spec: conversion: @@ -1582,11 +1582,13 @@ should match snapshot of default values: items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index ad80b9929ff..53eb6fb0a00 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.16 - helm.sh/chart: external-secrets-0.9.16 + app.kubernetes.io/version: v0.9.17 + helm.sh/chart: external-secrets-0.9.17 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.16 - helm.sh/chart: external-secrets-0.9.16 + app.kubernetes.io/version: v0.9.17 + helm.sh/chart: external-secrets-0.9.17 spec: automountServiceAccountToken: true containers: @@ -37,7 +37,7 @@ should match snapshot of default values: - --check-interval=5m - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.16 + image: ghcr.io/external-secrets/external-secrets:v0.9.17 imagePullPolicy: IfNotPresent name: webhook ports: @@ -81,8 +81,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.16 + app.kubernetes.io/version: v0.9.17 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.9.16 + helm.sh/chart: external-secrets-0.9.17 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From 6252ad93946b56fba7dd4b6d05be7fee74ffeaed Mon Sep 17 00:00:00 2001 From: Parth Patel Date: Fri, 3 May 2024 21:36:42 +1200 Subject: [PATCH 015/517] Implemented `updatePolicy: IfNotExists` for AWS Secret Store (#3438) * Implemented SecretExists for AWS Secret Store Signed-off-by: Parth Patel * Lint changes Signed-off-by: Parth Patel * Added some unit-tests Signed-off-by: Parth Patel * Small refactored unit-tests Signed-off-by: Parth Patel * Fixed lint issues Signed-off-by: Parth Patel --------- Signed-off-by: Parth Patel --- .../aws/secretsmanager/secretsmanager.go | 23 ++++- .../aws/secretsmanager/secretsmanager_test.go | 88 +++++++++++++++++++ 2 files changed, 109 insertions(+), 2 deletions(-) diff --git a/pkg/provider/aws/secretsmanager/secretsmanager.go b/pkg/provider/aws/secretsmanager/secretsmanager.go index 1a3bf9a665d..40c50747b9d 100644 --- a/pkg/provider/aws/secretsmanager/secretsmanager.go +++ b/pkg/provider/aws/secretsmanager/secretsmanager.go @@ -212,8 +212,27 @@ func (sm *SecretsManager) DeleteSecret(ctx context.Context, remoteRef esv1beta1. return err } -func (sm *SecretsManager) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf("not implemented") +func (sm *SecretsManager) SecretExists(ctx context.Context, pushSecretRef esv1beta1.PushSecretRemoteRef) (bool, error) { + secretName := pushSecretRef.GetRemoteKey() + secretValue := awssm.GetSecretValueInput{ + SecretId: &secretName, + } + _, err := sm.client.GetSecretValueWithContext(ctx, &secretValue) + if err != nil { + return sm.handleSecretError(err) + } + return true, nil +} + +func (sm *SecretsManager) handleSecretError(err error) (bool, error) { + var aerr awserr.Error + if ok := errors.As(err, &aerr); !ok { + return false, err + } + if aerr.Code() == awssm.ErrCodeResourceNotFoundException { + return true, nil + } + return false, err } func (sm *SecretsManager) PushSecret(ctx context.Context, secret *corev1.Secret, psd esv1beta1.PushSecretData) error { diff --git a/pkg/provider/aws/secretsmanager/secretsmanager_test.go b/pkg/provider/aws/secretsmanager/secretsmanager_test.go index 51c2880b471..d0f514f367c 100644 --- a/pkg/provider/aws/secretsmanager/secretsmanager_test.go +++ b/pkg/provider/aws/secretsmanager/secretsmanager_test.go @@ -1316,6 +1316,94 @@ func TestSecretsManagerValidate(t *testing.T) { }) } } +func TestSecretExists(t *testing.T) { + arn := "arn:aws:secretsmanager:us-east-1:702902267788:secret:foo-bar5-Robbgh" + defaultVersion := "00000000-0000-0000-0000-000000000002" + secretValueOutput := &awssm.GetSecretValueOutput{ + ARN: &arn, + VersionId: &defaultVersion, + } + + blankSecretValueOutput := &awssm.GetSecretValueOutput{} + + getSecretCorrectErr := awssm.ResourceNotFoundException{} + getSecretWrongErr := awssm.InvalidRequestException{} + + pushSecretDataWithoutProperty := fake.PushSecretData{SecretKey: "fake-secret-key", RemoteKey: "fake-key", Property: ""} + + type args struct { + store *esv1beta1.AWSProvider + client fakesm.Client + pushSecretData fake.PushSecretData + } + + type want struct { + err error + wantError bool + } + + tests := map[string]struct { + args args + want want + }{ + "SecretExistsReturnsTrueForExistingSecret": { + args: args{ + store: makeValidSecretStore().Spec.Provider.AWS, + client: fakesm.Client{ + GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(secretValueOutput, nil), + }, + pushSecretData: pushSecretDataWithoutProperty, + }, + want: want{ + err: nil, + wantError: true, + }, + }, + "SecretExistsReturnsTrueForNonExistingSecret": { + args: args{ + store: makeValidSecretStore().Spec.Provider.AWS, + client: fakesm.Client{ + GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(blankSecretValueOutput, &getSecretCorrectErr), + }, + pushSecretData: pushSecretDataWithoutProperty, + }, + want: want{ + err: nil, + wantError: true, + }, + }, + "SecretExistsReturnsFalseForErroredSecret": { + args: args{ + store: makeValidSecretStore().Spec.Provider.AWS, + client: fakesm.Client{ + GetSecretValueWithContextFn: fakesm.NewGetSecretValueWithContextFn(blankSecretValueOutput, &getSecretWrongErr), + }, + pushSecretData: pushSecretDataWithoutProperty, + }, + want: want{ + err: &getSecretWrongErr, + wantError: false, + }, + }, + } + + for name, tc := range tests { + t.Run(name, func(t *testing.T) { + sm := &SecretsManager{ + client: &tc.args.client, + } + got, err := sm.SecretExists(context.Background(), tc.args.pushSecretData) + + assert.Equal( + t, + tc.want, + want{ + err: err, + wantError: got, + }) + }) + } +} // FakeCredProvider implements the AWS credentials.Provider interface // It is used to inject an error into the AWS session to cause a From f22c53fca0c43da1b92956da4503bf7d8ccfc294 Mon Sep 17 00:00:00 2001 From: hima <31167870+himasagaratluri@users.noreply.github.com> Date: Fri, 3 May 2024 14:17:36 -0500 Subject: [PATCH 016/517] Issue 3436 (#3444) * utiliy for comparing byteslice and string Signed-off-by: himasagaratluri * unit test for utility Signed-off-by: himasagaratluri * add validation for StringType Signed-off-by: himasagaratluri * if clause to consider binary Signed-off-by: himasagaratluri * Test case: if clause to consider binary Signed-off-by: himasagaratluri --------- Signed-off-by: himasagaratluri --- .../aws/secretsmanager/secretsmanager.go | 2 +- pkg/utils/utils.go | 18 ++++++ pkg/utils/utils_test.go | 59 +++++++++++++++++++ 3 files changed, 78 insertions(+), 1 deletion(-) diff --git a/pkg/provider/aws/secretsmanager/secretsmanager.go b/pkg/provider/aws/secretsmanager/secretsmanager.go index 40c50747b9d..8c6b958ee64 100644 --- a/pkg/provider/aws/secretsmanager/secretsmanager.go +++ b/pkg/provider/aws/secretsmanager/secretsmanager.go @@ -588,7 +588,7 @@ func (sm *SecretsManager) putSecretValueWithContext(ctx context.Context, secretI if !isManagedByESO(data) { return fmt.Errorf("secret not managed by external-secrets") } - if awsSecret != nil && bytes.Equal(awsSecret.SecretBinary, value) { + if awsSecret != nil && bytes.Equal(awsSecret.SecretBinary, value) || utils.CompareStringAndByteSlices(awsSecret.SecretString, value) { return nil } diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 150be5d84b6..1a9192f1570 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -507,3 +507,21 @@ func dig[T any](key string, data map[string]any) (t T, _ error) { return t, errKeyNotFound } + +func CompareStringAndByteSlices(valueString *string, valueByte []byte) bool { + if valueString == nil { + return false + } + stringToByteSlice := []byte(*valueString) + if len(stringToByteSlice) != len(valueByte) { + return false + } + + for sb := range valueByte { + if stringToByteSlice[sb] != valueByte[sb] { + return false + } + } + + return true +} diff --git a/pkg/utils/utils_test.go b/pkg/utils/utils_test.go index c4751620eed..4ecdc85a18c 100644 --- a/pkg/utils/utils_test.go +++ b/pkg/utils/utils_test.go @@ -20,6 +20,7 @@ import ( "testing" "time" + "github.com/aws/aws-sdk-go/aws" "github.com/oracle/oci-go-sdk/v65/vault" v1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" @@ -845,3 +846,61 @@ func TestGetByteValue(t *testing.T) { }) } } + +func TestCompareStringAndByteSlices(t *testing.T) { + type args struct { + stringValue *string + byteValueSlice []byte + } + type testCase struct { + name string + args args + want bool + wantErr bool + } + tests := []testCase{ + { + name: "same contents", + args: args{ + stringValue: aws.String("value"), + byteValueSlice: []byte("value"), + }, + want: true, + wantErr: true, + }, { + name: "different contents", + args: args{ + stringValue: aws.String("value89"), + byteValueSlice: []byte("value"), + }, + want: true, + wantErr: false, + }, { + name: "same contents with random", + args: args{ + stringValue: aws.String("value89!3#@212"), + byteValueSlice: []byte("value89!3#@212"), + }, + want: true, + wantErr: true, + }, { + name: "check Nil", + args: args{ + stringValue: nil, + byteValueSlice: []byte("value89!3#@212"), + }, + want: false, + wantErr: false, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + got := CompareStringAndByteSlices(tt.args.stringValue, tt.args.byteValueSlice) + if got != tt.wantErr { + t.Errorf("CompareStringAndByteSlices() got = %v, want = %v", got, tt.wantErr) + return + } + }) + } +} From 6d08e679be66bcec7d54e02abc0caf629f6b1d78 Mon Sep 17 00:00:00 2001 From: Parth Patel Date: Sun, 5 May 2024 22:47:47 +1200 Subject: [PATCH 017/517] Fixed docs nav bar and a couple of broken links (#3445) Signed-off-by: Parth Patel --- docs/guides/pushsecrets.md | 6 +++--- hack/api-docs/mkdocs.yml | 24 ++---------------------- 2 files changed, 5 insertions(+), 25 deletions(-) diff --git a/docs/guides/pushsecrets.md b/docs/guides/pushsecrets.md index 2e0fc959bc2..dfb34b61e18 100644 --- a/docs/guides/pushsecrets.md +++ b/docs/guides/pushsecrets.md @@ -3,7 +3,7 @@ Contrary to what `ExternalSecret` does by pulling secrets from secret providers The update behavior of `PushSecret` is controlled by `spec.updatePolicy`. The default policy is `Replace`, such that secrets are overwritten in the provider, regardless of whether there already is a secret present in the provider at the given location. If you do not want `PushSecret` to overwrite existing secrets in the provider, you can set `spec.UpdatePolicy` to `IfNotExists`. With this policy, the provider becomes the source of truth. Please note that with using `spec.updatePolicy=IfNotExists` it is possible that the secret value referenced by the `PushSecret` within the cluster differs from the secret value at the given location in the provider. -By default, the secret created in the secret provided will not be deleted even after deleting the `PushSecret`, unless you set `spec.deletionPolicy` to `Delete`. +By default, the secret created in the secret provided will not be deleted even after deleting the `PushSecret`, unless you set `spec.deletionPolicy` to `Delete`. ``` yaml @@ -14,7 +14,7 @@ By default, the secret created in the secret provided will not be deleted even a An interesting use case for `kind=PushSecret` is backing up your current secret from one provider to another one. -Imagine you have your secrets in GCP and you want to back them up in Azure Key Vault. You would then create a `SecretStore` for each provider, and an `ExternalSecret` to pull the secrets from GCP. This will generate a `kind=Secret` in your cluster that you can use as the source of a `PushSecret` configured with the Azure `SecretStore`. +Imagine you have your secrets in GCP and you want to back them up in Azure Key Vault. You would then create a `SecretStore` for each provider, and an `ExternalSecret` to pull the secrets from GCP. This will generate a `kind=Secret` in your cluster that you can use as the source of a `PushSecret` configured with the Azure `SecretStore`. ![PushSecretBackup](../pictures/diagrams-pushsecret-backup.png) @@ -42,4 +42,4 @@ This will _marshal_ the entire secret data and push it into this single property This should _ONLY_ be done if the secret data is marshal-able. Values like, binary data cannot be marshaled and will result in error or invalid secret data. ### Key conversion strategy -You can also set `data[*].conversionStrategy: ReverseUnicode` to reverse the invalid character replaced by the `conversionStrategy: Unicode` configuration in the `ExternalSecret` object as [documented here](../guides/getallsecrets/#avoiding-name-conflicts). +You can also set `data[*].conversionStrategy: ReverseUnicode` to reverse the invalid character replaced by the `conversionStrategy: Unicode` configuration in the `ExternalSecret` object as [documented here](../guides/getallsecrets.md#avoiding-name-conflicts). diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index 974d6ea6d73..294f93ecf1b 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -116,6 +116,8 @@ nav: - Passbolt: provider/passbolt.md - Pulumi ESC: provider/pulumi.md - Onboardbase: provider/onboardbase.md + - Password Depot: provider-passworddepot.md + - Fortanix: provider/fortanix.md - Examples: - FluxCD: examples/gitops-using-fluxcd.md - Anchore Engine: examples/anchore-engine-credentials.md @@ -132,27 +134,5 @@ nav: - Talks: eso-talks.md - Demos: eso-demos.md - Blogs: eso-blogs.md - - AWS: - - Secrets Manager: provider-aws-secrets-manager.md - - Parameter Store: provider-aws-parameter-store.md - - Azure: - - Key Vault: provider-azure-key-vault.md - - Google: - - Secrets Manager: provider-google-secrets-manager.md - - IBM: - - Secrets Manager: provider-ibm-secrets-manager.md - - HashiCorp Vault: provider-hashicorp-vault.md - - Yandex: - - Lockbox: provider-yandex-lockbox.md - - Password Depot: provider-passworddepot.md - - Gitlab: - - Gitlab Project Variables: provider-gitlab-project-variables.md - - Oracle: - - Oracle Vault: provider-oracle-vault.md - References: - API specification: spec.md - - Contributing: - - Developer guide: contributing-devguide.md - - Contributing Process: contributing-process.md - - Code of Conduct: contributing-coc.md - - Deprecation Policy: deprecation-policy.md From e474043a7cc0590bf377b911ec9ed33dfdb3f137 Mon Sep 17 00:00:00 2001 From: Tiago de Freitas Lima Date: Mon, 6 May 2024 19:50:37 -0300 Subject: [PATCH 018/517] Add githubaccesstoken CRD to kustomization.yaml (#3446) * Add githubaccesstoken CRD to kustomization.yaml Signed-off-by: Tiago de Freitas Lima * Update crd.generate script to update resources list from kustomization.yaml file Signed-off-by: Tiago de Freitas Lima --------- Signed-off-by: Tiago de Freitas Lima --- config/crds/bases/kustomization.yaml | 3 +++ hack/crd.generate.sh | 5 +++++ 2 files changed, 8 insertions(+) diff --git a/config/crds/bases/kustomization.yaml b/config/crds/bases/kustomization.yaml index 0f86d9104d0..fdbf1dcbd76 100644 --- a/config/crds/bases/kustomization.yaml +++ b/config/crds/bases/kustomization.yaml @@ -11,4 +11,7 @@ resources: - generators.external-secrets.io_ecrauthorizationtokens.yaml - generators.external-secrets.io_fakes.yaml - generators.external-secrets.io_gcraccesstokens.yaml + - generators.external-secrets.io_githubaccesstokens.yaml - generators.external-secrets.io_passwords.yaml + - generators.external-secrets.io_vaultdynamicsecrets.yaml + - generators.external-secrets.io_webhooks.yaml diff --git a/hack/crd.generate.sh b/hack/crd.generate.sh index abce2d018b9..46cecc19d95 100755 --- a/hack/crd.generate.sh +++ b/hack/crd.generate.sh @@ -15,6 +15,11 @@ go run sigs.k8s.io/controller-tools/cmd/controller-gen crd \ paths="./apis/..." \ output:crd:artifacts:config="${CRD_DIR}/bases" +## Update resources list from kustomization.yaml +ls "${CRD_DIR}"/bases | grep -v "kustomization.yaml" | jq -R -s -c 'split("\n")[:-1]' | yq -p=json - > kustomize-files.yaml +yq -i '.resources = (load("kustomize-files.yaml"))' "${CRD_DIR}"/bases/kustomization.yaml +rm kustomize-files.yaml + # Remove extra header lines in generated CRDs # This is needed for building the helm chart for f in "${CRD_DIR}"/bases/*.yaml; do From b8e9bcfc343edad6b09b441381ffbb8a87ec3288 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 May 2024 20:02:33 -0300 Subject: [PATCH 019/517] chore(deps): bump codecov/codecov-action from 4.3.0 to 4.3.1 (#3456) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.3.0 to 4.3.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/84508663e988701840491b86de86b666e8a86bed...5ecb98a3c6b747ed38dc09f787459979aebb39be) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index c0d85a396c1..6c35786816b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -126,7 +126,7 @@ jobs: make test - name: Publish Unit Test Coverage - uses: codecov/codecov-action@84508663e988701840491b86de86b666e8a86bed # v4.3.0 + uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: From fbb8cc5800e0329139f7fc8eed21441c70ddf5a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 May 2024 20:02:44 -0300 Subject: [PATCH 020/517] chore(deps): bump pygments from 2.17.2 to 2.18.0 in /hack/api-docs (#3453) Bumps [pygments](https://github.com/pygments/pygments) from 2.17.2 to 2.18.0. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](https://github.com/pygments/pygments/compare/2.17.2...2.18.0) --- updated-dependencies: - dependency-name: pygments dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 4d4889a0236..a9a1abdb44c 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -26,7 +26,7 @@ paginate==0.5.6 pathspec==0.12.1 pep562==1.1 platformdirs==4.2.1 -Pygments==2.17.2 +Pygments==2.18.0 pymdown-extensions==10.8.1 python-dateutil==2.9.0.post0 PyYAML==6.0.1 From da7cf8abb7fb67b751f6ac6e0cca0a2bb03f02fd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 May 2024 20:02:58 -0300 Subject: [PATCH 021/517] chore(deps): bump jinja2 from 3.1.3 to 3.1.4 in /hack/api-docs (#3452) Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.3 to 3.1.4. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.3...3.1.4) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index a9a1abdb44c..bfc96ba66d4 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -9,7 +9,7 @@ htmlmin==0.1.12 idna==3.7 importlib-metadata==7.1.0 importlib-resources==6.4.0 -Jinja2==3.1.3 +Jinja2==3.1.4 jsmin==3.0.1 livereload==2.6.3 Markdown==3.6 From 7652fc259a25f0784ac476695f063f1e0f764969 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 May 2024 20:03:09 -0300 Subject: [PATCH 022/517] chore(deps): bump babel from 2.14.0 to 2.15.0 in /hack/api-docs (#3451) Bumps [babel](https://github.com/python-babel/babel) from 2.14.0 to 2.15.0. - [Release notes](https://github.com/python-babel/babel/releases) - [Changelog](https://github.com/python-babel/babel/blob/master/CHANGES.rst) - [Commits](https://github.com/python-babel/babel/compare/v2.14.0...v2.15.0) --- updated-dependencies: - dependency-name: babel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index bfc96ba66d4..cef6849e131 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -1,4 +1,4 @@ -Babel==2.14.0 +Babel==2.15.0 certifi==2024.2.2 charset-normalizer==3.3.2 click==8.1.7 From 9c7962127777e5801b54d56c1ed08d0484a5d535 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 May 2024 20:03:26 -0300 Subject: [PATCH 023/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3450) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.19 to 9.5.21. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.19...9.5.21) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index cef6849e131..369e5f80c07 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.0 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.19 +mkdocs-material==9.5.21 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.0 From f6c79dfd68a92cc74cb81bdc5ef23b06d3fc4fe0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 6 May 2024 20:26:37 -0300 Subject: [PATCH 024/517] chore(deps): bump actions/setup-go from 5.0.0 to 5.0.1 (#3455) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/0c52d547c9bc32b1aa3301fd7a9cb496313a4491...cdcb36043654635271a94b9a6d1392de5bb323a7) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- .github/workflows/docs.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/update-deps.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6c35786816b..7d43b1057c9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,7 +49,7 @@ jobs: uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 id: setup-go with: go-version-file: "go.mod" @@ -75,7 +75,7 @@ jobs: uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 id: setup-go with: go-version-file: "go.mod" @@ -106,7 +106,7 @@ jobs: run: git fetch --prune --unshallow - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 id: setup-go with: go-version-file: "go.mod" diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index a307c3ecd36..fe51332b4ef 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -20,7 +20,7 @@ jobs: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version-file: "go.mod" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 0aea8067450..cd06cb0948b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -66,7 +66,7 @@ jobs: install: true - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 id: setup-go with: go-version-file: "go.mod" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 2d7c3dbeae5..fbba647984a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -76,7 +76,7 @@ jobs: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 id: setup-go with: go-version-file: "go.mod" diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index d3f0a389a05..6cf724dfda0 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -40,7 +40,7 @@ jobs: branch: ${{ fromJson(needs.branches.outputs.branches) }} steps: - name: Setup Go - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 + uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 with: go-version: "1.21" From e82d6c6b0b356b83c020264ae86a7743f97970db Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 May 2024 07:34:48 -0300 Subject: [PATCH 025/517] chore(deps): bump golangci/golangci-lint-action from 5.0.0 to 5.3.0 (#3454) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 5.0.0 to 5.3.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/82d40c283aeb1f2b6595839195e95c2d6a49081b...38e1018663fa5173f3968ea0777460d3de38f256) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7d43b1057c9..e3e685743b4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -59,7 +59,7 @@ jobs: run: go mod download - name: Lint - uses: golangci/golangci-lint-action@82d40c283aeb1f2b6595839195e95c2d6a49081b # v5.0.0 + uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 with: version: ${{ env.GOLANGCI_VERSION }} skip-pkg-cache: true From bddca97cf29ce398206fc4b39143c906723c104f Mon Sep 17 00:00:00 2001 From: Saverio Proto Date: Tue, 7 May 2024 22:05:24 +0200 Subject: [PATCH 026/517] Update getting-started.md (#3464) * Update getting-started.md Bump crds tag from v0.9.11 to v0.9.17 Signed-off-by: Saverio Proto * Update docs/introduction/getting-started.md Co-authored-by: Gustavo Fernandes de Carvalho Signed-off-by: Saverio Proto --------- Signed-off-by: Saverio Proto Co-authored-by: Gustavo Fernandes de Carvalho --- docs/introduction/getting-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/introduction/getting-started.md b/docs/introduction/getting-started.md index 44f4f610f45..719a465813b 100644 --- a/docs/introduction/getting-started.md +++ b/docs/introduction/getting-started.md @@ -13,7 +13,7 @@ The default install options will automatically install and manage the CRDs as pa You can install those CRDs outside of `helm` using: ```bash -kubectl apply -k "https://github.com/external-secrets/external-secrets//config/crds/bases?ref=v0.9.11" +kubectl apply -k "https://github.com/external-secrets/external-secrets//config/crds/bases?ref=" ``` Uncomment the relevant line in the next steps to disable the automatic install of CRDs. From 13dd16bf6d755be8d07c0e0409f174d44bfe79e5 Mon Sep 17 00:00:00 2001 From: Shuhei Kitagawa Date: Wed, 8 May 2024 05:10:35 +0900 Subject: [PATCH 027/517] Use maps.Equal to compare maps (#3460) Signed-off-by: shuheiktgw --- pkg/provider/gcp/secretmanager/client.go | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/pkg/provider/gcp/secretmanager/client.go b/pkg/provider/gcp/secretmanager/client.go index b56511a4972..c446cf84da3 100644 --- a/pkg/provider/gcp/secretmanager/client.go +++ b/pkg/provider/gcp/secretmanager/client.go @@ -19,6 +19,7 @@ import ( "encoding/json" "errors" "fmt" + "maps" "strconv" "strings" @@ -181,7 +182,7 @@ func (c *Client) PushSecret(ctx context.Context, secret *corev1.Secret, pushSecr return err } - if !mapEqual(gcpSecret.Annotations, annotations) || !mapEqual(gcpSecret.Labels, labels) { + if !maps.Equal(gcpSecret.Annotations, annotations) || !maps.Equal(gcpSecret.Labels, labels) { _, err = c.smClient.UpdateSecret(ctx, &secretmanagerpb.UpdateSecretRequest{ Secret: &secretmanagerpb.Secret{ Name: gcpSecret.Name, @@ -548,17 +549,3 @@ func getDataByProperty(data []byte, property string) gjson.Result { } return gjson.Get(payload, property) } - -func mapEqual(m1, m2 map[string]string) bool { - if len(m1) != len(m2) { - return false - } - - for k1, v1 := range m1 { - if v2, ok := m2[k1]; !ok || v1 != v2 { - return false - } - } - - return true -} From 0ee21e63fc6bd7cbae01e04f8ef57468433f7663 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Wed, 8 May 2024 01:04:09 +0200 Subject: [PATCH 028/517] update dependencies (#3458) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator --- e2e/go.mod | 46 +++++++++---------- e2e/go.sum | 95 +++++++++++++++++++-------------------- go.mod | 62 +++++++++++++------------- go.sum | 128 +++++++++++++++++++++++++++-------------------------- 4 files changed, 167 insertions(+), 164 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index fd381d31e45..ecb8e5ca253 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -36,7 +36,7 @@ replace ( ) require ( - cloud.google.com/go/secretmanager v1.12.0 + cloud.google.com/go/secretmanager v1.13.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 @@ -44,8 +44,8 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.51.30 - github.com/cyberark/conjur-api-go v0.11.1 + github.com/aws/aws-sdk-go v1.52.2 + github.com/cyberark/conjur-api-go v0.11.2 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 github.com/fluxcd/pkg/apis/meta v1.2.0 @@ -53,18 +53,18 @@ require ( github.com/golang-jwt/jwt/v4 v4.5.0 github.com/hashicorp/vault/api v1.13.0 github.com/onsi/ginkgo/v2 v2.17.2 - github.com/onsi/gomega v1.33.0 - github.com/oracle/oci-go-sdk/v65 v65.64.0 + github.com/onsi/gomega v1.33.1 + github.com/oracle/oci-go-sdk/v65 v65.65.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.26 - github.com/xanzy/go-gitlab v0.103.0 - golang.org/x/oauth2 v0.19.0 - google.golang.org/api v0.176.1 + github.com/xanzy/go-gitlab v0.104.0 + golang.org/x/oauth2 v0.20.0 + google.golang.org/api v0.177.0 k8s.io/api v0.30.0 k8s.io/apiextensions-apiserver v0.30.0 k8s.io/apimachinery v0.30.0 k8s.io/client-go v1.5.2 - k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 - sigs.k8s.io/controller-runtime v0.18.0 + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 + sigs.k8s.io/controller-runtime v0.18.1 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) @@ -73,10 +73,10 @@ require ( cloud.google.com/go/auth v0.3.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect - cloud.google.com/go/iam v1.1.7 // indirect + cloud.google.com/go/iam v1.1.8 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect @@ -122,11 +122,11 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect + github.com/google/pprof v0.0.0-20240430035430-e4905b036c4e // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.3 // indirect + github.com/googleapis/gax-go/v2 v2.12.4 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -170,7 +170,7 @@ require ( github.com/segmentio/asm v1.2.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect - github.com/sony/gobreaker v0.5.0 // indirect + github.com/sony/gobreaker v1.0.0 // indirect github.com/spf13/cast v1.6.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/tidwall/gjson v1.17.1 // indirect @@ -188,24 +188,24 @@ require ( golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect golang.org/x/net v0.24.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.20.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240415180920-8c6c420018be // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect + google.golang.org/genproto v0.0.0-20240429193739-8cf5692501f6 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 // indirect google.golang.org/grpc v1.63.2 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/protobuf v1.34.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 // indirect + k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index 47d4c20de56..855723dbc51 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -35,14 +35,14 @@ cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2Qx cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.7 h1:z4VHOhwKLF/+UYXAJDFwGtNF0b6gjsW1Pk9Ml0U/IoM= -cloud.google.com/go/iam v1.1.7/go.mod h1:J4PMPg8TtyurAUvSmPj8FF3EDgY1SPRZxcUGrn7WXGA= +cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0= +cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.12.0 h1:e5pIo/QEgiFiHPVJPxM5jbtUr4O/u5h2zLHYtkFQr24= -cloud.google.com/go/secretmanager v1.12.0/go.mod h1:Y1Gne3Ag+fZ2TDTiJc8ZJCMFbi7k1rYT4Rw30GXfvlk= +cloud.google.com/go/secretmanager v1.13.0 h1:nQ/Ca2Gzm/OEP8tr1hiFdHRi5wAnAmsm9qTjwkivyrQ= +cloud.google.com/go/secretmanager v1.13.0/go.mod h1:yWdfNmM2sLIiyv6RM6VqWKeBV7CdS0SO3ybxJJRhBEs= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -60,8 +60,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0 h1:sUFnFjzDUie80h24I7mrKtwCKgLY9L8h5Tp2x9+TWqk= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0/go.mod h1:52JbnQTp15qg5mRkMBHwp0j0ZFwHJ42Sx3zVV5RE9p0= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0 h1:rTfKOCZGy5ViVrlA74ZPE99a+SgoEE2K/yg3RyW9dFA= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= @@ -114,8 +114,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.51.30 h1:RVFkjn9P0JMwnuZCVH0TlV5k9zepHzlbc4943eZMhGw= -github.com/aws/aws-sdk-go v1.51.30/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.52.2 h1:l4g9wBXRBlvCtScvv4iLZCzLCtR7BFJcXOnOGQ20orw= +github.com/aws/aws-sdk-go v1.52.2/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -132,8 +132,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cyberark/conjur-api-go v0.11.1 h1:vjaMkw0geJsA+ikMM6UDLg4VLFQWKo/B0i9IWlOQ1f0= -github.com/cyberark/conjur-api-go v0.11.1/go.mod h1:n1p46Hj9l8wkZjM17cVYdfcatyPboWyioLGlC0QszCs= +github.com/cyberark/conjur-api-go v0.11.2 h1:DEVtQdJznUyYcit+HikU5AQ1Lrvt82PEplz+fT4jv1M= +github.com/cyberark/conjur-api-go v0.11.2/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0sYHXTMehaqIV/GxY= github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -144,7 +144,6 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3 github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= -github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= @@ -286,8 +285,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240430035430-e4905b036c4e h1:RsXNnXE59RTt8o3DcA+w7ICdRfR2l+Bb5aE0YMpNTO8= +github.com/google/pprof v0.0.0-20240430035430-e4905b036c4e/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -301,8 +300,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfF github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA= -github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4= +github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg= +github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -407,12 +406,12 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= -github.com/onsi/gomega v1.33.0 h1:snPCflnZrpMsy94p4lXVEkHo12lmPnc3vY5XBbreexE= -github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.64.0 h1:tsoFQS8TC2RJ55RM9zBVN/aD8wC/BVV3kxyNn7qsMiQ= -github.com/oracle/oci-go-sdk/v65 v65.64.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.65.0 h1:DWUqWnycn2aUy+5rztpyQMtcEf/VgcVnDSRT+EzzzHU= +github.com/oracle/oci-go-sdk/v65 v65.65.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -443,8 +442,9 @@ github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/sony/gobreaker v0.5.0 h1:dRCvqm0P490vZPmy7ppEk2qCnCieBooFJ+YoXGYB+yg= github.com/sony/gobreaker v0.5.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= +github.com/sony/gobreaker v1.0.0 h1:feX5fGGXSl3dYd4aHZItw+FpHLvvoaqkawKjVNiFMNQ= +github.com/sony/gobreaker v1.0.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= @@ -481,8 +481,8 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= -github.com/xanzy/go-gitlab v0.103.0 h1:J9pTQoq0GsEFqzd6srCM1QfdfKAxSNz6mT6ntrpNF2w= -github.com/xanzy/go-gitlab v0.103.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.104.0 h1:YDuuaTrNdHMuBW+FagO/W4dHvAQOqpCf2pMB45ATbog= +github.com/xanzy/go-gitlab v0.104.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -507,8 +507,8 @@ go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= -go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw= -go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= +go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= +go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= @@ -630,8 +630,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= -golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -696,8 +696,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -706,8 +706,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -721,8 +721,9 @@ golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -808,8 +809,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.176.1 h1:DJSXnV6An+NhJ1J+GWtoF2nHEuqB1VNoTfnIbjNvwD4= -google.golang.org/api v0.176.1/go.mod h1:j2MaSDYcvYV1lkZ1+SMW4IeF90SrEyFA+tluDYWRrFg= +google.golang.org/api v0.177.0 h1:8a0p/BbPa65GlqGWtUKxot4p0TV8OGOfyTjtmkXNXmk= +google.golang.org/api v0.177.0/go.mod h1:srbhue4MLjkjbkux5p3dw/ocYOSZTaIEvf7bCOnFQDw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -857,12 +858,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240415180920-8c6c420018be h1:g4aX8SUFA8V5F4LrSY5EclyGYw1OZN4HS1jTyjB9ZDc= -google.golang.org/genproto v0.0.0-20240415180920-8c6c420018be/go.mod h1:FeSdT5fk+lkxatqJP38MsUicGqHax5cLtmy/6TAuxO4= -google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be h1:Zz7rLWqp0ApfsR/l7+zSHhY3PMiH2xqgxlfYfAfNpoU= -google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be/go.mod h1:dvdCTIoAGbkWbcIKBniID56/7XHTt6WfxXNMxuziJ+w= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be h1:LG9vZxsWGOmUKieR8wPAUR3u3MpnYFQZROPIMaXh7/A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/genproto v0.0.0-20240429193739-8cf5692501f6 h1:MTmrc2F5TZKDKXigcZetYkH04YwqtOPEQJwh4PPOgfk= +google.golang.org/genproto v0.0.0-20240429193739-8cf5692501f6/go.mod h1:2ROWwqCIx97Y7CSyp11xB8fori0wzvD6+gbacaf5c8I= +google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6 h1:DTJM0R8LECCgFeUwApvcEJHz85HLagW8uRENYxHh1ww= +google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6/go.mod h1:10yRODfgim2/T8csjQsMPgZOMvtytXKTDRzH6HRGzRw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 h1:DujSIu+2tC9Ht0aPNA7jgj23Iq8Ewi5sgkQ++wdvonE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -897,8 +898,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4= +google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -938,15 +939,15 @@ k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 h1:Q8Z7VlGhcJgBHJHYugJ/K/7iB8a2eSxCyxdVjJp+lLY= -k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 h1:ao5hUqGhsqdm+bYbjH/pRkCs0unBGe9UyDahzs9zQzQ= -k8s.io/utils v0.0.0-20240423183400-0849a56e8f22/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= -sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/controller-runtime v0.18.1 h1:RpWbigmuiylbxOCLy0tGnq1cU1qWPwNIQzoJk+QeJx4= +sigs.k8s.io/controller-runtime v0.18.1/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/go.mod b/go.mod index d3c14c3d49c..b4f816dac9d 100644 --- a/go.mod +++ b/go.mod @@ -3,8 +3,8 @@ module github.com/external-secrets/external-secrets go 1.22.1 require ( - cloud.google.com/go/iam v1.1.7 - cloud.google.com/go/secretmanager v1.12.0 + cloud.google.com/go/iam v1.1.8 + cloud.google.com/go/secretmanager v1.13.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.23 @@ -17,34 +17,34 @@ require ( github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.51.30 + github.com/aws/aws-sdk-go v1.52.2 github.com/go-logr/logr v1.4.1 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 github.com/google/uuid v1.6.0 - github.com/googleapis/gax-go/v2 v2.12.3 + github.com/googleapis/gax-go/v2 v2.12.4 github.com/hashicorp/vault/api v1.13.0 github.com/hashicorp/vault/api/auth/approle v0.6.0 github.com/hashicorp/vault/api/auth/kubernetes v0.6.0 github.com/hashicorp/vault/api/auth/ldap v0.6.0 github.com/huandu/xstrings v1.4.0 // indirect github.com/onsi/ginkgo/v2 v2.17.2 - github.com/onsi/gomega v1.33.0 - github.com/oracle/oci-go-sdk/v65 v65.64.0 + github.com/onsi/gomega v1.33.1 + github.com/oracle/oci-go-sdk/v65 v65.65.0 github.com/prometheus/client_golang v1.19.0 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.0 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.1 - github.com/xanzy/go-gitlab v0.103.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240425114406-68c9b49389a1 - github.com/yandex-cloud/go-sdk v0.0.0-20240425115054-85caccb84041 + github.com/xanzy/go-gitlab v0.104.0 + github.com/yandex-cloud/go-genproto v0.0.0-20240502080826-5fa7aabf7673 + github.com/yandex-cloud/go-sdk v0.0.0-20240502081211-7639841896bb github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.22.0 - golang.org/x/oauth2 v0.19.0 - google.golang.org/api v0.176.1 - google.golang.org/genproto v0.0.0-20240415180920-8c6c420018be + golang.org/x/oauth2 v0.20.0 + google.golang.org/api v0.177.0 + google.golang.org/genproto v0.0.0-20240429193739-8cf5692501f6 google.golang.org/grpc v1.63.2 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -52,8 +52,8 @@ require ( k8s.io/apiextensions-apiserver v0.30.0 k8s.io/apimachinery v0.30.0 k8s.io/client-go v0.30.0 - k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 - sigs.k8s.io/controller-runtime v0.18.0 + k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 + sigs.k8s.io/controller-runtime v0.18.1 sigs.k8s.io/controller-tools v0.15.0 ) @@ -72,14 +72,14 @@ require ( github.com/alibabacloud-go/tea-utils/v2 v2.0.5 github.com/aliyun/credentials-go v1.3.3 github.com/avast/retry-go/v4 v4.6.0 - github.com/cyberark/conjur-api-go v0.11.1 + github.com/cyberark/conjur-api-go v0.11.2 github.com/fortanix/sdkms-client-go v0.4.0 github.com/go-openapi/strfmt v0.23.0 github.com/golang-jwt/jwt/v5 v5.2.1 github.com/hashicorp/golang-lru v1.0.2 github.com/hashicorp/vault/api/auth/aws v0.6.0 github.com/hashicorp/vault/api/auth/userpass v0.6.0 - github.com/keeper-security/secrets-manager-go/core v1.6.2 + github.com/keeper-security/secrets-manager-go/core v1.6.3 github.com/lestrrat-go/jwx/v2 v2.0.21 github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 github.com/passbolt/go-passbolt v0.7.0 @@ -121,16 +121,16 @@ require ( github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/charmbracelet/bubbles v0.18.0 // indirect - github.com/charmbracelet/bubbletea v0.25.0 // indirect + github.com/charmbracelet/bubbletea v0.26.1 // indirect github.com/charmbracelet/lipgloss v0.10.0 // indirect github.com/cheggaaa/pb v1.0.29 // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect github.com/cloudflare/circl v1.3.8 // indirect - github.com/containerd/console v1.0.4 // indirect - github.com/cyphar/filepath-securejoin v0.2.4 // indirect + github.com/cyphar/filepath-securejoin v0.2.5 // indirect github.com/danieljoos/wincred v1.2.1 // indirect github.com/djherbis/times v1.6.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect + github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/gabriel-vasile/mimetype v1.4.3 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect @@ -138,7 +138,7 @@ require ( github.com/go-git/go-git/v5 v5.12.0 // indirect github.com/go-jose/go-jose/v4 v4.0.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-playground/validator/v10 v10.19.0 // indirect + github.com/go-playground/validator/v10 v10.20.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.8.1 // indirect @@ -164,7 +164,7 @@ require ( github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.114.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.115.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect @@ -185,16 +185,16 @@ require ( go.opentelemetry.io/otel/metric v1.26.0 // indirect go.opentelemetry.io/otel/trace v1.26.0 // indirect golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect - k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 // indirect + k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect lukechampine.com/frand v1.4.2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) require ( - github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect @@ -233,7 +233,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect + github.com/google/pprof v0.0.0-20240430035430-e4905b036c4e // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -276,7 +276,7 @@ require ( github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect - github.com/sony/gobreaker v0.5.0 // indirect + github.com/sony/gobreaker v1.0.0 // indirect github.com/spf13/cast v1.6.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect @@ -289,13 +289,13 @@ require ( golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f golang.org/x/mod v0.17.0 // indirect golang.org/x/net v0.24.0 // indirect - golang.org/x/sys v0.19.0 // indirect - golang.org/x/term v0.19.0 // indirect - golang.org/x/text v0.14.0 // indirect + golang.org/x/sys v0.20.0 // indirect + golang.org/x/term v0.20.0 // indirect + golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.20.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/protobuf v1.33.0 // indirect + google.golang.org/protobuf v1.34.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 7796e2e1f8d..4e672ec6a9d 100644 --- a/go.sum +++ b/go.sum @@ -35,14 +35,14 @@ cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2Qx cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.7 h1:z4VHOhwKLF/+UYXAJDFwGtNF0b6gjsW1Pk9Ml0U/IoM= -cloud.google.com/go/iam v1.1.7/go.mod h1:J4PMPg8TtyurAUvSmPj8FF3EDgY1SPRZxcUGrn7WXGA= +cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0= +cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.12.0 h1:e5pIo/QEgiFiHPVJPxM5jbtUr4O/u5h2zLHYtkFQr24= -cloud.google.com/go/secretmanager v1.12.0/go.mod h1:Y1Gne3Ag+fZ2TDTiJc8ZJCMFbi7k1rYT4Rw30GXfvlk= +cloud.google.com/go/secretmanager v1.13.0 h1:nQ/Ca2Gzm/OEP8tr1hiFdHRi5wAnAmsm9qTjwkivyrQ= +cloud.google.com/go/secretmanager v1.13.0/go.mod h1:yWdfNmM2sLIiyv6RM6VqWKeBV7CdS0SO3ybxJJRhBEs= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -64,8 +64,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0 h1:sUFnFjzDUie80h24I7mrKtwCKgLY9L8h5Tp2x9+TWqk= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.6.0/go.mod h1:52JbnQTp15qg5mRkMBHwp0j0ZFwHJ42Sx3zVV5RE9p0= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0 h1:rTfKOCZGy5ViVrlA74ZPE99a+SgoEE2K/yg3RyW9dFA= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= @@ -208,8 +208,8 @@ github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZve github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.49.22/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go v1.51.30 h1:RVFkjn9P0JMwnuZCVH0TlV5k9zepHzlbc4943eZMhGw= -github.com/aws/aws-sdk-go v1.51.30/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.52.2 h1:l4g9wBXRBlvCtScvv4iLZCzLCtR7BFJcXOnOGQ20orw= +github.com/aws/aws-sdk-go v1.52.2/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -231,8 +231,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/charmbracelet/bubbles v0.18.0 h1:PYv1A036luoBGroX6VWjQIE9Syf2Wby2oOl/39KLfy0= github.com/charmbracelet/bubbles v0.18.0/go.mod h1:08qhZhtIwzgrtBjAcJnij1t1H0ZRjwHyGsy6AL11PSw= -github.com/charmbracelet/bubbletea v0.25.0 h1:bAfwk7jRz7FKFl9RzlIULPkStffg5k6pNt5dywy4TcM= -github.com/charmbracelet/bubbletea v0.25.0/go.mod h1:EN3QDR1T5ZdWmdfDzYcqOCAps45+QIJbLOBxmVNWNNg= +github.com/charmbracelet/bubbletea v0.26.1 h1:xujcQeF73rh4jwu3+zhfQsvV18x+7zIjlw7/CYbzGJ0= +github.com/charmbracelet/bubbletea v0.26.1/go.mod h1:FzKr7sKoO8iFVcdIBM9J0sJOcQv5nDQaYwsee3kpbgo= github.com/charmbracelet/lipgloss v0.10.0 h1:KWeXFSexGcfahHX+54URiZGkBFazf70JNMtwg/AFW3s= github.com/charmbracelet/lipgloss v0.10.0/go.mod h1:Wig9DSfvANsxqkRsqj6x87irdy123SR4dOXlKa91ciE= github.com/cheggaaa/pb v1.0.29 h1:FckUN5ngEk2LpvuG0fw1GEFx6LtyY2pWI/Z2QgCnEYo= @@ -252,16 +252,14 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/containerd/console v1.0.4 h1:F2g4+oChYvBTsASRTz8NP6iIAi97J3TtSAsLbIFn4ro= -github.com/containerd/console v1.0.4/go.mod h1:YynlIjWYF8myEu6sdkwKIvGQq+cOckRm6So2avqoYAk= github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= github.com/ctdk/goiardi v0.11.10/go.mod h1:Pr6Cj6Wsahw45myttaOEZeZ0LE7p1qzWmzgsBISkrNI= -github.com/cyberark/conjur-api-go v0.11.1 h1:vjaMkw0geJsA+ikMM6UDLg4VLFQWKo/B0i9IWlOQ1f0= -github.com/cyberark/conjur-api-go v0.11.1/go.mod h1:n1p46Hj9l8wkZjM17cVYdfcatyPboWyioLGlC0QszCs= -github.com/cyphar/filepath-securejoin v0.2.4 h1:Ugdm7cg7i6ZK6x3xDF1oEu1nfkyfH53EtKeQYTC3kyg= -github.com/cyphar/filepath-securejoin v0.2.4/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= +github.com/cyberark/conjur-api-go v0.11.2 h1:DEVtQdJznUyYcit+HikU5AQ1Lrvt82PEplz+fT4jv1M= +github.com/cyberark/conjur-api-go v0.11.2/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0sYHXTMehaqIV/GxY= +github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= +github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -274,7 +272,6 @@ github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/ github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c= github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= -github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= @@ -291,6 +288,8 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= +github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4= +github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= @@ -355,8 +354,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.19.0 h1:ol+5Fu+cSq9JD7SoSqe04GMI92cbn0+wvQ3bZ8b/AU4= -github.com/go-playground/validator/v10 v10.19.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= +github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8= +github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= @@ -457,8 +456,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 h1:k7nVchz72niMH6YLQNvHSdIE7iqsQxK1P41mySCvssg= -github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240430035430-e4905b036c4e h1:RsXNnXE59RTt8o3DcA+w7ICdRfR2l+Bb5aE0YMpNTO8= +github.com/google/pprof v0.0.0-20240430035430-e4905b036c4e/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -472,8 +471,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfF github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.12.3 h1:5/zPPDvw8Q1SuXjrqrZslrqT7dL/uJT2CQii/cLCKqA= -github.com/googleapis/gax-go/v2 v2.12.3/go.mod h1:AKloxT6GtNbaLm8QTNSidHUVsHYcBHwWRvkNFJUQcS4= +github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg= +github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= @@ -558,8 +557,8 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/keeper-security/secrets-manager-go/core v1.6.2 h1:bRZUJI/s5WwVbceSNlKyKqYuBNKkZCyNPH4lU2GYiF0= -github.com/keeper-security/secrets-manager-go/core v1.6.2/go.mod h1:dtlaeeds9+SZsbDAZnQRsDSqEAK9a62SYtqhNql+VgQ= +github.com/keeper-security/secrets-manager-go/core v1.6.3 h1:XEHZ8fQ2DFBISK80jWdHmzT56PFqEkXSkakqZxTD8zI= +github.com/keeper-security/secrets-manager-go/core v1.6.3/go.mod h1:dtlaeeds9+SZsbDAZnQRsDSqEAK9a62SYtqhNql+VgQ= github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= @@ -666,15 +665,15 @@ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= -github.com/onsi/gomega v1.33.0 h1:snPCflnZrpMsy94p4lXVEkHo12lmPnc3vY5XBbreexE= -github.com/onsi/gomega v1.33.0/go.mod h1:+925n5YtiFsLzzafLUHzVMBpvvRAzrydIBiSIxjX3wY= +github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= +github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/basictracer-go v1.1.0 h1:Oa1fTSBvAl8pa3U+IJYqrKm0NALwH9OsgwOqDv4xJW0= github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS69fQMD+MNP1mRs6mBQc= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.64.0 h1:tsoFQS8TC2RJ55RM9zBVN/aD8wC/BVV3kxyNn7qsMiQ= -github.com/oracle/oci-go-sdk/v65 v65.64.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.65.0 h1:DWUqWnycn2aUy+5rztpyQMtcEf/VgcVnDSRT+EzzzHU= +github.com/oracle/oci-go-sdk/v65 v65.65.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= @@ -703,8 +702,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.8.3 h1:myeDL6dD/mz34zZjCL8s7d/tWHBJYxfMxDCL11MHoqc= github.com/pulumi/esc v0.8.3/go.mod h1:v5VAPxYDa9DRwvubbzKt4ZYf5y0esWC2ccSp/AT923I= -github.com/pulumi/pulumi/sdk/v3 v3.114.0 h1:KPBSvm04wE2/AdS8PlABxZAW4o7pSAnar0QOooH13no= -github.com/pulumi/pulumi/sdk/v3 v3.114.0/go.mod h1:d6LZJHqEfpgXUd8rFSSsbaPJcocZObXeaUr87jbA5MY= +github.com/pulumi/pulumi/sdk/v3 v3.115.0 h1:5eOxbVfPgcNsKSkPpjFGW/6mEikGHQ2HRE65ongZ/dg= +github.com/pulumi/pulumi/sdk/v3 v3.115.0/go.mod h1:d6LZJHqEfpgXUd8rFSSsbaPJcocZObXeaUr87jbA5MY= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -749,8 +748,9 @@ github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= -github.com/sony/gobreaker v0.5.0 h1:dRCvqm0P490vZPmy7ppEk2qCnCieBooFJ+YoXGYB+yg= github.com/sony/gobreaker v0.5.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= +github.com/sony/gobreaker v1.0.0 h1:feX5fGGXSl3dYd4aHZItw+FpHLvvoaqkawKjVNiFMNQ= +github.com/sony/gobreaker v1.0.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= @@ -800,14 +800,14 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= -github.com/xanzy/go-gitlab v0.103.0 h1:J9pTQoq0GsEFqzd6srCM1QfdfKAxSNz6mT6ntrpNF2w= -github.com/xanzy/go-gitlab v0.103.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.104.0 h1:YDuuaTrNdHMuBW+FagO/W4dHvAQOqpCf2pMB45ATbog= +github.com/xanzy/go-gitlab v0.104.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/yandex-cloud/go-genproto v0.0.0-20240425114406-68c9b49389a1 h1:VDGcTxVXpQ6N2sKdKVzSrt1Rp6xm4thrCH5TeqMoWtY= -github.com/yandex-cloud/go-genproto v0.0.0-20240425114406-68c9b49389a1/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240425115054-85caccb84041 h1:CJFVkjTl0Jxgx7ha9rNgG4y7YCcZqCl1lZDkk8Kw3ac= -github.com/yandex-cloud/go-sdk v0.0.0-20240425115054-85caccb84041/go.mod h1:gf3YxmV6R09JmNxOQrfoeV8mRIXqr7EQ7Yh7sAG2UhA= +github.com/yandex-cloud/go-genproto v0.0.0-20240502080826-5fa7aabf7673 h1:N4xWIsknZx9pK0o7tJ8GGNj4JdHzGyN3y4g5fnpO9rw= +github.com/yandex-cloud/go-genproto v0.0.0-20240502080826-5fa7aabf7673/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240502081211-7639841896bb h1:neUOrst9RECDTfeCpjaFRrDY93vNpFsrhvb4cbYUPsg= +github.com/yandex-cloud/go-sdk v0.0.0-20240502081211-7639841896bb/go.mod h1:M54BPoNxIcDFSlTe0xHmDPCJVJmWxZp8MOIcjlINiL8= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 h1:tBiBTKHnIjovYoLX/TPkcf+OjqqKGQrPtGT3Foz+Pgo= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76/go.mod h1:SQliXeA7Dhkt//vS29v3zpbEwoa+zb2Cn5xj5uO4K5U= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -839,8 +839,8 @@ go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= -go.opentelemetry.io/otel/sdk v1.22.0 h1:6coWHw9xw7EfClIC/+O31R8IY3/+EiRFHevmHafB2Gw= -go.opentelemetry.io/otel/sdk v1.22.0/go.mod h1:iu7luyVGYovrRpe2fmj3CVKouQNdTOkxtLzPvPz1DOc= +go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= +go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= @@ -980,8 +980,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.19.0 h1:9+E/EZBCbTLNrbN35fHv/a/d/mOBatymz1zbtQrXpIg= -golang.org/x/oauth2 v0.19.0/go.mod h1:vYi7skDa1x015PmRRYZ7+s1cWyPgrPiSYRe4rnsexc8= +golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= +golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1048,6 +1048,7 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1066,8 +1067,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.19.0 h1:q5f1RH2jigJ1MoAWp2KTp3gm5zAGFUTarQZ5U386+4o= -golang.org/x/sys v0.19.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= +golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -1079,8 +1080,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= -golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= -golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= +golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= +golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1096,8 +1097,9 @@ golang.org/x/text v0.8.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= -golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= +golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1188,8 +1190,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.176.1 h1:DJSXnV6An+NhJ1J+GWtoF2nHEuqB1VNoTfnIbjNvwD4= -google.golang.org/api v0.176.1/go.mod h1:j2MaSDYcvYV1lkZ1+SMW4IeF90SrEyFA+tluDYWRrFg= +google.golang.org/api v0.177.0 h1:8a0p/BbPa65GlqGWtUKxot4p0TV8OGOfyTjtmkXNXmk= +google.golang.org/api v0.177.0/go.mod h1:srbhue4MLjkjbkux5p3dw/ocYOSZTaIEvf7bCOnFQDw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1239,12 +1241,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240415180920-8c6c420018be h1:g4aX8SUFA8V5F4LrSY5EclyGYw1OZN4HS1jTyjB9ZDc= -google.golang.org/genproto v0.0.0-20240415180920-8c6c420018be/go.mod h1:FeSdT5fk+lkxatqJP38MsUicGqHax5cLtmy/6TAuxO4= -google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be h1:Zz7rLWqp0ApfsR/l7+zSHhY3PMiH2xqgxlfYfAfNpoU= -google.golang.org/genproto/googleapis/api v0.0.0-20240415180920-8c6c420018be/go.mod h1:dvdCTIoAGbkWbcIKBniID56/7XHTt6WfxXNMxuziJ+w= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be h1:LG9vZxsWGOmUKieR8wPAUR3u3MpnYFQZROPIMaXh7/A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240415180920-8c6c420018be/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/genproto v0.0.0-20240429193739-8cf5692501f6 h1:MTmrc2F5TZKDKXigcZetYkH04YwqtOPEQJwh4PPOgfk= +google.golang.org/genproto v0.0.0-20240429193739-8cf5692501f6/go.mod h1:2ROWwqCIx97Y7CSyp11xB8fori0wzvD6+gbacaf5c8I= +google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6 h1:DTJM0R8LECCgFeUwApvcEJHz85HLagW8uRENYxHh1ww= +google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6/go.mod h1:10yRODfgim2/T8csjQsMPgZOMvtytXKTDRzH6HRGzRw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 h1:DujSIu+2tC9Ht0aPNA7jgj23Iq8Ewi5sgkQ++wdvonE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1283,8 +1285,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI= -google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4= +google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1337,10 +1339,10 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 h1:Q8Z7VlGhcJgBHJHYugJ/K/7iB8a2eSxCyxdVjJp+lLY= -k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98= -k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 h1:ao5hUqGhsqdm+bYbjH/pRkCs0unBGe9UyDahzs9zQzQ= -k8s.io/utils v0.0.0-20240423183400-0849a56e8f22/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= +k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= +k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= lukechampine.com/frand v1.4.2 h1:RzFIpOvkMXuPMBb9maa4ND4wjBn71E1Jpf8BzJHMaVw= lukechampine.com/frand v1.4.2/go.mod h1:4S/TM2ZgrKejMcKMbeLjISpJMO+/eZ1zu3vYX9dtj3s= pgregory.net/rapid v0.5.5 h1:jkgx1TjbQPD/feRoK+S/mXw9e1uj6WilpHrXJowi6oA= @@ -1348,8 +1350,8 @@ pgregory.net/rapid v0.5.5/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.18.0 h1:Z7jKuX784TQSUL1TIyeuF7j8KXZ4RtSX0YgtjKcSTME= -sigs.k8s.io/controller-runtime v0.18.0/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/controller-runtime v0.18.1 h1:RpWbigmuiylbxOCLy0tGnq1cU1qWPwNIQzoJk+QeJx4= +sigs.k8s.io/controller-runtime v0.18.1/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/controller-tools v0.15.0 h1:4dxdABXGDhIa68Fiwaif0vcu32xfwmgQ+w8p+5CxoAI= sigs.k8s.io/controller-tools v0.15.0/go.mod h1:8zUSS2T8Hx0APCNRhJWbS3CAQEbIxLa07khzh7pZmXM= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= From e7dc3a7cb6c094513a9a9ec47613b6f91c5c553f Mon Sep 17 00:00:00 2001 From: Gaston Festari Date: Fri, 10 May 2024 04:56:42 -0300 Subject: [PATCH 029/517] fix(helm): remove git merge pointers (#3467) The Helm function helper file contains a couple of merge pointers from #3420. Signed-off-by: Gaston Festari --- deploy/charts/external-secrets/templates/_helpers.tpl | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/deploy/charts/external-secrets/templates/_helpers.tpl b/deploy/charts/external-secrets/templates/_helpers.tpl index 2475b1145b7..d5eea075939 100644 --- a/deploy/charts/external-secrets/templates/_helpers.tpl +++ b/deploy/charts/external-secrets/templates/_helpers.tpl @@ -155,8 +155,6 @@ Determine the image to use, including if using a flavour. {{- end }} {{- end }} -<<<<<<< HEAD - {{/* Renders a complete tree, even values that contains template. */}} @@ -167,8 +165,8 @@ Renders a complete tree, even values that contains template. {{- tpl (.value | toYaml) .context }} {{- end }} {{- end -}} -======= -{{/* + +{{/* Return true if the OpenShift is the detected platform Usage: {{- include "external-secrets.isOpenShift" . -}} @@ -198,4 +196,3 @@ Render the securityContext based on the provided securityContext {{- end -}} {{- omit $adaptedContext "enabled" | toYaml -}} {{- end -}} ->>>>>>> 2218c78b (Methods for managing securityContext and OpenShift support) From 34444280bbffafad4415aa65f63acbf1fcc0f9c8 Mon Sep 17 00:00:00 2001 From: Michael Serchenia <76994369+mike-serchenia@users.noreply.github.com> Date: Fri, 10 May 2024 03:00:57 -0500 Subject: [PATCH 030/517] GitHub token gen doc (#3463) * added tempalte example for github token gen + doc Signed-off-by: Mike Serchenia * added tempalte example for github token gen + doc Signed-off-by: Mike Serchenia * build doc success, added github with template example Signed-off-by: Mike Serchenia --------- Signed-off-by: Mike Serchenia --- docs/api/generator/github.md | 54 +++++++++++++++++++ .../generator-github-example-basicauth.yaml | 26 +++++++++ docs/snippets/generator-github-example.yaml | 1 + hack/api-docs/mkdocs.yml | 1 + 4 files changed, 82 insertions(+) create mode 100644 docs/api/generator/github.md create mode 100644 docs/snippets/generator-github-example-basicauth.yaml diff --git a/docs/api/generator/github.md b/docs/api/generator/github.md new file mode 100644 index 00000000000..839cda17847 --- /dev/null +++ b/docs/api/generator/github.md @@ -0,0 +1,54 @@ +## GitHub App Authentication Documentation + +### 1. Register a GitHub App +To create a GitHub app, follow the instructions provided by GitHub: + +- **Visit**: [Registering a GitHub App](https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/registering-a-github-app#registering-a-github-app) +- **Procedure**: + - Fill in the necessary details for your app. + - Note the `App ID` provided after registration. + - At the bottom of the registration page, click on `Generate a private key`. Download and securely store this key. + +### 2. Store the Private Key +After generating your private key, you need to store it securely. If you are using Kubernetes, you can store it as a secret: + +```bash +kubectl create secret generic github-app-pem --from-file=key=path/to/your/private-key.pem +``` + +### 3. Set Permissions for the GitHub App +Configure the necessary permissions for your GitHub app depending on what actions it needs to perform: + +- **Visit**: [Choosing Permissions for a GitHub App](https://docs.github.com/en/apps/creating-github-apps/registering-a-github-app/choosing-permissions-for-a-github-app#choosing-permissions-for-rest-api-access) +- **Example**: + - For managing OCI images, set read and write permissions for packages. + +### 4. Install Your GitHub App +Install the GitHub app on your repository or organization to start using it: + +- **Visit**: [Installing Your Own GitHub App](https://docs.github.com/en/apps/using-github-apps/installing-your-own-github-app) + +### 5. Obtain an Installation ID +After installation, you need to get the installation ID to authenticate API requests: + +- **Visit**: [Generating an Installation Access Token for a GitHub App](https://docs.github.com/en/apps/creating-github-apps/authenticating-with-a-github-app/generating-an-installation-access-token-for-a-github-app#generating-an-installation-access-token) +- **Procedure**: + - Find the installation ID from the URL or API response. + +### Example Kubernetes Manifest for GitHub Access Token Generator + +```yaml +{% include 'generator-github.yaml' %} +``` + +```yaml +{% include 'generator-github-example.yaml' %} +``` + +```yaml +{% include 'generator-github-example-basicauth.yaml' %} +``` + +### Notes +- Ensure that all sensitive data such as private keys and IDs are securely handled and stored. +- Adjust the permissions and configurations according to your specific requirements and security policies. diff --git a/docs/snippets/generator-github-example-basicauth.yaml b/docs/snippets/generator-github-example-basicauth.yaml new file mode 100644 index 00000000000..0188efc53ca --- /dev/null +++ b/docs/snippets/generator-github-example-basicauth.yaml @@ -0,0 +1,26 @@ +{% raw %} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: github-auth-temaplate +spec: + dataFrom: + - sourceRef: + generatorRef: + apiVersion: generators.external-secrets.io/v1alpha1 + kind: GithubAccessToken + name: github-auth-token + refreshInterval: "15m" + target: + template: + metadata: + annotations: + tekton.dev/git-0: "https://github.com" + type: kubernetes.io/basic-auth + engineVersion: v2 + data: + username: "token" + password: "{{ .token }}" + name: github-auth-temaplate + +{% endraw %} diff --git a/docs/snippets/generator-github-example.yaml b/docs/snippets/generator-github-example.yaml index d409ea6bc50..d9bd6e20903 100644 --- a/docs/snippets/generator-github-example.yaml +++ b/docs/snippets/generator-github-example.yaml @@ -1,3 +1,4 @@ +--- apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index 294f93ecf1b..17367e81a22 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -62,6 +62,7 @@ nav: - Password: api/generator/password.md - Fake: api/generator/fake.md - Webhook: api/generator/webhook.md + - Github: api/generator/github.md - Reference Docs: - API specification: api/spec.md - Controller Options: api/controller-options.md From 10362430be44823055c47bb98af0769767945ea9 Mon Sep 17 00:00:00 2001 From: Halil Kaya Date: Fri, 10 May 2024 10:14:20 +0200 Subject: [PATCH 031/517] fix: add dnsPolicy to Deployment (#3457) Signed-off-by: Halil Kaya Co-authored-by: Halil Kaya --- deploy/charts/external-secrets/README.md | 1 + deploy/charts/external-secrets/templates/deployment.yaml | 1 + .../tests/__snapshot__/controller_test.yaml.snap | 1 + deploy/charts/external-secrets/values.yaml | 3 +++ 4 files changed, 6 insertions(+) diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index 13c67a966b6..f76866dc956 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -92,6 +92,7 @@ The command removes all the Kubernetes components associated with the chart and | createOperator | bool | `true` | Specifies whether an external secret operator deployment be created. | | deploymentAnnotations | object | `{}` | Annotations to add to Deployment | | dnsConfig | object | `{}` | Specifies `dnsOptions` to deployment | +| dnsPolicy | string | `"ClusterFirst"` | Specifies `dnsPolicy` to deployment | | extendedMetricLabels | bool | `false` | If true external secrets will use recommended kubernetes annotations as prometheus metric labels. | | extraArgs | object | `{}` | | | extraContainers | list | `[]` | | diff --git a/deploy/charts/external-secrets/templates/deployment.yaml b/deploy/charts/external-secrets/templates/deployment.yaml index 5c71d96db0c..7aed1670e45 100644 --- a/deploy/charts/external-secrets/templates/deployment.yaml +++ b/deploy/charts/external-secrets/templates/deployment.yaml @@ -110,6 +110,7 @@ spec: {{- if .Values.extraContainers }} {{ toYaml .Values.extraContainers | nindent 8}} {{- end }} + dnsPolicy: {{ .Values.dnsPolicy }} {{- if .Values.dnsConfig }} dnsConfig: {{- toYaml .Values.dnsConfig | nindent 8 }} diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index b2496364918..d4a746da62a 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -49,5 +49,6 @@ should match snapshot of default values: runAsUser: 1000 seccompProfile: type: RuntimeDefault + dnsPolicy: ClusterFirst hostNetwork: false serviceAccountName: RELEASE-NAME-external-secrets diff --git a/deploy/charts/external-secrets/values.yaml b/deploy/charts/external-secrets/values.yaml index bc795ceb553..f456ea48a26 100644 --- a/deploy/charts/external-secrets/values.yaml +++ b/deploy/charts/external-secrets/values.yaml @@ -510,6 +510,9 @@ certController: # cpu: 10m # memory: 32Mi +# -- Specifies `dnsPolicy` to deployment +dnsPolicy: ClusterFirst + # -- Specifies `dnsOptions` to deployment dnsConfig: {} From e929a6e33002d2d058868a3f53963987605d4685 Mon Sep 17 00:00:00 2001 From: Bob Du Date: Fri, 10 May 2024 18:35:53 +0800 Subject: [PATCH 032/517] Update .helmignore (#3472) * Update .helmignore Signed-off-by: Bob Du * Update .helmignore Signed-off-by: Bob Du --------- Signed-off-by: Bob Du --- deploy/charts/external-secrets/.helmignore | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/deploy/charts/external-secrets/.helmignore b/deploy/charts/external-secrets/.helmignore index 855edc3fbfb..8d99189ae34 100644 --- a/deploy/charts/external-secrets/.helmignore +++ b/deploy/charts/external-secrets/.helmignore @@ -24,3 +24,8 @@ # CRD README.md templates/crds/README.md + +ci/ +tests/ +README.md.gotmpl +.helmignore From 30f2f902cd76dbc3e74d8fadd688dfbd971a1962 Mon Sep 17 00:00:00 2001 From: Shuhei Kitagawa Date: Sat, 11 May 2024 20:30:25 +0900 Subject: [PATCH 033/517] Start reconciliation when a secret has changed (#3459) * Start reconciliation when a secret has changed Signed-off-by: shuheiktgw * Prolong the test timeout Signed-off-by: shuheiktgw * Use predicate.ResourceVersionChangedPredicate instead Signed-off-by: shuheiktgw --------- Signed-off-by: shuheiktgw --- .../externalsecret_controller.go | 49 ++++++++++++++++++- .../externalsecret_controller_test.go | 36 +++++++++++++- pkg/controllers/externalsecret/suite_test.go | 2 +- 3 files changed, 84 insertions(+), 3 deletions(-) diff --git a/pkg/controllers/externalsecret/externalsecret_controller.go b/pkg/controllers/externalsecret/externalsecret_controller.go index dbc0ac04e9a..e3864426a35 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller.go +++ b/pkg/controllers/externalsecret/externalsecret_controller.go @@ -36,6 +36,9 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" + "sigs.k8s.io/controller-runtime/pkg/handler" + "sigs.k8s.io/controller-runtime/pkg/predicate" + "sigs.k8s.io/controller-runtime/pkg/reconcile" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" // Metrics. @@ -73,6 +76,8 @@ const ( errPolicyMergePatch = "unable to patch secret %s: %w" ) +const externalSecretSecretNameKey = ".spec.target.name" + // Reconciler reconciles a ExternalSecret object. type Reconciler struct { client.Client @@ -628,9 +633,51 @@ func (r *Reconciler) computeDataHashAnnotation(existing, secret *v1.Secret) stri func (r *Reconciler) SetupWithManager(mgr ctrl.Manager, opts controller.Options) error { r.recorder = mgr.GetEventRecorderFor("external-secrets") + // Index .Spec.Target.Name to reconcile ExternalSecrets effectively when secrets have changed + if err := mgr.GetFieldIndexer().IndexField(context.Background(), &esv1beta1.ExternalSecret{}, externalSecretSecretNameKey, func(obj client.Object) []string { + es := obj.(*esv1beta1.ExternalSecret) + + if name := es.Spec.Target.Name; name != "" { + return []string{name} + } + return []string{es.Name} + }); err != nil { + return err + } + return ctrl.NewControllerManagedBy(mgr). WithOptions(opts). For(&esv1beta1.ExternalSecret{}). - Owns(&v1.Secret{}, builder.OnlyMetadata). + // Cannot use Owns since the controller does not set owner reference when creation policy is not Owner + Watches( + &v1.Secret{}, + handler.EnqueueRequestsFromMapFunc(r.findObjectsForSecret), + builder.WithPredicates(predicate.ResourceVersionChangedPredicate{}), + builder.OnlyMetadata, + ). Complete(r) } + +func (r *Reconciler) findObjectsForSecret(ctx context.Context, secret client.Object) []reconcile.Request { + var externalSecrets esv1beta1.ExternalSecretList + err := r.List( + ctx, + &externalSecrets, + client.InNamespace(secret.GetNamespace()), + client.MatchingFields{externalSecretSecretNameKey: secret.GetName()}, + ) + if err != nil { + return []reconcile.Request{} + } + + requests := make([]reconcile.Request, len(externalSecrets.Items)) + for i := range externalSecrets.Items { + requests[i] = reconcile.Request{ + NamespacedName: types.NamespacedName{ + Name: externalSecrets.Items[i].GetName(), + Namespace: externalSecrets.Items[i].GetNamespace(), + }, + } + } + return requests +} diff --git a/pkg/controllers/externalsecret/externalsecret_controller_test.go b/pkg/controllers/externalsecret/externalsecret_controller_test.go index e3c07848615..890847774c2 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_test.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_test.go @@ -50,7 +50,7 @@ var ( fakeProvider *fake.Client metric dto.Metric metricDuration dto.Metric - timeout = time.Second * 10 + timeout = time.Second * 20 interval = time.Millisecond * 250 ) @@ -468,6 +468,39 @@ var _ = Describe("ExternalSecret controller", Serial, func() { } } + mergeWithSecretUpdate := func(tc *testCase) { + const secretVal = "someValue" + tc.externalSecret.Spec.Target.CreationPolicy = esv1beta1.CreatePolicyMerge + tc.externalSecret.Spec.RefreshInterval = &metav1.Duration{Duration: time.Hour} + + Expect(k8sClient.Create(context.Background(), &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: ExternalSecretTargetSecretName, + Namespace: ExternalSecretNamespace, + }, + Data: map[string][]byte{ + existingKey: []byte(existingVal), + }, + }, client.FieldOwner(FakeManager))).To(Succeed()) + + fakeProvider.WithGetSecret([]byte(secretVal), nil) + tc.checkSecret = func(es *esv1beta1.ExternalSecret, secret *v1.Secret) { + // Overwrite the secret value to check if the change kicks reconciliation and overwrites it again + Expect(k8sClient.Update(context.Background(), &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: ExternalSecretTargetSecretName, + Namespace: ExternalSecretNamespace, + }, + Data: map[string][]byte{ + existingKey: []byte("differentValue"), + }, + }, client.FieldOwner(FakeManager))).To(Succeed()) + + Expect(string(secret.Data[existingKey])).To(Equal(existingVal)) + Expect(string(secret.Data[targetProp])).To(Equal(secretVal)) + } + } + // should not update if no changes mergeWithSecretNoChange := func(tc *testCase) { tc.externalSecret.Spec.Target.CreationPolicy = esv1beta1.CreatePolicyMerge @@ -2226,6 +2259,7 @@ var _ = Describe("ExternalSecret controller", Serial, func() { Entry("should removed outdated labels and annotations", removeOutdatedLabelsAnnotations), Entry("should set prometheus counters", checkPrometheusCounters), Entry("should merge with existing secret using creationPolicy=Merge", mergeWithSecret), + Entry("should kick reconciliation when secret changes using creationPolicy=Merge", mergeWithSecretUpdate), Entry("should error if secret doesn't exist when using creationPolicy=Merge", mergeWithSecretErr), Entry("should not resolve conflicts with creationPolicy=Merge", mergeWithConflict), Entry("should not update unchanged secret using creationPolicy=Merge", mergeWithSecretNoChange), diff --git a/pkg/controllers/externalsecret/suite_test.go b/pkg/controllers/externalsecret/suite_test.go index 8ed93d9dad5..801802230ab 100644 --- a/pkg/controllers/externalsecret/suite_test.go +++ b/pkg/controllers/externalsecret/suite_test.go @@ -90,7 +90,7 @@ var _ = BeforeSuite(func() { Expect(err).ToNot(HaveOccurred()) err = (&Reconciler{ - Client: k8sClient, + Client: k8sManager.GetClient(), RestConfig: cfg, Scheme: k8sManager.GetScheme(), Log: ctrl.Log.WithName("controllers").WithName("ExternalSecrets"), From 4b8b8788bf9bd4883b5cd5e63b986d2fe1da46ee Mon Sep 17 00:00:00 2001 From: Bob Du Date: Sat, 11 May 2024 22:03:08 +0800 Subject: [PATCH 034/517] Update getting-started.md (#3476) Signed-off-by: Bob Du --- docs/introduction/getting-started.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/introduction/getting-started.md b/docs/introduction/getting-started.md index 719a465813b..54bb9deabff 100644 --- a/docs/introduction/getting-started.md +++ b/docs/introduction/getting-started.md @@ -13,7 +13,7 @@ The default install options will automatically install and manage the CRDs as pa You can install those CRDs outside of `helm` using: ```bash -kubectl apply -k "https://github.com/external-secrets/external-secrets//config/crds/bases?ref=" +kubectl apply -k "https://raw.githubusercontent.com/external-secrets/external-secrets//deploy/crds/bundle.yaml" ``` Uncomment the relevant line in the next steps to disable the automatic install of CRDs. From 0abb3e9cc4e663a47cb755f95872c442728dd442 Mon Sep 17 00:00:00 2001 From: Luis Schweigard Date: Mon, 13 May 2024 13:40:50 +0200 Subject: [PATCH 035/517] Add support for Authentication against Azure Key Vault using Client Certificate (#3469) * Implementation of Certificate Based Authz against Azure Key Vault Signed-off-by: Luis Schweigard * Add tests for new Azure certificate auth functionality Signed-off-by: Luis Schweigard * Add documentation for Azure Cert based Auth Signed-off-by: Luis Schweigard * Generate spec.md Signed-off-by: Luis Schweigard * Add changes from code review Signed-off-by: Luis Schweigard * Fix naming in test error case Signed-off-by: Luis Schweigard --------- Signed-off-by: Luis Schweigard --- .../v1beta1/secretstore_azurekv_types.go | 4 + .../v1beta1/zz_generated.deepcopy.go | 5 + ...ternal-secrets.io_clustersecretstores.yaml | 19 +++ .../external-secrets.io_secretstores.yaml | 19 +++ deploy/crds/bundle.yaml | 34 +++++ docs/api/spec.md | 14 ++ docs/provider/azure-key-vault.md | 2 +- pkg/provider/azure/keyvault/keyvault.go | 126 +++++++++++++----- .../azure/keyvault/keyvault_auth_test.go | 116 +++++++++++++++- .../azure/keyvault/keyvault_certificate.go | 121 +++++++++++++++++ 10 files changed, 421 insertions(+), 39 deletions(-) create mode 100644 pkg/provider/azure/keyvault/keyvault_certificate.go diff --git a/apis/externalsecrets/v1beta1/secretstore_azurekv_types.go b/apis/externalsecrets/v1beta1/secretstore_azurekv_types.go index 333b7757a87..b94e347a34d 100644 --- a/apis/externalsecrets/v1beta1/secretstore_azurekv_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_azurekv_types.go @@ -99,4 +99,8 @@ type AzureKVAuth struct { // The Azure ClientSecret of the service principle used for authentication. // +optional ClientSecret *smmeta.SecretKeySelector `json:"clientSecret,omitempty"` + + // The Azure ClientCertificate of the service principle used for authentication. + // +optional + ClientCertificate *smmeta.SecretKeySelector `json:"clientCertificate,omitempty"` } diff --git a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go index 97259d5109e..db570a7635a 100644 --- a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go @@ -329,6 +329,11 @@ func (in *AzureKVAuth) DeepCopyInto(out *AzureKVAuth) { *out = new(metav1.SecretKeySelector) (*in).DeepCopyInto(*out) } + if in.ClientCertificate != nil { + in, out := &in.ClientCertificate, &out.ClientCertificate + *out = new(metav1.SecretKeySelector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AzureKVAuth. diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 11eac0c40c6..9963448fcda 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2144,6 +2144,25 @@ spec: with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service + principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index b4e19aaabea..e729615ee28 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2144,6 +2144,25 @@ spec: with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service + principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index f3fb0942a1f..3b90c0fd428 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -2665,6 +2665,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: @@ -8010,6 +8027,23 @@ spec: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: diff --git a/docs/api/spec.md b/docs/api/spec.md index 1efaa7d7fee..5897f49ebad 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -869,6 +869,20 @@ External Secrets meta/v1.SecretKeySelector

The Azure ClientSecret of the service principle used for authentication.

+ + +clientCertificate
+ + +External Secrets meta/v1.SecretKeySelector + + + + +(Optional) +

The Azure ClientCertificate of the service principle used for authentication.

+ +

AzureKVProvider diff --git a/docs/provider/azure-key-vault.md b/docs/provider/azure-key-vault.md index c7ba7f9ef46..5723f05839b 100644 --- a/docs/provider/azure-key-vault.md +++ b/docs/provider/azure-key-vault.md @@ -34,7 +34,7 @@ az keyvault set-policy --name kv-name-with-certs --object-id "$KUBELET_IDENTITY_ #### Service Principal key authentication -A service Principal client and Secret is created and the JSON keyfile is stored in a `Kind=Secret`. The `ClientID` and `ClientSecret` should be configured for the secret. This service principal should have proper access rights to the keyvault to be managed by the operator +A service Principal client and Secret is created and the JSON keyfile is stored in a `Kind=Secret`. The `ClientID` and `ClientSecret` or `ClientCertificate` (in PEM format) should be configured for the secret. This service principal should have proper access rights to the keyvault to be managed by the operator. #### Managed Identity authentication diff --git a/pkg/provider/azure/keyvault/keyvault.go b/pkg/provider/azure/keyvault/keyvault.go index 1f71f058ca6..5b98142d8b9 100644 --- a/pkg/provider/azure/keyvault/keyvault.go +++ b/pkg/provider/azure/keyvault/keyvault.go @@ -64,30 +64,32 @@ const ( AnnotationTenantID = "azure.workload.identity/tenant-id" managerLabel = "external-secrets" - errUnexpectedStoreSpec = "unexpected store spec" - errMissingAuthType = "cannot initialize Azure Client: no valid authType was specified" - errPropNotExist = "property %s does not exist in key %s" - errTagNotExist = "tag %s does not exist" - errUnknownObjectType = "unknown Azure Keyvault object Type for %s" - errUnmarshalJSONData = "error unmarshalling json data: %w" - errDataFromCert = "cannot get use dataFrom to get certificate secret" - errDataFromKey = "cannot get use dataFrom to get key secret" - errMissingTenant = "missing tenantID in store config" - errMissingClient = "missing clientID: either serviceAccountRef or service account annotation '%s' is missing" - errMissingSecretRef = "missing secretRef in provider config" - errMissingClientIDSecret = "missing accessKeyID/secretAccessKey in store config" - errMultipleClientID = "multiple clientID found. Check secretRef and serviceAccountRef" - errMultipleTenantID = "multiple tenantID found. Check secretRef, 'spec.provider.azurekv.tenantId', and serviceAccountRef" - errFindSecret = "could not find secret %s/%s: %w" - errFindDataKey = "no data for %q in secret '%s/%s'" - - errInvalidStore = "invalid store" - errInvalidStoreSpec = "invalid store spec" - errInvalidStoreProv = "invalid store provider" - errInvalidAzureProv = "invalid azure keyvault provider" - errInvalidSecRefClientID = "invalid AuthSecretRef.ClientID: %w" - errInvalidSecRefClientSecret = "invalid AuthSecretRef.ClientSecret: %w" - errInvalidSARef = "invalid ServiceAccountRef: %w" + errUnexpectedStoreSpec = "unexpected store spec" + errMissingAuthType = "cannot initialize Azure Client: no valid authType was specified" + errPropNotExist = "property %s does not exist in key %s" + errTagNotExist = "tag %s does not exist" + errUnknownObjectType = "unknown Azure Keyvault object Type for %s" + errUnmarshalJSONData = "error unmarshalling json data: %w" + errDataFromCert = "cannot get use dataFrom to get certificate secret" + errDataFromKey = "cannot get use dataFrom to get key secret" + errMissingTenant = "missing tenantID in store config" + errMissingClient = "missing clientID: either serviceAccountRef or service account annotation '%s' is missing" + errMissingSecretRef = "missing secretRef in provider config" + errMissingClientIDSecret = "missing accessKeyID/secretAccessKey in store config" + errInvalidClientCredentials = "both clientSecret and clientCredentials set" + errMultipleClientID = "multiple clientID found. Check secretRef and serviceAccountRef" + errMultipleTenantID = "multiple tenantID found. Check secretRef, 'spec.provider.azurekv.tenantId', and serviceAccountRef" + errFindSecret = "could not find secret %s/%s: %w" + errFindDataKey = "no data for %q in secret '%s/%s'" + + errInvalidStore = "invalid store" + errInvalidStoreSpec = "invalid store spec" + errInvalidStoreProv = "invalid store provider" + errInvalidAzureProv = "invalid azure keyvault provider" + errInvalidSecRefClientID = "invalid AuthSecretRef.ClientID: %w" + errInvalidSecRefClientSecret = "invalid AuthSecretRef.ClientSecret: %w" + errInvalidSecRefClientCertificate = "invalid AuthSecretRef.ClientCertificate: %w" + errInvalidSARef = "invalid ServiceAccountRef: %w" errMissingWorkloadEnvVars = "missing environment variables. AZURE_CLIENT_ID, AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE must be set" errReadTokenFile = "unable to read token file %s: %w" @@ -877,7 +879,7 @@ func (a *Azure) authorizerForWorkloadIdentity(ctx context.Context, tokenProvider } } } - // Check if spec.provider.azurekv.tenantId is set + // Check if spec.provider.azurekv.tenantID is set if tenantID == "" && a.provider.TenantID != nil { tenantID = *a.provider.TenantID } @@ -979,31 +981,81 @@ func (a *Azure) authorizerForServicePrincipal(ctx context.Context) (autorest.Aut if a.provider.AuthSecretRef == nil { return nil, fmt.Errorf(errMissingSecretRef) } - if a.provider.AuthSecretRef.ClientID == nil || a.provider.AuthSecretRef.ClientSecret == nil { + if a.provider.AuthSecretRef.ClientID == nil || (a.provider.AuthSecretRef.ClientSecret == nil && a.provider.AuthSecretRef.ClientCertificate == nil) { return nil, fmt.Errorf(errMissingClientIDSecret) } + if a.provider.AuthSecretRef.ClientSecret != nil && a.provider.AuthSecretRef.ClientCertificate != nil { + return nil, fmt.Errorf(errInvalidClientCredentials) + } + + return a.getAuthorizerFromCredentials(ctx) +} + +func (a *Azure) getAuthorizerFromCredentials(ctx context.Context) (autorest.Authorizer, error) { clientID, err := resolvers.SecretKeyRef( ctx, a.crClient, a.store.GetKind(), - a.namespace, a.provider.AuthSecretRef.ClientID) + a.namespace, a.provider.AuthSecretRef.ClientID, + ) + if err != nil { return nil, err } - clientSecret, err := resolvers.SecretKeyRef( - ctx, - a.crClient, - a.store.GetKind(), - a.namespace, a.provider.AuthSecretRef.ClientSecret) - if err != nil { - return nil, err + + if a.provider.AuthSecretRef.ClientSecret != nil { + clientSecret, err := resolvers.SecretKeyRef( + ctx, + a.crClient, + a.store.GetKind(), + a.namespace, a.provider.AuthSecretRef.ClientSecret, + ) + + if err != nil { + return nil, err + } + + return getAuthorizerForClientSecret( + clientID, + clientSecret, + *a.provider.TenantID, + a.provider.EnvironmentType, + ) + } else { + clientCertificate, err := resolvers.SecretKeyRef( + ctx, + a.crClient, + a.store.GetKind(), + a.namespace, a.provider.AuthSecretRef.ClientCertificate, + ) + + if err != nil { + return nil, err + } + + return getAuthorizerForClientCertificate( + clientID, + []byte(clientCertificate), + *a.provider.TenantID, + a.provider.EnvironmentType, + ) } - clientCredentialsConfig := kvauth.NewClientCredentialsConfig(clientID, clientSecret, *a.provider.TenantID) - clientCredentialsConfig.Resource = kvResourceForProviderConfig(a.provider.EnvironmentType) - clientCredentialsConfig.AADEndpoint = AadEndpointForType(a.provider.EnvironmentType) +} + +func getAuthorizerForClientSecret(clientID, clientSecret, tenantID string, environmentType esv1beta1.AzureEnvironmentType) (autorest.Authorizer, error) { + clientCredentialsConfig := kvauth.NewClientCredentialsConfig(clientID, clientSecret, tenantID) + clientCredentialsConfig.Resource = kvResourceForProviderConfig(environmentType) + clientCredentialsConfig.AADEndpoint = AadEndpointForType(environmentType) return clientCredentialsConfig.Authorizer() } +func getAuthorizerForClientCertificate(clientID string, certificateBytes []byte, tenantID string, environmentType esv1beta1.AzureEnvironmentType) (autorest.Authorizer, error) { + clientCertificateConfig := NewClientInMemoryCertificateConfig(clientID, certificateBytes, tenantID) + clientCertificateConfig.Resource = kvResourceForProviderConfig(environmentType) + clientCertificateConfig.AADEndpoint = AadEndpointForType(environmentType) + return clientCertificateConfig.Authorizer() +} + func (a *Azure) Close(_ context.Context) error { return nil } diff --git a/pkg/provider/azure/keyvault/keyvault_auth_test.go b/pkg/provider/azure/keyvault/keyvault_auth_test.go index 3952574de98..fb670b5daf0 100644 --- a/pkg/provider/azure/keyvault/keyvault_auth_test.go +++ b/pkg/provider/azure/keyvault/keyvault_auth_test.go @@ -37,6 +37,32 @@ import ( var vaultURL = "https://local.vault.url" +var mockCertificate = ` +-----BEGIN CERTIFICATE----- +MIICBzCCAbGgAwIBAgIUSoCD1fgywDbmeRaGrkYzGWUd1wMwDQYJKoZIhvcNAQEL +BQAwcTELMAkGA1UEBhMCQVoxGTAXBgNVBAgMEE1vY2sgQ2VydGlmaWNhdGUxMzAx +BgNVBAoMKkV4dGVybmFsIFNlY3JldHMgT3BlcmF0b3IgTW9jayBDZXJ0aWZpY2F0 +ZTESMBAGA1UEAwwJTW9jayBDZXJ0MB4XDTI0MDUwODA4NDkzMFoXDTI1MDUwODA4 +NDkzMFowcTELMAkGA1UEBhMCQVoxGTAXBgNVBAgMEE1vY2sgQ2VydGlmaWNhdGUx +MzAxBgNVBAoMKkV4dGVybmFsIFNlY3JldHMgT3BlcmF0b3IgTW9jayBDZXJ0aWZp +Y2F0ZTESMBAGA1UEAwwJTW9jayBDZXJ0MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJB +ALkU1YgMk1Dk149F/HsHA0TjzLwfDa9tT0cfqA1u0hoJkb2r9jdWUyiugGaEz/PU +TGWrvp8aiXPrGuu5Y6PY27ECAwEAAaMhMB8wHQYDVR0OBBYEFAMB0YwnYjUm00og +kGce8Yhr4I03MA0GCSqGSIb3DQEBCwUAA0EAr0BMs/3hIOdZc0WHZUCTZ0GGor3G +ViYUPHOw8z6UZGPGN6qiAejmkT6uP3LkkSW+7TIIQ1pkQxcn5xfFJXBexw== +-----END CERTIFICATE----- +-----BEGIN PRIVATE KEY----- +MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAuRTViAyTUOTXj0X8 +ewcDROPMvB8Nr21PRx+oDW7SGgmRvav2N1ZTKK6AZoTP89RMZau+nxqJc+sa67lj +o9jbsQIDAQABAkA35CnDpwCJykGqW5kuUeTT1fMK0FnioyDwuoeWXuQFxmB6Md89 ++ABxyjAt3nmwRRVBrVFdNibb9asR5KFHwn1NAiEA4NlrSnJrY1xODIjEXf0fLTwu +wpyUO1lX585OjYDiOYsCIQDSuP4ttH/1Hg3f9veEE4RgDEk+QcisrzF8q4Oa5sDP +MwIgfejiTtcR0ZsPza8Mn0EuIyuPV8VMsItQUWtSy6R/ig8CIQC86cBmNUXp+HGz +8fLg46ZvfVREjjFcLwwMmq83tdvxZQIgPAbezuRCrduH19xgMO8BXndS5DAovgvE +/MpQnEyQtVA= +-----END PRIVATE KEY----- +` + func TestNewClientManagedIdentityNoNeedForCredentials(t *testing.T) { namespace := "internal" identityID := "1234" @@ -405,7 +431,7 @@ func TestAuth(t *testing.T) { }, }, { - name: "correct cluster secret store", + name: "correct cluster secret store with ClientSecret", objects: []client.Object{&corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: "password", @@ -432,6 +458,94 @@ func TestAuth(t *testing.T) { }, }, }, + { + name: "bad config: both clientSecret and clientCredentials are configured", + expErr: "both clientSecret and clientCredentials set", + objects: []client.Object{&corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "password", + Namespace: "foo", + }, + Data: map[string][]byte{ + "id": []byte("foo"), + "certificate": []byte("bar"), + "secret": []byte("bar"), + }, + }}, + store: &esv1beta1.ClusterSecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.ClusterSecretStoreKind, + }, + Spec: esv1beta1.SecretStoreSpec{Provider: &esv1beta1.SecretStoreProvider{}}, + }, + provider: &esv1beta1.AzureKVProvider{ + AuthType: &authType, + VaultURL: &vaultURL, + TenantID: pointer.To("mytenant"), + AuthSecretRef: &esv1beta1.AzureKVAuth{ + ClientID: &v1.SecretKeySelector{Name: "password", Namespace: pointer.To("foo"), Key: "id"}, + ClientCertificate: &v1.SecretKeySelector{Name: "password", Namespace: pointer.To("foo"), Key: "certificate"}, + ClientSecret: &v1.SecretKeySelector{Name: "password", Namespace: pointer.To("foo"), Key: "secret"}, + }, + }, + }, + { + name: "bad config: no valid client certificate in pem file", + expErr: "failed to get oauth token from certificate auth: failed to decode certificate: no certificate found in PEM file", + objects: []client.Object{&corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "password", + Namespace: "foo", + }, + Data: map[string][]byte{ + "id": []byte("foo"), + "certificate": []byte("bar"), + }, + }}, + store: &esv1beta1.ClusterSecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.ClusterSecretStoreKind, + }, + Spec: esv1beta1.SecretStoreSpec{Provider: &esv1beta1.SecretStoreProvider{}}, + }, + provider: &esv1beta1.AzureKVProvider{ + AuthType: &authType, + VaultURL: &vaultURL, + TenantID: pointer.To("mytenant"), + AuthSecretRef: &esv1beta1.AzureKVAuth{ + ClientID: &v1.SecretKeySelector{Name: "password", Namespace: pointer.To("foo"), Key: "id"}, + ClientCertificate: &v1.SecretKeySelector{Name: "password", Namespace: pointer.To("foo"), Key: "certificate"}, + }, + }, + }, + { + name: "correct configuration with certificate authentication", + objects: []client.Object{&corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "password", + Namespace: "foo", + }, + Data: map[string][]byte{ + "id": []byte("foo"), + "certificate": []byte(mockCertificate), + }, + }}, + store: &esv1beta1.ClusterSecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.ClusterSecretStoreKind, + }, + Spec: esv1beta1.SecretStoreSpec{Provider: &esv1beta1.SecretStoreProvider{}}, + }, + provider: &esv1beta1.AzureKVProvider{ + AuthType: &authType, + VaultURL: &vaultURL, + TenantID: pointer.To("mytenant"), + AuthSecretRef: &esv1beta1.AzureKVAuth{ + ClientID: &v1.SecretKeySelector{Name: "password", Namespace: pointer.To("foo"), Key: "id"}, + ClientCertificate: &v1.SecretKeySelector{Name: "password", Namespace: pointer.To("foo"), Key: "certificate"}, + }, + }, + }, } { t.Run(row.name, func(t *testing.T) { k8sClient := clientfake.NewClientBuilder().WithObjects(row.objects...).Build() diff --git a/pkg/provider/azure/keyvault/keyvault_certificate.go b/pkg/provider/azure/keyvault/keyvault_certificate.go new file mode 100644 index 00000000000..77788a6be50 --- /dev/null +++ b/pkg/provider/azure/keyvault/keyvault_certificate.go @@ -0,0 +1,121 @@ +// /* +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +// */ +package keyvault + +import ( + "crypto/rsa" + "crypto/x509" + "encoding/pem" + "errors" + "fmt" + + "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/adal" + "github.com/Azure/go-autorest/autorest/azure" +) + +// ClientInMemoryCertificateConfig struct includes a Certificate field to hold the certificate data as a byte slice. +type ClientInMemoryCertificateConfig struct { + ClientID string + Certificate []byte // Certificate data as a byte slice + TenantID string + AuxTenants []string + AADEndpoint string + Resource string +} + +func NewClientInMemoryCertificateConfig(clientID string, certificate []byte, tenantID string) ClientInMemoryCertificateConfig { + return ClientInMemoryCertificateConfig{ + ClientID: clientID, + Certificate: certificate, + TenantID: tenantID, + Resource: azure.PublicCloud.ResourceManagerEndpoint, + AADEndpoint: azure.PublicCloud.ActiveDirectoryEndpoint, + } +} + +// ServicePrincipalToken creates a adal.ServicePrincipalToken from client certificate using the certificate byte slice. +func (ccc ClientInMemoryCertificateConfig) ServicePrincipalToken() (*adal.ServicePrincipalToken, error) { + oauthConfig, err := adal.NewOAuthConfig(ccc.AADEndpoint, ccc.TenantID) + if err != nil { + return nil, err + } + // Use the byte slice directly instead of reading from a file + certificate, rsaPrivateKey, err := loadCertificateFromBytes(ccc.Certificate) + + if err != nil { + return nil, fmt.Errorf("failed to decode certificate: %w", err) + } + return adal.NewServicePrincipalTokenFromCertificate(*oauthConfig, ccc.ClientID, certificate, rsaPrivateKey, ccc.Resource) +} + +func loadCertificateFromBytes(certificateBytes []byte) (*x509.Certificate, *rsa.PrivateKey, error) { + var cert *x509.Certificate + var privateKey *rsa.PrivateKey + var err error + + // Extract certificate and private key + for { + block, rest := pem.Decode(certificateBytes) + if block == nil { + break + } + if block.Type == "CERTIFICATE" { + cert, err = x509.ParseCertificate(block.Bytes) + if err != nil { + return nil, nil, fmt.Errorf("failed to parse PEM certificate: %w", err) + } + } else { + privateKey, err = parsePrivateKey(block.Bytes) + if err != nil { + return nil, nil, fmt.Errorf("failed to extract private key from PEM certificate: %w", err) + } + } + certificateBytes = rest + } + + if cert == nil { + return nil, nil, errors.New("no certificate found in PEM file") + } + + if privateKey == nil { + return nil, nil, errors.New("no private key found in PEM file") + } + + return cert, privateKey, nil +} + +func parsePrivateKey(der []byte) (*rsa.PrivateKey, error) { + if key, err := x509.ParsePKCS1PrivateKey(der); err == nil { + return key, nil + } + if key, err := x509.ParsePKCS8PrivateKey(der); err == nil { + switch key := key.(type) { + case *rsa.PrivateKey: + return key, nil + default: + return nil, errors.New("found unknown private key type in PKCS#8 wrapping") + } + } + return nil, errors.New("failed to parse private key") +} + +// Implementation of the AuthorizerConfig interface. +func (ccc ClientInMemoryCertificateConfig) Authorizer() (autorest.Authorizer, error) { + spToken, err := ccc.ServicePrincipalToken() + if err != nil { + return nil, fmt.Errorf("failed to get oauth token from certificate auth: %w", err) + } + return autorest.NewBearerAuthorizer(spToken), nil +} From 7cd79962e3a811dd14a630642a99d8e24bd69d21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 08:41:57 -0300 Subject: [PATCH 036/517] chore(deps): bump golang from 1.22.2 to 1.22.3 (#3481) Bumps golang from 1.22.2 to 1.22.3. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.standalone | 2 +- tilt.debug.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index bb0e3fdee96..8858af87f18 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.22.2-alpine@sha256:cdc86d9f363e8786845bea2040312b4efa321b828acdeb26f393faa864d887b0 AS builder +FROM golang:1.22.3-alpine@sha256:2a882244fb51835ebbd8313bffee83775b0c076aaf56b497b43d8a4c72db65e1 AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index f3366ec7661..8a2b459ce28 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.2@sha256:d5302d40dc5fbbf38ec472d1848a9d2391a13f93293a6a5b0b87c99dc0eaa6ae +FROM golang:1.22.3@sha256:b1e05e2c918f52c59d39ce7d5844f73b2f4511f7734add8bb98c9ecdd4443365 WORKDIR / COPY ./bin/external-secrets /external-secrets From 047bf86ad364745ed3157887c600ae55d383a44b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 08:42:17 -0300 Subject: [PATCH 037/517] chore(deps): bump ubi8/ubi-minimal from `f30dbf7` to `2fa47fa` (#3482) Bumps ubi8/ubi-minimal from `f30dbf7` to `2fa47fa`. --- updated-dependencies: - dependency-name: ubi8/ubi-minimal dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.ubi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.ubi b/Dockerfile.ubi index 4c225ffc143..db713608e84 100644 --- a/Dockerfile.ubi +++ b/Dockerfile.ubi @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:f30dbf77b075215f6c827c269c073b5e0973e5cea8dacdf7ecb6a19c868f37f2 +FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:2fa47fa9df7b98e2776f447855699c01d06c3271b2d7259b8b314084580cf591 ARG TARGETOS ARG TARGETARCH COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets From d25b5ff422490489ecba8f20075a9fb17bf10253 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 13:39:03 -0300 Subject: [PATCH 038/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3483) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.21 to 9.5.22. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.21...9.5.22) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 369e5f80c07..ef2cf9526d5 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.0 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.21 +mkdocs-material==9.5.22 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.0 From 94c5f1e2346749d03b8a841a21f7e3836a999813 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 13:39:49 -0300 Subject: [PATCH 039/517] chore(deps): bump golang from 1.22.2-bookworm to 1.22.3-bookworm in /e2e (#3485) Bumps golang from 1.22.2-bookworm to 1.22.3-bookworm. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 7a5c5384b85..1ca2520eb5d 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.2-bookworm@sha256:d0902bacefdde1cf45528c098d14e55d78c107def8a22d148eabd71582d7a99f as builder +FROM golang:1.22.3-bookworm@sha256:6d71b7c3f884e7b9552bffa852d938315ecca843dcc75a86ee7000567da0923d as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From 5f3a048700cafd876766b93a3f82ddb596c9aa5b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 13:40:37 -0300 Subject: [PATCH 040/517] chore(deps): bump actions/checkout from 4.1.4 to 4.1.5 (#3487) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.4 to 4.1.5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/0ad4b8fadaa221de15dcec353f45205ec38ea70b...44c2b7a8a4ea60a981eaca3cf939b5f4305c123b) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- .github/workflows/dlc.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/e2e-managed.yml | 2 +- .github/workflows/e2e.yml | 4 ++-- .github/workflows/helm.yml | 4 ++-- .github/workflows/publish.yml | 4 ++-- .github/workflows/rebuild-image.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- .github/workflows/update-deps.yml | 4 ++-- 11 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e3e685743b4..d2c2969b11f 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Setup Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Setup Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -100,7 +100,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Fetch History run: git fetch --prune --unshallow diff --git a/.github/workflows/dlc.yml b/.github/workflows/dlc.yml index a8caed74f88..6960993c277 100644 --- a/.github/workflows/dlc.yml +++ b/.github/workflows/dlc.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout Code" - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: "Run FOSSA Scan" uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # main diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index fe51332b4ef..c7ecc999128 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -15,7 +15,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 diff --git a/.github/workflows/e2e-managed.yml b/.github/workflows/e2e-managed.yml index 7e225f314d6..d6bacb5159e 100644 --- a/.github/workflows/e2e-managed.yml +++ b/.github/workflows/e2e-managed.yml @@ -64,7 +64,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test-managed checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: ref: 'refs/pull/${{ env.GITHUB_PR_NUMBER }}/merge' diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 6db72f15b18..007e5f599ba 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -58,7 +58,7 @@ jobs: steps: - name: Branch based PR checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Fetch History run: git fetch --prune --unshallow @@ -77,7 +77,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge' diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index a5964ebccfe..5b2a3ac7a65 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index cd06cb0948b..810267c0a5d 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -50,7 +50,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: ref: ${{ inputs.ref }} @@ -140,7 +140,7 @@ jobs: needs: build-publish steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 - name: Sign image if: env.IS_FORK == 'false' uses: ./.github/actions/sign diff --git a/.github/workflows/rebuild-image.yml b/.github/workflows/rebuild-image.yml index 681ce252ca0..7f5bc8e65a0 100644 --- a/.github/workflows/rebuild-image.yml +++ b/.github/workflows/rebuild-image.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index fbba647984a..7856a5272ac 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 ref: ${{ github.event.inputs.source_ref }} @@ -71,7 +71,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 94bf8699d4d..fa9a2c1b2d6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -20,7 +20,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: persist-credentials: false diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index 6cf724dfda0..af0d5c87181 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} @@ -52,7 +52,7 @@ jobs: with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.PRIVATE_KEY }} - - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4 + - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 with: token: ${{ steps.generate_token.outputs.token }} ref: ${{ matrix.branch }} From b4cb0efefe7d111538271ded26a34be1bddcf7e1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 13:41:03 -0300 Subject: [PATCH 041/517] chore(deps): bump github/codeql-action from 3.25.3 to 3.25.4 (#3488) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.3 to 3.25.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/d39d31e687223d841ef683f52467bd88e9b21c14...ccf74c947955fd1cf117aef6a0e4e66191ef6f61) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index fa9a2c1b2d6..936075cfcf9 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 + uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 with: sarif_file: results.sarif From 56810016c316a2ba707c010e9dc4a8820d92d5ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 13:41:23 -0300 Subject: [PATCH 042/517] chore(deps): bump aquasecurity/trivy-action from 0.19.0 to 0.20.0 (#3489) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.19.0 to 0.20.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/d710430a6722f083d3b36b8339ff66b32f22ee55...b2933f565dbc598b29947660e66259e3c7bc8561) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 810267c0a5d..393169998ca 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -126,7 +126,7 @@ jobs: run: make docker.build - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@d710430a6722f083d3b36b8339ff66b32f22ee55 # master + uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # master with: image-ref: ${{ inputs.image-name }}:${{ steps.container_info.outputs.image-tag }} format: 'table' From bc2f3f5c57e971a9daf68971b06637467d133cbf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 13:41:41 -0300 Subject: [PATCH 043/517] chore(deps): bump softprops/action-gh-release from 2.0.4 to 2.0.5 (#3490) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.4 to 2.0.5. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/9d7c94cfd0a1f3ed45544c887983e9fa900f0564...69320dbe05506a9a39fc8ae11030b214ec2d1f87) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7856a5272ac..05201a38a39 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: ref: ${{ github.event.inputs.source_ref }} - name: Create Release - uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4 + uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5 with: tag_name: ${{ github.event.inputs.version }} target_commitish: ${{ github.event.inputs.source_ref }} @@ -113,7 +113,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Update Release - uses: softprops/action-gh-release@9d7c94cfd0a1f3ed45544c887983e9fa900f0564 # v2.0.4 + uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5 with: tag_name: ${{ github.event.inputs.version }} files: | From 7253e348383ba00998e184bb235e2fc63f809f8d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 18:03:12 -0300 Subject: [PATCH 044/517] chore(deps): bump regex from 2024.4.28 to 2024.5.10 in /hack/api-docs (#3484) Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2024.4.28 to 2024.5.10. - [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt) - [Commits](https://github.com/mrabarnett/mrab-regex/compare/2024.4.28...2024.5.10) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index ef2cf9526d5..2532c4abf40 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -31,7 +31,7 @@ pymdown-extensions==10.8.1 python-dateutil==2.9.0.post0 PyYAML==6.0.1 pyyaml_env_tag==0.1 -regex==2024.4.28 +regex==2024.5.10 requests==2.31.0 six==1.16.0 termcolor==2.4.0 From e059562c4f9c8e7ee62450c69d88f151d397efdb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 18:03:32 -0300 Subject: [PATCH 045/517] chore(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3 (#3486) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/0864cf19026789058feabb7e87baa5f140aac736...dc50aa9510b46c811795eb24b2f1ba02a914e534) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 936075cfcf9..9973d77adef 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1 + uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 with: results_file: results.sarif results_format: sarif From 90266e35d8f1dc518c1b9fa7a80eba34dc4c1d94 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 13 May 2024 19:49:55 -0300 Subject: [PATCH 046/517] chore: update dependencies (#3491) * update dependencies Signed-off-by: External Secrets Operator * bump go module for CVEs Signed-off-by: Gustavo Carvalho * missing e2e Signed-off-by: Gustavo Carvalho --------- Signed-off-by: External Secrets Operator Signed-off-by: Gustavo Carvalho Co-authored-by: External Secrets Operator Co-authored-by: Gustavo Fernandes de Carvalho --- e2e/go.mod | 42 +++++++++---------- e2e/go.sum | 81 ++++++++++++++++++------------------ go.mod | 60 ++++++++++++--------------- go.sum | 118 +++++++++++++++++++++++------------------------------ 4 files changed, 140 insertions(+), 161 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index ecb8e5ca253..eb7505b4836 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -1,6 +1,6 @@ module github.com/external-secrets/external-secrets-e2e -go 1.22.1 +go 1.22.3 replace github.com/external-secrets/external-secrets => ../ @@ -44,39 +44,39 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.52.2 - github.com/cyberark/conjur-api-go v0.11.2 + github.com/aws/aws-sdk-go v1.53.0 + github.com/cyberark/conjur-api-go v0.11.4 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 github.com/fluxcd/pkg/apis/meta v1.2.0 github.com/fluxcd/source-controller/api v1.2.3 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/hashicorp/vault/api v1.13.0 - github.com/onsi/ginkgo/v2 v2.17.2 + github.com/onsi/ginkgo/v2 v2.17.3 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.65.0 + github.com/oracle/oci-go-sdk/v65 v65.65.1 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.26 - github.com/xanzy/go-gitlab v0.104.0 + github.com/xanzy/go-gitlab v0.105.0 golang.org/x/oauth2 v0.20.0 - google.golang.org/api v0.177.0 + google.golang.org/api v0.180.0 k8s.io/api v0.30.0 k8s.io/apiextensions-apiserver v0.30.0 k8s.io/apimachinery v0.30.0 k8s.io/client-go v1.5.2 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 - sigs.k8s.io/controller-runtime v0.18.1 + sigs.k8s.io/controller-runtime v0.18.2 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/auth v0.3.0 // indirect + cloud.google.com/go/auth v0.4.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect cloud.google.com/go/iam v1.1.8 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect @@ -122,7 +122,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240430035430-e4905b036c4e // indirect + github.com/google/pprof v0.0.0-20240509144519-723abb6459b7 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect @@ -131,7 +131,7 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.5 // indirect + github.com/hashicorp/go-retryablehttp v0.7.6 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect @@ -162,7 +162,7 @@ require ( github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.19.0 // indirect + github.com/prometheus/client_golang v1.19.1 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.53.0 // indirect github.com/prometheus/procfs v0.14.0 // indirect @@ -184,21 +184,21 @@ require ( go.opentelemetry.io/otel v1.26.0 // indirect go.opentelemetry.io/otel/metric v1.26.0 // indirect go.opentelemetry.io/otel/trace v1.26.0 // indirect - golang.org/x/crypto v0.22.0 // indirect - golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f // indirect - golang.org/x/net v0.24.0 // indirect + golang.org/x/crypto v0.23.0 // indirect + golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect + golang.org/x/net v0.25.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.20.0 // indirect golang.org/x/term v0.20.0 // indirect golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.20.0 // indirect + golang.org/x/tools v0.21.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240429193739-8cf5692501f6 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 // indirect + google.golang.org/genproto v0.0.0-20240509183442-62759503f434 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240509183442-62759503f434 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240509183442-62759503f434 // indirect google.golang.org/grpc v1.63.2 // indirect - google.golang.org/protobuf v1.34.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 855723dbc51..27fb15482cf 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.112.2 h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw= cloud.google.com/go v0.112.2/go.mod h1:iEqjp//KquGIJV/m+Pk3xecgKNhV+ry+vVTsy4TbDms= -cloud.google.com/go/auth v0.3.0 h1:PRyzEpGfx/Z9e8+lHsbkoUVXD0gnu4MNmm7Gp8TQNIs= -cloud.google.com/go/auth v0.3.0/go.mod h1:lBv6NKTWp8E3LPzmO1TbiiRKc4drLOfHsgmlH9ogv5w= +cloud.google.com/go/auth v0.4.1 h1:Z7YNIhlWRtrnKlZke7z3GMqzvuYzdc2z98F9D1NV5Hg= +cloud.google.com/go/auth v0.4.1/go.mod h1:QVBuVEKpCn4Zp58hzRGvL0tjRGU0YqdRTdCHM1IHnro= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -60,8 +60,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0 h1:rTfKOCZGy5ViVrlA74ZPE99a+SgoEE2K/yg3RyW9dFA= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= @@ -114,8 +114,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.52.2 h1:l4g9wBXRBlvCtScvv4iLZCzLCtR7BFJcXOnOGQ20orw= -github.com/aws/aws-sdk-go v1.52.2/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.53.0 h1:MMo1x1ggPPxDfHMXJnQudTbGXYlD4UigUAud1DJxPVo= +github.com/aws/aws-sdk-go v1.53.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -132,8 +132,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cyberark/conjur-api-go v0.11.2 h1:DEVtQdJznUyYcit+HikU5AQ1Lrvt82PEplz+fT4jv1M= -github.com/cyberark/conjur-api-go v0.11.2/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0sYHXTMehaqIV/GxY= +github.com/cyberark/conjur-api-go v0.11.4 h1:s2bbeJhb+Szosqjr4DX3BaQiZEsKKAFhn35TRqZeLIY= +github.com/cyberark/conjur-api-go v0.11.4/go.mod h1:WjXCREpdXyU69k5ZwYQMA3k+VkPwMznr22fKSMD5OUE= github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -285,8 +285,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240430035430-e4905b036c4e h1:RsXNnXE59RTt8o3DcA+w7ICdRfR2l+Bb5aE0YMpNTO8= -github.com/google/pprof v0.0.0-20240430035430-e4905b036c4e/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240509144519-723abb6459b7 h1:velgFPYr1X9TDwLIfkV7fWqsFlf7TeP11M/7kPd/dVI= +github.com/google/pprof v0.0.0-20240509144519-723abb6459b7/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -310,13 +310,12 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= -github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= +github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc= @@ -404,14 +403,14 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= -github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/ginkgo/v2 v2.17.3 h1:oJcvKpIb7/8uLpDDtnQuf18xVnwKp8DTD7DQ6gTd/MU= +github.com/onsi/ginkgo/v2 v2.17.3/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.65.0 h1:DWUqWnycn2aUy+5rztpyQMtcEf/VgcVnDSRT+EzzzHU= -github.com/oracle/oci-go-sdk/v65 v65.65.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.65.1 h1:sv7uD844tJGa2Vc+2KaByoXQ0FllZDGV/2+9MdxN6nA= +github.com/oracle/oci-go-sdk/v65 v65.65.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -419,8 +418,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= -github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= @@ -481,8 +480,8 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= -github.com/xanzy/go-gitlab v0.104.0 h1:YDuuaTrNdHMuBW+FagO/W4dHvAQOqpCf2pMB45ATbog= -github.com/xanzy/go-gitlab v0.104.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.105.0 h1:3nyLq0ESez0crcaM19o5S//SvezOQguuIHZ3wgX64hM= +github.com/xanzy/go-gitlab v0.105.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -533,8 +532,8 @@ golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -545,8 +544,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY= -golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -615,8 +614,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -779,8 +778,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= -golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -809,8 +808,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.177.0 h1:8a0p/BbPa65GlqGWtUKxot4p0TV8OGOfyTjtmkXNXmk= -google.golang.org/api v0.177.0/go.mod h1:srbhue4MLjkjbkux5p3dw/ocYOSZTaIEvf7bCOnFQDw= +google.golang.org/api v0.180.0 h1:M2D87Yo0rGBPWpo1orwfCLehUUL6E7/TYe5gvMQWDh4= +google.golang.org/api v0.180.0/go.mod h1:51AiyoEg1MJPSZ9zvklA8VnRILPXxn1iVen9v25XHAE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -858,12 +857,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240429193739-8cf5692501f6 h1:MTmrc2F5TZKDKXigcZetYkH04YwqtOPEQJwh4PPOgfk= -google.golang.org/genproto v0.0.0-20240429193739-8cf5692501f6/go.mod h1:2ROWwqCIx97Y7CSyp11xB8fori0wzvD6+gbacaf5c8I= -google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6 h1:DTJM0R8LECCgFeUwApvcEJHz85HLagW8uRENYxHh1ww= -google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6/go.mod h1:10yRODfgim2/T8csjQsMPgZOMvtytXKTDRzH6HRGzRw= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 h1:DujSIu+2tC9Ht0aPNA7jgj23Iq8Ewi5sgkQ++wdvonE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/genproto v0.0.0-20240509183442-62759503f434 h1:+PQKEGakpJad0y8bF9UJlgg4dO2U5H+cydccJNjzkww= +google.golang.org/genproto v0.0.0-20240509183442-62759503f434/go.mod h1:i4np6Wrjp8EujFAUn0CM0SH+iZhY1EbrfzEIJbFkHFM= +google.golang.org/genproto/googleapis/api v0.0.0-20240509183442-62759503f434 h1:OpXbo8JnN8+jZGPrL4SSfaDjSCjupr8lXyBAbexEm/U= +google.golang.org/genproto/googleapis/api v0.0.0-20240509183442-62759503f434/go.mod h1:FfiGhwUm6CJviekPrc0oJ+7h29e+DmWU6UtjX0ZvI7Y= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240509183442-62759503f434 h1:umK/Ey0QEzurTNlsV3R+MfxHAb78HCEX/IkuR+zH4WQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240509183442-62759503f434/go.mod h1:I7Y+G38R2bu5j1aLzfFmQfTcU/WnFuqDwLZAbvKTKpM= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -898,8 +897,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4= -google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -946,8 +945,8 @@ k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.18.1 h1:RpWbigmuiylbxOCLy0tGnq1cU1qWPwNIQzoJk+QeJx4= -sigs.k8s.io/controller-runtime v0.18.1/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= +sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/go.mod b/go.mod index b4f816dac9d..6dac2d017a4 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/external-secrets/external-secrets -go 1.22.1 +go 1.22.3 require ( cloud.google.com/go/iam v1.1.8 @@ -10,14 +10,14 @@ require ( github.com/Azure/go-autorest/autorest/adal v0.9.23 github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 - github.com/IBM/go-sdk-core/v5 v5.17.0 + github.com/IBM/go-sdk-core/v5 v5.17.2 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/sprig/v3 v3.2.3 github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.52.2 + github.com/aws/aws-sdk-go v1.53.0 github.com/go-logr/logr v1.4.1 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 @@ -28,23 +28,23 @@ require ( github.com/hashicorp/vault/api/auth/kubernetes v0.6.0 github.com/hashicorp/vault/api/auth/ldap v0.6.0 github.com/huandu/xstrings v1.4.0 // indirect - github.com/onsi/ginkgo/v2 v2.17.2 + github.com/onsi/ginkgo/v2 v2.17.3 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.65.0 - github.com/prometheus/client_golang v1.19.0 + github.com/oracle/oci-go-sdk/v65 v65.65.1 + github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.0 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.1 - github.com/xanzy/go-gitlab v0.104.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240502080826-5fa7aabf7673 - github.com/yandex-cloud/go-sdk v0.0.0-20240502081211-7639841896bb + github.com/xanzy/go-gitlab v0.105.0 + github.com/yandex-cloud/go-genproto v0.0.0-20240513082302-2e0a3cd8443b + github.com/yandex-cloud/go-sdk v0.0.0-20240513082658-e33b8a503812 github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.22.0 + golang.org/x/crypto v0.23.0 golang.org/x/oauth2 v0.20.0 - google.golang.org/api v0.177.0 - google.golang.org/genproto v0.0.0-20240429193739-8cf5692501f6 + google.golang.org/api v0.180.0 + google.golang.org/genproto v0.0.0-20240509183442-62759503f434 google.golang.org/grpc v1.63.2 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -53,7 +53,7 @@ require ( k8s.io/apimachinery v0.30.0 k8s.io/client-go v0.30.0 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 - sigs.k8s.io/controller-runtime v0.18.1 + sigs.k8s.io/controller-runtime v0.18.2 sigs.k8s.io/controller-tools v0.15.0 ) @@ -66,13 +66,13 @@ require ( github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.6 - github.com/alibabacloud-go/kms-20160120/v3 v3.1.3 + github.com/alibabacloud-go/kms-20160120/v3 v3.2.0 github.com/alibabacloud-go/openapi-util v0.1.0 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.5 github.com/aliyun/credentials-go v1.3.3 github.com/avast/retry-go/v4 v4.6.0 - github.com/cyberark/conjur-api-go v0.11.2 + github.com/cyberark/conjur-api-go v0.11.4 github.com/fortanix/sdkms-client-go v0.4.0 github.com/go-openapi/strfmt v0.23.0 github.com/golang-jwt/jwt/v5 v5.2.1 @@ -93,7 +93,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.3.0 // indirect + cloud.google.com/go/auth v0.4.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect dario.cat/mergo v1.0.0 // indirect @@ -104,13 +104,7 @@ require ( github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/alessio/shellescape v1.4.2 // indirect - github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.4 // indirect github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect - github.com/alibabacloud-go/darabonba-array v0.1.0 // indirect - github.com/alibabacloud-go/darabonba-encode-util v0.0.2 // indirect - github.com/alibabacloud-go/darabonba-map v0.0.2 // indirect - github.com/alibabacloud-go/darabonba-signature-util v0.0.7 // indirect - github.com/alibabacloud-go/darabonba-string v1.0.2 // indirect github.com/alibabacloud-go/debug v1.0.0 // indirect github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect github.com/alibabacloud-go/tea-utils v1.4.5 // indirect @@ -121,7 +115,7 @@ require ( github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/charmbracelet/bubbles v0.18.0 // indirect - github.com/charmbracelet/bubbletea v0.26.1 // indirect + github.com/charmbracelet/bubbletea v0.26.2 // indirect github.com/charmbracelet/lipgloss v0.10.0 // indirect github.com/cheggaaa/pb v1.0.29 // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect @@ -164,7 +158,7 @@ require ( github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.115.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.116.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect @@ -185,8 +179,8 @@ require ( go.opentelemetry.io/otel/metric v1.26.0 // indirect go.opentelemetry.io/otel/trace v1.26.0 // indirect golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240509183442-62759503f434 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240509183442-62759503f434 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect lukechampine.com/frand v1.4.2 // indirect @@ -194,7 +188,7 @@ require ( ) require ( - github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect @@ -233,13 +227,13 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240430035430-e4905b036c4e // indirect + github.com/google/pprof v0.0.0-20240509144519-723abb6459b7 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.5 + github.com/hashicorp/go-retryablehttp v0.7.6 github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect @@ -286,16 +280,16 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f + golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.24.0 // indirect + golang.org/x/net v0.25.0 // indirect golang.org/x/sys v0.20.0 // indirect golang.org/x/term v0.20.0 // indirect golang.org/x/text v0.15.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.20.0 // indirect + golang.org/x/tools v0.21.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/protobuf v1.34.0 // indirect + google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 4e672ec6a9d..1b93ac674f6 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.112.2 h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw= cloud.google.com/go v0.112.2/go.mod h1:iEqjp//KquGIJV/m+Pk3xecgKNhV+ry+vVTsy4TbDms= -cloud.google.com/go/auth v0.3.0 h1:PRyzEpGfx/Z9e8+lHsbkoUVXD0gnu4MNmm7Gp8TQNIs= -cloud.google.com/go/auth v0.3.0/go.mod h1:lBv6NKTWp8E3LPzmO1TbiiRKc4drLOfHsgmlH9ogv5w= +cloud.google.com/go/auth v0.4.1 h1:Z7YNIhlWRtrnKlZke7z3GMqzvuYzdc2z98F9D1NV5Hg= +cloud.google.com/go/auth v0.4.1/go.mod h1:QVBuVEKpCn4Zp58hzRGvL0tjRGU0YqdRTdCHM1IHnro= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -64,8 +64,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0 h1:rTfKOCZGy5ViVrlA74ZPE99a+SgoEE2K/yg3RyW9dFA= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.7.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= @@ -102,8 +102,8 @@ github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59Bp github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2/go.mod h1:tNlpIXJlIwQlRbobXDPme4qv/Rc8+a1GbuUhE3m4JhQ= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= -github.com/IBM/go-sdk-core/v5 v5.17.0 h1:J/8by7r70JmCYqXL/NHFcgpneFAqv16oKMtif+syA14= -github.com/IBM/go-sdk-core/v5 v5.17.0/go.mod h1:GatGZpxlo1KaxiRN6E10/rNgWtUtx1hN/GoHSCaSPKA= +github.com/IBM/go-sdk-core/v5 v5.17.2 h1:MyFCUPYqcNUQIx9d9srq9znMEZcvu6X3DOGIPjegP8o= +github.com/IBM/go-sdk-core/v5 v5.17.2/go.mod h1:GatGZpxlo1KaxiRN6E10/rNgWtUtx1hN/GoHSCaSPKA= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 h1:xa9e+POVqaXxXHXkSMCOVAbKdUNEu86jQmo5hcpd+L4= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4/go.mod h1:5gq8D8uWOIbqOm1uztay6lpOysgJaxxEsaVZLWGWb40= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -144,38 +144,24 @@ github.com/akeylesslabs/akeyless-go/v3 v3.6.3 h1:fMF8SMDiBL9CufVjLUyF1Z+Z04t5CC3 github.com/akeylesslabs/akeyless-go/v3 v3.6.3/go.mod h1:xcSXQWFRzKupIPCFRd9/mFYW0lHnDnWVvMD/pQ0x7sU= github.com/alessio/shellescape v1.4.2 h1:MHPfaU+ddJ0/bYWpgIeUnQUqKrlJ1S7BfEYPM4uEoM0= github.com/alessio/shellescape v1.4.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= -github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.4 h1:KFhE49hRMIl+i3NUB3NNTlVi+TPnQxGoeJ8S4HUEC+Q= -github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.4/go.mod h1:ppRyTMegTC+9W6kVXwolCfP9beqnVUq9pC7h3EE/Igs= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 h1:iC9YFYKDGEy3n/FtqJnOkZsene9olVspKmkX5A2YBEo= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= -github.com/alibabacloud-go/darabonba-array v0.1.0 h1:vR8s7b1fWAQIjEjWnuF0JiKsCvclSRTfDzZHTYqfufY= -github.com/alibabacloud-go/darabonba-array v0.1.0/go.mod h1:BLKxr0brnggqOJPqT09DFJ8g3fsDshapUD3C3aOEFaI= -github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC2NG0Ax+GpOM5gtupki31XE= -github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F4PKuMgEUETNZasrDM6vqVr/Can7H8= -github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc= -github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.6 h1:y1K+zKhpWcxso8zqI03CcYuwgyZPFwQdwAQOXAeuOVM= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.6/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= -github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg= -github.com/alibabacloud-go/darabonba-signature-util v0.0.7/go.mod h1:oUzCYV2fcCH797xKdL6BDH8ADIHlzrtKVjeRtunBNTQ= -github.com/alibabacloud-go/darabonba-string v1.0.2 h1:E714wms5ibdzCqGeYJ9JCFywE5nDyvIXIIQbZVFkkqo= -github.com/alibabacloud-go/darabonba-string v1.0.2/go.mod h1:93cTfV3vuPhhEwGGpKKqhVW4jLe7tDpo3LUM0i0g6mA= github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68/go.mod h1:6pb/Qy8c+lqua8cFpEy7g39NRRqOWc3rOwAy8m5Y2BY= github.com/alibabacloud-go/debug v1.0.0 h1:3eIEQWfay1fB24PQIEzXAswlVJtdQok8f3EVN5VrBnA= github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc= github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9GQdZO3mcSUTUy8= github.com/alibabacloud-go/endpoint-util v1.1.1/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= -github.com/alibabacloud-go/kms-20160120/v3 v3.1.3 h1:DJfmRHjsyRmRFB7q2N9g2+wym4qxZixnsxHfiI4UhtQ= -github.com/alibabacloud-go/kms-20160120/v3 v3.1.3/go.mod h1:3gJSRZ2CKrDdUGXIfv+pTWLE2mav3b2ASlqmN4jPU7A= +github.com/alibabacloud-go/kms-20160120/v3 v3.2.0 h1:BJ/eoHB9baVwdpe+nrhKd+bSOPpu4k4IcwAP23QCeng= +github.com/alibabacloud-go/kms-20160120/v3 v3.2.0/go.mod h1:WBWpcZZGFhtfoMVHwznMWIB7KDQBezp+CwuHEzdlS0M= github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY= github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= github.com/alibabacloud-go/tea v1.1.0/go.mod h1:IkGyUSX4Ba1V+k4pCtJUc6jDpZLFph9QMy2VUPTwukg= github.com/alibabacloud-go/tea v1.1.7/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= github.com/alibabacloud-go/tea v1.1.8/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= -github.com/alibabacloud-go/tea v1.1.11/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= github.com/alibabacloud-go/tea v1.1.17/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A= -github.com/alibabacloud-go/tea v1.1.20/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A= github.com/alibabacloud-go/tea v1.2.1/go.mod h1:qbzof29bM/IFhLMtJPrgTGK3eauV5J2wSyEUo4OEmnA= github.com/alibabacloud-go/tea v1.2.2 h1:aTsR6Rl3ANWPfqeQugPglfurloyBJY85eFy7Gc1+8oU= github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZLAQdpmpXMgwk= @@ -208,8 +194,8 @@ github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZve github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.49.22/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go v1.52.2 h1:l4g9wBXRBlvCtScvv4iLZCzLCtR7BFJcXOnOGQ20orw= -github.com/aws/aws-sdk-go v1.52.2/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.53.0 h1:MMo1x1ggPPxDfHMXJnQudTbGXYlD4UigUAud1DJxPVo= +github.com/aws/aws-sdk-go v1.53.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -231,8 +217,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/charmbracelet/bubbles v0.18.0 h1:PYv1A036luoBGroX6VWjQIE9Syf2Wby2oOl/39KLfy0= github.com/charmbracelet/bubbles v0.18.0/go.mod h1:08qhZhtIwzgrtBjAcJnij1t1H0ZRjwHyGsy6AL11PSw= -github.com/charmbracelet/bubbletea v0.26.1 h1:xujcQeF73rh4jwu3+zhfQsvV18x+7zIjlw7/CYbzGJ0= -github.com/charmbracelet/bubbletea v0.26.1/go.mod h1:FzKr7sKoO8iFVcdIBM9J0sJOcQv5nDQaYwsee3kpbgo= +github.com/charmbracelet/bubbletea v0.26.2 h1:Eeb+n75Om9gQ+I6YpbCXQRKHt5Pn4vMwusQpwLiEgJQ= +github.com/charmbracelet/bubbletea v0.26.2/go.mod h1:6I0nZ3YHUrQj7YHIHlM8RySX4ZIthTliMY+W8X8b+Gs= github.com/charmbracelet/lipgloss v0.10.0 h1:KWeXFSexGcfahHX+54URiZGkBFazf70JNMtwg/AFW3s= github.com/charmbracelet/lipgloss v0.10.0/go.mod h1:Wig9DSfvANsxqkRsqj6x87irdy123SR4dOXlKa91ciE= github.com/cheggaaa/pb v1.0.29 h1:FckUN5ngEk2LpvuG0fw1GEFx6LtyY2pWI/Z2QgCnEYo= @@ -256,8 +242,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= github.com/ctdk/goiardi v0.11.10/go.mod h1:Pr6Cj6Wsahw45myttaOEZeZ0LE7p1qzWmzgsBISkrNI= -github.com/cyberark/conjur-api-go v0.11.2 h1:DEVtQdJznUyYcit+HikU5AQ1Lrvt82PEplz+fT4jv1M= -github.com/cyberark/conjur-api-go v0.11.2/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0sYHXTMehaqIV/GxY= +github.com/cyberark/conjur-api-go v0.11.4 h1:s2bbeJhb+Szosqjr4DX3BaQiZEsKKAFhn35TRqZeLIY= +github.com/cyberark/conjur-api-go v0.11.4/go.mod h1:WjXCREpdXyU69k5ZwYQMA3k+VkPwMznr22fKSMD5OUE= github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= @@ -456,8 +442,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240430035430-e4905b036c4e h1:RsXNnXE59RTt8o3DcA+w7ICdRfR2l+Bb5aE0YMpNTO8= -github.com/google/pprof v0.0.0-20240430035430-e4905b036c4e/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240509144519-723abb6459b7 h1:velgFPYr1X9TDwLIfkV7fWqsFlf7TeP11M/7kPd/dVI= +github.com/google/pprof v0.0.0-20240509144519-723abb6459b7/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -491,8 +477,8 @@ github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHh github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= -github.com/hashicorp/go-retryablehttp v0.7.5 h1:bJj+Pj19UZMIweq/iie+1u5YCdGrnxCT9yvm0e+Nd5M= -github.com/hashicorp/go-retryablehttp v0.7.5/go.mod h1:Jy/gPYAdjqffZ/yFGCFV2doI5wjtH1ewM9u8iYVjtX8= +github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= +github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg= @@ -663,8 +649,8 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.17.2 h1:7eMhcy3GimbsA3hEnVKdw/PQM9XN9krpKVXsZdph0/g= -github.com/onsi/ginkgo/v2 v2.17.2/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/ginkgo/v2 v2.17.3 h1:oJcvKpIb7/8uLpDDtnQuf18xVnwKp8DTD7DQ6gTd/MU= +github.com/onsi/ginkgo/v2 v2.17.3/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/basictracer-go v1.1.0 h1:Oa1fTSBvAl8pa3U+IJYqrKm0NALwH9OsgwOqDv4xJW0= @@ -672,8 +658,8 @@ github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS6 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.65.0 h1:DWUqWnycn2aUy+5rztpyQMtcEf/VgcVnDSRT+EzzzHU= -github.com/oracle/oci-go-sdk/v65 v65.65.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.65.1 h1:sv7uD844tJGa2Vc+2KaByoXQ0FllZDGV/2+9MdxN6nA= +github.com/oracle/oci-go-sdk/v65 v65.65.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= @@ -689,8 +675,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= -github.com/prometheus/client_golang v1.19.0 h1:ygXvpU1AoN1MhdzckN+PyD9QJOSD4x7kmXYlnfbA6JU= -github.com/prometheus/client_golang v1.19.0/go.mod h1:ZRM9uEAypZakd+q/x7+gmsvXdURP+DABIEIjnmDdp+k= +github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= +github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= @@ -702,8 +688,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.8.3 h1:myeDL6dD/mz34zZjCL8s7d/tWHBJYxfMxDCL11MHoqc= github.com/pulumi/esc v0.8.3/go.mod h1:v5VAPxYDa9DRwvubbzKt4ZYf5y0esWC2ccSp/AT923I= -github.com/pulumi/pulumi/sdk/v3 v3.115.0 h1:5eOxbVfPgcNsKSkPpjFGW/6mEikGHQ2HRE65ongZ/dg= -github.com/pulumi/pulumi/sdk/v3 v3.115.0/go.mod h1:d6LZJHqEfpgXUd8rFSSsbaPJcocZObXeaUr87jbA5MY= +github.com/pulumi/pulumi/sdk/v3 v3.116.0 h1:YleRAax7QHJjxYNODqgiRLvl8WmQVvp2AHgofKYUDGI= +github.com/pulumi/pulumi/sdk/v3 v3.116.0/go.mod h1:d6LZJHqEfpgXUd8rFSSsbaPJcocZObXeaUr87jbA5MY= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -800,14 +786,14 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= -github.com/xanzy/go-gitlab v0.104.0 h1:YDuuaTrNdHMuBW+FagO/W4dHvAQOqpCf2pMB45ATbog= -github.com/xanzy/go-gitlab v0.104.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.105.0 h1:3nyLq0ESez0crcaM19o5S//SvezOQguuIHZ3wgX64hM= +github.com/xanzy/go-gitlab v0.105.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/yandex-cloud/go-genproto v0.0.0-20240502080826-5fa7aabf7673 h1:N4xWIsknZx9pK0o7tJ8GGNj4JdHzGyN3y4g5fnpO9rw= -github.com/yandex-cloud/go-genproto v0.0.0-20240502080826-5fa7aabf7673/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240502081211-7639841896bb h1:neUOrst9RECDTfeCpjaFRrDY93vNpFsrhvb4cbYUPsg= -github.com/yandex-cloud/go-sdk v0.0.0-20240502081211-7639841896bb/go.mod h1:M54BPoNxIcDFSlTe0xHmDPCJVJmWxZp8MOIcjlINiL8= +github.com/yandex-cloud/go-genproto v0.0.0-20240513082302-2e0a3cd8443b h1:dVGX0V6GkBxfYgq3F4LB+k8QW9U+OdpaEdfd4ztzKeo= +github.com/yandex-cloud/go-genproto v0.0.0-20240513082302-2e0a3cd8443b/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240513082658-e33b8a503812 h1:gLo7wF5FNdnTf5HT70eqgYwU/eqRr3jLVftrw7LKlx0= +github.com/yandex-cloud/go-sdk v0.0.0-20240513082658-e33b8a503812/go.mod h1:1VId8ra1WVRwxujGrJea5CAGa38TG65hjlP9SfFkPN0= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 h1:tBiBTKHnIjovYoLX/TPkcf+OjqqKGQrPtGT3Foz+Pgo= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76/go.mod h1:SQliXeA7Dhkt//vS29v3zpbEwoa+zb2Cn5xj5uO4K5U= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -875,8 +861,8 @@ golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= -golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= -golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= +golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= +golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -887,8 +873,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f h1:99ci1mjWVBWwJiEKYY6jWa4d2nTQVIEhZIptnrVb1XY= -golang.org/x/exp v0.0.0-20240416160154-fe59bbe5cc7f/go.mod h1:/lliqkxwWAhPjf5oSOIJup2XcqJaw8RGS6k3TGEc7GI= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= +golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -965,8 +951,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= -golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= +golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= +golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1160,8 +1146,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.20.0 h1:hz/CVckiOxybQvFw6h7b/q80NTr9IUQb4s1IIzW7KNY= -golang.org/x/tools v0.20.0/go.mod h1:WvitBU7JJf6A4jOdg4S1tviW9bhUxkgeCui/0JHctQg= +golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= +golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1190,8 +1176,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.177.0 h1:8a0p/BbPa65GlqGWtUKxot4p0TV8OGOfyTjtmkXNXmk= -google.golang.org/api v0.177.0/go.mod h1:srbhue4MLjkjbkux5p3dw/ocYOSZTaIEvf7bCOnFQDw= +google.golang.org/api v0.180.0 h1:M2D87Yo0rGBPWpo1orwfCLehUUL6E7/TYe5gvMQWDh4= +google.golang.org/api v0.180.0/go.mod h1:51AiyoEg1MJPSZ9zvklA8VnRILPXxn1iVen9v25XHAE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1241,12 +1227,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240429193739-8cf5692501f6 h1:MTmrc2F5TZKDKXigcZetYkH04YwqtOPEQJwh4PPOgfk= -google.golang.org/genproto v0.0.0-20240429193739-8cf5692501f6/go.mod h1:2ROWwqCIx97Y7CSyp11xB8fori0wzvD6+gbacaf5c8I= -google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6 h1:DTJM0R8LECCgFeUwApvcEJHz85HLagW8uRENYxHh1ww= -google.golang.org/genproto/googleapis/api v0.0.0-20240429193739-8cf5692501f6/go.mod h1:10yRODfgim2/T8csjQsMPgZOMvtytXKTDRzH6HRGzRw= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6 h1:DujSIu+2tC9Ht0aPNA7jgj23Iq8Ewi5sgkQ++wdvonE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240429193739-8cf5692501f6/go.mod h1:WtryC6hu0hhx87FDGxWCDptyssuo68sk10vYjF+T9fY= +google.golang.org/genproto v0.0.0-20240509183442-62759503f434 h1:+PQKEGakpJad0y8bF9UJlgg4dO2U5H+cydccJNjzkww= +google.golang.org/genproto v0.0.0-20240509183442-62759503f434/go.mod h1:i4np6Wrjp8EujFAUn0CM0SH+iZhY1EbrfzEIJbFkHFM= +google.golang.org/genproto/googleapis/api v0.0.0-20240509183442-62759503f434 h1:OpXbo8JnN8+jZGPrL4SSfaDjSCjupr8lXyBAbexEm/U= +google.golang.org/genproto/googleapis/api v0.0.0-20240509183442-62759503f434/go.mod h1:FfiGhwUm6CJviekPrc0oJ+7h29e+DmWU6UtjX0ZvI7Y= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240509183442-62759503f434 h1:umK/Ey0QEzurTNlsV3R+MfxHAb78HCEX/IkuR+zH4WQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240509183442-62759503f434/go.mod h1:I7Y+G38R2bu5j1aLzfFmQfTcU/WnFuqDwLZAbvKTKpM= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1285,8 +1271,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.34.0 h1:Qo/qEd2RZPCf2nKuorzksSknv0d3ERwp1vFG38gSmH4= -google.golang.org/protobuf v1.34.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= +google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1350,8 +1336,8 @@ pgregory.net/rapid v0.5.5/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.18.1 h1:RpWbigmuiylbxOCLy0tGnq1cU1qWPwNIQzoJk+QeJx4= -sigs.k8s.io/controller-runtime v0.18.1/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= +sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= sigs.k8s.io/controller-tools v0.15.0 h1:4dxdABXGDhIa68Fiwaif0vcu32xfwmgQ+w8p+5CxoAI= sigs.k8s.io/controller-tools v0.15.0/go.mod h1:8zUSS2T8Hx0APCNRhJWbS3CAQEbIxLa07khzh7pZmXM= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= From b8f27d6b0a35ff0b6b8a1772799364e271bcd294 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho Date: Tue, 14 May 2024 04:47:29 -0300 Subject: [PATCH 047/517] bump 0.9.18 (#3492) Signed-off-by: Gustavo Carvalho --- deploy/charts/external-secrets/Chart.yaml | 4 ++-- deploy/charts/external-secrets/README.md | 2 +- .../__snapshot__/cert_controller_test.yaml.snap | 10 +++++----- .../__snapshot__/controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/crds_test.yaml.snap | 17 +++++++++++++++++ .../tests/__snapshot__/webhook_test.yaml.snap | 14 +++++++------- 6 files changed, 37 insertions(+), 20 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index 776fbae9e70..0018670273a 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.9.17" -appVersion: "v0.9.17" +version: "0.9.18" +appVersion: "v0.9.18" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index f76866dc956..29917cdea34 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.17](https://img.shields.io/badge/Version-0.9.17-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.18](https://img.shields.io/badge/Version-0.9.18-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 07121053f14..4a78cb37144 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.17 - helm.sh/chart: external-secrets-0.9.17 + app.kubernetes.io/version: v0.9.18 + helm.sh/chart: external-secrets-0.9.18 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.17 - helm.sh/chart: external-secrets-0.9.17 + app.kubernetes.io/version: v0.9.18 + helm.sh/chart: external-secrets-0.9.18 spec: automountServiceAccountToken: true containers: @@ -38,7 +38,7 @@ should match snapshot of default values: - --secret-namespace=NAMESPACE - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.17 + image: ghcr.io/external-secrets/external-secrets:v0.9.18 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index d4a746da62a..44cb87e3d56 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.17 - helm.sh/chart: external-secrets-0.9.17 + app.kubernetes.io/version: v0.9.18 + helm.sh/chart: external-secrets-0.9.18 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,15 +24,15 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.17 - helm.sh/chart: external-secrets-0.9.17 + app.kubernetes.io/version: v0.9.18 + helm.sh/chart: external-secrets-0.9.18 spec: automountServiceAccountToken: true containers: - args: - --concurrent=1 - --metrics-addr=:8080 - image: ghcr.io/external-secrets/external-secrets:v0.9.17 + image: ghcr.io/external-secrets/external-secrets:v0.9.18 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 36800fe363c..05d62c58ed6 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -2021,6 +2021,23 @@ should match snapshot of default values: authSecretRef: description: Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type. Optional for WorkloadIdentity. properties: + clientCertificate: + description: The Azure ClientCertificate of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object clientId: description: The Azure clientId of the service principle or managed identity used for authentication. properties: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 53eb6fb0a00..707b6189c96 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.17 - helm.sh/chart: external-secrets-0.9.17 + app.kubernetes.io/version: v0.9.18 + helm.sh/chart: external-secrets-0.9.18 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.17 - helm.sh/chart: external-secrets-0.9.17 + app.kubernetes.io/version: v0.9.18 + helm.sh/chart: external-secrets-0.9.18 spec: automountServiceAccountToken: true containers: @@ -37,7 +37,7 @@ should match snapshot of default values: - --check-interval=5m - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.17 + image: ghcr.io/external-secrets/external-secrets:v0.9.18 imagePullPolicy: IfNotPresent name: webhook ports: @@ -81,8 +81,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.17 + app.kubernetes.io/version: v0.9.18 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.9.17 + helm.sh/chart: external-secrets-0.9.18 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From 477945777d8cc969ed54854f34bef1c134fb748a Mon Sep 17 00:00:00 2001 From: Shuhei Kitagawa Date: Wed, 15 May 2024 00:43:56 +0900 Subject: [PATCH 048/517] Fix flaky ES controller test (#3493) Signed-off-by: shuheiktgw --- .../externalsecret/externalsecret_controller_test.go | 2 +- pkg/controllers/externalsecret/suite_test.go | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/pkg/controllers/externalsecret/externalsecret_controller_test.go b/pkg/controllers/externalsecret/externalsecret_controller_test.go index 890847774c2..fd74c08cd5b 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_test.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_test.go @@ -50,7 +50,7 @@ var ( fakeProvider *fake.Client metric dto.Metric metricDuration dto.Metric - timeout = time.Second * 20 + timeout = time.Second * 10 interval = time.Millisecond * 250 ) diff --git a/pkg/controllers/externalsecret/suite_test.go b/pkg/controllers/externalsecret/suite_test.go index 801802230ab..d99e0b1e583 100644 --- a/pkg/controllers/externalsecret/suite_test.go +++ b/pkg/controllers/externalsecret/suite_test.go @@ -21,6 +21,7 @@ import ( "time" "go.uber.org/zap/zapcore" + v1 "k8s.io/api/core/v1" "k8s.io/client-go/kubernetes/scheme" "k8s.io/client-go/rest" ctrl "sigs.k8s.io/controller-runtime" @@ -80,6 +81,11 @@ var _ = BeforeSuite(func() { Metrics: server.Options{ BindAddress: "0", // avoid port collision when testing }, + Client: client.Options{ + Cache: &client.CacheOptions{ + DisableFor: []client.Object{&v1.Secret{}, &v1.ConfigMap{}}, + }, + }, }) Expect(err).ToNot(HaveOccurred()) From b156e23743344246b6c44703109036dc7235cfa7 Mon Sep 17 00:00:00 2001 From: Shuhei Kitagawa Date: Fri, 17 May 2024 21:57:11 +0900 Subject: [PATCH 049/517] Raise error when unknown key specified in template (#3480) * Raise error when unknown key specified in template Signed-off-by: shuheiktgw * Update the template docs to clarify the new behavior with non-existing keys Signed-off-by: shuheiktgw --------- Signed-off-by: shuheiktgw --- docs/guides/templating-v1.md | 4 +++- docs/guides/templating.md | 4 +++- pkg/template/v1/template.go | 1 + pkg/template/v1/template_test.go | 8 ++++++++ pkg/template/v2/template.go | 1 + pkg/template/v2/template_test.go | 8 ++++++++ 6 files changed, 24 insertions(+), 2 deletions(-) diff --git a/docs/guides/templating-v1.md b/docs/guides/templating-v1.md index 914762318b9..82e3d5908e4 100644 --- a/docs/guides/templating-v1.md +++ b/docs/guides/templating-v1.md @@ -5,7 +5,9 @@ Templating Engine v1 is **deprecated** and will be removed in the future. Please migrate to engine v2 and take a look at our [upgrade guide](templating.md#migrating-from-v1) for changes. -With External Secrets Operator you can transform the data from the external secret provider before it is stored as `Kind=Secret`. You can do this with the `Spec.Target.Template`. Each data value is interpreted as a [golang template](https://golang.org/pkg/text/template/). +With External Secrets Operator you can transform the data from the external secret provider before it is stored as `Kind=Secret`. You can do this with the `Spec.Target.Template`. + +Each data value is interpreted as a [Go template](https://golang.org/pkg/text/template/). Please note that referencing a non-existing key in the template will raise an error, instead of being suppressed. ## Examples diff --git a/docs/guides/templating.md b/docs/guides/templating.md index 069f2c5d323..da9854766eb 100644 --- a/docs/guides/templating.md +++ b/docs/guides/templating.md @@ -1,6 +1,8 @@ # Advanced Templating v2 -With External Secrets Operator you can transform the data from the external secret provider before it is stored as `Kind=Secret`. You can do this with the `Spec.Target.Template`. Each data value is interpreted as a [golang template](https://golang.org/pkg/text/template/). +With External Secrets Operator you can transform the data from the external secret provider before it is stored as `Kind=Secret`. You can do this with the `Spec.Target.Template`. + +Each data value is interpreted as a [Go template](https://golang.org/pkg/text/template/). Please note that referencing a non-existing key in the template will raise an error, instead of being suppressed. !!! note diff --git a/pkg/template/v1/template.go b/pkg/template/v1/template.go index 28b90d9305a..59c17b6a24b 100644 --- a/pkg/template/v1/template.go +++ b/pkg/template/v1/template.go @@ -89,6 +89,7 @@ func Execute(tpl, data map[string][]byte, _ esapi.TemplateScope, _ esapi.Templat func execute(k, val string, data map[string][]byte) ([]byte, error) { t, err := tpl.New(k). + Option("missingkey=error"). Funcs(tplFuncs). Parse(val) if err != nil { diff --git a/pkg/template/v1/template_test.go b/pkg/template/v1/template_test.go index 2d5c645c853..0a1aa41a171 100644 --- a/pkg/template/v1/template_test.go +++ b/pkg/template/v1/template_test.go @@ -293,6 +293,14 @@ func TestExecute(t *testing.T) { data: map[string][]byte{}, expErr: "unable to parse template", }, + { + name: "unknown key error", + tpl: map[string][]byte{ + "key": []byte(`{{ .unknown }}`), + }, + data: map[string][]byte{}, + expErr: "unable to execute template at key key", + }, { name: "jwk rsa pub pem", tpl: map[string][]byte{ diff --git a/pkg/template/v2/template.go b/pkg/template/v2/template.go index e7684e61843..d0eea9956ec 100644 --- a/pkg/template/v2/template.go +++ b/pkg/template/v2/template.go @@ -139,6 +139,7 @@ func execute(k, val string, data map[string][]byte) ([]byte, error) { } t, err := tpl.New(k). + Option("missingkey=error"). Funcs(tplFuncs). Parse(val) if err != nil { diff --git a/pkg/template/v2/template_test.go b/pkg/template/v2/template_test.go index ac9fadd6296..7a15c83d75b 100644 --- a/pkg/template/v2/template_test.go +++ b/pkg/template/v2/template_test.go @@ -369,6 +369,14 @@ func TestExecute(t *testing.T) { data: map[string][]byte{}, expErr: "unable to parse template", }, + { + name: "unknown key error", + tpl: map[string][]byte{ + "key": []byte(`{{ .unknown }}`), + }, + data: map[string][]byte{}, + expErr: "unable to execute template at key key", + }, { name: "jwk rsa pub pem", tpl: map[string][]byte{ From 06e1342dcc9744b225dee73cfa19a58556ba01a8 Mon Sep 17 00:00:00 2001 From: Idan Adar Date: Tue, 21 May 2024 14:41:39 +0300 Subject: [PATCH 050/517] Update ci.yml with ppc64le arch support (#3500) Signed-off-by: Idan Adar --- .github/workflows/ci.yml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d2c2969b11f..7a1463a7178 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -145,18 +145,18 @@ jobs: include: - dockerfile: "Dockerfile" build-args: "CGO_ENABLED=0" - build-arch: "amd64 arm64 s390x" - build-platform: "linux/amd64,linux/arm64,linux/s390x" + build-arch: "amd64 arm64 s390x ppc64le" + build-platform: "linux/amd64,linux/arm64,linux/s390x,linux/ppc64le" tag-suffix: "" # distroless - dockerfile: "Dockerfile.ubi" build-args: "CGO_ENABLED=0" - build-arch: "amd64 arm64" - build-platform: "linux/amd64,linux/arm64" + build-arch: "amd64 arm64 ppc64le" + build-platform: "linux/amd64,linux/arm64,linux/ppc64le" tag-suffix: "-ubi" - dockerfile: "Dockerfile.ubi" build-args: "CGO_ENABLED=0 GOEXPERIMENT=boringcrypto" - build-arch: "amd64" - build-platform: "linux/amd64" + build-arch: "amd64 ppc64le" + build-platform: "linux/amd64,linux/ppc64le" tag-suffix: "-ubi-boringssl" with: dockerfile: ${{ matrix.dockerfile }} From 65cfcb393e6bea94542f25f559ef3bd02ca53288 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 15:13:31 +0200 Subject: [PATCH 051/517] chore(deps): bump regex from 2024.5.10 to 2024.5.15 in /hack/api-docs (#3512) Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2024.5.10 to 2024.5.15. - [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt) - [Commits](https://github.com/mrabarnett/mrab-regex/compare/2024.5.10...2024.5.15) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 2532c4abf40..496f531c9e4 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -31,7 +31,7 @@ pymdown-extensions==10.8.1 python-dateutil==2.9.0.post0 PyYAML==6.0.1 pyyaml_env_tag==0.1 -regex==2024.5.10 +regex==2024.5.15 requests==2.31.0 six==1.16.0 termcolor==2.4.0 From 77401add2f046249bc3145947779ff3c8a4b9ed0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 15:13:42 +0200 Subject: [PATCH 052/517] chore(deps): bump zipp from 3.18.1 to 3.18.2 in /hack/api-docs (#3511) Bumps [zipp](https://github.com/jaraco/zipp) from 3.18.1 to 3.18.2. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.18.1...v3.18.2) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 496f531c9e4..7c25ec75029 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -39,4 +39,4 @@ tornado==6.4 urllib3==2.2.1 verspec==0.1.0 watchdog==4.0.0 -zipp==3.18.1 +zipp==3.18.2 From a0e82be3421341df6dd72f44ed76864a6fda03ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 15:13:53 +0200 Subject: [PATCH 053/517] chore(deps): bump platformdirs from 4.2.1 to 4.2.2 in /hack/api-docs (#3510) Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/platformdirs/platformdirs/blob/main/CHANGES.rst) - [Commits](https://github.com/platformdirs/platformdirs/compare/4.2.1...4.2.2) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 7c25ec75029..6edaf63f289 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -25,7 +25,7 @@ packaging==24.0 paginate==0.5.6 pathspec==0.12.1 pep562==1.1 -platformdirs==4.2.1 +platformdirs==4.2.2 Pygments==2.18.0 pymdown-extensions==10.8.1 python-dateutil==2.9.0.post0 From bf79fabaecbbfd80ffa9212e4198788e6424da25 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 15:14:05 +0200 Subject: [PATCH 054/517] chore(deps): bump golang from `6d71b7c` to `5c56bd4` in /e2e (#3508) Bumps golang from `6d71b7c` to `5c56bd4`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 1ca2520eb5d..daff4c37fef 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.3-bookworm@sha256:6d71b7c3f884e7b9552bffa852d938315ecca843dcc75a86ee7000567da0923d as builder +FROM golang:1.22.3-bookworm@sha256:5c56bd47228dd572d8a82971cf1f946cd8bb1862a8ec6dc9f3d387cc94136976 as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From edea25830fc3293109286325d621b04fff1084d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 15:14:16 +0200 Subject: [PATCH 055/517] chore(deps): bump github/codeql-action from 3.25.4 to 3.25.5 (#3507) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.4 to 3.25.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ccf74c947955fd1cf117aef6a0e4e66191ef6f61...b7cec7526559c32f1616476ff32d17ba4c59b2d6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9973d77adef..a09e2da05f1 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ccf74c947955fd1cf117aef6a0e4e66191ef6f61 # v3.25.4 + uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 with: sarif_file: results.sarif From 4c1920804e704ffaba83bb7a7f428463c338a70a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 15:14:28 +0200 Subject: [PATCH 056/517] chore(deps): bump codecov/codecov-action from 4.3.1 to 4.4.0 (#3506) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.3.1 to 4.4.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/5ecb98a3c6b747ed38dc09f787459979aebb39be...6d798873df2b1b8e5846dba6fb86631229fbcb17) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7a1463a7178..f53bb036308 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -126,7 +126,7 @@ jobs: make test - name: Publish Unit Test Coverage - uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 + uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: From 055f6f1e178410da0301538ca5a5800e5492dd5b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 15:15:00 +0200 Subject: [PATCH 057/517] chore(deps): bump actions/checkout from 4.1.5 to 4.1.6 (#3505) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.5 to 4.1.6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/44c2b7a8a4ea60a981eaca3cf939b5f4305c123b...a5ac7e51b41094c92402da3b24376905380afc29) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- .github/workflows/dlc.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/e2e-managed.yml | 2 +- .github/workflows/e2e.yml | 4 ++-- .github/workflows/helm.yml | 4 ++-- .github/workflows/publish.yml | 4 ++-- .github/workflows/rebuild-image.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- .github/workflows/update-deps.yml | 4 ++-- 11 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f53bb036308..d6a615636cc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Setup Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -100,7 +100,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Fetch History run: git fetch --prune --unshallow diff --git a/.github/workflows/dlc.yml b/.github/workflows/dlc.yml index 6960993c277..cfcd096b012 100644 --- a/.github/workflows/dlc.yml +++ b/.github/workflows/dlc.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout Code" - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: "Run FOSSA Scan" uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # main diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index c7ecc999128..43c788af3b7 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -15,7 +15,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 diff --git a/.github/workflows/e2e-managed.yml b/.github/workflows/e2e-managed.yml index d6bacb5159e..dad55f21335 100644 --- a/.github/workflows/e2e-managed.yml +++ b/.github/workflows/e2e-managed.yml @@ -64,7 +64,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test-managed checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: 'refs/pull/${{ env.GITHUB_PR_NUMBER }}/merge' diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 007e5f599ba..e300816fb2a 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -58,7 +58,7 @@ jobs: steps: - name: Branch based PR checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Fetch History run: git fetch --prune --unshallow @@ -77,7 +77,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge' diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 5b2a3ac7a65..2560c0a8200 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 393169998ca..f92476ea808 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -50,7 +50,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: ref: ${{ inputs.ref }} @@ -140,7 +140,7 @@ jobs: needs: build-publish steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Sign image if: env.IS_FORK == 'false' uses: ./.github/actions/sign diff --git a/.github/workflows/rebuild-image.yml b/.github/workflows/rebuild-image.yml index 7f5bc8e65a0..aeffce0902c 100644 --- a/.github/workflows/rebuild-image.yml +++ b/.github/workflows/rebuild-image.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 05201a38a39..853b293b3e5 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ github.event.inputs.source_ref }} @@ -71,7 +71,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index a09e2da05f1..0913e260345 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -20,7 +20,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: persist-credentials: false diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index af0d5c87181..d1653c3c292 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} @@ -52,7 +52,7 @@ jobs: with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.PRIVATE_KEY }} - - uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5 + - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 with: token: ${{ steps.generate_token.outputs.token }} ref: ${{ matrix.branch }} From 649c9755e76933fd7d3ba4da1a9a284d814af8d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 15:15:27 +0200 Subject: [PATCH 058/517] chore(deps): bump golangci/golangci-lint-action from 5.3.0 to 6.0.1 (#3504) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 5.3.0 to 6.0.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/38e1018663fa5173f3968ea0777460d3de38f256...a4f60bb28d35aeee14e6880718e0c85ff1882e64) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d6a615636cc..357069e4225 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -59,7 +59,7 @@ jobs: run: go mod download - name: Lint - uses: golangci/golangci-lint-action@38e1018663fa5173f3968ea0777460d3de38f256 # v5.3.0 + uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 with: version: ${{ env.GOLANGCI_VERSION }} skip-pkg-cache: true From de5f4b520c5d409592442be07802785dca024586 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 15:15:40 +0200 Subject: [PATCH 059/517] chore(deps): bump golang from `2a88224` to `f1fe698` (#3503) Bumps golang from `2a88224` to `f1fe698`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.standalone | 2 +- tilt.debug.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 8858af87f18..92238724a45 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.22.3-alpine@sha256:2a882244fb51835ebbd8313bffee83775b0c076aaf56b497b43d8a4c72db65e1 AS builder +FROM golang:1.22.3-alpine@sha256:f1fe698725f6ed14eb944dc587591f134632ed47fc0732ec27c7642adbe90618 AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 8a2b459ce28..c4c0f12d25e 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.3@sha256:b1e05e2c918f52c59d39ce7d5844f73b2f4511f7734add8bb98c9ecdd4443365 +FROM golang:1.22.3@sha256:f43c6f049f04cbbaeb28f0aad3eea15274a7d0a7899a617d0037aec48d7ab010 WORKDIR / COPY ./bin/external-secrets /external-secrets From a44f1b81e0163ce1371c1dc45e1c34d0f07a41e5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 21:42:32 +0200 Subject: [PATCH 060/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3509) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.22 to 9.5.23. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.22...9.5.23) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 6edaf63f289..2503659df33 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.0 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.22 +mkdocs-material==9.5.23 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.0 From 41057acaf234a043981cfecce06b74046000a0bf Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Sat, 25 May 2024 21:42:52 +0200 Subject: [PATCH 061/517] chore: update dependencies (#3513) * update dependencies Signed-off-by: External Secrets Operator * fix: bump CRDs Signed-off-by: Moritz Johner --------- Signed-off-by: External Secrets Operator Signed-off-by: Moritz Johner Co-authored-by: External Secrets Operator Co-authored-by: Moritz Johner --- .../external-secrets.io_externalsecrets.yaml | 14 +++- deploy/crds/bundle.yaml | 14 +++- e2e/go.mod | 26 +++---- e2e/go.sum | 48 ++++++------ go.mod | 36 ++++----- go.sum | 75 ++++++++++--------- 6 files changed, 117 insertions(+), 96 deletions(-) diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index 4f2e129e699..3bf37e0f7e9 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -254,10 +254,15 @@ spec: reference to the secret properties: name: + default: "" description: |- Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -783,10 +788,15 @@ spec: reference to the secret properties: name: + default: "" description: |- Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 3b90c0fd428..6b131c730b8 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -5080,10 +5080,15 @@ spec: description: Binding represents a servicebinding.io Provisioned Service reference to the secret properties: name: + default: "" description: |- Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -5586,10 +5591,15 @@ spec: description: Binding represents a servicebinding.io Provisioned Service reference to the secret properties: name: + default: "" description: |- Name of the referent. - More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + This field is effectively required, but due to backwards compatibility is + allowed to be empty. Instances of this type with an empty value here are + almost certainly wrong. TODO: Add other useful fields. apiVersion, kind, uid? + More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names + TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic diff --git a/e2e/go.mod b/e2e/go.mod index eb7505b4836..1cf57a6a737 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -44,7 +44,7 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.53.0 + github.com/aws/aws-sdk-go v1.53.5 github.com/cyberark/conjur-api-go v0.11.4 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 @@ -54,14 +54,14 @@ require ( github.com/hashicorp/vault/api v1.13.0 github.com/onsi/ginkgo/v2 v2.17.3 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.65.1 + github.com/oracle/oci-go-sdk/v65 v65.65.2 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.26 github.com/xanzy/go-gitlab v0.105.0 golang.org/x/oauth2 v0.20.0 - google.golang.org/api v0.180.0 - k8s.io/api v0.30.0 - k8s.io/apiextensions-apiserver v0.30.0 - k8s.io/apimachinery v0.30.0 + google.golang.org/api v0.181.0 + k8s.io/api v0.30.1 + k8s.io/apiextensions-apiserver v0.30.1 + k8s.io/apimachinery v0.30.1 k8s.io/client-go v1.5.2 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 sigs.k8s.io/controller-runtime v0.18.2 @@ -70,7 +70,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.4.1 // indirect + cloud.google.com/go/auth v0.4.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect cloud.google.com/go/iam v1.1.8 // indirect @@ -104,7 +104,7 @@ require ( github.com/fluxcd/pkg/apis/acl v0.1.0 // indirect github.com/fluxcd/pkg/apis/kustomize v1.2.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/go-jose/go-jose/v4 v4.0.1 // indirect + github.com/go-jose/go-jose/v4 v4.0.2 // indirect github.com/go-logr/logr v1.4.1 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect @@ -165,7 +165,7 @@ require ( github.com/prometheus/client_golang v1.19.1 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.53.0 // indirect - github.com/prometheus/procfs v0.14.0 // indirect + github.com/prometheus/procfs v0.15.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/segmentio/asm v1.2.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect @@ -194,10 +194,10 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.21.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240509183442-62759503f434 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240509183442-62759503f434 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240509183442-62759503f434 // indirect - google.golang.org/grpc v1.63.2 // indirect + google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/grpc v1.64.0 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 27fb15482cf..a53f52fadeb 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -18,10 +18,10 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.112.2 h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw= -cloud.google.com/go v0.112.2/go.mod h1:iEqjp//KquGIJV/m+Pk3xecgKNhV+ry+vVTsy4TbDms= -cloud.google.com/go/auth v0.4.1 h1:Z7YNIhlWRtrnKlZke7z3GMqzvuYzdc2z98F9D1NV5Hg= -cloud.google.com/go/auth v0.4.1/go.mod h1:QVBuVEKpCn4Zp58hzRGvL0tjRGU0YqdRTdCHM1IHnro= +cloud.google.com/go v0.113.0 h1:g3C70mn3lWfckKBiCVsAshabrDg01pQ0pnX1MNtnMkA= +cloud.google.com/go v0.113.0/go.mod h1:glEqlogERKYeePz6ZdkcLJ28Q2I6aERgDDErBg9GzO8= +cloud.google.com/go/auth v0.4.2 h1:sb0eyLkhRtpq5jA+a8KWw0W70YcdVca7KJ8TM0AFYDg= +cloud.google.com/go/auth v0.4.2/go.mod h1:Kqvlz1cf1sNA0D+sYJnkPQOP+JMHkuHeIgVmCRtZOLc= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -114,8 +114,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.53.0 h1:MMo1x1ggPPxDfHMXJnQudTbGXYlD4UigUAud1DJxPVo= -github.com/aws/aws-sdk-go v1.53.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.53.5 h1:1OcVWMjGlwt7EU5OWmmEEXqaYfmX581EK317QJZXItM= +github.com/aws/aws-sdk-go v1.53.5/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -158,8 +158,8 @@ github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCv github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= +github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fluxcd/helm-controller/api v0.37.2 h1:tkLezpRdqPDz7HoKHFu92sV+ppOCVDxkjFTh8/lpff8= @@ -179,8 +179,8 @@ github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyT github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= -github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= +github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= +github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -409,8 +409,8 @@ github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.65.1 h1:sv7uD844tJGa2Vc+2KaByoXQ0FllZDGV/2+9MdxN6nA= -github.com/oracle/oci-go-sdk/v65 v65.65.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.65.2 h1:6cYJuFWmDg5PyA1qWiU4TckGPAukv8X1kIbKoNdYsj8= +github.com/oracle/oci-go-sdk/v65 v65.65.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -425,8 +425,8 @@ github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE= github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= -github.com/prometheus/procfs v0.14.0 h1:Lw4VdGGoKEZilJsayHf0B+9YgLGREba2C6xr+Fdfq6s= -github.com/prometheus/procfs v0.14.0/go.mod h1:XL+Iwz8k8ZabyZfMFHPiilCniixqQarAy5Mu67pHlNQ= +github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= +github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= @@ -808,8 +808,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.180.0 h1:M2D87Yo0rGBPWpo1orwfCLehUUL6E7/TYe5gvMQWDh4= -google.golang.org/api v0.180.0/go.mod h1:51AiyoEg1MJPSZ9zvklA8VnRILPXxn1iVen9v25XHAE= +google.golang.org/api v0.181.0 h1:rPdjwnWgiPPOJx3IcSAQ2III5aX5tCer6wMpa/xmZi4= +google.golang.org/api v0.181.0/go.mod h1:MnQ+M0CFsfUwA5beZ+g/vCBCPXvtmZwRz2qzZk8ih1k= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -857,12 +857,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240509183442-62759503f434 h1:+PQKEGakpJad0y8bF9UJlgg4dO2U5H+cydccJNjzkww= -google.golang.org/genproto v0.0.0-20240509183442-62759503f434/go.mod h1:i4np6Wrjp8EujFAUn0CM0SH+iZhY1EbrfzEIJbFkHFM= -google.golang.org/genproto/googleapis/api v0.0.0-20240509183442-62759503f434 h1:OpXbo8JnN8+jZGPrL4SSfaDjSCjupr8lXyBAbexEm/U= -google.golang.org/genproto/googleapis/api v0.0.0-20240509183442-62759503f434/go.mod h1:FfiGhwUm6CJviekPrc0oJ+7h29e+DmWU6UtjX0ZvI7Y= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240509183442-62759503f434 h1:umK/Ey0QEzurTNlsV3R+MfxHAb78HCEX/IkuR+zH4WQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240509183442-62759503f434/go.mod h1:I7Y+G38R2bu5j1aLzfFmQfTcU/WnFuqDwLZAbvKTKpM= +google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291 h1:CTZGpOdDJr2Jq+LcJ/mpjG8mClGy/uJdBBVYbS9g5lY= +google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:ch5ZrEj5+9MCxUeR3Gp3mCJ4u0eVpusYAmSr/mvpMSk= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 h1:4HZJ3Xv1cmrJ+0aFo304Zn79ur1HMxptAE7aCPNLSqc= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -882,8 +882,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= -google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= +google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= +google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/go.mod b/go.mod index 6dac2d017a4..c63e5adb607 100644 --- a/go.mod +++ b/go.mod @@ -10,14 +10,14 @@ require ( github.com/Azure/go-autorest/autorest/adal v0.9.23 github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 - github.com/IBM/go-sdk-core/v5 v5.17.2 + github.com/IBM/go-sdk-core/v5 v5.17.3 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/sprig/v3 v3.2.3 github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.53.0 + github.com/aws/aws-sdk-go v1.53.5 github.com/go-logr/logr v1.4.1 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 @@ -30,7 +30,7 @@ require ( github.com/huandu/xstrings v1.4.0 // indirect github.com/onsi/ginkgo/v2 v2.17.3 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.65.1 + github.com/oracle/oci-go-sdk/v65 v65.65.2 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.0 @@ -43,15 +43,15 @@ require ( go.uber.org/zap v1.27.0 golang.org/x/crypto v0.23.0 golang.org/x/oauth2 v0.20.0 - google.golang.org/api v0.180.0 - google.golang.org/genproto v0.0.0-20240509183442-62759503f434 - google.golang.org/grpc v1.63.2 + google.golang.org/api v0.181.0 + google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291 + google.golang.org/grpc v1.64.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 - k8s.io/api v0.30.0 - k8s.io/apiextensions-apiserver v0.30.0 - k8s.io/apimachinery v0.30.0 - k8s.io/client-go v0.30.0 + k8s.io/api v0.30.1 + k8s.io/apiextensions-apiserver v0.30.1 + k8s.io/apimachinery v0.30.1 + k8s.io/client-go v0.30.1 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 sigs.k8s.io/controller-runtime v0.18.2 sigs.k8s.io/controller-tools v0.15.0 @@ -65,7 +65,7 @@ require ( github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d github.com/akeylesslabs/akeyless-go/v3 v3.6.3 - github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.6 + github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7 github.com/alibabacloud-go/kms-20160120/v3 v3.2.0 github.com/alibabacloud-go/openapi-util v0.1.0 github.com/alibabacloud-go/tea v1.2.2 @@ -93,7 +93,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.4.1 // indirect + cloud.google.com/go/auth v0.4.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect dario.cat/mergo v1.0.0 // indirect @@ -130,7 +130,7 @@ require ( github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.5.0 // indirect github.com/go-git/go-git/v5 v5.12.0 // indirect - github.com/go-jose/go-jose/v4 v4.0.1 // indirect + github.com/go-jose/go-jose/v4 v4.0.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-playground/validator/v10 v10.20.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect @@ -158,7 +158,7 @@ require ( github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.116.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.116.1 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect @@ -179,8 +179,8 @@ require ( go.opentelemetry.io/otel/metric v1.26.0 // indirect go.opentelemetry.io/otel/trace v1.26.0 // indirect golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240509183442-62759503f434 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240509183442-62759503f434 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect lukechampine.com/frand v1.4.2 // indirect @@ -208,7 +208,7 @@ require ( github.com/emicklei/go-restful/v3 v3.12.0 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect - github.com/fatih/color v1.16.0 // indirect + github.com/fatih/color v1.17.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-chef/chef v0.29.0 @@ -266,7 +266,7 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect github.com/prometheus/common v0.53.0 // indirect - github.com/prometheus/procfs v0.14.0 // indirect + github.com/prometheus/procfs v0.15.0 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect diff --git a/go.sum b/go.sum index 1b93ac674f6..3a653018c40 100644 --- a/go.sum +++ b/go.sum @@ -18,10 +18,10 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.112.2 h1:ZaGT6LiG7dBzi6zNOvVZwacaXlmf3lRqnC4DQzqyRQw= -cloud.google.com/go v0.112.2/go.mod h1:iEqjp//KquGIJV/m+Pk3xecgKNhV+ry+vVTsy4TbDms= -cloud.google.com/go/auth v0.4.1 h1:Z7YNIhlWRtrnKlZke7z3GMqzvuYzdc2z98F9D1NV5Hg= -cloud.google.com/go/auth v0.4.1/go.mod h1:QVBuVEKpCn4Zp58hzRGvL0tjRGU0YqdRTdCHM1IHnro= +cloud.google.com/go v0.113.0 h1:g3C70mn3lWfckKBiCVsAshabrDg01pQ0pnX1MNtnMkA= +cloud.google.com/go v0.113.0/go.mod h1:glEqlogERKYeePz6ZdkcLJ28Q2I6aERgDDErBg9GzO8= +cloud.google.com/go/auth v0.4.2 h1:sb0eyLkhRtpq5jA+a8KWw0W70YcdVca7KJ8TM0AFYDg= +cloud.google.com/go/auth v0.4.2/go.mod h1:Kqvlz1cf1sNA0D+sYJnkPQOP+JMHkuHeIgVmCRtZOLc= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -102,8 +102,8 @@ github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59Bp github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2/go.mod h1:tNlpIXJlIwQlRbobXDPme4qv/Rc8+a1GbuUhE3m4JhQ= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= -github.com/IBM/go-sdk-core/v5 v5.17.2 h1:MyFCUPYqcNUQIx9d9srq9znMEZcvu6X3DOGIPjegP8o= -github.com/IBM/go-sdk-core/v5 v5.17.2/go.mod h1:GatGZpxlo1KaxiRN6E10/rNgWtUtx1hN/GoHSCaSPKA= +github.com/IBM/go-sdk-core/v5 v5.17.3 h1:CZSVCKzhQc/hRQZOtuEmi9dlNtWMnxJvOsPtQKP7cZ4= +github.com/IBM/go-sdk-core/v5 v5.17.3/go.mod h1:GatGZpxlo1KaxiRN6E10/rNgWtUtx1hN/GoHSCaSPKA= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 h1:xa9e+POVqaXxXHXkSMCOVAbKdUNEu86jQmo5hcpd+L4= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4/go.mod h1:5gq8D8uWOIbqOm1uztay6lpOysgJaxxEsaVZLWGWb40= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -146,8 +146,9 @@ github.com/alessio/shellescape v1.4.2 h1:MHPfaU+ddJ0/bYWpgIeUnQUqKrlJ1S7BfEYPM4u github.com/alessio/shellescape v1.4.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 h1:iC9YFYKDGEy3n/FtqJnOkZsene9olVspKmkX5A2YBEo= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= -github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.6 h1:y1K+zKhpWcxso8zqI03CcYuwgyZPFwQdwAQOXAeuOVM= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.6/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7 h1:20vl9plHhHuy9A72oAZSAB4ooov+yY9xfu+cCNcrLh8= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68/go.mod h1:6pb/Qy8c+lqua8cFpEy7g39NRRqOWc3rOwAy8m5Y2BY= github.com/alibabacloud-go/debug v1.0.0 h1:3eIEQWfay1fB24PQIEzXAswlVJtdQok8f3EVN5VrBnA= github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc= @@ -194,8 +195,8 @@ github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZve github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.49.22/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go v1.53.0 h1:MMo1x1ggPPxDfHMXJnQudTbGXYlD4UigUAud1DJxPVo= -github.com/aws/aws-sdk-go v1.53.0/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.53.5 h1:1OcVWMjGlwt7EU5OWmmEEXqaYfmX581EK317QJZXItM= +github.com/aws/aws-sdk-go v1.53.5/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -283,8 +284,8 @@ github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= -github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE= +github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= +github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fortanix/sdkms-client-go v0.4.0 h1:5cKiFJ4rzc69mhsVVI5Ma5ynr/k5vhvws0yfzfIro/k= @@ -313,8 +314,8 @@ github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= -github.com/go-jose/go-jose/v4 v4.0.1 h1:QVEPDE3OluqXBQZDcnNvQrInro2h0e4eqNbnZSWqS6U= -github.com/go-jose/go-jose/v4 v4.0.1/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= +github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= +github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -658,8 +659,8 @@ github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS6 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.65.1 h1:sv7uD844tJGa2Vc+2KaByoXQ0FllZDGV/2+9MdxN6nA= -github.com/oracle/oci-go-sdk/v65 v65.65.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.65.2 h1:6cYJuFWmDg5PyA1qWiU4TckGPAukv8X1kIbKoNdYsj8= +github.com/oracle/oci-go-sdk/v65 v65.65.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= @@ -682,14 +683,14 @@ github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE= github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= -github.com/prometheus/procfs v0.14.0 h1:Lw4VdGGoKEZilJsayHf0B+9YgLGREba2C6xr+Fdfq6s= -github.com/prometheus/procfs v0.14.0/go.mod h1:XL+Iwz8k8ZabyZfMFHPiilCniixqQarAy5Mu67pHlNQ= +github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= +github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0= github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.8.3 h1:myeDL6dD/mz34zZjCL8s7d/tWHBJYxfMxDCL11MHoqc= github.com/pulumi/esc v0.8.3/go.mod h1:v5VAPxYDa9DRwvubbzKt4ZYf5y0esWC2ccSp/AT923I= -github.com/pulumi/pulumi/sdk/v3 v3.116.0 h1:YleRAax7QHJjxYNODqgiRLvl8WmQVvp2AHgofKYUDGI= -github.com/pulumi/pulumi/sdk/v3 v3.116.0/go.mod h1:d6LZJHqEfpgXUd8rFSSsbaPJcocZObXeaUr87jbA5MY= +github.com/pulumi/pulumi/sdk/v3 v3.116.1 h1:P/bIDPQYy1UJogLeV/zY+bG4iTZgEEJLlwyUYEW3NPc= +github.com/pulumi/pulumi/sdk/v3 v3.116.1/go.mod h1:d6LZJHqEfpgXUd8rFSSsbaPJcocZObXeaUr87jbA5MY= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -1176,8 +1177,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.180.0 h1:M2D87Yo0rGBPWpo1orwfCLehUUL6E7/TYe5gvMQWDh4= -google.golang.org/api v0.180.0/go.mod h1:51AiyoEg1MJPSZ9zvklA8VnRILPXxn1iVen9v25XHAE= +google.golang.org/api v0.181.0 h1:rPdjwnWgiPPOJx3IcSAQ2III5aX5tCer6wMpa/xmZi4= +google.golang.org/api v0.181.0/go.mod h1:MnQ+M0CFsfUwA5beZ+g/vCBCPXvtmZwRz2qzZk8ih1k= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1227,12 +1228,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240509183442-62759503f434 h1:+PQKEGakpJad0y8bF9UJlgg4dO2U5H+cydccJNjzkww= -google.golang.org/genproto v0.0.0-20240509183442-62759503f434/go.mod h1:i4np6Wrjp8EujFAUn0CM0SH+iZhY1EbrfzEIJbFkHFM= -google.golang.org/genproto/googleapis/api v0.0.0-20240509183442-62759503f434 h1:OpXbo8JnN8+jZGPrL4SSfaDjSCjupr8lXyBAbexEm/U= -google.golang.org/genproto/googleapis/api v0.0.0-20240509183442-62759503f434/go.mod h1:FfiGhwUm6CJviekPrc0oJ+7h29e+DmWU6UtjX0ZvI7Y= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240509183442-62759503f434 h1:umK/Ey0QEzurTNlsV3R+MfxHAb78HCEX/IkuR+zH4WQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240509183442-62759503f434/go.mod h1:I7Y+G38R2bu5j1aLzfFmQfTcU/WnFuqDwLZAbvKTKpM= +google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291 h1:CTZGpOdDJr2Jq+LcJ/mpjG8mClGy/uJdBBVYbS9g5lY= +google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:ch5ZrEj5+9MCxUeR3Gp3mCJ4u0eVpusYAmSr/mvpMSk= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 h1:4HZJ3Xv1cmrJ+0aFo304Zn79ur1HMxptAE7aCPNLSqc= +google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1255,8 +1256,8 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= -google.golang.org/grpc v1.63.2 h1:MUeiw1B2maTVZthpU5xvASfTh3LDbxHd6IJ6QQVU+xM= -google.golang.org/grpc v1.63.2/go.mod h1:WAX/8DgncnokcFUldAxq7GeB5DXHDbMF+lLvDomNkRA= +google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= +google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1308,14 +1309,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= +k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= +k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= +k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= +k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= +k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= +k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 h1:wBIDZID8ju9pwOiLlV22YYKjFGtiNSWgHf5CnKLRUuM= k8s.io/gengo v0.0.0-20240404160639-a0386bf69313/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= From bc71d299bd0a93219e66cbfa70b30061e76bc1d9 Mon Sep 17 00:00:00 2001 From: Idan Adar Date: Tue, 28 May 2024 15:28:53 +0300 Subject: [PATCH 062/517] ppc64le additions (#3535) * ppc64le additions Signed-off-by: Idan Adar * Update Makefile Signed-off-by: Idan Adar --------- Signed-off-by: Idan Adar --- .github/workflows/rebuild-image.yml | 12 ++++++------ Makefile | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/rebuild-image.yml b/.github/workflows/rebuild-image.yml index aeffce0902c..3d4e55d57a1 100644 --- a/.github/workflows/rebuild-image.yml +++ b/.github/workflows/rebuild-image.yml @@ -42,18 +42,18 @@ jobs: include: - dockerfile: "Dockerfile" build-args: "CGO_ENABLED=0" - build-arch: "amd64 arm64" - build-platform: "linux/amd64,linux/arm64" + build-arch: "amd64 arm64 ppc64le" + build-platform: "linux/amd64,linux/arm64,linux/ppc64le" tag-suffix: "-${{ needs.checkout.outputs.timestamp }}" # distroless - dockerfile: "Dockerfile.ubi" build-args: "CGO_ENABLED=0" - build-arch: "amd64 arm64" - build-platform: "linux/amd64,linux/arm64" + build-arch: "amd64 arm64 ppc64le" + build-platform: "linux/amd64,linux/arm64,linux/ppc64le" tag-suffix: "-ubi-${{ needs.checkout.outputs.timestamp }}" # ubi - dockerfile: "Dockerfile.ubi" build-args: "CGO_ENABLED=0 GOEXPERIMENT=boringcrypto" # fips - build-arch: "amd64" - build-platform: "linux/amd64" + build-arch: "amd64 ppc64le" + build-platform: "linux/amd64,linux/ppc64le" tag-suffix: "-ubi-boringssl-${{ needs.checkout.outputs.timestamp }}" with: dockerfile: ${{ matrix.dockerfile }} diff --git a/Makefile b/Makefile index 0c60f5bdc3c..646bbb4b536 100644 --- a/Makefile +++ b/Makefile @@ -5,7 +5,7 @@ SHELL := /bin/bash MAKEFLAGS += --warn-undefined-variables .SHELLFLAGS := -euo pipefail -c -ARCH ?= amd64 arm64 +ARCH ?= amd64 arm64 ppc64le BUILD_ARGS ?= CGO_ENABLED=0 DOCKER_BUILD_ARGS ?= DOCKERFILE ?= Dockerfile From c3bf442941ffa91d230f9dafec0bbc2372a57906 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 29 May 2024 16:09:57 +0300 Subject: [PATCH 063/517] chore(deps): bump ubi8/ubi-minimal from `2fa47fa` to `f729a7f` (#3523) --- Dockerfile.ubi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.ubi b/Dockerfile.ubi index db713608e84..cb47cd511ea 100644 --- a/Dockerfile.ubi +++ b/Dockerfile.ubi @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:2fa47fa9df7b98e2776f447855699c01d06c3271b2d7259b8b314084580cf591 +FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:f729a7f5685ea823e87ffd68aff988f2b8ff8d52126ade4e6de7c68088f28ebd ARG TARGETOS ARG TARGETARCH COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets From ef4fa28e0e4ead3907bf1bc3d38fe87afbd825e3 Mon Sep 17 00:00:00 2001 From: Antoine Colombier <7086688+acolombier@users.noreply.github.com> Date: Sun, 2 Jun 2024 14:53:25 +0100 Subject: [PATCH 064/517] doc(BitWarden): extends the liveness timeout (#3542) The liveness command perform a vault re-sync which usually takes a few second to perform. This commit replace the current value which is too low and lead to timeout and pod termination. Signed-off-by: Antoine Colombier <7086688+acolombier@users.noreply.github.com> --- docs/snippets/bitwarden-cli-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/snippets/bitwarden-cli-deployment.yaml b/docs/snippets/bitwarden-cli-deployment.yaml index 17259c6eed6..53c129a237b 100644 --- a/docs/snippets/bitwarden-cli-deployment.yaml +++ b/docs/snippets/bitwarden-cli-deployment.yaml @@ -54,7 +54,7 @@ spec: - --post-data='' initialDelaySeconds: 20 failureThreshold: 3 - timeoutSeconds: 1 + timeoutSeconds: 10 periodSeconds: 120 readinessProbe: tcpSocket: From 5dcfd3b1c431fde4e0b4494ceac949ad797be5d4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 10:32:55 +0200 Subject: [PATCH 065/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3526) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.23 to 9.5.24. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.23...9.5.24) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 2503659df33..c44e9ce69d9 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.0 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.23 +mkdocs-material==9.5.24 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.0 From e7a6f5ffd3c69131f4704af5d44703f8cef8ec8f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 10:33:10 +0200 Subject: [PATCH 066/517] chore(deps): bump zipp from 3.18.2 to 3.19.0 in /hack/api-docs (#3527) Bumps [zipp](https://github.com/jaraco/zipp) from 3.18.2 to 3.19.0. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.18.2...v3.19.0) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index c44e9ce69d9..acb8d3d2e6c 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -39,4 +39,4 @@ tornado==6.4 urllib3==2.2.1 verspec==0.1.0 watchdog==4.0.0 -zipp==3.18.2 +zipp==3.19.0 From 52b16fc96074e106f67da4fd611c3c6f284bca17 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 10:33:25 +0200 Subject: [PATCH 067/517] chore(deps): bump requests from 2.31.0 to 2.32.2 in /hack/api-docs (#3528) Bumps [requests](https://github.com/psf/requests) from 2.31.0 to 2.32.2. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.31.0...v2.32.2) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index acb8d3d2e6c..f1282427e7c 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -32,7 +32,7 @@ python-dateutil==2.9.0.post0 PyYAML==6.0.1 pyyaml_env_tag==0.1 regex==2024.5.15 -requests==2.31.0 +requests==2.32.2 six==1.16.0 termcolor==2.4.0 tornado==6.4 From 0ac104ceb05a43a9284e8f7de87f8425eb0c2128 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 10:34:03 +0200 Subject: [PATCH 068/517] chore(deps): bump codecov/codecov-action from 4.4.0 to 4.4.1 (#3530) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.4.0 to 4.4.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/6d798873df2b1b8e5846dba6fb86631229fbcb17...125fc84a9a348dbcf27191600683ec096ec9021c) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 357069e4225..513481127c0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -126,7 +126,7 @@ jobs: make test - name: Publish Unit Test Coverage - uses: codecov/codecov-action@6d798873df2b1b8e5846dba6fb86631229fbcb17 # v4.4.0 + uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: From 630bca806ae4276fe6905a3ba9a50fcc12227293 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 10:34:22 +0200 Subject: [PATCH 069/517] chore(deps): bump aquasecurity/trivy-action from 0.20.0 to 0.21.0 (#3531) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.20.0 to 0.21.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/b2933f565dbc598b29947660e66259e3c7bc8561...fd25fed6972e341ff0007ddb61f77e88103953c2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f92476ea808..834d6c63144 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -126,7 +126,7 @@ jobs: run: make docker.build - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@b2933f565dbc598b29947660e66259e3c7bc8561 # master + uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # master with: image-ref: ${{ inputs.image-name }}:${{ steps.container_info.outputs.image-tag }} format: 'table' From e303b2b76cfe70d80488de2c7e67a1b1fb587306 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 10:34:40 +0200 Subject: [PATCH 070/517] chore(deps): bump github/codeql-action from 3.25.5 to 3.25.6 (#3532) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.5 to 3.25.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b7cec7526559c32f1616476ff32d17ba4c59b2d6...9fdb3e49720b44c48891d036bb502feb25684276) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0913e260345..d64dff460f6 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b7cec7526559c32f1616476ff32d17ba4c59b2d6 # v3.25.5 + uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 with: sarif_file: results.sarif From a3028df3aebcb162d7aa87d3d7fad9a438fd7e0e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 12:01:15 +0300 Subject: [PATCH 071/517] chore(deps): bump ubi8/ubi-minimal from `f729a7f` to `9e458f4` (#3543) Bumps ubi8/ubi-minimal from `f729a7f` to `9e458f4`. --- updated-dependencies: - dependency-name: ubi8/ubi-minimal dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.ubi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.ubi b/Dockerfile.ubi index cb47cd511ea..b619aa35f99 100644 --- a/Dockerfile.ubi +++ b/Dockerfile.ubi @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:f729a7f5685ea823e87ffd68aff988f2b8ff8d52126ade4e6de7c68088f28ebd +FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:9e458f41ff8868ceae00608a6fff35b45fd8bbe967bf8655e5ab08da5964f4d0 ARG TARGETOS ARG TARGETARCH COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets From 60ba6b7850a4573e7dffe13637b906d53a537d95 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 21:27:25 +0200 Subject: [PATCH 072/517] chore(deps): bump golang from `f1fe698` to `b8ded51` (#3522) Bumps golang from `f1fe698` to `b8ded51`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.standalone | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 92238724a45..516eb07c6fd 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.22.3-alpine@sha256:f1fe698725f6ed14eb944dc587591f134632ed47fc0732ec27c7642adbe90618 AS builder +FROM golang:1.22.3-alpine@sha256:b8ded51bad03238f67994d0a6b88680609b392db04312f60c23358cc878d4902 AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} From 04d3608063510061fd00bd84fdbc48fafa358351 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 21:28:44 +0200 Subject: [PATCH 073/517] chore(deps): bump alpine from 3.19.1 to 3.20.0 in /e2e (#3525) Bumps alpine from 3.19.1 to 3.20.0. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index daff4c37fef..5b64af8be82 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -16,7 +16,7 @@ COPY . . WORKDIR /usr/src/app/e2e RUN make e2e-bin -FROM alpine:3.19.1@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b +FROM alpine:3.20.0@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd RUN apk add -U --no-cache \ ca-certificates \ bash \ From 9c4f816fdd9faafdde5c4ae0b10812cbef357630 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 21:29:04 +0200 Subject: [PATCH 074/517] chore(deps): bump watchdog from 4.0.0 to 4.0.1 in /hack/api-docs (#3529) Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/gorakhargosh/watchdog/releases) - [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst) - [Commits](https://github.com/gorakhargosh/watchdog/compare/v4.0.0...v4.0.1) --- updated-dependencies: - dependency-name: watchdog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index f1282427e7c..1ffae3d9db4 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -38,5 +38,5 @@ termcolor==2.4.0 tornado==6.4 urllib3==2.2.1 verspec==0.1.0 -watchdog==4.0.0 +watchdog==4.0.1 zipp==3.19.0 From 35f2ca4b20224c0c45fd40cc8845df84fbd92dbd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 21:29:34 +0200 Subject: [PATCH 075/517] chore(deps): bump alpine from 3.19 to 3.20 in /hack/api-docs (#3533) Bumps alpine from 3.19 to 3.20. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/Dockerfile b/hack/api-docs/Dockerfile index 16fea10a780..91678249e30 100644 --- a/hack/api-docs/Dockerfile +++ b/hack/api-docs/Dockerfile @@ -11,7 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.19@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b +FROM alpine:3.20@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd RUN apk add -U --no-cache \ python3 \ python3-dev \ From 69449ef8e0a7d44f8d7c76a91ce0dfae333a6f40 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 21:31:52 +0200 Subject: [PATCH 076/517] update dependencies (#3534) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator --- e2e/go.mod | 40 ++++++------ e2e/go.sum | 80 ++++++++++++------------ go.mod | 70 +++++++++++---------- go.sum | 177 ++++++++++++++++++++++------------------------------- 4 files changed, 171 insertions(+), 196 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 1cf57a6a737..aa1a64cbec1 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -36,7 +36,7 @@ replace ( ) require ( - cloud.google.com/go/secretmanager v1.13.0 + cloud.google.com/go/secretmanager v1.13.1 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 @@ -44,17 +44,17 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.53.5 - github.com/cyberark/conjur-api-go v0.11.4 + github.com/aws/aws-sdk-go v1.53.10 + github.com/cyberark/conjur-api-go v0.12.0 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 github.com/fluxcd/pkg/apis/meta v1.2.0 github.com/fluxcd/source-controller/api v1.2.3 github.com/golang-jwt/jwt/v4 v4.5.0 - github.com/hashicorp/vault/api v1.13.0 - github.com/onsi/ginkgo/v2 v2.17.3 + github.com/hashicorp/vault/api v1.14.0 + github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.65.2 + github.com/oracle/oci-go-sdk/v65 v65.65.3 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.26 github.com/xanzy/go-gitlab v0.105.0 golang.org/x/oauth2 v0.20.0 @@ -64,7 +64,7 @@ require ( k8s.io/apimachinery v0.30.1 k8s.io/client-go v1.5.2 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 - sigs.k8s.io/controller-runtime v0.18.2 + sigs.k8s.io/controller-runtime v0.18.3 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) @@ -105,13 +105,13 @@ require ( github.com/fluxcd/pkg/apis/kustomize v1.2.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/go-jose/go-jose/v4 v4.0.2 // indirect - github.com/go-logr/logr v1.4.1 // indirect + github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/swag v0.23.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect - github.com/goccy/go-json v0.10.2 // indirect + github.com/goccy/go-json v0.10.3 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.8.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -122,7 +122,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240509144519-723abb6459b7 // indirect + github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect @@ -179,13 +179,13 @@ require ( github.com/tidwall/sjson v1.2.5 // indirect github.com/zalando/go-keyring v0.2.4 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect - go.opentelemetry.io/otel v1.26.0 // indirect - go.opentelemetry.io/otel/metric v1.26.0 // indirect - go.opentelemetry.io/otel/trace v1.26.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect + go.opentelemetry.io/otel v1.27.0 // indirect + go.opentelemetry.io/otel/metric v1.27.0 // indirect + go.opentelemetry.io/otel/trace v1.27.0 // indirect golang.org/x/crypto v0.23.0 // indirect - golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 // indirect + golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d // indirect golang.org/x/net v0.25.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.20.0 // indirect @@ -194,9 +194,9 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.21.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/genproto v0.0.0-20240521202816-d264139d666e // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect google.golang.org/grpc v1.64.0 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -205,7 +205,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect + k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index a53f52fadeb..adc75102abf 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -41,8 +41,8 @@ cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2k cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.0 h1:nQ/Ca2Gzm/OEP8tr1hiFdHRi5wAnAmsm9qTjwkivyrQ= -cloud.google.com/go/secretmanager v1.13.0/go.mod h1:yWdfNmM2sLIiyv6RM6VqWKeBV7CdS0SO3ybxJJRhBEs= +cloud.google.com/go/secretmanager v1.13.1 h1:TTGo2Vz7ZxYn2QbmuFP7Zo4lDm5VsbzBjDReo3SA5h4= +cloud.google.com/go/secretmanager v1.13.1/go.mod h1:y9Ioh7EHp1aqEKGYXk3BOC+vkhlHm9ujL7bURT4oI/4= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -114,8 +114,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.53.5 h1:1OcVWMjGlwt7EU5OWmmEEXqaYfmX581EK317QJZXItM= -github.com/aws/aws-sdk-go v1.53.5/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.53.10 h1:3enP5l5WtezT9Ql+XZqs56JBf5YUd/FEzTCg///OIGY= +github.com/aws/aws-sdk-go v1.53.10/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -132,8 +132,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cyberark/conjur-api-go v0.11.4 h1:s2bbeJhb+Szosqjr4DX3BaQiZEsKKAFhn35TRqZeLIY= -github.com/cyberark/conjur-api-go v0.11.4/go.mod h1:WjXCREpdXyU69k5ZwYQMA3k+VkPwMznr22fKSMD5OUE= +github.com/cyberark/conjur-api-go v0.12.0 h1:84h/IcphuuyWW1R4VX/Syuyw4lfR89sKvxloexJYmn8= +github.com/cyberark/conjur-api-go v0.12.0/go.mod h1:WjXCREpdXyU69k5ZwYQMA3k+VkPwMznr22fKSMD5OUE= github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -182,8 +182,8 @@ github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2 github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= @@ -198,8 +198,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= -github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= +github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= @@ -285,8 +285,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240509144519-723abb6459b7 h1:velgFPYr1X9TDwLIfkV7fWqsFlf7TeP11M/7kPd/dVI= -github.com/google/pprof v0.0.0-20240509144519-723abb6459b7/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -328,8 +328,8 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= -github.com/hashicorp/vault/api v1.13.0 h1:RTCGpE2Rgkn9jyPcFlc7YmNocomda44k5ck8FKMH41Y= -github.com/hashicorp/vault/api v1.13.0/go.mod h1:0cb/uZUv1w2cVu9DIvuW1SMlXXC6qtATJt+LXJRx+kg= +github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU= +github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= @@ -403,14 +403,14 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.17.3 h1:oJcvKpIb7/8uLpDDtnQuf18xVnwKp8DTD7DQ6gTd/MU= -github.com/onsi/ginkgo/v2 v2.17.3/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.65.2 h1:6cYJuFWmDg5PyA1qWiU4TckGPAukv8X1kIbKoNdYsj8= -github.com/oracle/oci-go-sdk/v65 v65.65.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.65.3 h1:Vx2MbWaXlqYW821SJoZgZM7FTzaVWW9S5QHiamD5+ng= +github.com/oracle/oci-go-sdk/v65 v65.65.3/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -498,18 +498,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 h1:A3SayB3rNyt+1S6qpI9mHPkeHTZbD7XILEqWnYZb2l0= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0/go.mod h1:27iA5uvhuRNmalO+iEUdVn5ZMj2qy10Mm+XRIpRmyuU= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 h1:Xs2Ncz0gNihqu9iosIZ5SkBbWo5T8JhhLJFMQL1qmLI= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0/go.mod h1:vy+2G/6NvVMpwGX/NyLqcC41fxepnuKHk16E6IZUcJc= -go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= -go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= -go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= -go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 h1:9l89oX4ba9kHbBol3Xin3leYJ+252h0zszDtBwyKe2A= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0/go.mod h1:XLZfZboOJWHNKUv7eH0inh0E9VV6eWDFB/9yJyTLPp0= +go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= +go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= +go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= +go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= -go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= -go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= +go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= +go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= @@ -544,8 +544,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= -golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= +golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d h1:N0hmiNbwsSNwHBAvR3QB5w25pUwH4tK0Y/RltD1j1h4= +golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -857,12 +857,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291 h1:CTZGpOdDJr2Jq+LcJ/mpjG8mClGy/uJdBBVYbS9g5lY= -google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:ch5ZrEj5+9MCxUeR3Gp3mCJ4u0eVpusYAmSr/mvpMSk= -google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 h1:4HZJ3Xv1cmrJ+0aFo304Zn79ur1HMxptAE7aCPNLSqc= -google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto v0.0.0-20240521202816-d264139d666e h1:axIBUGXSVho2zB+3tJj8l9Qvm/El5vVYPYqhGA5PmJM= +google.golang.org/genproto v0.0.0-20240521202816-d264139d666e/go.mod h1:gOvX/2dWTqh+u3+IHjFeCxinlz5AZ5qhOufbQPub/dE= +google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e h1:SkdGTrROJl2jRGT/Fxv5QUf9jtdKCQh4KQJXbXVLAi0= +google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e/go.mod h1:LweJcLbyVij6rCex8YunD8DYR5VDonap/jYl3ZRxcIU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e h1:Elxv5MwEkCI9f5SkoL6afed6NTdxaGoAo39eANBwHL8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -938,15 +938,15 @@ k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= -k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= +k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA= +k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= -sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/controller-runtime v0.18.3 h1:B5Wmmo8WMWK7izei+2LlXLVDGzMwAHBNLX68lwtlSR4= +sigs.k8s.io/controller-runtime v0.18.3/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/go.mod b/go.mod index c63e5adb607..ed8f3ba6ad7 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.22.3 require ( cloud.google.com/go/iam v1.1.8 - cloud.google.com/go/secretmanager v1.13.0 + cloud.google.com/go/secretmanager v1.13.1 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.23 @@ -17,34 +17,34 @@ require ( github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.53.5 - github.com/go-logr/logr v1.4.1 + github.com/aws/aws-sdk-go v1.53.10 + github.com/go-logr/logr v1.4.2 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 github.com/google/uuid v1.6.0 github.com/googleapis/gax-go/v2 v2.12.4 - github.com/hashicorp/vault/api v1.13.0 - github.com/hashicorp/vault/api/auth/approle v0.6.0 - github.com/hashicorp/vault/api/auth/kubernetes v0.6.0 - github.com/hashicorp/vault/api/auth/ldap v0.6.0 + github.com/hashicorp/vault/api v1.14.0 + github.com/hashicorp/vault/api/auth/approle v0.7.0 + github.com/hashicorp/vault/api/auth/kubernetes v0.7.0 + github.com/hashicorp/vault/api/auth/ldap v0.7.0 github.com/huandu/xstrings v1.4.0 // indirect - github.com/onsi/ginkgo/v2 v2.17.3 + github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.65.2 + github.com/oracle/oci-go-sdk/v65 v65.65.3 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.0 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.1 github.com/xanzy/go-gitlab v0.105.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240513082302-2e0a3cd8443b - github.com/yandex-cloud/go-sdk v0.0.0-20240513082658-e33b8a503812 + github.com/yandex-cloud/go-genproto v0.0.0-20240523095218-17e5bb42de1b + github.com/yandex-cloud/go-sdk v0.0.0-20240523095614-158879fff1c9 github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.23.0 golang.org/x/oauth2 v0.20.0 google.golang.org/api v0.181.0 - google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291 + google.golang.org/genproto v0.0.0-20240521202816-d264139d666e google.golang.org/grpc v1.64.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -53,7 +53,7 @@ require ( k8s.io/apimachinery v0.30.1 k8s.io/client-go v0.30.1 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 - sigs.k8s.io/controller-runtime v0.18.2 + sigs.k8s.io/controller-runtime v0.18.3 sigs.k8s.io/controller-tools v0.15.0 ) @@ -70,15 +70,15 @@ require ( github.com/alibabacloud-go/openapi-util v0.1.0 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.5 - github.com/aliyun/credentials-go v1.3.3 + github.com/aliyun/credentials-go v1.3.4 github.com/avast/retry-go/v4 v4.6.0 - github.com/cyberark/conjur-api-go v0.11.4 + github.com/cyberark/conjur-api-go v0.12.0 github.com/fortanix/sdkms-client-go v0.4.0 github.com/go-openapi/strfmt v0.23.0 github.com/golang-jwt/jwt/v5 v5.2.1 github.com/hashicorp/golang-lru v1.0.2 - github.com/hashicorp/vault/api/auth/aws v0.6.0 - github.com/hashicorp/vault/api/auth/userpass v0.6.0 + github.com/hashicorp/vault/api/auth/aws v0.7.0 + github.com/hashicorp/vault/api/auth/userpass v0.7.0 github.com/keeper-security/secrets-manager-go/core v1.6.3 github.com/lestrrat-go/jwx/v2 v2.0.21 github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 @@ -115,8 +115,12 @@ require ( github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/charmbracelet/bubbles v0.18.0 // indirect - github.com/charmbracelet/bubbletea v0.26.2 // indirect - github.com/charmbracelet/lipgloss v0.10.0 // indirect + github.com/charmbracelet/bubbletea v0.26.3 // indirect + github.com/charmbracelet/lipgloss v0.11.0 // indirect + github.com/charmbracelet/x/ansi v0.1.1 // indirect + github.com/charmbracelet/x/input v0.1.1 // indirect + github.com/charmbracelet/x/term v0.1.1 // indirect + github.com/charmbracelet/x/windows v0.1.2 // indirect github.com/cheggaaa/pb v1.0.29 // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect github.com/cloudflare/circl v1.3.8 // indirect @@ -126,7 +130,7 @@ require ( github.com/emirpasic/gods v1.18.1 // indirect github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/gabriel-vasile/mimetype v1.4.3 // indirect + github.com/gabriel-vasile/mimetype v1.4.4 // indirect github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.5.0 // indirect github.com/go-git/go-git/v5 v5.12.0 // indirect @@ -152,13 +156,12 @@ require ( github.com/mitchellh/go-wordwrap v1.0.1 // indirect github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect github.com/muesli/cancelreader v0.2.2 // indirect - github.com/muesli/reflow v0.3.0 // indirect github.com/muesli/termenv v0.15.2 // indirect github.com/opentracing/basictracer-go v1.1.0 // indirect github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.116.1 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.117.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect @@ -171,18 +174,19 @@ require ( github.com/tjfoc/gmsm v1.4.1 // indirect github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect + github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect github.com/zalando/go-keyring v0.2.4 // indirect github.com/zclconf/go-cty v1.14.4 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 // indirect - go.opentelemetry.io/otel v1.26.0 // indirect - go.opentelemetry.io/otel/metric v1.26.0 // indirect - go.opentelemetry.io/otel/trace v1.26.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect + go.opentelemetry.io/otel v1.27.0 // indirect + go.opentelemetry.io/otel/metric v1.27.0 // indirect + go.opentelemetry.io/otel/trace v1.27.0 // indirect golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect gopkg.in/warnings.v0 v0.1.2 // indirect - k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f // indirect + k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect lukechampine.com/frand v1.4.2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) @@ -220,14 +224,14 @@ require ( github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect github.com/gobuffalo/flect v1.0.2 // indirect - github.com/goccy/go-json v0.10.2 // indirect + github.com/goccy/go-json v0.10.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240509144519-723abb6459b7 // indirect + github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -280,7 +284,7 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 + golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d golang.org/x/mod v0.17.0 // indirect golang.org/x/net v0.25.0 // indirect golang.org/x/sys v0.20.0 // indirect diff --git a/go.sum b/go.sum index 3a653018c40..32270c1b1e8 100644 --- a/go.sum +++ b/go.sum @@ -41,8 +41,8 @@ cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2k cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.0 h1:nQ/Ca2Gzm/OEP8tr1hiFdHRi5wAnAmsm9qTjwkivyrQ= -cloud.google.com/go/secretmanager v1.13.0/go.mod h1:yWdfNmM2sLIiyv6RM6VqWKeBV7CdS0SO3ybxJJRhBEs= +cloud.google.com/go/secretmanager v1.13.1 h1:TTGo2Vz7ZxYn2QbmuFP7Zo4lDm5VsbzBjDReo3SA5h4= +cloud.google.com/go/secretmanager v1.13.1/go.mod h1:y9Ioh7EHp1aqEKGYXk3BOC+vkhlHm9ujL7bURT4oI/4= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -175,14 +175,13 @@ github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzY github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8= github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= -github.com/aliyun/credentials-go v1.3.3 h1:pFUKbHxHprjaMkEkYquCmUdU9t3bSGBeA4TFyUtLozc= -github.com/aliyun/credentials-go v1.3.3/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= +github.com/aliyun/credentials-go v1.3.4 h1:X5nse+8s7ft00ANpoG3+bFJIqZVpjHbOg7G9gWQshVY= +github.com/aliyun/credentials-go v1.3.4/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= @@ -191,24 +190,20 @@ github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinRJA= github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= -github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.49.22/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= -github.com/aws/aws-sdk-go v1.53.5 h1:1OcVWMjGlwt7EU5OWmmEEXqaYfmX581EK317QJZXItM= -github.com/aws/aws-sdk-go v1.53.5/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.53.10 h1:3enP5l5WtezT9Ql+XZqs56JBf5YUd/FEzTCg///OIGY= +github.com/aws/aws-sdk-go v1.53.10/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= -github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs= github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M= -github.com/cenkalti/backoff/v3 v3.0.0/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -218,10 +213,18 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/charmbracelet/bubbles v0.18.0 h1:PYv1A036luoBGroX6VWjQIE9Syf2Wby2oOl/39KLfy0= github.com/charmbracelet/bubbles v0.18.0/go.mod h1:08qhZhtIwzgrtBjAcJnij1t1H0ZRjwHyGsy6AL11PSw= -github.com/charmbracelet/bubbletea v0.26.2 h1:Eeb+n75Om9gQ+I6YpbCXQRKHt5Pn4vMwusQpwLiEgJQ= -github.com/charmbracelet/bubbletea v0.26.2/go.mod h1:6I0nZ3YHUrQj7YHIHlM8RySX4ZIthTliMY+W8X8b+Gs= -github.com/charmbracelet/lipgloss v0.10.0 h1:KWeXFSexGcfahHX+54URiZGkBFazf70JNMtwg/AFW3s= -github.com/charmbracelet/lipgloss v0.10.0/go.mod h1:Wig9DSfvANsxqkRsqj6x87irdy123SR4dOXlKa91ciE= +github.com/charmbracelet/bubbletea v0.26.3 h1:iXyGvI+FfOWqkB2V07m1DF3xxQijxjY2j8PqiXYqasg= +github.com/charmbracelet/bubbletea v0.26.3/go.mod h1:bpZHfDHTYJC5g+FBK+ptJRCQotRC+Dhh3AoMxa/2+3Q= +github.com/charmbracelet/lipgloss v0.11.0 h1:UoAcbQ6Qml8hDwSWs0Y1cB5TEQuZkDPH/ZqwWWYTG4g= +github.com/charmbracelet/lipgloss v0.11.0/go.mod h1:1UdRTH9gYgpcdNN5oBtjbu/IzNKtzVtb7sqN1t9LNn8= +github.com/charmbracelet/x/ansi v0.1.1 h1:CGAduulr6egay/YVbGc8Hsu8deMg1xZ/bkaXTPi1JDk= +github.com/charmbracelet/x/ansi v0.1.1/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= +github.com/charmbracelet/x/input v0.1.1 h1:YDOJaTUKCqtGnq9PHzx3pkkl4pXDOANUHmhH3DqMtM4= +github.com/charmbracelet/x/input v0.1.1/go.mod h1:jvdTVUnNWj/RD6hjC4FsoB0SeZCJ2ZBkiuFP9zXvZI0= +github.com/charmbracelet/x/term v0.1.1 h1:3cosVAiPOig+EV4X9U+3LDgtwwAoEzJjNdwbXDjF6yI= +github.com/charmbracelet/x/term v0.1.1/go.mod h1:wB1fHt5ECsu3mXYusyzcngVWWlu1KKUmmLhfgr/Flxw= +github.com/charmbracelet/x/windows v0.1.2 h1:Iumiwq2G+BRmgoayww/qfcvof7W/3uLoelhxojXlRWg= +github.com/charmbracelet/x/windows v0.1.2/go.mod h1:GLEO/l+lizvFDBPLIOk+49gdX49L9YWMB5t+DZd0jkQ= github.com/cheggaaa/pb v1.0.29 h1:FckUN5ngEk2LpvuG0fw1GEFx6LtyY2pWI/Z2QgCnEYo= github.com/cheggaaa/pb v1.0.29/go.mod h1:W40334L7FMC5JKWldsTWbdGjLo0RxUKK73K+TuPxX30= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -243,8 +246,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= github.com/ctdk/goiardi v0.11.10/go.mod h1:Pr6Cj6Wsahw45myttaOEZeZ0LE7p1qzWmzgsBISkrNI= -github.com/cyberark/conjur-api-go v0.11.4 h1:s2bbeJhb+Szosqjr4DX3BaQiZEsKKAFhn35TRqZeLIY= -github.com/cyberark/conjur-api-go v0.11.4/go.mod h1:WjXCREpdXyU69k5ZwYQMA3k+VkPwMznr22fKSMD5OUE= +github.com/cyberark/conjur-api-go v0.12.0 h1:84h/IcphuuyWW1R4VX/Syuyw4lfR89sKvxloexJYmn8= +github.com/cyberark/conjur-api-go v0.12.0/go.mod h1:WjXCREpdXyU69k5ZwYQMA3k+VkPwMznr22fKSMD5OUE= github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= @@ -281,7 +284,6 @@ github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCv github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= -github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= @@ -294,8 +296,8 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/gabriel-vasile/mimetype v1.4.3 h1:in2uUcidCuFcDKtdcBxlR0rJ1+fsokWf+uqxgUFjbI0= -github.com/gabriel-vasile/mimetype v1.4.3/go.mod h1:d8uq/6HKRL6CGdk+aubisF/M5GcPfT7nKyLpA0lbSSk= +github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy+R0LnH8I= +github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE= @@ -313,14 +315,13 @@ github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXY github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v3 v3.0.1/go.mod h1:RNkWWRld676jZEYoV3+XK8L2ZnNSvIsxFMht0mSX+u8= github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ= -github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= +github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= +github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= @@ -346,13 +347,12 @@ github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaC github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= -github.com/go-test/deep v1.0.2/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/gobuffalo/flect v1.0.2 h1:eqjPGSo2WmjgY2XlpGwo2NXgL3RucAKo4k4qQMNA5sA= github.com/gobuffalo/flect v1.0.2/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= -github.com/goccy/go-json v0.10.2 h1:CrxCmQqYDkv1z7lO7Wbh2HN93uovUHgrECaO5ZrCXAU= -github.com/goccy/go-json v0.10.2/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= +github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= +github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= @@ -418,7 +418,6 @@ github.com/google/go-cmp v0.5.2/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/ github.com/google/go-cmp v0.5.3/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.4/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.7/go.mod h1:n+brtR0CgQNWTVd5ZUFpTBC8YFBDLK/h/bpaJ8/DtOE= github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= @@ -443,8 +442,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240509144519-723abb6459b7 h1:velgFPYr1X9TDwLIfkV7fWqsFlf7TeP11M/7kPd/dVI= -github.com/google/pprof v0.0.0-20240509144519-723abb6459b7/go.mod h1:kf6iHlnVGwgKolg33glAes7Yg/8iWP8ukqeldJSO7jw= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= +github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -466,59 +465,48 @@ github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFb github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= -github.com/hashicorp/go-cleanhttp v0.5.1/go.mod h1:JpRdi6/HCYpAwUzNwuwqhbovhLtngrth3wmdIIUrZ80= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-hclog v0.9.2/go.mod h1:5CU+agLiy3J7N7QjHK5d05KxGsuXiQLrjA0H7acj2lQ= -github.com/hashicorp/go-hclog v0.16.2/go.mod h1:whpDNt7SSdeAju8AWKIWsul05p54N/39EeqMAyrmvFQ= github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.6.6/go.mod h1:vAew36LZh98gCBJNLH42IQ1ER/9wtLZZ8meHqQvEYWY= github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= -github.com/hashicorp/go-secure-stdlib/awsutil v0.1.6/go.mod h1:MpCPSPGLDILGb4JMm94/mMi3YysIqsXzGCzkEZjcjXg= github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 h1:I8bynUKMh9I7JdwtW9voJ0xmHvBpxQtLjrMFDYmhOxY= github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0/go.mod h1:oKHSQs4ivIfZ3fbXGQOop1XuDfdSb8RIsWTGaAanSfg= -github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6/go.mod h1:QmrqtbKuxxSWTN3ETMPuB+VtEiBJ/A9XhoYGv8E1uD8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8/go.mod h1:aiJI+PIApBRQG7FZTEBx5GiiX+HbOHilUdNxUZi4eV0= -github.com/hashicorp/go-secure-stdlib/strutil v0.1.1/go.mod h1:gKOamz3EwoIoJq7mlMIRBpVTAUn8qPCrEclOKKWhD3U= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= -github.com/hashicorp/go-sockaddr v1.0.2/go.mod h1:rB4wwRAUzs07qva3c5SdrY/NEtAUjGlgmH/UkBUC97A= github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I= github.com/hashicorp/go-sockaddr v1.0.6/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI= -github.com/hashicorp/go-uuid v1.0.2/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc= github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4= -github.com/hashicorp/vault/api v1.12.0/go.mod h1:si+lJCYO7oGkIoNPAN8j3azBLTn9SjMGS+jFaHd1Cck= -github.com/hashicorp/vault/api v1.13.0 h1:RTCGpE2Rgkn9jyPcFlc7YmNocomda44k5ck8FKMH41Y= -github.com/hashicorp/vault/api v1.13.0/go.mod h1:0cb/uZUv1w2cVu9DIvuW1SMlXXC6qtATJt+LXJRx+kg= -github.com/hashicorp/vault/api/auth/approle v0.6.0 h1:ELfFFQlTM/e97WJKu1HvNFa7lQ3tlTwwzrR1NJE1V7Y= -github.com/hashicorp/vault/api/auth/approle v0.6.0/go.mod h1:CCoIl1xBC3lAWpd1HV+0ovk76Z8b8Mdepyk21h3pGk0= -github.com/hashicorp/vault/api/auth/aws v0.6.0 h1:L4mBSAW44EjgX4OJ3w6aDXQeehuGE9OMY9ldNbKgGXM= -github.com/hashicorp/vault/api/auth/aws v0.6.0/go.mod h1:m4ye0+jgUsLtE+UBszQFgz+0fRiE4qF7MDWgI+mDxbg= -github.com/hashicorp/vault/api/auth/kubernetes v0.6.0 h1:K8sKGhtTAqGKfzaaYvUSIOAqTOIn3Gk1EsCEAMzZHtM= -github.com/hashicorp/vault/api/auth/kubernetes v0.6.0/go.mod h1:Htwcjez5J9PwAHaZ1EYMBlgGq3/in5ajUV4+WCPihPE= -github.com/hashicorp/vault/api/auth/ldap v0.6.0 h1:uvGmLzWQtZ0VZ8TCT2zTfdBNFHiFEG3Z9dQbXp0vZeE= -github.com/hashicorp/vault/api/auth/ldap v0.6.0/go.mod h1:XE11jJa/5/2wyY1kageQrOlE/q2pmviegh4i5sLf7io= -github.com/hashicorp/vault/api/auth/userpass v0.6.0 h1:wpiGIbS7CMdqqqs7GNQMO+AQW6DxecGBDTgxaBW5R9Q= -github.com/hashicorp/vault/api/auth/userpass v0.6.0/go.mod h1:BYLic7wPxTqn35FX0nKU2oCdZYEDJ/UCFQY0zO4AImI= +github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU= +github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk= +github.com/hashicorp/vault/api/auth/approle v0.7.0 h1:R5IRVuFA5JSdG3UdGVcGysi0StrL1lPmyJnrawiV0Ss= +github.com/hashicorp/vault/api/auth/approle v0.7.0/go.mod h1:B+WaC6VR+aSXiUxykpaPUoFiiZAhic53tDLbGjWZmRA= +github.com/hashicorp/vault/api/auth/aws v0.7.0 h1:ArviNMpI3wbqGw2lEz04+NiqWl0p8QPX+HRX+S9uQCQ= +github.com/hashicorp/vault/api/auth/aws v0.7.0/go.mod h1:o89djEokWKGIjf5FkcaA//4RBwvrDDIXqVINMdBNAzw= +github.com/hashicorp/vault/api/auth/kubernetes v0.7.0 h1:pHCbeeyD6E5KmMMCc9vwwZZ5OVlM6yFayxFHWodiOUU= +github.com/hashicorp/vault/api/auth/kubernetes v0.7.0/go.mod h1:Eey0x0X2g+b2LYWgBrQFyf5W0fp+Y1HGrEckP8Q0wns= +github.com/hashicorp/vault/api/auth/ldap v0.7.0 h1:SO11117ziPSxsvY6NzindNgspKWvzzITTTf0o6AQ+6E= +github.com/hashicorp/vault/api/auth/ldap v0.7.0/go.mod h1:pzTe33By6QLpjbofi4I2q9U6T4ZmTSJyk9cdlvRPHJk= +github.com/hashicorp/vault/api/auth/userpass v0.7.0 h1:7Fk0qtF2NYSJyQ6EOO+Kt93dEobI30AqBrrC5wE6e+8= +github.com/hashicorp/vault/api/auth/userpass v0.7.0/go.mod h1:3tZ2KAAui23OKlo5PZ+sBycoJ4wdurY6oZdQWJ0UStg= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= @@ -580,16 +568,12 @@ github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69 github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.0.9/go.mod h1:9vuHe8Xs5qXnSaW/c/ABM9alt+Vo+STaOChaDxuIBZU= github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= -github.com/mattn/go-colorable v0.1.6/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.3/go.mod h1:M+lRXTBqGeGNdLjl/ufCoiOlB5xdOkqRJdNxMWT7Zi4= github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.10/go.mod h1:qgIWMr58cqv1PHHyhnkY9lrL7etaEgOFcMEpPG5Rm84= github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= @@ -599,12 +583,10 @@ github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4= github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88= github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.12/go.mod h1:RAqKPSqVFrSLVXbA8x7dzmKdmGzieGRCM46jaSJTDAk= github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 h1:NicmruxkeqHjDv03SfSxqmaLuisddudfP3h5wdXFbhM= github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1/go.mod h1:eyp4DdUJAKkr9tvxR3jWhw2mDK7CWABMG5r9uyaKC7I= -github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= @@ -615,10 +597,8 @@ github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= -github.com/mitchellh/go-wordwrap v1.0.0/go.mod h1:ZXFpozHsX6DPmq2I0TCekCxypsnAUbP2oI0UX1GXzOo= github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= -github.com/mitchellh/mapstructure v1.4.1/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= @@ -637,8 +617,6 @@ github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo= github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA= github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo= -github.com/muesli/reflow v0.3.0 h1:IFsN6K9NfGtjeggFP+68I4chLZV2yIKsXJFNZ+eWh6s= -github.com/muesli/reflow v0.3.0/go.mod h1:pbwTDkVPibjO2kyvBQRBxTWEEGDGq0FlB1BIKtnHY/8= github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo= github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= @@ -650,8 +628,8 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.17.3 h1:oJcvKpIb7/8uLpDDtnQuf18xVnwKp8DTD7DQ6gTd/MU= -github.com/onsi/ginkgo/v2 v2.17.3/go.mod h1:nP2DPOQoNsQmsVyv5rDA8JkXQoCs6goXIvr/PRJ1eCc= +github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= +github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/basictracer-go v1.1.0 h1:Oa1fTSBvAl8pa3U+IJYqrKm0NALwH9OsgwOqDv4xJW0= @@ -659,8 +637,8 @@ github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS6 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.65.2 h1:6cYJuFWmDg5PyA1qWiU4TckGPAukv8X1kIbKoNdYsj8= -github.com/oracle/oci-go-sdk/v65 v65.65.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.65.3 h1:Vx2MbWaXlqYW821SJoZgZM7FTzaVWW9S5QHiamD5+ng= +github.com/oracle/oci-go-sdk/v65 v65.65.3/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= @@ -675,7 +653,6 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/posener/complete v1.1.1/go.mod h1:em0nMJCgc9GFtwrmVmEMR/ZL6WyhyjMBndrE9hABlRI= github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= @@ -689,11 +666,10 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.8.3 h1:myeDL6dD/mz34zZjCL8s7d/tWHBJYxfMxDCL11MHoqc= github.com/pulumi/esc v0.8.3/go.mod h1:v5VAPxYDa9DRwvubbzKt4ZYf5y0esWC2ccSp/AT923I= -github.com/pulumi/pulumi/sdk/v3 v3.116.1 h1:P/bIDPQYy1UJogLeV/zY+bG4iTZgEEJLlwyUYEW3NPc= -github.com/pulumi/pulumi/sdk/v3 v3.116.1/go.mod h1:d6LZJHqEfpgXUd8rFSSsbaPJcocZObXeaUr87jbA5MY= +github.com/pulumi/pulumi/sdk/v3 v3.117.0 h1:ImIsukZ2ZIYQG94uWdSZl9dJjJTosQSTsOQTauTNX7U= +github.com/pulumi/pulumi/sdk/v3 v3.117.0/go.mod h1:kNea72+FQk82OjZ3yEP4dl6nbAl2ngE8PDBc0iFAaHg= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= -github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= @@ -705,7 +681,6 @@ github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99 github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= -github.com/ryanuber/columnize v2.1.0+incompatible/go.mod h1:sm1tb6uqfes/u+d4ooFouqFdy9/2g9QGwK3SQygK0Ts= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDjyw0ULyrTYWeN0UNCCkmCWfjPnIA2W6oviI= @@ -791,10 +766,12 @@ github.com/xanzy/go-gitlab v0.105.0 h1:3nyLq0ESez0crcaM19o5S//SvezOQguuIHZ3wgX64 github.com/xanzy/go-gitlab v0.105.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/yandex-cloud/go-genproto v0.0.0-20240513082302-2e0a3cd8443b h1:dVGX0V6GkBxfYgq3F4LB+k8QW9U+OdpaEdfd4ztzKeo= -github.com/yandex-cloud/go-genproto v0.0.0-20240513082302-2e0a3cd8443b/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240513082658-e33b8a503812 h1:gLo7wF5FNdnTf5HT70eqgYwU/eqRr3jLVftrw7LKlx0= -github.com/yandex-cloud/go-sdk v0.0.0-20240513082658-e33b8a503812/go.mod h1:1VId8ra1WVRwxujGrJea5CAGa38TG65hjlP9SfFkPN0= +github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= +github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= +github.com/yandex-cloud/go-genproto v0.0.0-20240523095218-17e5bb42de1b h1:SyGQYkpUJXj+B6PMlA1cHy6c4ynHFLQaSSNLUDxO45k= +github.com/yandex-cloud/go-genproto v0.0.0-20240523095218-17e5bb42de1b/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240523095614-158879fff1c9 h1:2aWHREhMtHT18U7te4OhdfPOd2q2QVdW+OJyr1TrPys= +github.com/yandex-cloud/go-sdk v0.0.0-20240523095614-158879fff1c9/go.mod h1:CiUP4mq0qHrqWHaV0s862xW+A2CyNoo2o/h3rQWQSIU= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 h1:tBiBTKHnIjovYoLX/TPkcf+OjqqKGQrPtGT3Foz+Pgo= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76/go.mod h1:SQliXeA7Dhkt//vS29v3zpbEwoa+zb2Cn5xj5uO4K5U= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -818,18 +795,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0 h1:A3SayB3rNyt+1S6qpI9mHPkeHTZbD7XILEqWnYZb2l0= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.51.0/go.mod h1:27iA5uvhuRNmalO+iEUdVn5ZMj2qy10Mm+XRIpRmyuU= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0 h1:Xs2Ncz0gNihqu9iosIZ5SkBbWo5T8JhhLJFMQL1qmLI= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.51.0/go.mod h1:vy+2G/6NvVMpwGX/NyLqcC41fxepnuKHk16E6IZUcJc= -go.opentelemetry.io/otel v1.26.0 h1:LQwgL5s/1W7YiiRwxf03QGnWLb2HW4pLiAhaA5cZXBs= -go.opentelemetry.io/otel v1.26.0/go.mod h1:UmLkJHUAidDval2EICqBMbnAd0/m2vmpf/dAM+fvFs4= -go.opentelemetry.io/otel/metric v1.26.0 h1:7S39CLuY5Jgg9CrnA9HHiEjGMF/X2VHvoXGgSllRz30= -go.opentelemetry.io/otel/metric v1.26.0/go.mod h1:SY+rHOI4cEawI9a7N1A4nIg/nTQXe1ccCNWYOJUrpX4= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 h1:9l89oX4ba9kHbBol3Xin3leYJ+252h0zszDtBwyKe2A= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0/go.mod h1:XLZfZboOJWHNKUv7eH0inh0E9VV6eWDFB/9yJyTLPp0= +go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= +go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= +go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= +go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= -go.opentelemetry.io/otel/trace v1.26.0 h1:1ieeAUb4y0TE26jUFrCIXKpTuVK7uJGN9/Z/2LP5sQA= -go.opentelemetry.io/otel/trace v1.26.0/go.mod h1:4iDxvGDQuUkHve82hJJ8UqrwswHYsZuWCBllGV2U2y0= +go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= +go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= @@ -842,7 +819,6 @@ go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= -golang.org/x/crypto v0.0.0-20190911031432-227b76d455e7/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20191219195013-becbf705a915/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= @@ -860,7 +836,6 @@ golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= @@ -874,8 +849,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842 h1:vr/HnozRka3pE4EsMEg1lgkXJkTFJCVUX+S/ZT6wYzM= -golang.org/x/exp v0.0.0-20240506185415-9bf2ced13842/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= +golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d h1:N0hmiNbwsSNwHBAvR3QB5w25pUwH4tK0Y/RltD1j1h4= +golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -984,7 +959,6 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= -golang.org/x/sys v0.0.0-20180823144017-11551d06cbcc/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -997,7 +971,6 @@ golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191008105621-543471e840be/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1015,7 +988,6 @@ golang.org/x/sys v0.0.0-20200509044756-6aff5f38e54f/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20200511232937-7e40ca221e25/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200515095857-1151b9dac4a9/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200523222454-059865788121/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20200602225109-6fdc65e7d980/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200803210538-64077c9b5642/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200905004654-be1d3432aa8f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1090,7 +1062,6 @@ golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.0.0-20200416051211-89c76fbcd5d1/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= @@ -1228,12 +1199,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291 h1:CTZGpOdDJr2Jq+LcJ/mpjG8mClGy/uJdBBVYbS9g5lY= -google.golang.org/genproto v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:ch5ZrEj5+9MCxUeR3Gp3mCJ4u0eVpusYAmSr/mvpMSk= -google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291 h1:4HZJ3Xv1cmrJ+0aFo304Zn79ur1HMxptAE7aCPNLSqc= -google.golang.org/genproto/googleapis/api v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:RGnPtTG7r4i8sPlNyDeikXF99hMM+hN6QMm4ooG9g2g= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291 h1:AgADTJarZTBqgjiUzRgfaBchgYB3/WFTC80GPwsMcRI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240515191416-fc5f0ca64291/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto v0.0.0-20240521202816-d264139d666e h1:axIBUGXSVho2zB+3tJj8l9Qvm/El5vVYPYqhGA5PmJM= +google.golang.org/genproto v0.0.0-20240521202816-d264139d666e/go.mod h1:gOvX/2dWTqh+u3+IHjFeCxinlz5AZ5qhOufbQPub/dE= +google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e h1:SkdGTrROJl2jRGT/Fxv5QUf9jtdKCQh4KQJXbXVLAi0= +google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e/go.mod h1:LweJcLbyVij6rCex8YunD8DYR5VDonap/jYl3ZRxcIU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e h1:Elxv5MwEkCI9f5SkoL6afed6NTdxaGoAo39eANBwHL8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1326,8 +1297,8 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f h1:0LQagt0gDpKqvIkAMPaRGcXawNMouPECM1+F9BVxEaM= -k8s.io/kube-openapi v0.0.0-20240430033511-f0e62f92d13f/go.mod h1:S9tOR0FxgyusSNR+MboCuiDpVWkAifZvaYI1Q2ubgro= +k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA= +k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= lukechampine.com/frand v1.4.2 h1:RzFIpOvkMXuPMBb9maa4ND4wjBn71E1Jpf8BzJHMaVw= @@ -1337,8 +1308,8 @@ pgregory.net/rapid v0.5.5/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.18.2 h1:RqVW6Kpeaji67CY5nPEfRz6ZfFMk0lWQlNrLqlNpx+Q= -sigs.k8s.io/controller-runtime v0.18.2/go.mod h1:tuAt1+wbVsXIT8lPtk5RURxqAnq7xkpv2Mhttslg7Hw= +sigs.k8s.io/controller-runtime v0.18.3 h1:B5Wmmo8WMWK7izei+2LlXLVDGzMwAHBNLX68lwtlSR4= +sigs.k8s.io/controller-runtime v0.18.3/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/controller-tools v0.15.0 h1:4dxdABXGDhIa68Fiwaif0vcu32xfwmgQ+w8p+5CxoAI= sigs.k8s.io/controller-tools v0.15.0/go.mod h1:8zUSS2T8Hx0APCNRhJWbS3CAQEbIxLa07khzh7pZmXM= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= From 30e18870e289e16dcdefc32eb4a63c988d8c4cf8 Mon Sep 17 00:00:00 2001 From: Mathias Bleimhofer <95223860+ma-ble@users.noreply.github.com> Date: Mon, 3 Jun 2024 22:27:05 +0200 Subject: [PATCH 077/517] Fix: ESO template crash when Kubernetes secret data is nil (#3537) * fix: check if secret.Data is nil before assigning a value Signed-off-by: MathiasBleimhofer --- pkg/template/v2/template.go | 9 ++++ pkg/template/v2/template_test.go | 79 ++++++++++++++++++++++++++++++++ 2 files changed, 88 insertions(+) diff --git a/pkg/template/v2/template.go b/pkg/template/v2/template.go index d0eea9956ec..8340def0726 100644 --- a/pkg/template/v2/template.go +++ b/pkg/template/v2/template.go @@ -72,10 +72,19 @@ func init() { func applyToTarget(k, val string, target esapi.TemplateTarget, secret *corev1.Secret) { switch target { case esapi.TemplateTargetAnnotations: + if secret.Annotations == nil { + secret.Annotations = make(map[string]string) + } secret.Annotations[k] = val case esapi.TemplateTargetLabels: + if secret.Labels == nil { + secret.Labels = make(map[string]string) + } secret.Labels[k] = val case esapi.TemplateTargetData: + if secret.Data == nil { + secret.Data = make(map[string][]byte) + } secret.Data[k] = []byte(val) default: } diff --git a/pkg/template/v2/template_test.go b/pkg/template/v2/template_test.go index 7a15c83d75b..1697d900e1a 100644 --- a/pkg/template/v2/template_test.go +++ b/pkg/template/v2/template_test.go @@ -523,6 +523,85 @@ func TestExecute(t *testing.T) { } } +func TestScopeValuesWithSecretFieldsNil(t *testing.T) { + tbl := []struct { + name string + tpl map[string][]byte + target esapi.TemplateTarget + data map[string][]byte + expectedData map[string][]byte + expectedStringData map[string]string + expErr string + }{ + { + name: "test empty", + tpl: map[string][]byte{}, + target: esapi.TemplateTargetData, + data: nil, + }, + { + name: "test byte", + tpl: map[string][]byte{"foo": []byte("bar")}, + target: esapi.TemplateTargetData, + data: map[string][]byte{ + "key": []byte("foo"), + "value": []byte("bar"), + }, + expectedData: map[string][]byte{ + "foo": []byte("bar"), + }, + }, + { + name: "test Annotations", + tpl: map[string][]byte{"foo": []byte("bar")}, + target: esapi.TemplateTargetAnnotations, + data: map[string][]byte{ + "key": []byte("foo"), + "value": []byte("bar"), + }, + expectedStringData: map[string]string{ + "foo": "bar", + }, + }, + { + name: "test Labels", + tpl: map[string][]byte{"foo": []byte("bar")}, + target: esapi.TemplateTargetLabels, + data: map[string][]byte{ + "key": []byte("foo"), + "value": []byte("bar"), + }, + expectedStringData: map[string]string{ + "foo": "bar", + }, + }, + } + for i := range tbl { + row := tbl[i] + t.Run(row.name, func(t *testing.T) { + sec := &corev1.Secret{} + err := Execute(row.tpl, row.data, esapi.TemplateScopeValues, row.target, sec) + if !ErrorContains(err, row.expErr) { + t.Errorf("unexpected error: %s, expected: %s", err, row.expErr) + } + switch row.target { + case esapi.TemplateTargetData: + if row.expectedData != nil { + assert.EqualValues(t, row.expectedData, sec.Data) + } + case esapi.TemplateTargetLabels: + if row.expectedStringData != nil { + assert.EqualValues(t, row.expectedStringData, sec.Labels) + } + case esapi.TemplateTargetAnnotations: + if row.expectedStringData != nil { + assert.EqualValues(t, row.expectedStringData, sec.Annotations) + } + } + }) + } +} + func TestExecuteInvalidTemplateScope(t *testing.T) { sec := &corev1.Secret{} err := Execute(map[string][]byte{"foo": []byte("bar")}, nil, "invalid", esapi.TemplateTargetData, sec) From 4a4d682593b0b53b4d9bcc159e76f19f9353d746 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 22:27:30 +0200 Subject: [PATCH 078/517] chore(deps): bump alpine from `c5b1261` to `77726ef` (#3524) Bumps alpine from `c5b1261` to `77726ef`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tilt.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.dockerfile b/tilt.dockerfile index 844eb40c6ed..4a33982c13c 100644 --- a/tilt.dockerfile +++ b/tilt.dockerfile @@ -1,4 +1,4 @@ -FROM alpine@sha256:c5b1261d6d3e43071626931fc004f70149baeba2c8ec672bd4f27761f8e1ad6b +FROM alpine@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd WORKDIR / COPY ./bin/external-secrets /external-secrets From a12f3b8292d7a35d09584f119e6634b343278ebf Mon Sep 17 00:00:00 2001 From: Mathias Maes Date: Mon, 3 Jun 2024 22:35:02 +0200 Subject: [PATCH 079/517] Add CA-Bundle to pemToPkcs12 output (#3494) * Add CA-Bundle to pemToPkcs12 output Signed-off-by: Mathias Maes * add fullPemToPkcs12 and tests Signed-off-by: Mathias Maes --------- Signed-off-by: Mathias Maes --- pkg/template/v2/pkcs12.go | 36 +++++++++++++++++-- pkg/template/v2/pkcs12_test.go | 63 ++++++++++++++++++++++++++++++++++ pkg/template/v2/template.go | 6 ++-- 3 files changed, 101 insertions(+), 4 deletions(-) create mode 100644 pkg/template/v2/pkcs12_test.go diff --git a/pkg/template/v2/pkcs12.go b/pkg/template/v2/pkcs12.go index 89a8d3f9e75..d73f8298164 100644 --- a/pkg/template/v2/pkcs12.go +++ b/pkg/template/v2/pkcs12.go @@ -117,19 +117,51 @@ func pemToPkcs12(cert, key string) (string, error) { func pemToPkcs12Pass(cert, key, pass string) (string, error) { certPem, _ := pem.Decode([]byte(cert)) - keyPem, _ := pem.Decode([]byte(key)) parsedCert, err := x509.ParseCertificate(certPem.Bytes) if err != nil { return "", err } + return certsToPkcs12(parsedCert, key, nil, pass) +} + +func fullPemToPkcs12(cert, key string) (string, error) { + return fullPemToPkcs12Pass(cert, key, "") +} + +func fullPemToPkcs12Pass(cert, key, pass string) (string, error) { + certPem, rest := pem.Decode([]byte(cert)) + + parsedCert, err := x509.ParseCertificate(certPem.Bytes) + if err != nil { + return "", err + } + + caCerts := make([]*x509.Certificate, 0) + for len(rest) > 0 { + caPem, restBytes := pem.Decode(rest) + rest = restBytes + + caCert, err := x509.ParseCertificate(caPem.Bytes) + if err != nil { + return "", err + } + + caCerts = append(caCerts, caCert) + } + + return certsToPkcs12(parsedCert, key, caCerts, pass) +} + +func certsToPkcs12(cert *x509.Certificate, key string, caCerts []*x509.Certificate, password string) (string, error) { + keyPem, _ := pem.Decode([]byte(key)) parsedKey, err := parsePrivateKey(keyPem.Bytes) if err != nil { return "", err } - pfx, err := gopkcs12.Modern.Encode(parsedKey, parsedCert, nil, pass) + pfx, err := gopkcs12.Modern.Encode(parsedKey, cert, caCerts, password) if err != nil { return "", err } diff --git a/pkg/template/v2/pkcs12_test.go b/pkg/template/v2/pkcs12_test.go new file mode 100644 index 00000000000..3d44816a291 --- /dev/null +++ b/pkg/template/v2/pkcs12_test.go @@ -0,0 +1,63 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package template + +import ( + "testing" + + gopkcs12 "software.sslmate.com/src/go-pkcs12" +) + +const ( + expectedPfx string = "MIIKAQIBAzCCCbEGCSqGSIb3DQEHAaCCCaIEggmeMIIJmjCCBAgGCSqGSIb3DQEHBqCCA/kwggP1AgEAMIID7gYJKoZIhvcNAQcBMF0GCSqGSIb3DQEFDTBQMC8GCSqGSIb3DQEFDDAiBBAiMDEyMzQ1Njc4OSIAAAAAAgIIADAKBggqhkiG9w0CCTAdBglghkgBZQMEASoEECIwMTIzNDU2Nzg5IgAAAACAggOA3PfruBHwXSLGGGcI6woqtR/A8eBKsYZt0r6kpLf9w3aC9Idic93fY4lPhf2v3d/tin7CZwboeiT6H4uM5s+TrYWWbZIcHh67femCfMjbwnNSkOuzZOFmprJUUEtdZhP8ifDh0NcqT//0KmwRIYaV4JPxmGFfblRFSaLg0daKfCFKIE7onJMa/uy0i4IREzserCNNSZezCNOdtSfWdvjKrIlCFGopjv6iO1oG1qT6JN7YWDZNzgDposmtkIqwP+tNn+40iyv56uVMXZPJHxWxQMhvo24Iq7Qtni+TE+rLmHbiC2l8/99m03YzqDRfA2iDtptqk+rmVf7bVm0nzPEUoWVC0LqQj4RDA/x5mi29OIlOYCfYNi8OJm4wlFlc49USg0URhz6fihNZdp3tcl/In2BKPyAPeLSE5DQb94WWSTlsRov1dw+G6bGD3ClsNZ8xfoBarr93auk1HP1Y3uDzvTAXjBHhMvKamm8pTn2b97qDqWvQDSk+39hh/Ey1hPqr8tdsqCZCpLrvvty9hmtREaosD5/1lNtoZ3AjdhCDlhWshMhh7HFDHTK9nV7xDpETXqv2GNW8xTI5GuPbuBZD6NHQdd1Yqff5N+bejGOD6UBVCnkgtkXOzy0frj8MQqVnCsMZQ1iwJh+nOkJD9S5quapB7q7+uOhnoP88m354uaNI7heAj3RWVKq55ohAbbCB7736bUmHJMoF83IV1fkOD7wYGZOtn3oRgYM7RLu1TPKhvk7VqoYz8MiAXZF7dwHXfO8qOsnKqqNl/yuoy//tZfLrHtktUUonZEsYpAb0FDFCSQJ3gktW6mib+P3/nK9qtu1cS+UEoaavXpvjFohD29GnMBr6AbRNWz1jjbKypWuznJZsUY/NMvyvTBxdqTN5x6h1cH1wU3nnd8MbRBZ5pAW1w63S51fRcfT8/b7SwEAO3F/6z3sfYKfNP4d3/m3HF3kxF8Qgu2fWp9SBOqXnwX7RnNWRfdyFUTjKyUWQucpiFyP3GqQgfPl5cYMgOEqpC8Am1HXGlX0jimSQGphKsQKHJNklQ+wfdltFZ4IjKukF3XVYoClosqYZGl3YjXqzCK60WMCN2Pmk09xw0XTN/8lFK17byWpNRaWLXhkgeqtmVd5jwztAq/hDczHuw+Hu5GbPoqBu6Dn+J61Cd05YCMiWcFrjff+KaBkuJeerMJEwggWKBgkqhkiG9w0BBwGgggV7BIIFdzCCBXMwggVvBgsqhkiG9w0BDAoBAqCCBTcwggUzMF0GCSqGSIb3DQEFDTBQMC8GCSqGSIb3DQEFDDAiBBAiMDEyMzQ1Njc4OSIAAAAAAgIIADAKBggqhkiG9w0CCTAdBglghkgBZQMEASoEECIwMTIzNDU2Nzg5IgAAAAAEggTQ2VJM4mr0FBkty7ied/w1aha3MoDllKVosUCocl8+tCXSBO+i5tQvybIex7gleTOnkmm2s/eFO1i3LKFzzK9/8SVmzJo2+juyUJSM3rIFmN5zKpj+q4Pto6YHpoXGoDszOpVetPPBbsPtJ8Q1tu9CgyL9Bm/GJwfzhJpc1SeywxztILwkJhF/zEkxngiKX8HGVSxVoTuKhi0Gpp2brfWBr9cRf31KHY6a4uQia5nxzr73EPy5DVH2EGcuHdXbsOIcSVGlfVk3+Fz/S6FrgzDPPk9L8DCe/lvzbou8R9TpV7dOOetAI8UT0+zu5I7YZV5gDlR0IxDRa8sgrCw6I0Bk8ABmSSC4tMersSQmVYcnAWkGDn6WQDjpEGJ6T1ScTPd0sFLysCdIo9nyh/T1//mGfNXylx8smlNtnokrlUr0x0ywGLiyRrZWD5ZVhYEmOLFJ0CkRGGR6lUpudrSAun7oQaZ9cSlmyApQ9dZAQmVjEYVcVwN0pTkqo92FJUbkmEGCgvBSIwIT/bB1w8TKjTz6iTYQmcuodAnnhzDuV+F0HqH6IolIKVZdREeRpm+GatNFGcN36FJlvze87XSsst9YiyLEgUy9Le1Pnt/wDlqrI1l9qqyIySIl3VLiY04rv/8PRJGkVD5S66xNqkY5gYuGD6DVzcrdO4RfqXiWXbiqSkicaDd80KApuRVtnvoqrvZRtRuMf18GA8FQ4yTRa2w8/CQav6QbcUecFZBglvrGl/KquHhVZrTwaSP0GEfPUs6X7fBU4BfgBFIISAzhcpHntgZ/ngZSVbJuOo7NHpCPJsLSDf+c4KsNSHQuYI9xU8t/yCFyR5alglT3CbMt976JGRevD6hedUXIr/ZI6jcrWC3JrdJJjr0pt+DiZ9sLNXhLbKb0afzBzgvOvPHDKx4Cwzf0eG8oOm0cGkIcqUBV6Uosnk+xYIQUcK9GR6HlB6kCL3wyp1uDQQEUcknkw3aLlYaOgc3O1uaDIDDD1f7SAcoY/e+3N8HYUZ2dcCVR9HV0Ycg3QwayFRJZPkkkk3GMxVgUhQaVt2SKIiHBlavzRs1Ur/oCPoUktzozyo+FEKUoVHEJRftGCATI3H8TqrtC79W/9OR7V3bk+5RgZgzK5k5l9F8nUeSiSzoByrFCtbHlZbiblZguNGVikqYG3hXe+0QHOTt1nFcmd2MeLvd3o65FGb5fTG4gNwxN2C659j92VfH6OpYFUqlQ+An2+tiJdN+JVdfsHUI5+DdXCDhQs8H9xFdNTOttuSRuwgXsuiY6zGwGErd3hY0hRNFXr2IEai+A/q7xdVdiy//vaS80wHoCSAvvSjpYNg0w0zNiFQ/2Ty+aQg4qHVazocMUlhj2XMWd1vfIpoQSWggTjhYcdIK5z1EsmTAiXK7xHvVOpLI6QVqKHrHBKhmd01Yf/QQyYpvB2/GxlmiXy7WTMFfY3IqP8w6pRQEApKmTUYpx9qVRp2l55R8hOBR9RW2OQGKm10dZRgg87qGbVwbzz3cPx/fPKoGhDu7o7qRwNrKXAbCCjV4eSxoRASFbQUQzJ/Bi6uvZgA8Z42xZXddkFcoGyJZCoi+550QSypEjoRvVy76ff1xxRF+aS9Au3DJKYHQw78018/TdT/62vFI6u92huEcxJTAjBgkqhkiG9w0BCRUxFgQUOEXV6IFYGpCSHi0MPHz4b3W0KOQwRzAvMAsGCWCGSAFlAwQCAQQgLXxF5f6gWA5AMRbc2Z8V+tAk9yGYpjMKeU3M7f+eWnUEECIwMTIzNDU2Nzg5IgAAAAACAggA" + expectedPfxCa string = "MIIL4QIBAzCCC5EGCSqGSIb3DQEHAaCCC4IEggt+MIILejCCBegGCSqGSIb3DQEHBqCCBdkwggXVAgEAMIIFzgYJKoZIhvcNAQcBMF0GCSqGSIb3DQEFDTBQMC8GCSqGSIb3DQEFDDAiBBAiMDEyMzQ1Njc4OSIAAAAAAgIIADAKBggqhkiG9w0CCTAdBglghkgBZQMEASoEECIwMTIzNDU2Nzg5IgAAAACAggVgsKYe+E6Ea1TTSH+knsTsQZcml6DgZWIAD8jpKgch9uYlLsYovIdglRYNkmVoYtvBJxfIOpgCb9yi7xRdftnteQEJUko+WGYuBWTRUBb+loOEdSj7fHohPv1OEBWOkCEs2DJqngWpbQy2zmMtkAzfZIL0Ed3cBGvBkWUhCGAPjVoYJNqLoPlx5VUM7Aj9ZdBhawMHBXuVUXOUgONuLRdHJB5MacXJ62eJobRZscoiuAH8s9tDpkWjo0axALundiR8U98O4a8E9gbXp5ESDw+Fif41NFy9gq/b0F41grgPK0d9UKoWddOe5HxbwhgXZO8mRew96ed8CulGzR9u3vSiU2dvRYDHfvSghCeFFuxDe9zSrQCiRJNKOL0UT3f5v44fUJBpDVAzpf+6Fg3EchmxxIA08PUc934GngOhf2eKKNiPjRveP25TiBDg/3ls2qSDpZOVRMP7H4H2WeCGdYKTvbmLC0XEGTh5wzCkUvL0Bf3V6lW4xHPmDW3vI6RXxFGvpziqO0+lZ+v/RefNZV+MDtTdQEU6UKa67uz1HlB4448+h8wrtnWDAI0e0qSRYIrFLLCl8zg9M2THQtvwZ/PdAQH5ljjHnnQb72LS7OdKuxkdBauiufqA1rtFr4yc3Gr5lHmXV9v5+Gl1yFQeR7oFxIOrwG52d81chG7aBvIgT43dZDGxSSmNOOuhCc2ALA3nQuf4B6ayZGNXIYtbc9j+MddvtDwPksQUqbwskBp927MryskJz0vIBgD89ybYArG4vqLt1uYLsgBnioaSp1Z8FNR2prdrrkGJ0eZsTPcWKk724eLd1wrGhOef4ezhxqu2cJ6aztGPNq8udsBpyK1pThGdDMALq6fg5qgmoZglpw/ZZj/Xdycrc6g299Q1Zzr5CdhU5WlQ0MTu0wM7nk1JRlmDEtHzOdRqM81Wc4qHK3lXtuI/zm1blpwW9FiXuuBTdOYB3YlotHp1GvDdl+NhFC8ele4HeHDhQ+FEdg4GSb5X4C2X/K+IzZvp26L+Dp6V3V/yoKTh+bcnG1Wx6JA99ZJyTZ13WEb5RWosy2KcvbmkY8qTq/cNti+WHwgQ/xqg5PY4RgZ1DgCgEyy5qvX6gFErN+MxcFa8PcPVOOnGFAu6oAOwKed93cB2/uycBnNJByuLUgFPj55Nvh55eDLIn+083YzeOJSfb26D2TCjRPP0FMZMCW4VbQiglA0d0j8Amrl472wqs70coAjKY44iwOUQXjGSoo/0TDyG8PyNBhTs2Jhi3xdn4B2RApWQ6B1QvNORl4+BRKUic0JUbMjRsh4muMtsx3srXEZmWjfpzINnD19UX0whOkRkaMzemaZ49RZJpn2AeIyoRo+laDdxx4pCqYAI0ro9pA+q60XGoVODhstERfsFrb5WGeVUkNP5flgvQmDy5atDMl1RQGea0ZXsWynUJ/BF1trNtrWuEe2TmsmfJzP9HRKF3mw07S5z9IrCQ2NDISEkseBScJSWDjo5/Rr08XgXBhYlgQKYtzOFB108YIkFJSWqe9PAJYxv/agp6RgFmigDLh2rhJZNQpl7EgKYW+g/jUNXMHaT/m3SRMlXbC7ceV6dm2LPE4gYct4b9IvOFEAZxWJixIKHdTf16wTDlGT1oeSv0avzo3RNyO70TTIACx5L+6pmPZi1U3iDJa+OloZO8z6VEb2bODzFMvjhiegw6JQbWpMNi46Y+urF0rQjWmKojlb8s5K46SmAayFFo/9Xl3U0uOnqgApub2RgwCXgE3tvBY6hwq8bZlZ1j5PeJo0375MxLuT0TrPPnqh27S3V4L69OVJ+UZCILl89UM4E7BBhGfTlQ3kwggWKBgkqhkiG9w0BBwGgggV7BIIFdzCCBXMwggVvBgsqhkiG9w0BDAoBAqCCBTcwggUzMF0GCSqGSIb3DQEFDTBQMC8GCSqGSIb3DQEFDDAiBBAiMDEyMzQ1Njc4OSIAAAAAAgIIADAKBggqhkiG9w0CCTAdBglghkgBZQMEASoEECIwMTIzNDU2Nzg5IgAAAAAEggTQ2VJM4mr0FBkty7ied/w1aha3MoDllKVosUCocl8+tCXSBO+i5tQvybIex7gleTOnkmm2s/eFO1i3LKFzzK9/8SVmzJo2+juyUJSM3rIFmN5zKpj+q4Pto6YHpoXGoDszOpVetPPBbsPtJ8Q1tu9CgyL9Bm/GJwfzhJpc1SeywxztILwkJhF/zEkxngiKX8HGVSxVoTuKhi0Gpp2brfWBr9cRf31KHY6a4uQia5nxzr73EPy5DVH2EGcuHdXbsOIcSVGlfVk3+Fz/S6FrgzDPPk9L8DCe/lvzbou8R9TpV7dOOetAI8UT0+zu5I7YZV5gDlR0IxDRa8sgrCw6I0Bk8ABmSSC4tMersSQmVYcnAWkGDn6WQDjpEGJ6T1ScTPd0sFLysCdIo9nyh/T1//mGfNXylx8smlNtnokrlUr0x0ywGLiyRrZWD5ZVhYEmOLFJ0CkRGGR6lUpudrSAun7oQaZ9cSlmyApQ9dZAQmVjEYVcVwN0pTkqo92FJUbkmEGCgvBSIwIT/bB1w8TKjTz6iTYQmcuodAnnhzDuV+F0HqH6IolIKVZdREeRpm+GatNFGcN36FJlvze87XSsst9YiyLEgUy9Le1Pnt/wDlqrI1l9qqyIySIl3VLiY04rv/8PRJGkVD5S66xNqkY5gYuGD6DVzcrdO4RfqXiWXbiqSkicaDd80KApuRVtnvoqrvZRtRuMf18GA8FQ4yTRa2w8/CQav6QbcUecFZBglvrGl/KquHhVZrTwaSP0GEfPUs6X7fBU4BfgBFIISAzhcpHntgZ/ngZSVbJuOo7NHpCPJsLSDf+c4KsNSHQuYI9xU8t/yCFyR5alglT3CbMt976JGRevD6hedUXIr/ZI6jcrWC3JrdJJjr0pt+DiZ9sLNXhLbKb0afzBzgvOvPHDKx4Cwzf0eG8oOm0cGkIcqUBV6Uosnk+xYIQUcK9GR6HlB6kCL3wyp1uDQQEUcknkw3aLlYaOgc3O1uaDIDDD1f7SAcoY/e+3N8HYUZ2dcCVR9HV0Ycg3QwayFRJZPkkkk3GMxVgUhQaVt2SKIiHBlavzRs1Ur/oCPoUktzozyo+FEKUoVHEJRftGCATI3H8TqrtC79W/9OR7V3bk+5RgZgzK5k5l9F8nUeSiSzoByrFCtbHlZbiblZguNGVikqYG3hXe+0QHOTt1nFcmd2MeLvd3o65FGb5fTG4gNwxN2C659j92VfH6OpYFUqlQ+An2+tiJdN+JVdfsHUI5+DdXCDhQs8H9xFdNTOttuSRuwgXsuiY6zGwGErd3hY0hRNFXr2IEai+A/q7xdVdiy//vaS80wHoCSAvvSjpYNg0w0zNiFQ/2Ty+aQg4qHVazocMUlhj2XMWd1vfIpoQSWggTjhYcdIK5z1EsmTAiXK7xHvVOpLI6QVqKHrHBKhmd01Yf/QQyYpvB2/GxlmiXy7WTMFfY3IqP8w6pRQEApKmTUYpx9qVRp2l55R8hOBR9RW2OQGKm10dZRgg87qGbVwbzz3cPx/fPKoGhDu7o7qRwNrKXAbCCjV4eSxoRASFbQUQzJ/Bi6uvZgA8Z42xZXddkFcoGyJZCoi+550QSypEjoRvVy76ff1xxRF+aS9Au3DJKYHQw78018/TdT/62vFI6u92huEcxJTAjBgkqhkiG9w0BCRUxFgQUOEXV6IFYGpCSHi0MPHz4b3W0KOQwRzAvMAsGCWCGSAFlAwQCAQQgcZGaBMgQmJC2O0UWNjaW0aQbipFFKCFVHNmLLObEbKwEECIwMTIzNDU2Nzg5IgAAAAACAggA" +) + +func TestPemToPkcs12(t *testing.T) { + // Mock the random generator, to guarantee to always generate the same output + gopkcs12.Modern = gopkcs12.Modern.WithRand(MockRandomReader{}) + + out, err := pemToPkcs12Pass(certData, keyData, "password") + if err != nil { + t.Errorf("pemToPkcs12Pass() got error '%v', expected none", err) + return + } + + if out != expectedPfx { + t.Errorf("pemToPkcs12Pass() got '%s', expected '%s'", out, expectedPfx) + } +} + +func TestFullPemToPkcs12(t *testing.T) { + // Mock the random generator, to guarantee to always generate the same output + gopkcs12.Modern = gopkcs12.Modern.WithRand(MockRandomReader{}) + + out, err := fullPemToPkcs12Pass(certData+"\n"+otherCert, keyData, "password") + if err != nil { + t.Errorf("pemToPkcs12Pass() got error '%v', expected none", err) + return + } + + if out != expectedPfxCa { + t.Errorf("pemToPkcs12Pass() got '%s', expected '%s'", out, expectedPfxCa) + } +} + +type MockRandomReader struct{} + +func (r MockRandomReader) Read(p []byte) (int, error) { + copy(p, `"0123456789"`) + return len(p), nil +} diff --git a/pkg/template/v2/template.go b/pkg/template/v2/template.go index 8340def0726..b1c65fe796d 100644 --- a/pkg/template/v2/template.go +++ b/pkg/template/v2/template.go @@ -32,8 +32,10 @@ var tplFuncs = tpl.FuncMap{ "pkcs12cert": pkcs12cert, "pkcs12certPass": pkcs12certPass, - "pemToPkcs12": pemToPkcs12, - "pemToPkcs12Pass": pemToPkcs12Pass, + "pemToPkcs12": pemToPkcs12, + "pemToPkcs12Pass": pemToPkcs12Pass, + "fullPemToPkcs12": fullPemToPkcs12, + "fullPemToPkcs12Pass": fullPemToPkcs12Pass, "filterPEM": filterPEM, From e4d28bfc6a0cec33c3fb4fec8ed15df4253e1d35 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 22:35:32 +0200 Subject: [PATCH 080/517] chore(deps): bump docker/login-action from 3.1.0 to 3.2.0 (#3544) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/e92390c5fb421da1463c202d546fed0ec5c39f20...0d4c9c5ea7693da7b068278f7b52bda2a190a446) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/helm.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 2560c0a8200..fc4b462f5fa 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -119,7 +119,7 @@ jobs: version: v3.14.2 # remember to also update for the first job (lint-and-test) - name: Login to GHCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 834d6c63144..81505318659 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -80,7 +80,7 @@ jobs: run: git fetch --prune --unshallow - name: Login to Docker - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 if: env.IS_FORK == 'false' with: registry: ghcr.io diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 853b293b3e5..0183a7663fa 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -86,7 +86,7 @@ jobs: run: go mod download - name: Login to Docker - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: ghcr.io username: ${{ secrets.GHCR_USERNAME }} From 4c6ded5acbf7fbf2d0ea229dd00a6ec513ff939e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 22:35:50 +0200 Subject: [PATCH 081/517] chore(deps): bump github/codeql-action from 3.25.6 to 3.25.7 (#3545) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.6 to 3.25.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/9fdb3e49720b44c48891d036bb502feb25684276...f079b8493333aace61c81488f8bd40919487bd9f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d64dff460f6..b8a4e8e7ed3 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 with: sarif_file: results.sarif From 4d75a870e55031e800baa46fead8c9d2a81f6a16 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 22:36:14 +0200 Subject: [PATCH 082/517] chore(deps): bump certifi from 2024.2.2 to 2024.6.2 in /hack/api-docs (#3546) Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.2.2 to 2024.6.2. - [Commits](https://github.com/certifi/python-certifi/compare/2024.02.02...2024.06.02) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 1ffae3d9db4..e83d2fba7b3 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -1,5 +1,5 @@ Babel==2.15.0 -certifi==2024.2.2 +certifi==2024.6.2 charset-normalizer==3.3.2 click==8.1.7 colorama==0.4.6 From cd3130ad93bd6643b287c85b382883af3eb81fe2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 22:36:31 +0200 Subject: [PATCH 083/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3547) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.24 to 9.5.25. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.24...9.5.25) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index e83d2fba7b3..ec4d290262f 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.0 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.24 +mkdocs-material==9.5.25 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.0 From 40abbab21bef4270d0d1a7c5d254eb8bec4b8d6f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 22:37:19 +0200 Subject: [PATCH 084/517] chore(deps): bump zipp from 3.19.0 to 3.19.1 in /hack/api-docs (#3549) Bumps [zipp](https://github.com/jaraco/zipp) from 3.19.0 to 3.19.1. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.19.0...v3.19.1) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index ec4d290262f..c9dfbb683be 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -39,4 +39,4 @@ tornado==6.4 urllib3==2.2.1 verspec==0.1.0 watchdog==4.0.1 -zipp==3.19.0 +zipp==3.19.1 From ecd513d111a2c03b83334fbf8794a270ee8a40e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 3 Jun 2024 22:44:01 +0200 Subject: [PATCH 085/517] chore(deps): bump requests from 2.32.2 to 2.32.3 in /hack/api-docs (#3548) Bumps [requests](https://github.com/psf/requests) from 2.32.2 to 2.32.3. - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](https://github.com/psf/requests/compare/v2.32.2...v2.32.3) --- updated-dependencies: - dependency-name: requests dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index c9dfbb683be..139f579fd95 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -32,7 +32,7 @@ python-dateutil==2.9.0.post0 PyYAML==6.0.1 pyyaml_env_tag==0.1 regex==2024.5.15 -requests==2.32.2 +requests==2.32.3 six==1.16.0 termcolor==2.4.0 tornado==6.4 From 542f3a6a083dc3a368ffb22f7809a2fe1095bf91 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Tue, 4 Jun 2024 00:23:14 +0200 Subject: [PATCH 086/517] update dependencies (#3550) Signed-off-by: External Secrets Operator Signed-off-by: Moritz Johner Co-authored-by: External Secrets Operator --- e2e/go.mod | 32 ++++++++--------- e2e/go.sum | 73 +++++++++++++++++++------------------- go.mod | 46 ++++++++++++------------ go.sum | 101 ++++++++++++++++++++++++++--------------------------- 4 files changed, 125 insertions(+), 127 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index aa1a64cbec1..799b2397c1d 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -39,12 +39,12 @@ require ( cloud.google.com/go/secretmanager v1.13.1 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 - github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 + github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.53.10 + github.com/aws/aws-sdk-go v1.53.15 github.com/cyberark/conjur-api-go v0.12.0 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 @@ -54,11 +54,11 @@ require ( github.com/hashicorp/vault/api v1.14.0 github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.65.3 - github.com/scaleway/scaleway-sdk-go v1.0.0-beta.26 + github.com/oracle/oci-go-sdk/v65 v65.66.0 + github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27 github.com/xanzy/go-gitlab v0.105.0 golang.org/x/oauth2 v0.20.0 - google.golang.org/api v0.181.0 + google.golang.org/api v0.182.0 k8s.io/api v0.30.1 k8s.io/apiextensions-apiserver v0.30.1 k8s.io/apimachinery v0.30.1 @@ -70,7 +70,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.4.2 // indirect + cloud.google.com/go/auth v0.5.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect cloud.google.com/go/iam v1.1.8 // indirect @@ -78,7 +78,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect - github.com/Azure/go-autorest/autorest/adal v0.9.23 // indirect + github.com/Azure/go-autorest/autorest/adal v0.9.24 // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect @@ -98,7 +98,7 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/emicklei/go-restful/v3 v3.12.0 // indirect + github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fluxcd/pkg/apis/acl v0.1.0 // indirect @@ -122,7 +122,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af // indirect + github.com/google/pprof v0.0.0-20240528025155-186aa0362fba // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect @@ -131,7 +131,7 @@ require ( github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.6 // indirect + github.com/hashicorp/go-retryablehttp v0.7.7 // indirect github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect @@ -164,8 +164,8 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_golang v1.19.1 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.53.0 // indirect - github.com/prometheus/procfs v0.15.0 // indirect + github.com/prometheus/common v0.54.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/segmentio/asm v1.2.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect @@ -185,7 +185,7 @@ require ( go.opentelemetry.io/otel/metric v1.27.0 // indirect go.opentelemetry.io/otel/trace v1.27.0 // indirect golang.org/x/crypto v0.23.0 // indirect - golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d // indirect + golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc // indirect golang.org/x/net v0.25.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.20.0 // indirect @@ -194,9 +194,9 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.21.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240521202816-d264139d666e // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect + google.golang.org/genproto v0.0.0-20240528184218-531527333157 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 // indirect google.golang.org/grpc v1.64.0 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index adc75102abf..5f124c13e8a 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -18,10 +18,10 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.113.0 h1:g3C70mn3lWfckKBiCVsAshabrDg01pQ0pnX1MNtnMkA= -cloud.google.com/go v0.113.0/go.mod h1:glEqlogERKYeePz6ZdkcLJ28Q2I6aERgDDErBg9GzO8= -cloud.google.com/go/auth v0.4.2 h1:sb0eyLkhRtpq5jA+a8KWw0W70YcdVca7KJ8TM0AFYDg= -cloud.google.com/go/auth v0.4.2/go.mod h1:Kqvlz1cf1sNA0D+sYJnkPQOP+JMHkuHeIgVmCRtZOLc= +cloud.google.com/go v0.114.0 h1:OIPFAdfrFDFO2ve2U7r/H5SwSbBzEdrBdE7xkgwc+kY= +cloud.google.com/go v0.114.0/go.mod h1:ZV9La5YYxctro1HTPug5lXH/GefROyW8PPD4T8n9J8E= +cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw= +cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -64,16 +64,15 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hw github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= +github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA= github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= -github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8= -github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.12/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg= +github.com/Azure/go-autorest/autorest/adal v0.9.24 h1:BHZfgGsGwdkHDyZdtQRQk1WeUdW0m2WPAwuHZwUi5i4= +github.com/Azure/go-autorest/autorest/adal v0.9.24/go.mod h1:7T1+g0PYFmACYW5LlG2fcoPiPlFHjClyRGL7dRlP5c8= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 h1:Ov8avRZi2vmrE2JcXw+tu5K/yB41r7xK9GZDiBF7NdM= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.13/go.mod h1:5BAVfWLWXihP47vYrPuBKKf4cS0bXI+KM9Qx6ETDJYo= github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 h1:w77/uPk80ZET2F+AfQExZyEWtn+0Rk/uw17m9fv5Ajc= github.com/Azure/go-autorest/autorest/azure/cli v0.4.6/go.mod h1:piCfgPho7BiIDdEQ1+g4VmKyD5y+p/XtSNqE6Hc4QD0= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= @@ -114,8 +113,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.53.10 h1:3enP5l5WtezT9Ql+XZqs56JBf5YUd/FEzTCg///OIGY= -github.com/aws/aws-sdk-go v1.53.10/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.53.15 h1:FtZmkg7xM8RfP2oY6p7xdKBYrRgkITk9yve2QV7N938= +github.com/aws/aws-sdk-go v1.53.15/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -145,8 +144,8 @@ github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= -github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= -github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= +github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -285,8 +284,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240528025155-186aa0362fba h1:ql1qNgCyOB7iAEk8JTNM+zJrgIbnyCKX/wdlyPufP5g= +github.com/google/pprof v0.0.0-20240528025155-186aa0362fba/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -314,8 +313,8 @@ github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB1 github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= -github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSYmuZJGizr6/x/AEizP0CQc= @@ -409,8 +408,8 @@ github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.65.3 h1:Vx2MbWaXlqYW821SJoZgZM7FTzaVWW9S5QHiamD5+ng= -github.com/oracle/oci-go-sdk/v65 v65.65.3/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.66.0 h1:lW1QNPf06P/8Yt7sYims5uqj57NM+B0GezT4H1yIQnw= +github.com/oracle/oci-go-sdk/v65 v65.66.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -423,17 +422,17 @@ github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJL github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE= -github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= -github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= -github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= +github.com/prometheus/common v0.54.0 h1:ZlZy0BgJhTwVZUn7dLOkwCZHUkrAqd3WYtcFCWnM1D8= +github.com/prometheus/common v0.54.0/go.mod h1:/TQgMJP5CuVYveyT7n/0Ix8yLNNXy9yRSkhnLTHPDIQ= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.26 h1:F+GIVtGqCFxPxO46ujf8cEOP574MBoRm3gNbPXECbxs= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.26/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27 h1:yGAraK1uUjlhSXgNMIy8o/J4LFNcy7yeipBqt9N9mVg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= @@ -525,13 +524,13 @@ golang.org/x/crypto v0.0.0-20190605123033-f99c8df09eb5/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -544,8 +543,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d h1:N0hmiNbwsSNwHBAvR3QB5w25pUwH4tK0Y/RltD1j1h4= -golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= +golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc h1:O9NuF4s+E/PvMIy+9IUZB9znFwUIXEWSstNjek6VpVg= +golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -808,8 +807,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.181.0 h1:rPdjwnWgiPPOJx3IcSAQ2III5aX5tCer6wMpa/xmZi4= -google.golang.org/api v0.181.0/go.mod h1:MnQ+M0CFsfUwA5beZ+g/vCBCPXvtmZwRz2qzZk8ih1k= +google.golang.org/api v0.182.0 h1:if5fPvudRQ78GeRx3RayIoiuV7modtErPIZC/T2bIvE= +google.golang.org/api v0.182.0/go.mod h1:cGhjy4caqA5yXRzEhkHI8Y9mfyC2VLTlER2l08xaqtM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -857,12 +856,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240521202816-d264139d666e h1:axIBUGXSVho2zB+3tJj8l9Qvm/El5vVYPYqhGA5PmJM= -google.golang.org/genproto v0.0.0-20240521202816-d264139d666e/go.mod h1:gOvX/2dWTqh+u3+IHjFeCxinlz5AZ5qhOufbQPub/dE= -google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e h1:SkdGTrROJl2jRGT/Fxv5QUf9jtdKCQh4KQJXbXVLAi0= -google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e/go.mod h1:LweJcLbyVij6rCex8YunD8DYR5VDonap/jYl3ZRxcIU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e h1:Elxv5MwEkCI9f5SkoL6afed6NTdxaGoAo39eANBwHL8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto v0.0.0-20240528184218-531527333157 h1:u7WMYrIrVvs0TF5yaKwKNbcJyySYf+HAIFXxWltJOXE= +google.golang.org/genproto v0.0.0-20240528184218-531527333157/go.mod h1:ubQlAQnzejB8uZzszhrTCU2Fyp6Vi7ZE5nn0c3W8+qQ= +google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw= +google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 h1:Zy9XzmMEflZ/MAaA7vNcoebnRAld7FsPW1EeBB7V0m8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= diff --git a/go.mod b/go.mod index ed8f3ba6ad7..9f0c9ccf690 100644 --- a/go.mod +++ b/go.mod @@ -7,8 +7,8 @@ require ( cloud.google.com/go/secretmanager v1.13.1 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 - github.com/Azure/go-autorest/autorest/adal v0.9.23 - github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 + github.com/Azure/go-autorest/autorest/adal v0.9.24 + github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 github.com/IBM/go-sdk-core/v5 v5.17.3 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 @@ -17,7 +17,7 @@ require ( github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.53.10 + github.com/aws/aws-sdk-go v1.53.15 github.com/go-logr/logr v1.4.2 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 @@ -30,21 +30,21 @@ require ( github.com/huandu/xstrings v1.4.0 // indirect github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.65.3 + github.com/oracle/oci-go-sdk/v65 v65.66.0 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.0 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.1 github.com/xanzy/go-gitlab v0.105.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240523095218-17e5bb42de1b - github.com/yandex-cloud/go-sdk v0.0.0-20240523095614-158879fff1c9 + github.com/yandex-cloud/go-genproto v0.0.0-20240529120826-df2b24336f42 + github.com/yandex-cloud/go-sdk v0.0.0-20240529122015-8b0dc5b8bcbf github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.23.0 golang.org/x/oauth2 v0.20.0 - google.golang.org/api v0.181.0 - google.golang.org/genproto v0.0.0-20240521202816-d264139d666e + google.golang.org/api v0.182.0 + google.golang.org/genproto v0.0.0-20240528184218-531527333157 google.golang.org/grpc v1.64.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -84,7 +84,7 @@ require ( github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 github.com/passbolt/go-passbolt v0.7.0 github.com/pulumi/esc v0.8.3 - github.com/scaleway/scaleway-sdk-go v1.0.0-beta.26 + github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27 github.com/sethvargo/go-password v0.3.0 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 @@ -93,7 +93,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.4.2 // indirect + cloud.google.com/go/auth v0.5.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect dario.cat/mergo v1.0.0 // indirect @@ -115,10 +115,10 @@ require ( github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/charmbracelet/bubbles v0.18.0 // indirect - github.com/charmbracelet/bubbletea v0.26.3 // indirect + github.com/charmbracelet/bubbletea v0.26.4 // indirect github.com/charmbracelet/lipgloss v0.11.0 // indirect - github.com/charmbracelet/x/ansi v0.1.1 // indirect - github.com/charmbracelet/x/input v0.1.1 // indirect + github.com/charmbracelet/x/ansi v0.1.2 // indirect + github.com/charmbracelet/x/input v0.1.2 // indirect github.com/charmbracelet/x/term v0.1.1 // indirect github.com/charmbracelet/x/windows v0.1.2 // indirect github.com/cheggaaa/pb v1.0.29 // indirect @@ -136,7 +136,7 @@ require ( github.com/go-git/go-git/v5 v5.12.0 // indirect github.com/go-jose/go-jose/v4 v4.0.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-playground/validator/v10 v10.20.0 // indirect + github.com/go-playground/validator/v10 v10.21.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.8.1 // indirect @@ -161,7 +161,7 @@ require ( github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.117.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.118.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect @@ -183,8 +183,8 @@ require ( go.opentelemetry.io/otel/metric v1.27.0 // indirect go.opentelemetry.io/otel/trace v1.27.0 // indirect golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect lukechampine.com/frand v1.4.2 // indirect @@ -209,7 +209,7 @@ require ( github.com/davecgh/go-spew v1.1.1 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect - github.com/emicklei/go-restful/v3 v3.12.0 // indirect + github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fatih/color v1.17.0 // indirect @@ -231,13 +231,13 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af // indirect + github.com/google/pprof v0.0.0-20240528025155-186aa0362fba // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect - github.com/hashicorp/go-retryablehttp v0.7.6 + github.com/hashicorp/go-retryablehttp v0.7.7 github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect @@ -269,8 +269,8 @@ require ( github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/common v0.53.0 // indirect - github.com/prometheus/procfs v0.15.0 // indirect + github.com/prometheus/common v0.54.0 // indirect + github.com/prometheus/procfs v0.15.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect @@ -284,7 +284,7 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d + golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc golang.org/x/mod v0.17.0 // indirect golang.org/x/net v0.25.0 // indirect golang.org/x/sys v0.20.0 // indirect diff --git a/go.sum b/go.sum index 32270c1b1e8..e246200bf66 100644 --- a/go.sum +++ b/go.sum @@ -18,10 +18,10 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.113.0 h1:g3C70mn3lWfckKBiCVsAshabrDg01pQ0pnX1MNtnMkA= -cloud.google.com/go v0.113.0/go.mod h1:glEqlogERKYeePz6ZdkcLJ28Q2I6aERgDDErBg9GzO8= -cloud.google.com/go/auth v0.4.2 h1:sb0eyLkhRtpq5jA+a8KWw0W70YcdVca7KJ8TM0AFYDg= -cloud.google.com/go/auth v0.4.2/go.mod h1:Kqvlz1cf1sNA0D+sYJnkPQOP+JMHkuHeIgVmCRtZOLc= +cloud.google.com/go v0.114.0 h1:OIPFAdfrFDFO2ve2U7r/H5SwSbBzEdrBdE7xkgwc+kY= +cloud.google.com/go v0.114.0/go.mod h1:ZV9La5YYxctro1HTPug5lXH/GefROyW8PPD4T8n9J8E= +cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw= +cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -68,16 +68,15 @@ github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hw github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= -github.com/Azure/go-autorest/autorest v0.11.24/go.mod h1:G6kyRlFnTuSbEYkQGawPfsCswgme4iYf6rfSKUDzbCc= +github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA= github.com/Azure/go-autorest/autorest v0.11.29 h1:I4+HL/JDvErx2LjyzaVxllw2lRDB5/BT2Bm4g20iqYw= github.com/Azure/go-autorest/autorest v0.11.29/go.mod h1:ZtEzC4Jy2JDrZLxvWs8LrBWEBycl1hbT1eknI8MtfAs= github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ= github.com/Azure/go-autorest/autorest/adal v0.9.22/go.mod h1:XuAbAEUv2Tta//+voMI038TrJBqjKam0me7qR+L8Cmk= -github.com/Azure/go-autorest/autorest/adal v0.9.23 h1:Yepx8CvFxwNKpH6ja7RZ+sKX+DWYNldbLiALMC3BTz8= -github.com/Azure/go-autorest/autorest/adal v0.9.23/go.mod h1:5pcMqFkdPhviJdlEy3kC/v1ZLnQl0MH6XA5YCcMhy4c= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.12 h1:wkAZRgT/pn8HhFyzfe9UnqOjJYqlembgCTi72Bm/xKk= -github.com/Azure/go-autorest/autorest/azure/auth v0.5.12/go.mod h1:84w/uV8E37feW2NCJ08uT9VBfjfUHpgLVnG2InYD6cg= -github.com/Azure/go-autorest/autorest/azure/cli v0.4.5/go.mod h1:ADQAXrkgm7acgWVUNamOgh8YNrv4p27l3Wc55oVfpzg= +github.com/Azure/go-autorest/autorest/adal v0.9.24 h1:BHZfgGsGwdkHDyZdtQRQk1WeUdW0m2WPAwuHZwUi5i4= +github.com/Azure/go-autorest/autorest/adal v0.9.24/go.mod h1:7T1+g0PYFmACYW5LlG2fcoPiPlFHjClyRGL7dRlP5c8= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 h1:Ov8avRZi2vmrE2JcXw+tu5K/yB41r7xK9GZDiBF7NdM= +github.com/Azure/go-autorest/autorest/azure/auth v0.5.13/go.mod h1:5BAVfWLWXihP47vYrPuBKKf4cS0bXI+KM9Qx6ETDJYo= github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 h1:w77/uPk80ZET2F+AfQExZyEWtn+0Rk/uw17m9fv5Ajc= github.com/Azure/go-autorest/autorest/azure/cli v0.4.6/go.mod h1:piCfgPho7BiIDdEQ1+g4VmKyD5y+p/XtSNqE6Hc4QD0= github.com/Azure/go-autorest/autorest/date v0.3.0 h1:7gUk1U5M/CQbp9WoqinNzJar+8KY+LPI6wiWrP/myHw= @@ -192,8 +191,8 @@ github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinR github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.53.10 h1:3enP5l5WtezT9Ql+XZqs56JBf5YUd/FEzTCg///OIGY= -github.com/aws/aws-sdk-go v1.53.10/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.53.15 h1:FtZmkg7xM8RfP2oY6p7xdKBYrRgkITk9yve2QV7N938= +github.com/aws/aws-sdk-go v1.53.15/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -213,14 +212,14 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/charmbracelet/bubbles v0.18.0 h1:PYv1A036luoBGroX6VWjQIE9Syf2Wby2oOl/39KLfy0= github.com/charmbracelet/bubbles v0.18.0/go.mod h1:08qhZhtIwzgrtBjAcJnij1t1H0ZRjwHyGsy6AL11PSw= -github.com/charmbracelet/bubbletea v0.26.3 h1:iXyGvI+FfOWqkB2V07m1DF3xxQijxjY2j8PqiXYqasg= -github.com/charmbracelet/bubbletea v0.26.3/go.mod h1:bpZHfDHTYJC5g+FBK+ptJRCQotRC+Dhh3AoMxa/2+3Q= +github.com/charmbracelet/bubbletea v0.26.4 h1:2gDkkzLZaTjMl/dQBpNVtnvcCxsh/FCkimep7FC9c40= +github.com/charmbracelet/bubbletea v0.26.4/go.mod h1:P+r+RRA5qtI1DOHNFn0otoNwB4rn+zNAzSj/EXz6xU0= github.com/charmbracelet/lipgloss v0.11.0 h1:UoAcbQ6Qml8hDwSWs0Y1cB5TEQuZkDPH/ZqwWWYTG4g= github.com/charmbracelet/lipgloss v0.11.0/go.mod h1:1UdRTH9gYgpcdNN5oBtjbu/IzNKtzVtb7sqN1t9LNn8= -github.com/charmbracelet/x/ansi v0.1.1 h1:CGAduulr6egay/YVbGc8Hsu8deMg1xZ/bkaXTPi1JDk= -github.com/charmbracelet/x/ansi v0.1.1/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= -github.com/charmbracelet/x/input v0.1.1 h1:YDOJaTUKCqtGnq9PHzx3pkkl4pXDOANUHmhH3DqMtM4= -github.com/charmbracelet/x/input v0.1.1/go.mod h1:jvdTVUnNWj/RD6hjC4FsoB0SeZCJ2ZBkiuFP9zXvZI0= +github.com/charmbracelet/x/ansi v0.1.2 h1:6+LR39uG8DE6zAmbu023YlqjJHkYXDF1z36ZwzO4xZY= +github.com/charmbracelet/x/ansi v0.1.2/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= +github.com/charmbracelet/x/input v0.1.2 h1:QJAZr33eOhDowkkEQ24rsJy4Llxlm+fRDf/cQrmqJa0= +github.com/charmbracelet/x/input v0.1.2/go.mod h1:LGBim0maUY4Pitjn/4fHnuXb4KirU3DODsyuHuXdOyA= github.com/charmbracelet/x/term v0.1.1 h1:3cosVAiPOig+EV4X9U+3LDgtwwAoEzJjNdwbXDjF6yI= github.com/charmbracelet/x/term v0.1.1/go.mod h1:wB1fHt5ECsu3mXYusyzcngVWWlu1KKUmmLhfgr/Flxw= github.com/charmbracelet/x/windows v0.1.2 h1:Iumiwq2G+BRmgoayww/qfcvof7W/3uLoelhxojXlRWg= @@ -265,8 +264,8 @@ github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/ github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= -github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk= -github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= +github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= @@ -342,8 +341,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.20.0 h1:K9ISHbSaI0lyB2eWMPJo+kOS/FBExVwjEviJTixqxL8= -github.com/go-playground/validator/v10 v10.20.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= +github.com/go-playground/validator/v10 v10.21.0 h1:4fZA11ovvtkdgaeev9RGWPgc1uj3H8W+rNYyH/ySBb0= +github.com/go-playground/validator/v10 v10.21.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= @@ -442,8 +441,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af h1:kmjWCqn2qkEml422C2Rrd27c3VGxi6a/6HNq8QmHRKM= -github.com/google/pprof v0.0.0-20240525223248-4bfdf5a9a2af/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240528025155-186aa0362fba h1:ql1qNgCyOB7iAEk8JTNM+zJrgIbnyCKX/wdlyPufP5g= +github.com/google/pprof v0.0.0-20240528025155-186aa0362fba/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -473,8 +472,8 @@ github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVH github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= -github.com/hashicorp/go-retryablehttp v0.7.6 h1:TwRYfx2z2C4cLbXmT8I5PgP/xmuqASDyiVuGYfs9GZM= -github.com/hashicorp/go-retryablehttp v0.7.6/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= +github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= +github.com/hashicorp/go-retryablehttp v0.7.7/go.mod h1:pkQpWZeYWskR+D1tR2O5OcBFOxfA7DoAO6xtkuQnHTk= github.com/hashicorp/go-rootcerts v1.0.2 h1:jzhAVGtqPKbwpyCPELlgNWhE1znq+qwJtW5Oi2viEzc= github.com/hashicorp/go-rootcerts v1.0.2/go.mod h1:pqUvnprVnM5bf7AOirdbb01K4ccR319Vf4pU3K5EGc8= github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 h1:I8bynUKMh9I7JdwtW9voJ0xmHvBpxQtLjrMFDYmhOxY= @@ -637,8 +636,8 @@ github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS6 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.65.3 h1:Vx2MbWaXlqYW821SJoZgZM7FTzaVWW9S5QHiamD5+ng= -github.com/oracle/oci-go-sdk/v65 v65.65.3/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.66.0 h1:lW1QNPf06P/8Yt7sYims5uqj57NM+B0GezT4H1yIQnw= +github.com/oracle/oci-go-sdk/v65 v65.66.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= @@ -658,16 +657,16 @@ github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJL github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.53.0 h1:U2pL9w9nmJwJDa4qqLQ3ZaePJ6ZTwt7cMD3AG3+aLCE= -github.com/prometheus/common v0.53.0/go.mod h1:BrxBKv3FWBIGXw89Mg1AeBq7FSyRzXWI3l3e7W3RN5U= -github.com/prometheus/procfs v0.15.0 h1:A82kmvXJq2jTu5YUhSGNlYoxh85zLnKgPz4bMZgI5Ek= -github.com/prometheus/procfs v0.15.0/go.mod h1:Y0RJ/Y5g5wJpkTisOtqwDSo4HwhGmLB4VQSw2sQJLHk= +github.com/prometheus/common v0.54.0 h1:ZlZy0BgJhTwVZUn7dLOkwCZHUkrAqd3WYtcFCWnM1D8= +github.com/prometheus/common v0.54.0/go.mod h1:/TQgMJP5CuVYveyT7n/0Ix8yLNNXy9yRSkhnLTHPDIQ= +github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= +github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0= github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.8.3 h1:myeDL6dD/mz34zZjCL8s7d/tWHBJYxfMxDCL11MHoqc= github.com/pulumi/esc v0.8.3/go.mod h1:v5VAPxYDa9DRwvubbzKt4ZYf5y0esWC2ccSp/AT923I= -github.com/pulumi/pulumi/sdk/v3 v3.117.0 h1:ImIsukZ2ZIYQG94uWdSZl9dJjJTosQSTsOQTauTNX7U= -github.com/pulumi/pulumi/sdk/v3 v3.117.0/go.mod h1:kNea72+FQk82OjZ3yEP4dl6nbAl2ngE8PDBc0iFAaHg= +github.com/pulumi/pulumi/sdk/v3 v3.118.0 h1:NboaaB4cNuehzsax38PO1jZOS6Mzbx/jNaDNaHPmg4c= +github.com/pulumi/pulumi/sdk/v3 v3.118.0/go.mod h1:kNea72+FQk82OjZ3yEP4dl6nbAl2ngE8PDBc0iFAaHg= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -687,8 +686,8 @@ github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDj github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.26 h1:F+GIVtGqCFxPxO46ujf8cEOP574MBoRm3gNbPXECbxs= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.26/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27 h1:yGAraK1uUjlhSXgNMIy8o/J4LFNcy7yeipBqt9N9mVg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8= github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM= github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= @@ -768,10 +767,10 @@ github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= -github.com/yandex-cloud/go-genproto v0.0.0-20240523095218-17e5bb42de1b h1:SyGQYkpUJXj+B6PMlA1cHy6c4ynHFLQaSSNLUDxO45k= -github.com/yandex-cloud/go-genproto v0.0.0-20240523095218-17e5bb42de1b/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240523095614-158879fff1c9 h1:2aWHREhMtHT18U7te4OhdfPOd2q2QVdW+OJyr1TrPys= -github.com/yandex-cloud/go-sdk v0.0.0-20240523095614-158879fff1c9/go.mod h1:CiUP4mq0qHrqWHaV0s862xW+A2CyNoo2o/h3rQWQSIU= +github.com/yandex-cloud/go-genproto v0.0.0-20240529120826-df2b24336f42 h1:l5Wu1kRcM34HqBR2FZI6tWc6QKyPziNj5fGZ4eXTCRI= +github.com/yandex-cloud/go-genproto v0.0.0-20240529120826-df2b24336f42/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240529122015-8b0dc5b8bcbf h1:R46d2p9AmCeotDrb8alxjeSukKOtU1gNLnBDZxsS7F0= +github.com/yandex-cloud/go-sdk v0.0.0-20240529122015-8b0dc5b8bcbf/go.mod h1:CuHkaRm2ZXv5SulglkbSFjdxh1R6VwpyfSM9EXMYz2U= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 h1:tBiBTKHnIjovYoLX/TPkcf+OjqqKGQrPtGT3Foz+Pgo= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76/go.mod h1:SQliXeA7Dhkt//vS29v3zpbEwoa+zb2Cn5xj5uO4K5U= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -825,7 +824,6 @@ golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= @@ -836,6 +834,7 @@ golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45 golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= @@ -849,8 +848,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d h1:N0hmiNbwsSNwHBAvR3QB5w25pUwH4tK0Y/RltD1j1h4= -golang.org/x/exp v0.0.0-20240525044651-4c93da0ed11d/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= +golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc h1:O9NuF4s+E/PvMIy+9IUZB9znFwUIXEWSstNjek6VpVg= +golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1148,8 +1147,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.181.0 h1:rPdjwnWgiPPOJx3IcSAQ2III5aX5tCer6wMpa/xmZi4= -google.golang.org/api v0.181.0/go.mod h1:MnQ+M0CFsfUwA5beZ+g/vCBCPXvtmZwRz2qzZk8ih1k= +google.golang.org/api v0.182.0 h1:if5fPvudRQ78GeRx3RayIoiuV7modtErPIZC/T2bIvE= +google.golang.org/api v0.182.0/go.mod h1:cGhjy4caqA5yXRzEhkHI8Y9mfyC2VLTlER2l08xaqtM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1199,12 +1198,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240521202816-d264139d666e h1:axIBUGXSVho2zB+3tJj8l9Qvm/El5vVYPYqhGA5PmJM= -google.golang.org/genproto v0.0.0-20240521202816-d264139d666e/go.mod h1:gOvX/2dWTqh+u3+IHjFeCxinlz5AZ5qhOufbQPub/dE= -google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e h1:SkdGTrROJl2jRGT/Fxv5QUf9jtdKCQh4KQJXbXVLAi0= -google.golang.org/genproto/googleapis/api v0.0.0-20240521202816-d264139d666e/go.mod h1:LweJcLbyVij6rCex8YunD8DYR5VDonap/jYl3ZRxcIU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e h1:Elxv5MwEkCI9f5SkoL6afed6NTdxaGoAo39eANBwHL8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240521202816-d264139d666e/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto v0.0.0-20240528184218-531527333157 h1:u7WMYrIrVvs0TF5yaKwKNbcJyySYf+HAIFXxWltJOXE= +google.golang.org/genproto v0.0.0-20240528184218-531527333157/go.mod h1:ubQlAQnzejB8uZzszhrTCU2Fyp6Vi7ZE5nn0c3W8+qQ= +google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw= +google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 h1:Zy9XzmMEflZ/MAaA7vNcoebnRAld7FsPW1EeBB7V0m8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= From 82e6a2ac5feb6812c1121b6c749466f5de51398c Mon Sep 17 00:00:00 2001 From: Lucas Severo Alves Date: Tue, 4 Jun 2024 21:14:39 +0200 Subject: [PATCH 087/517] bump 0.9.19 (#3553) --- deploy/charts/external-secrets/Chart.yaml | 4 ++-- deploy/charts/external-secrets/README.md | 2 +- .../__snapshot__/cert_controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/webhook_test.yaml.snap | 14 +++++++------- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index 0018670273a..0f452736f8a 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.9.18" -appVersion: "v0.9.18" +version: "0.9.19" +appVersion: "v0.9.19" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index 29917cdea34..1701aa0defb 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.18](https://img.shields.io/badge/Version-0.9.18-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.19](https://img.shields.io/badge/Version-0.9.19-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 4a78cb37144..4da22a2cbec 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.18 - helm.sh/chart: external-secrets-0.9.18 + app.kubernetes.io/version: v0.9.19 + helm.sh/chart: external-secrets-0.9.19 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.18 - helm.sh/chart: external-secrets-0.9.18 + app.kubernetes.io/version: v0.9.19 + helm.sh/chart: external-secrets-0.9.19 spec: automountServiceAccountToken: true containers: @@ -38,7 +38,7 @@ should match snapshot of default values: - --secret-namespace=NAMESPACE - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.18 + image: ghcr.io/external-secrets/external-secrets:v0.9.19 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 44cb87e3d56..85054b045f0 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.18 - helm.sh/chart: external-secrets-0.9.18 + app.kubernetes.io/version: v0.9.19 + helm.sh/chart: external-secrets-0.9.19 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,15 +24,15 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.18 - helm.sh/chart: external-secrets-0.9.18 + app.kubernetes.io/version: v0.9.19 + helm.sh/chart: external-secrets-0.9.19 spec: automountServiceAccountToken: true containers: - args: - --concurrent=1 - --metrics-addr=:8080 - image: ghcr.io/external-secrets/external-secrets:v0.9.18 + image: ghcr.io/external-secrets/external-secrets:v0.9.19 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 707b6189c96..6740adf19c9 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.18 - helm.sh/chart: external-secrets-0.9.18 + app.kubernetes.io/version: v0.9.19 + helm.sh/chart: external-secrets-0.9.19 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.18 - helm.sh/chart: external-secrets-0.9.18 + app.kubernetes.io/version: v0.9.19 + helm.sh/chart: external-secrets-0.9.19 spec: automountServiceAccountToken: true containers: @@ -37,7 +37,7 @@ should match snapshot of default values: - --check-interval=5m - --metrics-addr=:8080 - --healthz-addr=:8081 - image: ghcr.io/external-secrets/external-secrets:v0.9.18 + image: ghcr.io/external-secrets/external-secrets:v0.9.19 imagePullPolicy: IfNotPresent name: webhook ports: @@ -81,8 +81,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.18 + app.kubernetes.io/version: v0.9.19 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.9.18 + helm.sh/chart: external-secrets-0.9.19 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From d7c0b558803472974e506b215bc9c96c01da9a6d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Lindh=C3=A9?= <7773090+lindhe@users.noreply.github.com> Date: Wed, 5 Jun 2024 23:31:38 +0200 Subject: [PATCH 088/517] Fix typo: temaplate --> template (#3554) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andreas Lindhé <7773090+lindhe@users.noreply.github.com> --- docs/snippets/generator-github-example-basicauth.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/snippets/generator-github-example-basicauth.yaml b/docs/snippets/generator-github-example-basicauth.yaml index 0188efc53ca..f109478c8b1 100644 --- a/docs/snippets/generator-github-example-basicauth.yaml +++ b/docs/snippets/generator-github-example-basicauth.yaml @@ -2,7 +2,7 @@ apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: github-auth-temaplate + name: github-auth-template spec: dataFrom: - sourceRef: @@ -21,6 +21,6 @@ spec: data: username: "token" password: "{{ .token }}" - name: github-auth-temaplate + name: github-auth-template {% endraw %} From 8fb0fec6caba91767c9e6c37c21a9864ef8fc175 Mon Sep 17 00:00:00 2001 From: Anders Swanson <91502735+anders-swanson@users.noreply.github.com> Date: Thu, 6 Jun 2024 12:20:45 -0700 Subject: [PATCH 089/517] Oracle Vault Provider Documentation (#3551) * Oracle Vault Provider Documentation Signed-off-by: anders-swanson * Oracle Vault Provider Documentation Signed-off-by: anders-swanson --------- Signed-off-by: anders-swanson --- docs/provider/oracle-vault.md | 77 +++++++++++++------ .../oracle-external-secret-plaintext.yaml | 16 ++++ docs/snippets/oracle-instance-principal.yaml | 9 +++ docs/snippets/oracle-principal-type.yaml | 9 +++ docs/snippets/oracle-secret-store.yaml | 26 ------- docs/snippets/oracle-workload-identity.yaml | 14 ++++ 6 files changed, 101 insertions(+), 50 deletions(-) create mode 100644 docs/snippets/oracle-external-secret-plaintext.yaml create mode 100644 docs/snippets/oracle-instance-principal.yaml create mode 100644 docs/snippets/oracle-principal-type.yaml create mode 100644 docs/snippets/oracle-workload-identity.yaml diff --git a/docs/provider/oracle-vault.md b/docs/provider/oracle-vault.md index 243fc507421..d48fc912e56 100644 --- a/docs/provider/oracle-vault.md +++ b/docs/provider/oracle-vault.md @@ -1,64 +1,94 @@ ## Oracle Vault -External Secrets Operator integrates with [OCI API](https://github.com/oracle/oci-go-sdk) to sync secret on the Oracle Vault to secrets held on the Kubernetes cluster. +External Secrets Operator integrates with the [Oracle Cloud Infrastructure (OCI) REST API](https://docs.oracle.com/en-us/iaas/api/) to manage secrets in Oracle Vault. All secret operations exposed by External Secrets Operator are supported by the Oracle provider. -### Authentication +For more information on managing OCI Vaults and OCI Vault Secrets, see the following documentation: -Specify the authenticating principal with `principalType`, using `UserPrincipal`, `InstancePrincipal`, or `Workload` as values. -If `principalType` or `auth` are not set, the operator defaults to instance principal for authentication. +- [Managing Vaults](https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Tasks/managingvaults.htm) +- [Managing Vault Secrets](https://docs.oracle.com/en-us/iaas/Content/KeyManagement/Tasks/managingsecrets.htm) -For user principal, userOCID, tenancyOCID, fingerprint and private key are required. -The fingerprint and key file should be supplied in the secret with the rest being provided in the secret store. +## Authentication -See url for what region you you are accessing. +External Secrets Operator may authenticate to OCI Vault using User Principal, [Instance Principal](https://blogs.oracle.com/developers/post/accessing-the-oracle-cloud-infrastructure-api-using-instance-principals), or [Workload Identity](https://blogs.oracle.com/cloud-infrastructure/post/oke-workload-identity-greater-control-access). + +To specify the authenticating principal in a secret store, set the `spec.provider.oracle.principalType` value. Note that the value of `principalType` defaults `InstancePrincipal` if not set. + +{% include 'oracle-principal-type.yaml' %} + +### User Principal Authentication + +For user principal authentication, region, user OCID, tenancy OCID, private key, and fingerprint are required. +The private key and fingerprint must be supplied in a Kubernetes secret, while the user OCID, tenancy OCID, and region should be set in the secret store. + +To get your user principal information, find url for the OCI region you are accessing. ![userOCID-details](../pictures/screenshot_region.png) -Select tenancy in the top right to see your user OCID as shown below. +Select tenancy in the top right to see your tenancy OCID as shown below. ![tenancyOCID-details](../pictures/screenshot_tenancy_OCID.png) Select your user in the top right to see your user OCID as shown below. ![region-details](../pictures/screenshot_user_OCID.png) +Your fingerprint will be attatched to your API key, once it has been generated. Private keys can be created or uploaded on the same page as the your user OCID. +![fingerprint-details](../pictures/screenshot_fingerprint.png) -#### Service account key authentication +Once you click "Add API Key" you will be shown the following, where you can download the key in the necessary PEM format for API requests. Creating a private key will automatically generate a fingerprint. +![API-key-details](../pictures/screenshot_API_key.png) -Create a secret containing your private key and fingerprint: +Next, create a secret containing your private key and fingerprint: ```yaml {% include 'oracle-credentials-secret.yaml' %} ``` -Your fingerprint will be attatched to your API key, once it has been generated. Found on the same page as the user OCID. -![fingerprint-details](../pictures/screenshot_fingerprint.png) - -Once you click "Add API Key" you will be shown the following, where you can download the RSA key in the necessary PEM format for API requests. -This will automatically generate a fingerprint. -![API-key-details](../pictures/screenshot_API_key.png) - -### Update secret store -Be sure the `oracle` provider is listed in the `Kind=SecretStore`. +After creating the credentials secret, the secret store can be configured: ```yaml {% include 'oracle-secret-store.yaml' %} ``` **NOTE:** In case of a `ClusterSecretStore`, Be sure to provide `namespace` in `privatekey` and `fingerprint` with the namespaces where the secrets reside. -### Creating external secret -To create a kubernetes secret from the Oracle Cloud Interface secret a`Kind=ExternalSecret` is needed. +### Instance Principal Authentication (OCI) + +Instance Principal uses a pod's instance principal to authenticate to OCI Vault. Ensure your cluster instances have the appropriate policies to use [Instance Principal](https://blogs.oracle.com/developers/post/accessing-the-oracle-cloud-infrastructure-api-using-instance-principals). + +```yaml +{% include 'oracle-instance-principal.yaml' %} +``` + +### Workload Identity Authentication (OCI/OKE) + +[Workload Identity](https://blogs.oracle.com/cloud-infrastructure/post/oke-workload-identity-greater-control-access) can be used to grant the External Secrets Operator pod policy driven access to OCI Vault when running on Oracle Container Engine for Kubernetes (OKE). + +Note that if a service account is not provided in the secret store, the Oracle provider will authenticate using the service account token of the External Secrets Operator. + +```yaml +{% include 'oracle-workload-identity.yaml' %} +``` + +## Creating an External Secret + +To create a Kubernetes secret from an OCI Vault secret a `Kind=ExternalSecret` is needed. The External Secret will reference an OCI Vault instance containing secrets with either JSON or plaintext data. + +#### External Secret targeting JSON data ```yaml {% include 'oracle-external-secret.yaml' %} ``` +#### External Secret targeting plaintext data +```yaml +{% include 'oracle-external-secret-plaintext.yaml' %} +``` ### Getting the Kubernetes secret -The operator will fetch the project variable and inject it as a `Kind=Secret`. +The operator will fetch the OCI Vault Secret and inject it as a `Kind=Secret`. ``` kubectl get secret oracle-secret-to-create -o jsonpath='{.data.dev-secret-test}' | base64 -d ``` -### PushSecrets and retrieving multiple secrets. +## PushSecrets and retrieving multiple secrets. When using [PushSecrets](https://external-secrets.io/latest/guides/pushsecrets/), the compartment OCID and encryption key OCID must be specified in the Oracle SecretStore. You can find your compartment and encrpytion key OCIDs in the OCI console. @@ -67,4 +97,3 @@ If [retrieving multiple secrets](https://external-secrets.io/latest/guides/getal ```yaml {% include 'oracle-secret-store-pushsecret.yaml' %} ``` - diff --git a/docs/snippets/oracle-external-secret-plaintext.yaml b/docs/snippets/oracle-external-secret-plaintext.yaml new file mode 100644 index 00000000000..eabe6cb6c93 --- /dev/null +++ b/docs/snippets/oracle-external-secret-plaintext.yaml @@ -0,0 +1,16 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: example +spec: + refreshInterval: 0.03m + secretStoreRef: + kind: SecretStore + name: example # Must match SecretStore on the cluster + target: + name: secret-to-be-created # Name for the secret on the cluster + creationPolicy: Owner + data: + - secretKey: key + remoteRef: + key: my-eso-secret diff --git a/docs/snippets/oracle-instance-principal.yaml b/docs/snippets/oracle-instance-principal.yaml new file mode 100644 index 00000000000..0e2679f5d81 --- /dev/null +++ b/docs/snippets/oracle-instance-principal.yaml @@ -0,0 +1,9 @@ +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: my-secret-store +spec: + provider: + oracle: + vault: # The vault OCID + principalType: InstancePrincipal diff --git a/docs/snippets/oracle-principal-type.yaml b/docs/snippets/oracle-principal-type.yaml new file mode 100644 index 00000000000..386432313d5 --- /dev/null +++ b/docs/snippets/oracle-principal-type.yaml @@ -0,0 +1,9 @@ +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: my-secret-store +spec: + provider: + oracle: + # May be UserPrincipal, InstancePrincipal, or Workload + principalType: diff --git a/docs/snippets/oracle-secret-store.yaml b/docs/snippets/oracle-secret-store.yaml index 8fc9d44b950..94f68a48733 100644 --- a/docs/snippets/oracle-secret-store.yaml +++ b/docs/snippets/oracle-secret-store.yaml @@ -1,29 +1,3 @@ -apiVersion: external-secrets.io/v1beta1 -kind: SecretStore -metadata: - name: example-instance-principal -spec: - provider: - oracle: - vault: # The vault OCID - region: # The vault region - principalType: InstancePrincipal - ---- - -apiVersion: external-secrets.io/v1beta1 -kind: SecretStore -metadata: - name: example-workload-identity -spec: - provider: - oracle: - vault: # The vault OCID - region: # The vault region - principalType: Workload - ---- - apiVersion: external-secrets.io/v1beta1 kind: SecretStore metadata: diff --git a/docs/snippets/oracle-workload-identity.yaml b/docs/snippets/oracle-workload-identity.yaml new file mode 100644 index 00000000000..4dc3d0967ef --- /dev/null +++ b/docs/snippets/oracle-workload-identity.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: my-secret-store +spec: + provider: + oracle: + vault: # The vault OCID + principalType: Workload + # If serviceAccountRef is not specified, the Oracle provider will authenticate using the service account token of the External Secrets Operator. + serviceAccountRef: + # If using a namespaced secret store, this service account must exist in the same namespace as the secret store. + # namespace: service account namespace. Required if using ClusterSecretStore, otherwise cannot be specified. + name: # The service account name to use for authentication. From 94c9a33a112ecd99b5ddb39f6d2416367f39c736 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Fri, 7 Jun 2024 09:46:29 +0200 Subject: [PATCH 090/517] feat: add location to GCP push secret (#3502) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .../v1beta1/secretstore_gcpsm_types.go | 3 + ...ternal-secrets.io_clustersecretstores.yaml | 4 + .../external-secrets.io_secretstores.yaml | 4 + deploy/crds/bundle.yaml | 6 ++ docs/api/spec.md | 11 +++ pkg/provider/gcp/secretmanager/client.go | 54 +++++++++--- pkg/provider/gcp/secretmanager/client_test.go | 83 +++++++++++++++++-- pkg/provider/gcp/secretmanager/fake/fake.go | 24 ++++-- 8 files changed, 164 insertions(+), 25 deletions(-) diff --git a/apis/externalsecrets/v1beta1/secretstore_gcpsm_types.go b/apis/externalsecrets/v1beta1/secretstore_gcpsm_types.go index e2eff4633ad..6bf3710165d 100644 --- a/apis/externalsecrets/v1beta1/secretstore_gcpsm_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_gcpsm_types.go @@ -46,4 +46,7 @@ type GCPSMProvider struct { // ProjectID project where secret is located ProjectID string `json:"projectID,omitempty"` + + // Location optionally defines a location for a secret + Location string `json:"location,omitempty"` } diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 9963448fcda..3771ea0b6a7 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2761,6 +2761,10 @@ spec: - serviceAccountRef type: object type: object + location: + description: Location optionally defines a location for a + secret + type: string projectID: description: ProjectID project where secret is located type: string diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index e729615ee28..6bffcf681db 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2761,6 +2761,10 @@ spec: - serviceAccountRef type: object type: object + location: + description: Location optionally defines a location for a + secret + type: string projectID: description: ProjectID project where secret is located type: string diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 6b131c730b8..28f2d2b8a26 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -3232,6 +3232,9 @@ spec: - serviceAccountRef type: object type: object + location: + description: Location optionally defines a location for a secret + type: string projectID: description: ProjectID project where secret is located type: string @@ -8604,6 +8607,9 @@ spec: - serviceAccountRef type: object type: object + location: + description: Location optionally defines a location for a secret + type: string projectID: description: ProjectID project where secret is located type: string diff --git a/docs/api/spec.md b/docs/api/spec.md index 5897f49ebad..6d521a38489 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -3920,6 +3920,17 @@ string

ProjectID project where secret is located

+ + +location
+ +string + + + +

Location optionally defines a location for a secret

+ +

GCPWorkloadIdentity diff --git a/pkg/provider/gcp/secretmanager/client.go b/pkg/provider/gcp/secretmanager/client.go index c446cf84da3..8daa6294047 100644 --- a/pkg/provider/gcp/secretmanager/client.go +++ b/pkg/provider/gcp/secretmanager/client.go @@ -152,6 +152,26 @@ func (c *Client) PushSecret(ctx context.Context, secret *corev1.Secret, pushSecr return err } + var replication = &secretmanagerpb.Replication{ + Replication: &secretmanagerpb.Replication_Automatic_{ + Automatic: &secretmanagerpb.Replication_Automatic{}, + }, + } + + if c.store.Location != "" { + replication = &secretmanagerpb.Replication{ + Replication: &secretmanagerpb.Replication_UserManaged_{ + UserManaged: &secretmanagerpb.Replication_UserManaged{ + Replicas: []*secretmanagerpb.Replication_UserManaged_Replica{ + { + Location: c.store.Location, + }, + }, + }, + }, + } + } + gcpSecret, err = c.smClient.CreateSecret(ctx, &secretmanagerpb.CreateSecretRequest{ Parent: fmt.Sprintf("projects/%s", c.store.ProjectID), SecretId: pushSecretData.GetRemoteKey(), @@ -159,11 +179,7 @@ func (c *Client) PushSecret(ctx context.Context, secret *corev1.Secret, pushSecr Labels: map[string]string{ managedByKey: managedByValue, }, - Replication: &secretmanagerpb.Replication{ - Replication: &secretmanagerpb.Replication_Automatic_{ - Automatic: &secretmanagerpb.Replication_Automatic{}, - }, - }, + Replication: replication, }, }) metrics.ObserveAPICall(constants.ProviderGCPSM, constants.CallGCPSMCreateSecret, err) @@ -183,13 +199,29 @@ func (c *Client) PushSecret(ctx context.Context, secret *corev1.Secret, pushSecr } if !maps.Equal(gcpSecret.Annotations, annotations) || !maps.Equal(gcpSecret.Labels, labels) { + scrt := &secretmanagerpb.Secret{ + Name: gcpSecret.Name, + Etag: gcpSecret.Etag, + Labels: labels, + Annotations: annotations, + } + + if c.store.Location != "" { + scrt.Replication = &secretmanagerpb.Replication{ + Replication: &secretmanagerpb.Replication_UserManaged_{ + UserManaged: &secretmanagerpb.Replication_UserManaged{ + Replicas: []*secretmanagerpb.Replication_UserManaged_Replica{ + { + Location: c.store.Location, + }, + }, + }, + }, + } + } + _, err = c.smClient.UpdateSecret(ctx, &secretmanagerpb.UpdateSecretRequest{ - Secret: &secretmanagerpb.Secret{ - Name: gcpSecret.Name, - Etag: gcpSecret.Etag, - Labels: labels, - Annotations: annotations, - }, + Secret: scrt, UpdateMask: &field_mask.FieldMask{ Paths: []string{"labels", "annotations"}, }, diff --git a/pkg/provider/gcp/secretmanager/client_test.go b/pkg/provider/gcp/secretmanager/client_test.go index e5b59bb6dd1..e6215ec281e 100644 --- a/pkg/provider/gcp/secretmanager/client_test.go +++ b/pkg/provider/gcp/secretmanager/client_test.go @@ -46,7 +46,7 @@ type secretManagerTestCase struct { apiErr error expectError string expectedSecret string - // for testing secretmap + // for testing SecretMap expectedData map[string][]byte } @@ -576,6 +576,7 @@ func TestPushSecret(t *testing.T) { var secretVersion = secretmanagerpb.SecretVersion{} type args struct { + store *esv1beta1.GCPSMProvider mock *fakesm.MockSMClient Metadata *apiextensionsv1.JSON GetSecretMockReturn fakesm.SecretMockReturn @@ -587,6 +588,7 @@ func TestPushSecret(t *testing.T) { type want struct { err error + req func(*fakesm.MockSMClient) error } tests := []struct { desc string @@ -596,6 +598,7 @@ func TestPushSecret(t *testing.T) { { desc: "SetSecret successfully pushes a secret", args: args{ + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, mock: smtc.mockClient, GetSecretMockReturn: fakesm.SecretMockReturn{Secret: &secret, Err: nil}, AccessSecretVersionMockReturn: fakesm.AccessSecretVersionMockReturn{Res: &res, Err: nil}, @@ -607,7 +610,8 @@ func TestPushSecret(t *testing.T) { { desc: "successfully pushes a secret with metadata", args: args{ - mock: smtc.mockClient, + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, + mock: smtc.mockClient, Metadata: &apiextensionsv1.JSON{ Raw: []byte(`{"annotations":{"annotation-key1":"annotation-value1"},"labels":{"label-key1":"label-value1"}}`), }, @@ -633,10 +637,65 @@ func TestPushSecret(t *testing.T) { err: nil, }, }, + { + desc: "successfully pushes a secret with defined region", + args: args{ + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID, Location: "us-east-1"}, + mock: smtc.mockClient, + GetSecretMockReturn: fakesm.SecretMockReturn{Secret: nil, Err: notFoundError}, + CreateSecretMockReturn: fakesm.SecretMockReturn{Secret: &secretmanagerpb.Secret{ + Name: "projects/default/secrets/baz", + Replication: &secretmanagerpb.Replication{ + Replication: &secretmanagerpb.Replication_UserManaged_{ + UserManaged: &secretmanagerpb.Replication_UserManaged{ + Replicas: []*secretmanagerpb.Replication_UserManaged_Replica{ + { + Location: "us-east-1", + }, + }, + }, + }, + }, + Labels: map[string]string{ + "managed-by": "external-secrets", + "label-key1": "label-value1", + }, + Annotations: map[string]string{ + "annotation-key1": "annotation-value1", + }, + }, Err: nil}, + AccessSecretVersionMockReturn: fakesm.AccessSecretVersionMockReturn{Res: &res, Err: nil}, + AddSecretVersionMockReturn: fakesm.AddSecretVersionMockReturn{SecretVersion: &secretVersion, Err: nil}}, + want: want{ + err: nil, + req: func(m *fakesm.MockSMClient) error { + req, ok := m.CreateSecretCalledWithN[0] + if !ok { + return fmt.Errorf("index 0 for call not found in the list of calls") + } + + user, ok := req.Secret.Replication.Replication.(*secretmanagerpb.Replication_UserManaged_) + if !ok { + return fmt.Errorf("req.Secret.Replication.Replication was not of type *secretmanagerpb.Replication_UserManaged_") + } + + if len(user.UserManaged.Replicas) < 1 { + return fmt.Errorf("req.Secret.Replication.Replication.Replicas was not empty") + } + + if user.UserManaged.Replicas[0].Location != "us-east-1" { + return fmt.Errorf("req.Secret.Replication.Replicas[0].Location was not equal to us-east-1 but was %s", user.UserManaged.Replicas[0].Location) + } + + return nil + }, + }, + }, { desc: "failed to push a secret with invalid metadata type", args: args{ - mock: smtc.mockClient, + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, + mock: smtc.mockClient, Metadata: &apiextensionsv1.JSON{ Raw: []byte(`{"tags":{"tag-key1":"tag-value1"}}`), }, @@ -648,6 +707,7 @@ func TestPushSecret(t *testing.T) { { desc: "secret not pushed if AddSecretVersion errors", args: args{ + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, mock: smtc.mockClient, GetSecretMockReturn: fakesm.SecretMockReturn{Secret: &secret, Err: nil}, AccessSecretVersionMockReturn: fakesm.AccessSecretVersionMockReturn{Res: &res, Err: nil}, @@ -660,6 +720,7 @@ func TestPushSecret(t *testing.T) { { desc: "secret not pushed if AccessSecretVersion errors", args: args{ + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, mock: smtc.mockClient, GetSecretMockReturn: fakesm.SecretMockReturn{Secret: &secret, Err: nil}, AccessSecretVersionMockReturn: fakesm.AccessSecretVersionMockReturn{Res: nil, Err: APIerror}, @@ -671,6 +732,7 @@ func TestPushSecret(t *testing.T) { { desc: "secret not pushed if not managed-by external-secrets", args: args{ + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, mock: smtc.mockClient, GetSecretMockReturn: fakesm.SecretMockReturn{Secret: &wrongLabelSecret, Err: nil}, }, @@ -681,6 +743,7 @@ func TestPushSecret(t *testing.T) { { desc: "don't push a secret with the same key and value", args: args{ + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, mock: smtc.mockClient, AccessSecretVersionMockReturn: fakesm.AccessSecretVersionMockReturn{Res: &res2, Err: nil}, GetSecretMockReturn: fakesm.SecretMockReturn{Secret: &secret, Err: nil}, @@ -692,6 +755,7 @@ func TestPushSecret(t *testing.T) { { desc: "secret is created if one doesn't already exist", args: args{ + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, mock: smtc.mockClient, GetSecretMockReturn: fakesm.SecretMockReturn{Secret: nil, Err: notFoundError}, AccessSecretVersionMockReturn: fakesm.AccessSecretVersionMockReturn{Res: nil, Err: notFoundError}, @@ -705,6 +769,7 @@ func TestPushSecret(t *testing.T) { { desc: "secret not created if CreateSecret returns not found error", args: args{ + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, mock: smtc.mockClient, GetSecretMockReturn: fakesm.SecretMockReturn{Secret: nil, Err: notFoundError}, CreateSecretMockReturn: fakesm.SecretMockReturn{Secret: &secret, Err: notFoundError}, @@ -716,6 +781,7 @@ func TestPushSecret(t *testing.T) { { desc: "secret not created if CreateSecret returns error", args: args{ + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, mock: smtc.mockClient, GetSecretMockReturn: fakesm.SecretMockReturn{Secret: nil, Err: canceledError}, }, @@ -726,6 +792,7 @@ func TestPushSecret(t *testing.T) { { desc: "access secret version for an existing secret returns error", args: args{ + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, mock: smtc.mockClient, GetSecretMockReturn: fakesm.SecretMockReturn{Secret: &secret, Err: nil}, AccessSecretVersionMockReturn: fakesm.AccessSecretVersionMockReturn{Res: nil, Err: canceledError}, @@ -745,9 +812,7 @@ func TestPushSecret(t *testing.T) { c := Client{ smClient: tc.args.mock, - store: &esv1beta1.GCPSMProvider{ - ProjectID: smtc.projectID, - }, + store: tc.args.store, } s := &corev1.Secret{Data: map[string][]byte{secretKey: []byte("fake-value")}} data := testingfake.PushSecretData{ @@ -771,6 +836,12 @@ func TestPushSecret(t *testing.T) { if tc.want.err != nil { t.Errorf("expected to receive an error but got nil") } + + if tc.want.req != nil { + if err := tc.want.req(tc.args.mock); err != nil { + t.Errorf("received an unexpected error while checking request: %v", err) + } + } }) } } diff --git a/pkg/provider/gcp/secretmanager/fake/fake.go b/pkg/provider/gcp/secretmanager/fake/fake.go index 0d58a3eba6e..22c9648927a 100644 --- a/pkg/provider/gcp/secretmanager/fake/fake.go +++ b/pkg/provider/gcp/secretmanager/fake/fake.go @@ -27,14 +27,16 @@ import ( ) type MockSMClient struct { - accessSecretFn func(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error) - ListSecretsFn func(ctx context.Context, req *secretmanagerpb.ListSecretsRequest, opts ...gax.CallOption) *secretmanager.SecretIterator - AddSecretFn func(ctx context.Context, req *secretmanagerpb.AddSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.SecretVersion, error) - createSecretFn func(ctx context.Context, req *secretmanagerpb.CreateSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error) - updateSecretFn func(ctx context.Context, req *secretmanagerpb.UpdateSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error) - closeFn func() error - GetSecretFn func(ctx context.Context, req *secretmanagerpb.GetSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error) - DeleteSecretFn func(ctx context.Context, req *secretmanagerpb.DeleteSecretRequest, opts ...gax.CallOption) error + accessSecretFn func(ctx context.Context, req *secretmanagerpb.AccessSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.AccessSecretVersionResponse, error) + ListSecretsFn func(ctx context.Context, req *secretmanagerpb.ListSecretsRequest, opts ...gax.CallOption) *secretmanager.SecretIterator + AddSecretFn func(ctx context.Context, req *secretmanagerpb.AddSecretVersionRequest, opts ...gax.CallOption) (*secretmanagerpb.SecretVersion, error) + createSecretFn func(ctx context.Context, req *secretmanagerpb.CreateSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error) + CreateSecretCalledWithN map[int]*secretmanagerpb.CreateSecretRequest + createSecretCallN int + updateSecretFn func(ctx context.Context, req *secretmanagerpb.UpdateSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error) + closeFn func() error + GetSecretFn func(ctx context.Context, req *secretmanagerpb.GetSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error) + DeleteSecretFn func(ctx context.Context, req *secretmanagerpb.DeleteSecretRequest, opts ...gax.CallOption) error } type AccessSecretVersionMockReturn struct { @@ -98,6 +100,12 @@ func (mc *MockSMClient) NewAddSecretVersionFn(mock AddSecretVersionMockReturn) { } func (mc *MockSMClient) CreateSecret(ctx context.Context, req *secretmanagerpb.CreateSecretRequest, _ ...gax.CallOption) (*secretmanagerpb.Secret, error) { + if mc.CreateSecretCalledWithN == nil { + mc.CreateSecretCalledWithN = make(map[int]*secretmanagerpb.CreateSecretRequest) + } + mc.CreateSecretCalledWithN[mc.createSecretCallN] = req + mc.createSecretCallN++ + return mc.createSecretFn(ctx, req) } From c365cb49563f61c0c69409e1f423047658426350 Mon Sep 17 00:00:00 2001 From: AvivGuiser Date: Sat, 8 Jun 2024 16:37:01 +0300 Subject: [PATCH 091/517] add log.level and log.encoding to all components (#3558) * add log.level and log.encoding to all components Signed-off-by: Aviv Guiser Signed-off-by: Moritz Johner Co-authored-by: Moritz Johner --- deploy/charts/external-secrets/README.md | 3 +++ .../templates/cert-controller-deployment.yaml | 2 ++ .../external-secrets/templates/deployment.yaml | 2 ++ .../templates/webhook-deployment.yaml | 2 ++ .../__snapshot__/cert_controller_test.yaml.snap | 2 ++ .../tests/__snapshot__/controller_test.yaml.snap | 2 ++ .../tests/__snapshot__/crds_test.yaml.snap | 3 +++ .../tests/__snapshot__/webhook_test.yaml.snap | 2 ++ deploy/charts/external-secrets/values.yaml | 15 ++++++++++++--- docs/api/controller-options.md | 3 +++ 10 files changed, 33 insertions(+), 3 deletions(-) diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index 1701aa0defb..a9fb8ff2116 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -49,6 +49,7 @@ The command removes all the Kubernetes components associated with the chart and | certController.image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | | certController.image.tag | string | `""` | | | certController.imagePullSecrets | list | `[]` | | +| certController.log | object | `{"level":"info","timeEncoding":"epoch"}` | Specifices Log Params to the Webhook | | certController.metrics.listen.port | int | `8080` | | | certController.metrics.service.annotations | object | `{}` | Additional service annotations | | certController.metrics.service.enabled | bool | `false` | Enable if you use another monitoring tool than Prometheus to scrape the metrics | @@ -114,6 +115,7 @@ The command removes all the Kubernetes components associated with the chart and | imagePullSecrets | list | `[]` | | | installCRDs | bool | `true` | If set, install and upgrade CRDs through helm chart. | | leaderElect | bool | `false` | If true, external-secrets will perform leader election between instances to ensure no more than one instance of external-secrets operates at a time. | +| log | object | `{"level":"info","timeEncoding":"epoch"}` | Specifices Log Params to the Webhook | | metrics.listen.port | int | `8080` | | | metrics.service.annotations | object | `{}` | Additional service annotations | | metrics.service.enabled | bool | `false` | Enable if you use another monitoring tool than Prometheus to scrape the metrics | @@ -185,6 +187,7 @@ The command removes all the Kubernetes components associated with the chart and | webhook.image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | | webhook.image.tag | string | `""` | The image tag to use. The default is the chart appVersion. | | webhook.imagePullSecrets | list | `[]` | | +| webhook.log | object | `{"level":"info","timeEncoding":"epoch"}` | Specifices Log Params to the Webhook | | webhook.lookaheadInterval | string | `""` | Specifices the lookaheadInterval for certificate validity | | webhook.metrics.listen.port | int | `8080` | | | webhook.metrics.service.annotations | object | `{}` | Additional service annotations | diff --git a/deploy/charts/external-secrets/templates/cert-controller-deployment.yaml b/deploy/charts/external-secrets/templates/cert-controller-deployment.yaml index 000b442d600..cf045a03a10 100644 --- a/deploy/charts/external-secrets/templates/cert-controller-deployment.yaml +++ b/deploy/charts/external-secrets/templates/cert-controller-deployment.yaml @@ -60,6 +60,8 @@ spec: - --secret-namespace={{ template "external-secrets.namespace" . }} - --metrics-addr=:{{ .Values.certController.metrics.listen.port }} - --healthz-addr={{ .Values.certController.readinessProbe.address }}:{{ .Values.certController.readinessProbe.port }} + - --loglevel={{ .Values.certController.log.level }} + - --zap-time-encoding={{ .Values.certController.log.timeEncoding }} {{ if not .Values.crds.createClusterSecretStore -}} - --crd-names=externalsecrets.external-secrets.io - --crd-names=secretstores.external-secrets.io diff --git a/deploy/charts/external-secrets/templates/deployment.yaml b/deploy/charts/external-secrets/templates/deployment.yaml index 7aed1670e45..75a908e635d 100644 --- a/deploy/charts/external-secrets/templates/deployment.yaml +++ b/deploy/charts/external-secrets/templates/deployment.yaml @@ -91,6 +91,8 @@ spec: {{- end }} {{- end }} - --metrics-addr=:{{ .Values.metrics.listen.port }} + - --loglevel={{ .Values.log.level }} + - --zap-time-encoding={{ .Values.log.timeEncoding }} ports: - containerPort: {{ .Values.metrics.listen.port }} protocol: TCP diff --git a/deploy/charts/external-secrets/templates/webhook-deployment.yaml b/deploy/charts/external-secrets/templates/webhook-deployment.yaml index 24692a3203c..7419a426b24 100644 --- a/deploy/charts/external-secrets/templates/webhook-deployment.yaml +++ b/deploy/charts/external-secrets/templates/webhook-deployment.yaml @@ -59,6 +59,8 @@ spec: - --check-interval={{ .Values.webhook.certCheckInterval }} - --metrics-addr=:{{ .Values.webhook.metrics.listen.port }} - --healthz-addr={{ .Values.webhook.readinessProbe.address }}:{{ .Values.webhook.readinessProbe.port }} + - --loglevel={{ .Values.webhook.log.level }} + - --zap-time-encoding={{ .Values.webhook.log.timeEncoding }} {{- if .Values.webhook.lookaheadInterval }} - --lookahead-interval={{ .Values.webhook.lookaheadInterval }} {{- end }} diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 4da22a2cbec..70f95f29f08 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -38,6 +38,8 @@ should match snapshot of default values: - --secret-namespace=NAMESPACE - --metrics-addr=:8080 - --healthz-addr=:8081 + - --loglevel=info + - --zap-time-encoding=epoch image: ghcr.io/external-secrets/external-secrets:v0.9.19 imagePullPolicy: IfNotPresent name: cert-controller diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 85054b045f0..172a76a00cf 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -32,6 +32,8 @@ should match snapshot of default values: - args: - --concurrent=1 - --metrics-addr=:8080 + - --loglevel=info + - --zap-time-encoding=epoch image: ghcr.io/external-secrets/external-secrets:v0.9.19 imagePullPolicy: IfNotPresent name: external-secrets diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 05d62c58ed6..d4183d8c76d 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -2588,6 +2588,9 @@ should match snapshot of default values: - serviceAccountRef type: object type: object + location: + description: Location optionally defines a location for a secret + type: string projectID: description: ProjectID project where secret is located type: string diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 6740adf19c9..dc72a269fba 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -37,6 +37,8 @@ should match snapshot of default values: - --check-interval=5m - --metrics-addr=:8080 - --healthz-addr=:8081 + - --loglevel=info + - --zap-time-encoding=epoch image: ghcr.io/external-secrets/external-secrets:v0.9.19 imagePullPolicy: IfNotPresent name: webhook diff --git a/deploy/charts/external-secrets/values.yaml b/deploy/charts/external-secrets/values.yaml index f456ea48a26..17a0be9caef 100644 --- a/deploy/charts/external-secrets/values.yaml +++ b/deploy/charts/external-secrets/values.yaml @@ -85,7 +85,10 @@ createOperator: true # -- Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at # a time. concurrent: 1 - +# -- Specifices Log Params to the Webhook +log: + level: info + timeEncoding: epoch service: # -- Set the ip family policy to configure dual-stack see [Configure dual-stack](https://kubernetes.io/docs/concepts/services-networking/dual-stack/#services) ipFamilyPolicy: "" @@ -240,7 +243,10 @@ webhook: # -- Specifices the lookaheadInterval for certificate validity lookaheadInterval: "" replicaCount: 1 - + # -- Specifices Log Params to the Webhook + log: + level: info + timeEncoding: epoch # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) revisionHistoryLimit: 10 @@ -400,7 +406,10 @@ certController: create: true requeueInterval: "5m" replicaCount: 1 - + # -- Specifices Log Params to the Webhook + log: + level: info + timeEncoding: epoch # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) revisionHistoryLimit: 10 diff --git a/docs/api/controller-options.md b/docs/api/controller-options.md index a846aff99e8..61ea9ad91ef 100644 --- a/docs/api/controller-options.md +++ b/docs/api/controller-options.md @@ -28,6 +28,7 @@ The core controller is invoked without a subcommand and can be configured with t | `--experimental-enable-aws-session-cache` | boolean | false | Enable experimental AWS session cache. External secret will reuse the AWS session without creating a new one on each request. | | `--help` | | | help for external-secrets | | `--loglevel` | string | info | loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal | +| `--zap-time-encoding` | string | epoch | loglevel to use, one of: epoch, millis, nano, iso8601, rfc3339, rfc3339nano | | `--metrics-addr` | string | :8080 | The address the metric endpoint binds to. | | `--namespace` | string | - | watch external secrets scoped in the provided namespace only. ClusterSecretStore can be used but only work if it doesn't reference resources from other namespaces | | `--store-requeue-interval` | duration | 5m0s | Default Time duration between reconciling (Cluster)SecretStores | @@ -41,6 +42,7 @@ The core controller is invoked without a subcommand and can be configured with t | `--healthz-addr` | string | :8081 | The address the health endpoint binds to. | | `--help` | | | help for certcontroller | | `--loglevel` | string | info | loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal | +| `--zap-time-encoding` | string | epoch | time encoding to use, one of: epoch, millis, nano, iso8601, rfc3339, rfc3339nano | | `--metrics-addr` | string | :8080 | The address the metric endpoint binds to. | | `--secret-name` | string | external-secrets-webhook | Secret to store certs for webhook | | `--secret-namespace` | string | default | namespace of the secret to store certs | @@ -57,6 +59,7 @@ The core controller is invoked without a subcommand and can be configured with t | `--healthz-addr` | string | :8081 | The address the health endpoint binds to. | | `--help` | | | help for webhook | | `--loglevel` | string | info | loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal | +| `--zap-time-encoding` | string | epoch | time encoding to use, one of: epoch, millis, nano, iso8601, rfc3339, rfc3339nano | | `--lookahead-interval` | duration | 2160h0m0s (90d) | certificate check interval | | `--metrics-addr` | string | :8080 | The address the metric endpoint binds to. | | `--port` | number | 10250 | Port number that the webhook server will serve. | From 23684a72d1492916fe3ed35fbbfc498b7f5016d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 10:31:11 +0200 Subject: [PATCH 092/517] chore(deps): bump github/codeql-action from 3.25.7 to 3.25.8 (#3561) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.7 to 3.25.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f079b8493333aace61c81488f8bd40919487bd9f...2e230e8fe0ad3a14a340ad0815ddb96d599d2aff) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b8a4e8e7ed3..de82c69f424 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: sarif_file: results.sarif From 188b7f4856834716d8131f5f0aa8e1b38e42842b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 10:31:38 +0200 Subject: [PATCH 093/517] chore(deps): bump aquasecurity/trivy-action from 0.21.0 to 0.22.0 (#3562) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.21.0 to 0.22.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/fd25fed6972e341ff0007ddb61f77e88103953c2...595be6a0f6560a0a8fc419ddf630567fc623531d) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 81505318659..a9234d5b68e 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -126,7 +126,7 @@ jobs: run: make docker.build - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@fd25fed6972e341ff0007ddb61f77e88103953c2 # master + uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # master with: image-ref: ${{ inputs.image-name }}:${{ steps.container_info.outputs.image-tag }} format: 'table' From 56ddd3c183141d934cab6e75832ac007676dc3d5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 10:39:25 +0200 Subject: [PATCH 094/517] chore(deps): bump tornado from 6.4 to 6.4.1 in /hack/api-docs (#3563) Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.4 to 6.4.1. - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](https://github.com/tornadoweb/tornado/compare/v6.4.0...v6.4.1) --- updated-dependencies: - dependency-name: tornado dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 139f579fd95..f382411f94b 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -35,7 +35,7 @@ regex==2024.5.15 requests==2.32.3 six==1.16.0 termcolor==2.4.0 -tornado==6.4 +tornado==6.4.1 urllib3==2.2.1 verspec==0.1.0 watchdog==4.0.1 From d0c2ea1758ecf0e40ae7d5c453bac587b77ab66b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 10:39:33 +0200 Subject: [PATCH 095/517] chore(deps): bump packaging from 24.0 to 24.1 in /hack/api-docs (#3564) Bumps [packaging](https://github.com/pypa/packaging) from 24.0 to 24.1. - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pypa/packaging/compare/24.0...24.1) --- updated-dependencies: - dependency-name: packaging dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index f382411f94b..18b2c5ed522 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -21,7 +21,7 @@ mkdocs-macros-plugin==1.0.5 mkdocs-material==9.5.25 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 -packaging==24.0 +packaging==24.1 paginate==0.5.6 pathspec==0.12.1 pep562==1.1 From dc4945b05e9a1842ea973ecbf88b45d90155bd7c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 10:39:42 +0200 Subject: [PATCH 096/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3565) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.25 to 9.5.26. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.25...9.5.26) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 18b2c5ed522..2e4d28a685d 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.0 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.25 +mkdocs-material==9.5.26 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 From 227cfbb5d469a9c514990dfc33fef2176ea54add Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 10:39:49 +0200 Subject: [PATCH 097/517] chore(deps): bump zipp from 3.19.1 to 3.19.2 in /hack/api-docs (#3566) Bumps [zipp](https://github.com/jaraco/zipp) from 3.19.1 to 3.19.2. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.19.1...v3.19.2) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 2e4d28a685d..bf373e2bf0b 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -39,4 +39,4 @@ tornado==6.4.1 urllib3==2.2.1 verspec==0.1.0 watchdog==4.0.1 -zipp==3.19.1 +zipp==3.19.2 From 5721fae7291ed8472d7becd01c0799f82a35a368 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 10 Jun 2024 23:14:44 +0300 Subject: [PATCH 098/517] chore(deps): bump ubi8/ubi-minimal from `9e458f4` to `5f1cd34` (#3568) Bumps ubi8/ubi-minimal from `9e458f4` to `5f1cd34`. --- updated-dependencies: - dependency-name: ubi8/ubi-minimal dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.ubi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.ubi b/Dockerfile.ubi index b619aa35f99..0a2903cc266 100644 --- a/Dockerfile.ubi +++ b/Dockerfile.ubi @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:9e458f41ff8868ceae00608a6fff35b45fd8bbe967bf8655e5ab08da5964f4d0 +FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:5f1cd3422d5d46aea35dac80825dbcbd58213eef49c317f42a394345fb4e8ff1 ARG TARGETOS ARG TARGETARCH COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets From 26859fd62b47437b5713b8f44af79927fd954ec2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Jun 2024 07:58:03 +0300 Subject: [PATCH 099/517] chore(deps): bump golang from 1.22.3-bookworm to 1.22.4-bookworm in /e2e (#3569) --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 5b64af8be82..e31f0f1dc2a 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.3-bookworm@sha256:5c56bd47228dd572d8a82971cf1f946cd8bb1862a8ec6dc9f3d387cc94136976 as builder +FROM golang:1.22.4-bookworm@sha256:aec47843e52fee4436bdd3ce931417fa980e9055658b5142140925eea3044bea as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From 253fee4c3b1e23de234cf41bd95311ec4b1b1193 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 11 Jun 2024 13:06:45 +0300 Subject: [PATCH 100/517] chore(deps): bump golang from 1.22.3 to 1.22.4 (#3567) --- Dockerfile.standalone | 2 +- tilt.debug.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 516eb07c6fd..833f80097bc 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.22.3-alpine@sha256:b8ded51bad03238f67994d0a6b88680609b392db04312f60c23358cc878d4902 AS builder +FROM golang:1.22.4-alpine@sha256:9bdd5692d39acc3f8d0ea6f81327f87ac6b473dd29a2b6006df362bff48dd1f8 AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index c4c0f12d25e..e75bf19b3ad 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.3@sha256:f43c6f049f04cbbaeb28f0aad3eea15274a7d0a7899a617d0037aec48d7ab010 +FROM golang:1.22.4@sha256:969349b8121a56d51c74f4c273ab974c15b3a8ae246a5cffc1df7d28b66cf978 WORKDIR / COPY ./bin/external-secrets /external-secrets From ace1ff595f11c645584367a2ea371202887a6a05 Mon Sep 17 00:00:00 2001 From: Akhil Mohan Date: Wed, 12 Jun 2024 01:57:31 +0530 Subject: [PATCH 101/517] Infisical provider (#3477) * feat: added crds for infisical provider Signed-off-by: = * feat: implemented infisical provider logic Signed-off-by: = * fix: resolved broken doc building due to vault doc error Signed-off-by: = * docs: added doc for infisical provider Signed-off-by: = * docs: fixed a warning in mkdocs on link Signed-off-by: = * feat: resolved all lint issues Signed-off-by: = * doc: removed k8s auth release banner from infisical doc Signed-off-by: = * feat: added support for property to infisical provider Signed-off-by: = * feat: removed auth type and made implicit ordering of authentication based on feedback Signed-off-by: = * feat: support for referent authentication Signed-off-by: = * feat: added error for tag not supported in find Signed-off-by: = * fix: resolved failing build Signed-off-by: = * feat: updated doc and added stability matrix for infisical Signed-off-by: = * feat: switched to less error prone use and revoke token strategy and added validate interface logic Signed-off-by: = * feat: code lint issue fixes Signed-off-by: = * feat: resolved review comments for infisical client Signed-off-by: = * feat: improved test cases and resolved sonar issues Signed-off-by: = * feat: resolved sonar suggestions Signed-off-by: = * feat: resolved sonar suggestions for test const ids Signed-off-by: = * feat: store changes to assertError Signed-off-by: = --------- Signed-off-by: = --- .../v1beta1/secretsstore_infisical_types.go | 53 ++++ .../v1beta1/secretstore_types.go | 4 + .../v1beta1/zz_generated.deepcopy.go | 74 +++++ ...ternal-secrets.io_clustersecretstores.yaml | 75 +++++ .../external-secrets.io_secretstores.yaml | 75 +++++ deploy/crds/bundle.yaml | 142 ++++++++++ docs/api/spec.md | 191 +++++++++++++ docs/introduction/stability-support.md | 2 + docs/pictures/external-secrets-operator.png | Bin 0 -> 220046 bytes docs/provider/hashicorp-vault.md | 2 +- docs/provider/infisical.md | 68 +++++ .../snippets/infisical-fetch-all-secrets.yaml | 16 ++ docs/snippets/infisical-fetch-secret.yaml | 16 ++ docs/snippets/infisical-filtered-secrets.yaml | 15 + .../infisical-generic-secret-store.yaml | 25 ++ hack/api-docs/mkdocs.yml | 143 +++++----- pkg/provider/infisical/api/api.go | 257 ++++++++++++++++++ pkg/provider/infisical/api/api_models.go | 87 ++++++ pkg/provider/infisical/client.go | 170 ++++++++++++ pkg/provider/infisical/constants/constants.go | 19 ++ pkg/provider/infisical/fake/fake.go | 58 ++++ pkg/provider/infisical/provider.go | 159 +++++++++++ pkg/provider/infisical/provider_test.go | 238 ++++++++++++++++ pkg/provider/register/register.go | 1 + 24 files changed, 1818 insertions(+), 72 deletions(-) create mode 100644 apis/externalsecrets/v1beta1/secretsstore_infisical_types.go create mode 100644 docs/pictures/external-secrets-operator.png create mode 100644 docs/provider/infisical.md create mode 100644 docs/snippets/infisical-fetch-all-secrets.yaml create mode 100644 docs/snippets/infisical-fetch-secret.yaml create mode 100644 docs/snippets/infisical-filtered-secrets.yaml create mode 100644 docs/snippets/infisical-generic-secret-store.yaml create mode 100644 pkg/provider/infisical/api/api.go create mode 100644 pkg/provider/infisical/api/api_models.go create mode 100644 pkg/provider/infisical/client.go create mode 100644 pkg/provider/infisical/constants/constants.go create mode 100644 pkg/provider/infisical/fake/fake.go create mode 100644 pkg/provider/infisical/provider.go create mode 100644 pkg/provider/infisical/provider_test.go diff --git a/apis/externalsecrets/v1beta1/secretsstore_infisical_types.go b/apis/externalsecrets/v1beta1/secretsstore_infisical_types.go new file mode 100644 index 00000000000..c1eea0a4dd8 --- /dev/null +++ b/apis/externalsecrets/v1beta1/secretsstore_infisical_types.go @@ -0,0 +1,53 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" +) + +type UniversalAuthCredentials struct { + // +kubebuilder:validation:Required + ClientID esmeta.SecretKeySelector `json:"clientId"` + // +kubebuilder:validation:Required + ClientSecret esmeta.SecretKeySelector `json:"clientSecret"` +} + +type InfisicalAuth struct { + // +optional + UniversalAuthCredentials *UniversalAuthCredentials `json:"universalAuthCredentials,omitempty"` +} + +type MachineIdentityScopeInWorkspace struct { + // +kubebuilder:default="/" + // +optional + SecretsPath string `json:"secretsPath,omitempty"` + // +kubebuilder:validation:Required + EnvironmentSlug string `json:"environmentSlug"` + // +kubebuilder:validation:Required + ProjectSlug string `json:"projectSlug"` +} + +// InfisicalProvider configures a store to sync secrets using the Infisical provider. +type InfisicalProvider struct { + // Auth configures how the Operator authenticates with the Infisical API + // +kubebuilder:validation:Required + Auth InfisicalAuth `json:"auth"` + // +kubebuilder:validation:Required + SecretsScope MachineIdentityScopeInWorkspace `json:"secretsScope"` + // +kubebuilder:default="https://app.infisical.com/api" + // +optional + HostAPI string `json:"hostAPI,omitempty"` +} diff --git a/apis/externalsecrets/v1beta1/secretstore_types.go b/apis/externalsecrets/v1beta1/secretstore_types.go index b05d32e4471..c168f755746 100644 --- a/apis/externalsecrets/v1beta1/secretstore_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_types.go @@ -163,6 +163,10 @@ type SecretStoreProvider struct { // +optional Passbolt *PassboltProvider `json:"passbolt,omitempty"` + + // Infisical configures this store to sync secrets using the Infisical provider + // +optional + Infisical *InfisicalProvider `json:"infisical,omitempty"` } type CAProviderType string diff --git a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go index db570a7635a..a1f5b66884c 100644 --- a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go @@ -1669,6 +1669,43 @@ func (in *IBMProvider) DeepCopy() *IBMProvider { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InfisicalAuth) DeepCopyInto(out *InfisicalAuth) { + *out = *in + if in.UniversalAuthCredentials != nil { + in, out := &in.UniversalAuthCredentials, &out.UniversalAuthCredentials + *out = new(UniversalAuthCredentials) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfisicalAuth. +func (in *InfisicalAuth) DeepCopy() *InfisicalAuth { + if in == nil { + return nil + } + out := new(InfisicalAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *InfisicalProvider) DeepCopyInto(out *InfisicalProvider) { + *out = *in + in.Auth.DeepCopyInto(&out.Auth) + out.SecretsScope = in.SecretsScope +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InfisicalProvider. +func (in *InfisicalProvider) DeepCopy() *InfisicalProvider { + if in == nil { + return nil + } + out := new(InfisicalProvider) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *KeeperSecurityProvider) DeepCopyInto(out *KeeperSecurityProvider) { *out = *in @@ -1757,6 +1794,21 @@ func (in *KubernetesServer) DeepCopy() *KubernetesServer { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MachineIdentityScopeInWorkspace) DeepCopyInto(out *MachineIdentityScopeInWorkspace) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MachineIdentityScopeInWorkspace. +func (in *MachineIdentityScopeInWorkspace) DeepCopy() *MachineIdentityScopeInWorkspace { + if in == nil { + return nil + } + out := new(MachineIdentityScopeInWorkspace) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *NoSecretError) DeepCopyInto(out *NoSecretError) { *out = *in @@ -2305,6 +2357,11 @@ func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider) { *out = new(PassboltProvider) (*in).DeepCopyInto(*out) } + if in.Infisical != nil { + in, out := &in.Infisical, &out.Infisical + *out = new(InfisicalProvider) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreProvider. @@ -2616,6 +2673,23 @@ func (in *TokenAuth) DeepCopy() *TokenAuth { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UniversalAuthCredentials) DeepCopyInto(out *UniversalAuthCredentials) { + *out = *in + in.ClientID.DeepCopyInto(&out.ClientID) + in.ClientSecret.DeepCopyInto(&out.ClientSecret) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UniversalAuthCredentials. +func (in *UniversalAuthCredentials) DeepCopy() *UniversalAuthCredentials { + if in == nil { + return nil + } + out := new(UniversalAuthCredentials) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VaultAppRole) DeepCopyInto(out *VaultAppRole) { *out = *in diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 3771ea0b6a7..2b6ccc9a674 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2883,6 +2883,81 @@ spec: required: - auth type: object + infisical: + description: Infisical configures this store to sync secrets using + the Infisical provider + properties: + auth: + description: Auth configures how the Operator authenticates + with the Infisical API + properties: + universalAuthCredentials: + properties: + clientId: + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + clientSecret: + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - clientId + - clientSecret + type: object + type: object + hostAPI: + default: https://app.infisical.com/api + type: string + secretsScope: + properties: + environmentSlug: + type: string + projectSlug: + type: string + secretsPath: + default: / + type: string + required: + - environmentSlug + - projectSlug + type: object + required: + - auth + - secretsScope + type: object keepersecurity: description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index 6bffcf681db..d650808b8bb 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2883,6 +2883,81 @@ spec: required: - auth type: object + infisical: + description: Infisical configures this store to sync secrets using + the Infisical provider + properties: + auth: + description: Auth configures how the Operator authenticates + with the Infisical API + properties: + universalAuthCredentials: + properties: + clientId: + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + clientSecret: + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - clientId + - clientSecret + type: object + type: object + hostAPI: + default: https://app.infisical.com/api + type: string + secretsScope: + properties: + environmentSlug: + type: string + projectSlug: + type: string + secretsPath: + default: / + type: string + required: + - environmentSlug + - projectSlug + type: object + required: + - auth + - secretsScope + type: object keepersecurity: description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 28f2d2b8a26..54e5bfdf385 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -3337,6 +3337,77 @@ spec: required: - auth type: object + infisical: + description: Infisical configures this store to sync secrets using the Infisical provider + properties: + auth: + description: Auth configures how the Operator authenticates with the Infisical API + properties: + universalAuthCredentials: + properties: + clientId: + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + clientSecret: + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - clientId + - clientSecret + type: object + type: object + hostAPI: + default: https://app.infisical.com/api + type: string + secretsScope: + properties: + environmentSlug: + type: string + projectSlug: + type: string + secretsPath: + default: / + type: string + required: + - environmentSlug + - projectSlug + type: object + required: + - auth + - secretsScope + type: object keepersecurity: description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider properties: @@ -8712,6 +8783,77 @@ spec: required: - auth type: object + infisical: + description: Infisical configures this store to sync secrets using the Infisical provider + properties: + auth: + description: Auth configures how the Operator authenticates with the Infisical API + properties: + universalAuthCredentials: + properties: + clientId: + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + clientSecret: + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - clientId + - clientSecret + type: object + type: object + hostAPI: + default: https://app.infisical.com/api + type: string + secretsScope: + properties: + environmentSlug: + type: string + projectSlug: + type: string + secretsPath: + default: / + type: string + required: + - environmentSlug + - projectSlug + type: object + required: + - auth + - secretsScope + type: object keepersecurity: description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider properties: diff --git a/docs/api/spec.md b/docs/api/spec.md index 6d521a38489..efd79408a30 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -4372,6 +4372,92 @@ string +

InfisicalAuth +

+

+(Appears on: +InfisicalProvider) +

+

+

+ + + + + + + + + + + + + +
FieldDescription
+universalAuthCredentials
+ + +UniversalAuthCredentials + + +		 +(Optional) +
+

InfisicalProvider +

+

+(Appears on: +SecretStoreProvider) +

+

+

InfisicalProvider configures a store to sync secrets using the Infisical provider.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+auth
+ + +InfisicalAuth + + +		 +

Auth configures how the Operator authenticates with the Infisical API

+
+secretsScope
+ + +MachineIdentityScopeInWorkspace + + +		 +
+hostAPI
+ +string + +		 +(Optional) +

KeeperSecurityProvider

@@ -4586,6 +4672,55 @@ CAProvider +

MachineIdentityScopeInWorkspace +

+

+(Appears on: +InfisicalProvider) +

+

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+secretsPath
+ +string + +		 +(Optional) +
+environmentSlug
+ +string + +		 +
+projectSlug
+ +string + +		 +

NoSecretError

@@ -6055,6 +6190,20 @@ PassboltProvider (Optional) + + +infisical
+ + +InfisicalProvider + + + + +(Optional) +

Infisical configures this store to sync secrets using the Infisical provider

+ +

SecretStoreRef @@ -6932,6 +7081,48 @@ External Secrets meta/v1.SecretKeySelector +

UniversalAuthCredentials +

+

+(Appears on: +InfisicalAuth) +

+

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+clientId
+ + +External Secrets meta/v1.SecretKeySelector + + +		 +
+clientSecret
+ + +External Secrets meta/v1.SecretKeySelector + + +		 +

ValidationResult (byte alias)

diff --git a/docs/introduction/stability-support.md b/docs/introduction/stability-support.md index cabcd87100d..eb639b0a557 100644 --- a/docs/introduction/stability-support.md +++ b/docs/introduction/stability-support.md @@ -55,6 +55,7 @@ The following table describes the stability level of each provider and who's res | [Delinea](https://external-secrets.io/latest/provider/delinea) | alpha | [@michaelsauter](https://github.com/michaelsauter/) | | [Pulumi ESC](https://external-secrets.io/latest/provider/pulumi) | alpha | [@dirien](https://github.com/dirien) | | [Passbolt](https://external-secrets.io/latest/provider/passbolt) | alpha | | +| [Infisical](https://external-secrets.io/latest/provider/infisical) | alpha | [@akhilmhdh](https://github.com/akhilmhdh) | ## Provider Feature Support @@ -84,6 +85,7 @@ The following table show the support for features across different providers. | Delinea | x | | | | x | | | | Pulumi ESC | x | | | | x | | | | Passbolt | x | | | | x | | | +| Infisical | x | | | x | x | | | ## Support Policy diff --git a/docs/pictures/external-secrets-operator.png b/docs/pictures/external-secrets-operator.png new file mode 100644 index 0000000000000000000000000000000000000000..5264eeea3802618fab8afc82b19e53a363a9d329 GIT binary patch literal 220046 zcmeFZWn5KT*FFpg2q*#~ARyf>Ee+Dbrn{xPyAcuT25BTkx*HTky1SL`?oIp`N4Cdv z-_QNT`|14vKVh#m_nd3Zd5tlyagDk5Hb6#76d4Hz2?`1dSzJs=4hrgF0u&THJOVt> zA{Rk82nB^yXd);mBQ7XNC}V47Xku;v1tk^`6L(($eGSw5I{q-cA0|R-6>kkT{PD{N zX@q#@Z%O$ni82WZ+4ODT#@+-XP(P?eO4rGlEYW!_yXoOe3$tFUQv7ir{>9rFkCg_e z+2n)1%id)09Fx(N-8K~esLlgF>|!RUc$ff6;{G^HtW^FMWN3t%c7B2vWgNOhB;4Fj z2$>45=?S)p8{bct#=k$>>ATMRWbLB+2ukKfv$zH$1^Um0cGo_%KvJl*b=0~6xd7`o zb!bZHL~z8ki9e#LJo&zgM+JYEJ{J;xjy4JnC9PW~Oa&F*jmAaiANA%N5gd^@#gBbB zgcah=nE3cs;cDd9cHczb?+UrQ4ru=_#s zvc4yj1iol8d`MzeY0&oobFofVVxq;pe{7hwqObr5d6llJX-}d!v*>A)gYd zJ$y@euUH`EZ5&O!@%wnPZuC8QIWiV_+d*fRSZ_TukX^BzHH^;uw3G+t&Znpqv~;cH zl7ig(U&=h(-7mfc)1AUYi9UuVWa}I6#)3}cM)dtsPkP)^=l|JN@&(J#6xei z=l9vZKvzSd{J3`^@EqZuEFnHE{IhT*CLaV^I5-_vO86`t^l^A<0oL(*>tBehpOn9e z`tht9w$KOn$0KK0eI2NJSdt(2p866Z+>ana%0yffBoD_}gc=}XXeU7OBTjRsM0@1} z8~%jadz3#*23rAfg#V}??Gqm7eN7+NkN0H=SROX`HGZM|0Gs!b9+sQR+|blY{n?|sGK-G0!A6iX=52Q0}iX0hj52<_5`l5 zmw1BTS9S8AZ$HH(e-!mbHIV9iwBGUS1V$`Ir|0)Rps3Ks2C}x)>iQP%jk9brZMtsK zo1-7oR$@(s;kEv>PIy6+L_zjYc*cAZ#8puVm0(MMLmob!Hze|7m6Qnr!U<( zuAr`1uE;%6`9x&MKcG${zJ{eI3M-B%j_VhwmU>DUjHdYBP)J($31digf{K7SsTL_O zd853H%yR{6`42^3lvT21K3c2%EPa{UY!pe|5&4ajj#OM6R}3s}B#t7s)2?4iHQ}Gc z9~;gdzR|JLA>EPsgetHykXE>G{#7e=D`snAU{MUhEAm$lvsz!By;^$J7F|fwAV*G_ zNX;BG(Mc1X7d;iTLlyQ}MqyL2S%FD$H1C;AO*&I%pggPMk@C`K%-n5Ro}x)<0ohD>})A$@VE0$?;{;XQY41R={NSt&MPv zc8xnXh~1|BPCJ|LP=;ePlXN62sNN##nKYnMyD%}%^Gzt z$Wp7Tpf_z8R2n+&Up9_2CK&PjbZ61ihZIC zAgjDtlZMwGfsJvz+Fp5A*q2x=4miHC0(ohgX(3NnpTc5`A)7vQefa%h&%+Gl2gr#J zQ=g)RtcrAqsE2Tdhy)*ntl(fhWq-=YLiC{@BnPTYw2yaZVPy_s)ij$l<~Oz#AJi)GOaiJKx=2mBKJ2we3j z_R%wcYX7NF{Whq!m{5yQtEBuSXQ{g6Z7%tw70x1uZTqX``E_Dj6MJk&R!5Ni%$jRh zp$JM&QI57_OZ8c8fj!sS@x)B4=Dg?dr8Ej|n0?qid_lYJ<=y4Yf`8?Ufsc{za{(fOMBnWad(~%3JZ7Zhtj;dGeyDO{`eFv{ zWinkdvc_#1&X&8=ban)N%<&W-#&F=9RbHz%r@T${GxAUU5SC29+hlrmfB=5~=6#{q ztHsFndl3Zb?ip+%Jb`Rsu_8|2DO+iSbHmP_ZeXcn(gY>qRdH{t)hluHHPS)Hp+*%m zytenbeq-?f9+Q)SR?FEbVj_K7SQ*odu2;p~G+^-Yaim_rhi~KG?geO1yxvqhHhxTF zVl;^0-!aka(sA_Da_P|lw~ImjSN*=l(#4NY`l9KmT5@M|mvW0vB|XWmL25E;4wG$% z#fO(`3)m&tp!n17Z{3bQp9wXsi6j_k*z=T)$!IYO6as$>caEqArN4V9 zHX~=ZhBDartSISolC*?gEPj__2gah~it2Jf7j8F7`?UeKE4GoUk&nRF^*4=6!Aq<( zX&B-(oXR)_v}zp1)YghKrt|BEBTbl-7_k_Q+URxJ8Ddq&in7-zK71@sXfT5UcM6VF z)GtZSMX$nmHlB@bshl*tRky7eE-bG<+;HtZ&*Pi8R@fUleYc3rgR9B5J^OZsbll#l z>}0u?DW>$I^oq`|s@y!wf^Op6b1Kq8xih&luL`|NqN4 z&)LbGTw_}o)j@R|%a*A#AtSXTStHt>%h&Er@ z)Jf+A=i1f7)A$SK3?n}y?PLj#vALSegMqW^gDQsZrhYrd#rY)(=(t`d#@b$u<9he~ zKyb`)-eF$Bm_}iRJ(m;v_4F;JYt7iXDC^kJ{1GgX+bA{iyvMPH8i*veN?bWn!+8m9eo) z+WmK`07bC%{MB! zmz|F8@hpND_PY0Mh}6HOJcE;Ie-jl2?OaCyWy=lqME@Nj{fC4+3b=%GtPiBSsm`Xy zDNnGVaL`y8@frJIte>i8=RwKrL+j|W1nxr@XJoj8`o2URoWIqH;ENME5rp#$l`h!$ z%4c92do3|@JY-2|AYcOxRKyKIASi0!7y$|v8V3pvID!U#d7*KC zAB#X!Lf!kT9R>=@-vkQwwvQC>dh-(w{N9ZD^?EPz9n^i`>@o1`oCX8w{V*Zz9^@GQ zMm$3a$P0>#1F!OWwgv{4cE(orxRXa@Km($+n5rEV6ee(tNd_%0N4g7Kf80bt#a;y@ z$*E^$LH}CcO4oqi*~0qfI#ArsoWP-lf&FVjXA5&nJ5FaF;=g)u0>?Ma48(+gb+I?& zAyxs&5DHq^8W6J4Kc|0A%!@=wNXTugZ^$VpByu|(IO8EUwzs$DWMFV|a-w%)rnj;+ zVqoOp;9z*p#K6Qv2lSw`bFs94?M!EBNAl|;kn0E;*y-7tSlgReSrXn{_qDE-gFO#1 z@y(5X|NNS#fwRfqce1p*T^6uFhMRX780nug{Ju6Yl>4TYQ^v&Ez+6?x!~(z!xCbvI zD+?3%UjzQ_t-o*i$555OhcYuUvHdypkGKAHsG^;Lt)P_!a8rBUzYTUf_|G?Q2XZsq zto;uxegXYgD}XdF5;wzdtMMWcGemX)hJ0osB&`6v0&aHmbMMCKD1W^I$IwOCGr7}1 z^~Db*E+nAf481wyk`&|6aDSIz9&;NvOJjJtS(7O4Jy!I|=eTJn*^FjnSs9{+Pt~~F zZh><2@e;~I-EhdrF)Vgpr|*$HbPphYRr5M`m8Z$d34b{$9@^;XJ7(sc1J|G2-~+eW zzLg6n-YZUb*>h3?7+3^ULVj;3=>N-sk0V3Bz(D4V5#YT4mvOh931OdrV14d}{tw9C z!SuiK%R89vVEPvlx^sy;m$-9@yVU&OE1Nr(xMPVsmbhbyJC=ZyVt0&q$B1`~c*lr$ zjCjY0|EDd%yToyqIPMb1UE;V)9CwN1E^+*aM{0LT@-9ik`JKc1ro9=Yeoo>3*O?SHKPB-1@raRqq zrmrcAwiSU{n>h8~r&n(%pLMj=88Ahz-Ad1ABYu&W5Gw9Z z^G+A{WpRXzPf#Yr0%c3#jn!j0u>Ol~gN*q-*?uJ0^Ft2NflQ2g3PIA_W_@U3bPkA* zmxuF%1~TndtTGEVn_K5A2{?sd^gXVe*^V&HN$D}10#uUaUglYLNYeltq&4DpiF3ozCB6v1HSC2 zhA?UIKU^@48tC_Vp7kj#WZ(cyAbAM69Sr2$1ULuT*Ty#LDspU0jpneV>Z3Dk#~B)Lx^9fiSZ9)`lZdhgQytDsDGK$=a)b~YAs&@$Uq!A zz;MP)6p-@-a^ReW-3SfhB9J%!i8=qq6JYhpJ3XHeZ#x8%GePcUOa#D&`Nr{oa;8s6 zK)=t<$nXNUvo$UUygj2M>Gy>afb*g0B;o(C8pxaql`}-1TJkvr3WG&&v}&Nuv}O;q$|xzQCE8I;-gO zler8Pt6o2Ks|JQ-r`f(hiAT@I8Sre|d0T7YV1i!h^d@nv4Tw@?-p6;Qo$~w*95R;^;QEEPu_Np9>T4$u@?$3I+@3>7epS$y|0hM zwwc6KD2Ot{j^}xL1ErWR-zk9af>sHEN~uREk*J-?r9)ImTY4tvr#vblbQQj6J>n#4{IINDV8QAV^wtb zbk*$`0P?C@eWSUPo1-O0k!&y9>C&F+r^%vLJivB60r+nli~A`YvX=8fPhFM<+0+IA0%j&NR2~VI?uc@6-MR zIt0{D!~o#buGsG&Nz(W&ur89~XRmHqLIoA*05@Pq|CgQo{n5dY{|n&P!Yzc;7=@!2 z!ua??a8H~kGUi-2vP_a4YGWq&0 z8VrfB3g02)hOF1{Lhbh)EPML(Gs^&b|w;E2uS=^4>T3PqQHbg@>>F6rQbz3X_Du9a=>nA$S9ILTl zvu{hUoi6mz2yRT2xp7`!EDXs>(5Y57lmIjTgQ0#Ikwp=3#a!E7h%3^n0cZ$s>}>y< zAV1el@)c#6%6JTMW>mudv@aKdk40)05#q3L1_ zuyav1S*!}T#{#al^hQyW<8+bTielhF(`IwN>P}Vw`gMYq%aT=All&k>s(Zqy7MSnV z^{ALxVU5V7b&JD_I;Hbs1jUdj!DU_eP|1R>33$sbrt<~fV7}_LnBMnb=_m?m5VKM5 zD+z`Mh4sNKyGhGBt1JM-=M7iqiEDmXS^*yoi#B8VYNnZO=FPHJl9IIC_hJs$a#C9x z9mcj2DrX#nm~vjc#=q`hwv|lbE;w{A$`X&#l9117j8M{aSUNl^auPQy7$Ga1%IZ?a zt#4-Tt52GBH8XTQ96&VL92X5*Xgn&QlbdVw2t2AUKAp!Kdc<`|J*8ArnzoQzqt&}A zFWnHH;^islx)6d*g_WVCYS21dv9X@3Uga=2s&2(LccNrh;Bv`x*pIf>=jBJBfjNDImbk+M#zL^w}>cq}`JgZ~V~{_L9! zIJ|NA{6Dx>5Wtf91Lt*If6)F2(etKs@uf`+m*JdLUec}dA*Xc@Z$>?Q@th=Elad|p zdye9Q{#T!Xr1^TazijAqPa31Hu*Oh-(*3}))zx5t^m_H81;t48W7>;PxPIUgzdo*6`6Te;nYKh z&mY%Cn$ACWhjaQybB~!VflRhmyU`o)xaW&cPIM2cJec^b?P4XxO=HrwE5y{Q(8*=8 zoP7wOYPD$9b)HYM!$2B_1*?>lH}U2o14jIN$j|e zwlG_N4c|Z-Zuw`g=DY?jpMLd_1UspXQ{_x#Qki7OXDInQI?s# zcetKW^mUtY24e|hovQ;zS=%!keP&luKwKZKRW*57YsHDxjN4!A`HMt+YP`2ofAH0Q zR8<+X4*uad%~qN89E-Wil@y4+a*Q^==}K)aR-L|3^(gLd7KMhf&;rP%r%4w@>=)UT z%L3%WcCO2FTMx*10BkpMA{G4p?@>OnSRa%JNc(7u+wetWkxf1M3atXt#V5R%OCr7a zJ&z~&3Z0JMB@FFv-p@&KbxDq=Ha#9Yaau`kN|fTZ(P~eX9Q@$*M2Rl>63@EZ&!v$@~qAoS)ZKEl*LKTK`&U8{X*V`~8l%-ZE|_aZdAb@8P1k-k3yrg8}_8o=WL3 zo?}VhG2W%`PmpWNOppR!I5D>{40l;w6W&SFf18fghYWvfmccLHwLJNOEJ42gyoYpK*dtVFK}bdx!jUXT8n)%y)^ ztg@MRq;qQ(Tr41IE-;KQ+!l8uBx%NSJUh)|fAFD-Jq$7i$g+N~(7uCgEDm`yJxEHd z!OcpsvcNVgE0Ek59#7@m<~;O94~G!BA5SC==EI@CVzvqXEdOxAqUxHuC-(U#+fRTJ zQhx;(GSykRf-UB`>&w$=NE6SpR$)JB5*LGkwJ**-=Po;`<6F_yTLjo{^BMOkcn#2o zbb(kk-wxVIq_Y6oLjQeE28cQH!78hr^7YR&tyzYBS4Q1ZwtYM(BO07nq4*w3>$4si zr4~Dl;II!7*~ch{2VoZn4eB zdB{^nN{c3szMInR1$W=u1MnQ5R)XSkU}>{B{l&%kSX^As)u7CPeh=#yWzS=Kx%Ekh zqw3|uH7n5$^C^p}Pdubuzf5?m#tr~}vbe%<9dXwY&kSK z=?eWZs=S`xLpTc1IMJ8J++oz$sn=~GbwqTH&TTG_O34DrFTp!0?|>R<=f$kob&LI= zI9660fmfyZ_0d>r6x)QpudX_M*fVDxmjKEjWDHb!6j>Ma)O=@cXIwk(&fS4>WktuE zl&n+lP?`vNPJa-XDaqsSv|^=(b2{c<<6ZqkkTtwOa_m%3O+7 z&t87+^^cgcyosr;yptcdF-3C|Q%el}yT5w*i~=z==sFt{@rN)i-h~A?2#6dR>gWq9 zP|}O6UXVXfM4TT@)$|@u;;N+^Gg<32*|!rR_en)~1vd^!`H$c$tq&P(*#Gov39|6L zpDL>)5lDUw7-vIqI~&T0+@I;WBTE zzGgkF*{+?EU^eY;IJpAvM0;K=_y)D4dU@*NJpb`cmnZC~m#awf%>UxxJjuG*Z_VdE zKFuSJy>C7yeLPM#W|R*k2O>k`Vr`;qdL>#uRI+aSJk>zYqA;fOB%z7o9{lEvMqE); zVk~t6OPn6i`)I~Z%b*BnbIR&k(QTKTLkLS{<*P~ z#sln$m9JFoOh90y1z=2=ODVZ6yDyI8YN?j$WK6 z(*vznoy4z7GIWXhyd#b9bI&%b=1vA}+VJGcaJ&-bSX7@btc~rAAFk)g2bC-_^>C~_ z42o9|4CyJ~?XlWcb<9GSdcnO_F&1htg{cqZW;#Wd4n509ZP`yi`*mF>g=hIS%Q#t& zhosGva4)#*mh*?JcBUnjQj}F$I_56jcJPup?N|GMux|Zb{_uPAyWLbp(pFPtx6WrF z4xmQY0P4Ffl@%(0N?EZ9-xpF=0X6{k$8gkHIdfmLn4jBNPrN7Y?6=HGwuk5{sixW1)f}Zh(D^u*MU&=z8hF zSH^C~JY{)e>1gG6!W!0AD&NF>aAA3>$9s}uCG&d{U1WbE^cajZ~*TnltF~$yd zysnj{xVD)3D%P53-FBz}Q0$5T7@+OF$!dW4^0UDcI%<^ANM zS1a!hp0s^a=6Z2Du)o{lWgnZ-!@c{3*>=Xki6hal`-Nn-G~XB1Ee z)K)m{$s@e{ah|xX=X$w>x@{ErXI59Yt6|}@Afmi>d87{w4U5VT1^Lr10R4uXV|;Cz z2?l}C8wv(N-w#S4Dt}eP66UrGlYn=cIQik@vG>5ce|5R}lZ*Kti=}3>bZ9AreU_cX zr+&F6IG&k-@n>KN&&H--8Y~D0H&K7GTyV3iv~j2DT5ZC*#b$rIj-X4NLUVCqbO;Xl zwei!I6aZv~CiheYMaA(%Jx>Z;7R2k8tKGB?1}~RFisz3HzRj4A>jqKTw&BIO9-KuGyg>hZaErnGx02(}_+A^744jieJPugZr6&@HTo+DJy=ehj zdRBNXUSWwAY^qlmEA6P^Qwzsa*M^?zD0Rw5&b(Uvi|r&QG4fIzrEL~=gnuj&fiTA`~}hhs^=FI{=+w%9b43e@zp6VCL`4-EYADp^SQxha%2 z9dgPV*_pkr!E{Wf!`3+gLig_VLMJnKz=M{1H7S9u&C(%B=YG-)&Lq63q=5ke`ubhv zlnmF$EaFQ?+~=!&i-9zTu7v{))<1mQ+ShWVokZ%btt9NPvJn1AxFJxW+TI{AL%PC%J12W%}Q&kl+^IC#12wbms&HjA=woUh)KEZ%%>#Kru# zF91jUg%40!I*zoVPQq@zB%YeTpH$v0bVKA9Fh0TPgvOCJn&06_ZrtqFk@%5d)8Rnx z9^sLCfv1jo#hwBB|BZ&{*;Yzfs^g@r?f7f3^XS^k@Haq^H8ic9Z=!*keaX-L*Nu`L z@{Q(%FjEKZvB#SRWWHqvBb{&}LIrDfQR>~vJ!uxm$gUZ+}a z9KTuChuHgbk{yNbLez+3vilwiH_4c$Q(Tz|;CcGzhxd{UP9&xAE)f#U%X$36iOvmG1i;%DpD^ji*n}I;0&PW8Ik1@oOR6 z#cdgtTaSMd-~fw@=drj3{Qu!amCIg7c`ZwyGU|V3yieB6N4V};wFE2|e6eZd_WcEM z%}BtNr5qkhNfD=NTM8`5vTjSD=Ac(}Q~p)?fL&6EcsDAGI82b{EiQk7NJs&Pkg%v< zWjAySPB`36h^C>}z(GRvArPYR1JW8~zugSLFH?z-+t{{Wz^&cN%T42(c+;tF=rfyd z@hL|@^nrlF-@dPQ7Y(FavBFD|E0QQj3>5Y2OP7^<^>zJVg<;*tw4 zb!AC4)*-C7Y4RoKgb4{1(vub?@bE?)duGURyw1gKydR{!NkNgiiG1`nl`v)u-IHF^ zbE5!dakH!_0$>57vMYEkx2>YcxVV*k346n>Nwo>Hq6MBU6aKZ_9Loa(g(x8}_MZY# z5hVT{QPQ(GCv1_}1ElpIh45Og8$c=Cv%&OsAZNRjC4lw?0ovy@ngJqtu@PKo8|%g? z*q@nW`^^9EFoS}rAqK)x*);(ybQ_N5H{oc((|HMrL>&NE*h;hN=YOULu?&9a{zX85 zMU#Y0v#(=lcpN3~_Y3y9RL;0=w3ha;$tOD$H5?Zv*?h<7-7hy$??7fxTA>w91jO8f zrG^t;8@4mX^bR~HZrZB3EB2foy2=m4PSZBI71IL)L|j|;)f6n&+cgyJfJ$86oEwS< z81Cm57>@ z%XJMO`$aLeZc{=+#eNF`{*vnTc3oIJo1VYXcI}32%~I_BBt0O@b_dJYdzVemND_wv z77-FbJU`#qSqvAHI!L;0pEq06V@R7hpP$@#;0}EIyl&Vfo_Ua%o}~7%x2i_O73p!`ve0+ZKL_x zS>yW0#e~t0btTt*$6ojIHD%jjStB>46E@@Y4C&3G$<0B;c3K2yY(B4G0-Hi8J>)+PcVRic4cl6`RmP#gdnw!DcJ-ayI zAb-Ay=R+P5A*!3wU-6NGL^gBZRU>XWUbDfq;9^x&)Mb?CVwb=G&?hMl0rab@lx~|g z!4zqkZ7B|;jQeG&Ti8|D4VZYZg+&Q#e!Rg(1798HP;@r?NhBZryoOIgHYC4b&%VB5 z8`lYT!!l~Dtel1YWaxa=LypTL{>^4>5Mw_o)mikV>(NNlD`DXpJG!6DAW%=XSGF7X zkyHK&K3y=nr+dD^8}br;6-eUwMGJ2M3f-0Xt#g><0TE+(jH?`S8x+`-fW7Wo3U$2K?{(8KjGvRtZh{N_`56k(gUxWSa zb%cjAf}p5)&3xdTn2CwFP@+U^emLL7PfQo^7D}?kdD~?ew{6A~EG&+V>P>RV zW}uIblIDGRJZ(ooMM=4vwBK}nsUY>@Crn>0`>gZx^_}l!@=1UeaaJp=+unZ9^N813 znq#YcO-^OC0e(idMY-wfD675B%dM+je=g@q1cDJGfG(qOt+@H-Qx4Ne!nh@P zuiY!{>MI@2mW;%-Qk)dfk>9Vn%z)PgehQ%TJ##3JwWvA@jeLy1ZA(ASioSJCaUZYT ze{F~)s~%7&Tt)T!q1=1lBy2|%jYPI2-jLJl82(B3P(GAEh@__#BmGvaPyoGS_ls)~ z-^Pr-KcK)iS4FoWiuJGHa-|42@6XK05R~FvBX-$okmjZUHcR7~%*S=iW=h&p7=XtD zHAdi{{yQW$3E*?y{r91sy8u6TE`&9$PPA#Q(i^9Pk?}ai4p9bkKvR>P<^$Co@v znF&f0Z5oRj&#Owi=%+Zkj=Nh>_>8VpE~VTC&PE4>*k+)`~fB{1|HGU z6*$#aWaIh_a?mo)d0MP5)52^w-(B^6b%_owjF-QAL2*+1U?X{0LrsPu>s@X!OM& zzS0g!%~R*ICv0&&Y*S*NKc9ERX?xOe>h`hEb)RfzD~0j8Mx7x$g{0UWjW{Jl_@o?c z=4807icw8j*5y9LVfixQ*oKGFwN-W9qdFRo=QutX{IEPV_$i};y-;e^?0G8o&*i=M zsBzo4_$+%}vVwX*J&>Ey91mFL`GiT1g^(|0sykEHxh9}7yn}JsJ117UnTwtvhgDNt zo)nOrOMZC%{RJ{x(@%{38KmO1t2v1Z`F$` z5fJz^wGoNGxdCt&A1x$OT$X_$kCT~~fPRbOF&dS{u+M}~w$F?t34JkC#uM)+^oBg3 zvg$_Clf@3+apJ3dBY=iA*%Jt) zhfZG=1~(c7m@g*gQUAYgk$k6Yj|IH{zO0T3cIn@`N# z(l;Ew#bt!?QV@TMTHP~s8vagZH{^_7psKJ&9A&s#REI7431t z!lKcp$V51`%-OYMc=@KnF@ z%-D7bkFGwbrJwxtVB2Hs%&wP1Yu5e13y@Dc6M5f?(mKvoQuVJ0ul=R!1`HDt)fZ>o zQr|x%BA#qK=ETDm6l6We|R<3WsoGSvR3CP=9%UX_+6d#RZZtD^zM`oRod>g=6sNK z>Er>UvFuqF|55D#pb7yBAb{{S93KrZq7vV{GyZjbBkdjsPZN8F(b~)(-s2D7^}v3t0LP* zfVf_Ho^|;GpCk~sJ)RhQ4@T+UX*hW`;k*#g+Xxgi^=Bl9T=`3Rg`D!_QW|sTzV1#h zT4!AV?Ug=e(~QU$SE466nOAo?iu&#<;=-T6lW0Ihsb7}zu%7Sq>xq6FURA`!Mg1p> z?aC?pJ~4E_5^2$~u|hLr4f_EUTBZ4$4!~ac+lzTD@I(;W96)W1LYu@v~AbD6e#KPw1DkAk~|HY)~)^TxH}u^MuP{d zXFy!;sE;|dVlXFf0T0)rpLw40_Lk0tGSu%{9jG_btv8WW^zV+{6xO{vDK2MARXsav zh=6dK*dFPvznYr0ZrMw38t8~>E1|Il-)^PqA())QK?7HTe+h$*qf#DxpF#ru| zU;%=0qX}vo5|vDfKtN_6KO6h4TPT2lT&N9x@TYF^d5H0;prEQ5St6D;4*K3_{q7G( z`nx}T5a)W*g(a4Tq>Ut0RRa)R%(tG6O-_>AtIcMq9-l8#)LvbRh=81Kz5 z0UO9(*qr5)C*H(`j2J@)y7a#qH^@viaJMXQ{G z0%?W_GJDe$8skY=#aHRJ%1XA4xvZ;R`$J5Je(BRyl9EE zzSW$q(Vuh<>HRNl5x}~LK`OqtsR2R%4X`fBRkA{~+bNX31SYR!Pr~j4>GCH~|7;6S z0|vu>97l#sAK?Sg;O&4A2f6+P4dCf+;8-rfe_z<&OZ;{89$4sOlV+UXHbB4GL3znw z6LPzTa13DbrRlgeh>$M-`Jz6s04Ssgt(K7W^M3)Z2AeNf{S4wCS~na$RW*(MzwnPt zU|nM9qrahuCj{1o?iyeQsl@YdOpGzp4*J~%a^rtOc4HROo3cfK((yMYFyugk4qo%p z?O^_6z_~kS8<%?j6{A1(&MoM~z(R!*is2zPXom&X72hwRK>~5zf87lJZ!SuBvy+VY zvIG}`3F>p80eSek1DGg=KqC%{D0G!5Rm`H z4q`F@C~ssoe`5kG2{e4+eA{)aVSP3+0RL$4=t|C#O3Tp9%n;0+Ip0RzDVLLV4ee#C4ejVc@91JDI7qhgSmEfZ<(;eGDc9Co@qFFphnHu;_?rm+9W(xU zm{Dd=Fh`Rj*87ubzH&MRu2t9Vom{dHY65OXZmt*+eV0AVUUiRjcvhTt^w!~$r;K z^|OJn?%rfC#JRm8(~TYB9n~Ib+vXt#43AYNO8Xy~tX_;7^j*~UA0JnC(?S`jVZ|vf zOSlMYjpZ;&cQ(g5)D;eWK|+T_%H@}z!zMtfcwNU&ZWK@9|5Ze*4w#E%Ip0MO+&BsL%>_a@=*|MpQQ zI}CPmN@z6SG_E2Kr1A~v{kKPvtBK#;lO_E!K9SD7CD`wA5?HBnY8=mZ+Q~TJjP^+3 zPyXYI?|e&@z$&%y za;jz0#Ke?6qpCb!R_(BE#=XkH(|^=|)a9f^YLmqEql;St9%o6QtP*smmJyPyVU4Ly z%3)D&ocnC>at1f(KY6SNL)zEygqSTkqjl(y3HOgA3PBg_{clNPC$@ytzH4G9KydtU$b)UxRnOR5lF-iATvZxV=R?QJMyVi z(%U}BWJsfa@Ze*$8SLd}Ngf>;%FOwLT$4vWmH=JaOMH6-L6V;kXn-wMucn0L1rY%J ziSfLzbvd;ac%|Q;gtEw#8fNhjoEH|XY5q)4qtt%YiInacSfDGT?EQ@%X9AA+(lC(W z$D_>Z6~WgS^1-I&>{fwhLFXoBYnpRP58JDdBro#>{j#roUqU~j<22a|K>UY;|3M~% zDll8iCB=#;{R#X=Jp8_7$L?0zlvx63(x9|@GmgW}xl1N0t4~6LB$6d?_R-EO6JFyF z^3){h_v@_yp5o4&IG0JRk6S z{nl}aJVix#2Q=s$-cyF8eBc{C{iOFfIgqP9`F&)~+k_HV{@SiJHX1o@)|NjXo=3Sz zh1rS_W!(Rk>H`c8O917IR)j1SFqv#HHRV2L@-)#CIw2F;!2h_)FJ91Y3Xf^HbsKa( z=g}8iI_NSGb~0xKk;>geD8gN(T#)?wX_hTP3{rSV8QTdhEXPsY9$)nIsajmC{j}O+m>tTIut&VVesuL7h1pEt z_Y@$eE0!+2Q3N9?D~*uMIRv<^zAK9DC4`q5f#ox0=MB1kM0UVa`f1!cF9U7T`WT&- z@c@K86DFzaFOtt6fEYC{Oo|-)ByL}buK+LJkHXB-{NPDKBpqi=^in*Gd?RA=6BX#_ zuZCK_lm?dwY5G5buMPb9ZHL#1lYBOM;MD%|sbXA0#j2_k&L&)BsLrznZ=2}%In^ZxHhG`v}3x97rV z$Qtk6tWhWD%(p9bZQ<{MY8L#tr{J>^$A zyX;J%98ZOsz$nDtgUTKg$}42XgUb6!SP;BclL2p>J+onflbCr>)+JH_OeFlP%`nWUz*o-W_?D%E)v`mm#*7PVbebT_P-WV(5U^gugb}boh|EVUz@Ghb0Z4sylS{^NfaR*SR9nYyS})2dSVkslZiK#AB-resjQL2j>X8-#HhF0rrLGW zONeM-aW*ECUPjfe4i7#7&vm7tB@2@yr+#=D73$gi9~SY;0NE@WgEF{aVR;;U8-MZ5 zv&LG_-XQ*3*v&5ib@*u?qgCX^T~dsHeDg$$X^j4y85}3uy5CuT1O!PzTea5j%u34N z|5h93w^7Ie@;7-S)nbC#y@pdjs)d%DpDyz*m^zM#L?Zd6T+`=t77d~tenLCg_0h@~ z(9sw{I0k2L;B&Rd9v{I6zS__K5)kT`-kMz!g_ITUB_~^;67XMJq5(@qd5Gx2a=BVY zjQvS^t^i4={^}}IF8-(@Iwj>I%97jMgYs}X7>fctDIT4pQgYSC;;-joqK9bS_R&!? zyP5nVp$i5I@fTcxuPAfB9f{Tf%p9 z70QL2C!HSx;FyeGkfeOG)#ZV}_D{`Y&(QxGo+3W4!n-%&%jc{CQ5vc(W#f^1<>YBc z-XE6*KV`aUAM+Dxq%|}MD$!d;W2m947&n4IX_e&X?G!O1XG%Oe(;{$8roJ##)a30L z+t|av(;%wXE|x*uSc{?t3? z@FPWzTSXw3L?Hap#4jOVhrvAn69q3F+g%V>Iob|mbyVz*T_yWbQD=}?-iAt;{MyYI z6OvpY_x&qXx6}J9J(x0>-BilMFa9zNt0oyj=>8c;L09BC12aP%Rm@j%4W{v7*bk`u zgsd=TN^FUf8or3BZ(%6aa1m1X_YWjjGx@)Ni0G@pf9?#+kdDNTG{__nMR){1_6FiC zr1U@vwxKz`tuLWrUCH?SGnL(`_^KU2{@quZipw4bf#T#kgVU(0VxOPN(6)>*u(#N6 zWO$&z!+d_l`o4G`WT#_z2@anA; zakvU3^Z(6;z!85a(yB!EvO5k^T)xVavr;Mp>_*Qf8J;ihD6B;2K(Vlj>yv;1QUd98 zI5~_u+377dO%Ra?W+VmAy4C`%8QK#HHDf?NX4=Su?!q3kn4km5OSj`Q!XJnYEx#-8t27z2?yPP1FSXNkRQd zzxN4tRlU;!`qEf_f5PC~V_^S9g4|<+?@T(V`@C3j*=q#HX7Hn4XMuG9yd?ZXs(|rc zBv{mTZl8CPqrG3m3usxsMjf+Rp}8DpzMQZ=co|>IV@2LwKf4qNvG+gX<~^N^_7o98 z!-Q^#R;g~ui2;iNh9A@5Fibgq8bLEz3EspTesV2nm_c@$$c`E2^8F7Z`T9*e1iTmBXOfjp%11m%a@%AP-mkPZRG7(T=;ev&KOaZ^UISqZ zYyvLm%VGg0jee=6!`S;}IN>uUN82p)=Ty|oC_T*iW;GhHk&pX<$i{qbHOiR_l%Z~b zu*I~f6pS!G_7axkiM~b|r_a42H;y!YJ^A}{268|-N6K1Q9ta8lUr!js&jMYvt2+Fz zEn_)SUGI@^SZRDY%m>OGR0 zs1&PY@rfcLp`z!Y?EY=+Kluq&#wTpl~RfHl!*qHXsot{LM>z)SMiw7Y|_KDV|^FIqY|+(-`<+Zwci@ zmU2&co;;q|2MfnLF>5eFVE9Lh%)6OU<4$)_u}#pH2844Sn(rY5yFl4?)W~19J$~5(g^S7Q-A!lKF5`hXw3IJ5^03~AA9c^ z)#TQ-jcyTah^Qz?M?s1-rT3yB(v{v(q=YWL1_V?@k={E<5$U~zq5{%81nG)EfItF- z8VH;fxA3^Xcb_w!@8=og{lkDU!kv4qHOn>2x+cP9?6Fn)GH*Qx{CfVeQ2ryF@sqfy zvu~Iv2338J8OZ(2*lGH6<#hYE_Gsuc{-nz%2zeeoUYiivo$Zb;ZT21??AeRyAg_Dg zF~7Q!m=kE}d;jNb+@BJ!#H z7QaIuKN@^dCxQO?D@Rk5)sC>$r~} zv_u*HU2Mb5{VWa#SdF25Cdn0bA0N1m*=L@oYppOpWPg38}I);B^x-!OWkNDK}!yuZ1sHv02* ziJDFqYcq6`JBi-U<`RVGdZYz9fxUvi8_tQ_S>=hZGka1wVU#*`8nn>PA!d(-G872q zMqJ3rBVXV*3osfJBD!sgTXKqtzW$QuHyB3xy=fQIUFM+b5>k*DXDMDt6xl@tVDba9 zeTp9VxIeUXBqFSu7Z;qt*|y#v7X}euw){gSPl_LnBx*bP!3;(JI;2^mUCIO# zf8sGyPLsg#CRXEN`M99Lk(oA)$8Vy@5G~*6?BS`-7*W!-A_qOZbu>9sw>_Y?J2R;X z*Yan+6Q*-i<^Jcf_7b@E$s~&JY{;vreI713$(=b5yQ zpYi8gd@p-03Ms|-0h{wGS|ZhN9{=2;Py0nybJ241`s|eb&DMjFH~pE#AN{;`v=wP+ zyd8tmKO_46s4zybH~UD4Tc3>nX`W#q){WrTW_%$u_tjvu7ccv!tB6m~AEWI* za=d@}MV+e-V4l;Ib^P8=rsgR@g?G6rNxSdzb*D_Ffu`ZmerfV(63gRT9t*@kRG{fS z!oO|lum0(skrmLLXX|ljtQ_{{K=vT{MGRPvpNe1hD*=y%+9EMJLS-=;j{gYoAHRk1 zoB*${%41_AIf`4o!zM~k!uTA(hPusVlX%>dcLDhF!ou2l5Z4SkFdRv2Uk+F~HYzpp z_wGt@0kK&ts+yFJ{4(QhX=_(SHI0mOP!rD|Y9#BwOmJql?vsC!_1s(_LQV(>*dHx3 z|A0emmx=?Jsc!3H4U=6$9SR<^IDL}2<^!4nEUb&_(25g8Yi{l#pr&S~6Gr2vlO zU>n$QqW`LsUMAWU_h0QraW$zvQKAi|ZF82d8#Q+&N zy?{qfzhv7Hw6+HM;!qb7mR)yrbgk*I2Z)-Mp0oE=KSr^QYj+m+&-IAl`%L^~h_pDY z!c?aW*f5Rf>MN8&2QQ9G@tO?0^~LpA0W6-8uzVcR{c+&WrO<>E(vg#-^o+d|{MuTa zcEwb~k9q}@1#|?ae8OhuHc?_UKyz!@R!2qiW&^Zi6}_xsL=TNLnNFvONlRe2&-pV; z;Fy5^5z6BMu~9s zYd~gQX?GcYT?3ZNFPMC1 zK9Zkj+&jj5eDiDR(j~Lfe)!3PLyKzrkhCEE0FNW{cZ5HFiRl0%xDl0MVV`dwNouSQ zGAlZav@7Y4-ni7CQUO`zscN6vHayaATQXDTLHy+BX&oX28bcf2A9>5HV{4el#<`|U z1w=3ILY@`B@>##o+ONai03Ie%;yt4INQ13^Y494#pLr|30h@Mzqs+=-3IO_uxD}oN2X?+#qDNumyfhibsj?$^{Ux+V zKQiSRjQW}z2yrLZN9l)k{37A=u3iBf}md^ev$qe z-g(u0=1m=Oq+u&Rckln@w|r5jruq>`2vwX@0I<48*@fbEi5vdN@xt~$-(3nzco_(^ zcA2ZDlg0ODQIpT#!_9c6f*pA}2vu*Lx-tsGfdA9ImByW<2U$Ad)TqObu_(YyWQDk9 zo``(%w2m>(-IWKxrZ2Ld4N85P2v?fpB=trX-i{6-CXP-){nsg=z{Sa}c>ZS@q*1Zn z`W8i{4SS?qC2th5=4C&g{*=_%qGUxad~Hz6q{->e3I{32EQMO zT=y=5>K8*3(U_iSzTR^~GDyC)3+h8%>4W=;vAwppD-=!@Y0u|}3f}8uN>Onf#|IlN zQ%Bn;^$=hO!Yr2R3rE`S`Agd!RKd!w=IabGV9bX*>Wbj)V^@{8tdKBI_gs*VxG{JU z^NJUs|2DA`Q0w$lisfwTzrr!rRvX& z%1gAjIzc7Wud1&IE6Xhwn)Wyw4JQPJEb~@vF1Xo36%P zQ)YkWc1X)~Y?{0`edX`wvA+nUK`+VWp_CuBzjPA7P2?|FlvPiXP+er2Ldm6nk_Dr@ znwgc`T`zy?0(-@MAxd+Q^0j@Vgw4jU?dhG+t$%r7pWS73_c`l#j zrLKknczVXf;$IDb_oW3}pfhK1C!N`!nJf`>Hrs`K?4&h)v*6B5u1 zL8zXV+n`LIC?d6>&Rvn0C{7{L7OZ0usE8%KwPmAd4ge01-rDv}$mQw4;~R2P4}m)& ztgxu&IyxhfUuTq?DowWcacQI?;gJelmozK3CogvXl>I_87f*r3Ii>e3S_&R!=}^{b z0B=tdD9=xSIHf@Dqt5cSE61l`o70Sni_-3{3FFtzvU3VP`-z}3cbc}F?I4twbaeU2P}FZk($|G-=0uqER(hQ{0A~t&c*^X{bp)E?(Q(xwXr%ujEL*+ z>SpmSJ?sui(7DbCM^iM^$aNAbdp47AGWat;()~~QhtLSvh3~M}#78Y-HXsc(W2~Be z12WT48Q8^u?BiShgs|EEj!;A_ApV}EP;@`X#_AZG9NtqB4NPzTlMaP?# zck|Ov-=B>c>Tu-sm*3%g3<)|LyWw>I#;rT{*EgKNBXgK-|24o0i<7zq?-xT#nI!o zbOJk&tFaGbg3OSkCqW1LpJmNHZJ-QTg%r$DuVc?IjM%9Tu7foWB+MntX7{WH9enoM z(U@v%JC_9fAAHyFR*S@8xYv%b?tKP*q6F&kd;&FAoq@+hN=qZ|avc3$+^hq4)jTYU zGgCM1xucmuGfb}H_>pS=!$!(bJaFl2hQi_VJrs{DL9Ie7PSTMSUv**Hxcrd^>DA|% z#q;=?{Ei(5K)n70t{+UZC=DMN3sgAD2b3qoetD^i>u%(AQ%)G4_LLizFQcvXZ< zU$dkwKtj3$0H*zIsKZo%A}$Wi8yx*T_{%LEG@MU(F)gdFAIQOL&##}I9%<*#;%TF6 z7EUITOQ&ZtuLvSz2lp}##;|AtYvo6-(XSL@T&_k?!DT}iFJ#i#WfWsOXp$zKkGe<^<2ycWo9l`zOew4zrRi#D~3#Pk@O{jwJKK)v= zL}l9T=_|3zHzIfGKDK0EX5;fU?R_D|e6G9_a-#i8NKDPS2j(>e{Ei>IwsBXZ$#rBi ze`JSczK=dHV1F1XwoL~WRqe~P#|eubZT8>T`j=Eo*_|U~gIu0Exrx*(_#Ol&i0QTt z8=jAcxZ&Y)_Jxa7n=*3uM*dQ0d7go~@Klt*4>XZmo~<|S7&?*vEa+_1&@i8yS3Ol- zsgZ!06@iGJyocG7s@6=W(_l%KWPEGA5%{3-mk|5?%6jJrAdYgLN#Kt2jPdqqamZz# z9PIP@`+)?4^tejNwW+a8TMey5lgQ0iWe?MH2d<=IH@TUfU%t@gn0gkHmT9M)m(NSY zNSoX2!#*m4(Q0&$Y-qRt6m}WGTkIsU(4yhbyyh8gd$i;K(BI7a3~k_$Md23N=~Pl> zL-`9IPY)Hn6E7{Re59dv(et_{0`w;AT7pXaC)^L{4z4swpMa#IKn<2%Hb3V%s-dX9 zPf-}HNgnShRia5&j68v*CdCqufWT#Y4A$NEneuk)iH)If9w8jR^x#1n zXqY3E*URj=B3)* z^CnLe{YRoWDk&MmG+B``k(sG`4)JG|TpDybaHYAI%OuEH@Ulw<5GaS`aX;3B902m1 zt(=bCtmQ8^>stvLsDc()S<=H*>#j$Q5x%-sHO|i3L3%Z5qJ@Pd3nG-o8*GB^bh9Id zJj;Y%d7J-N5M_MxEe01Zq<5mno>7MSOG<}Uu;8jlOKExH^iiHm|F|jpk2UkiGf;y& zpLK~;V+M?=e4SKK;pnsP`QR<2Y1QL{vFf_luZ(o&E>oy$YFt&YY`nXT>Oy>wDmyFs z(&_}NRtlk*4X;#as@-{ysvbS}7SjY;2q{#eHBCqC-=zh?M!W=pR=N4$W7@yvY$F6Zyxx4DqetY&4s66V5eqo)6q4x89pJDk4j0(UGc7hs_~)8_muY%<4I1br3XwX^ed4voBQ;Z&b};TvL?T_^Z}d3%Y8$3~E+nl+p2(I6 zv!TtMsH^7CAU!ioaO<>{ErSMQTcwnI{uDF5z`F~2U?K#69+@{OhBIIz{;Y7%zW5cf z2vY|M6ySz8ANcuG?ye{yyD`6 zxVy@b5KE8b)5(-gCFjj}?NgOt4;_ya6$8y@6W1e5?=u9sCgUcgFZ0r$3y+%#KN}5M zyE6hrwB~^L`@xZO{S%O3?=s+DLs-A!uN>ybRwtQXU;aqSr&vaLGfPnYQEo%#t&O`M zdG=Z~o^TfqP-wUepIp!1-RGd1tQGWWr_1xZ1iO&N9a(C9Qkm*n$vwv8X_Ti_- z^8ueNLizkypei;UFBBG3FZnaq@4oa1y$PAwe0;1aZC8M1#1E(&93{FM3M**9xne*vx&& z)JljoL{cqIske7_^3s>Qp~Bj7>LVvH>Cla&bZD1=#Z|7^nT zfBahW{L=ZLasfBzm-i=5T(+2^=IBSRJE_@kv+}z-6dU{Qy)#W049}%iw*hZnV*Bm5 zqvX$sOX?%=aZD`K5>yKJY`;N9vboauPps_2+W~a-p{9QhCM86!iFsOYD3zAJ6LixCAqQ4D~{usE7J# zG#52Z)X`oUh6GY?6OC z?o~~(V5jAE`M1tW^`K<;k9^OcMwdYsY)|`}o0Yzil)IUE%ojhNUcel_>Y>oEgnpva zg;l-JWO9{VzN(n^A=5gF(u>e@52j>IPNlC1GOKT4 zH>s!GeV@h1a+lpFc-4d=*nLpP-ls-fGA2#FcSYzZTlnWf{_;x!Ik&~!B;VFW)(Ji0 zzJ%weG|K5NdT!BEO^P~7luwGTyID+vHl_UZ796Zjs#4=|=(mC070S)Y{4zNxTWMur z=*3j-mMjq}c~+T>_w~24jPbiZ50czvnKzGI6+<$x5(By2HNU@{AqT{2J0m#!r_L)V zu4F$L)_k^a=Y6YU%C2e(<#Lm#J$zAs*Xp$!6mhUtscReW z|1jKVJ*)WJmA4{|Y=lH}BXA57oS2hn$Z;#jp9@XHC!alUQB3^gi@W^stTU0?*w{vV z2O7Xw^`vJ(> z{1+&I<@cw+oeFR_tja|7Xea*R#rE+B9Lux%?18=4xJC; zO&~Y3kJiy%j;2nsS5@`@nsR}K79bHO*VKh56p!W;3S{Y`mM@VQ{{In(kPwBmnp zL1Q1Ob_C%6M|dzblw&`nxLt7Z5AmgPUjYjBj$ zG6jvSzyd}cWxay%y#^C+#E+EtAIn(9E3k1yIVe@PgS!{<_t_5`2$g5{ia}la@Ao+K z5iBch>-@+O2-5|ZBbyt!fF1sINdLS2|GWMFEB*h!G(Kw1exqfLQ6olP?W5ImG2`vz z`Zh=o7M?P@Nj=>f$C?eK_H|9olbM;BOyN!6SUv$mLogw109qOT#45jyCjM@~SRqN* zJ3wmQI16Yt+zKsv#kXTGG2R#Hoa_cSpFz_8Ty9ZO#nK5)P25dM$wpYyH@auQz8$z+ z{O{tQkN$X`@f5Lxos;#oeT##t5oK`7& zZ~4jt%|1Zr;Y+_MY?tu{%;AWA8X_#*KRL?%i9p+6P1Iv9nj(q4Zn-qkG_Ro23D5_Y zS5&l@^-6F7a+x}Bz*BGucK+J!hk!Unebo0bwKF@>?rKT$)z1L_%ox*yzNY^o#?QG0 zxlG5k(0y~bR7lue-xjYt| z?2q>uLeS6A|Kq^Gsm+E+feqb5!OHmfhPJOcetFUEi0R(m+;P8fK18ZinvC`;4vPdG z)5%z#^u(QZ)vZ`S-zS<59c2>&qOgx7K5}9I-#I7)(gY6UhM~IaNP6a>RqoxN^oKV0 zzp}2A#>Q~?nffyq6cnr{PSa3qzB4Nk0$d83KHD&M6I*lWWdba``Vfbv1y%6cn>syIyPieK+oQBt zhE#Gvw*%I{`}g}YS;Vj4u7Sjnq0SK-#~DIH022GWUL%h{V*am0u=XioNJQJSrTXyd z*@!a0$Y|u6;J%bQl9ib`q-*|_9={a8`~7x*#eUme#Xw7oOA^~}#N)hhTes3Cw=14k zQDSeI(IOSo12bqi#L)|Nc5NtqZz4Tp2ShL_LqqwMR6@(ePXSG0C{p+7SsK|srV~uA z#~dsFKm`_lX{VH#l@sv1u%W$f9(w~%ttG{$>x#l|8QFcN8{CcpXX;M<&ulm(`}t!oxCtRrey2L^aRyrj4kXX-lTHk~YP-wygjf{kYO zn5pR09y1I17lk}Q=+7EfnAUz(dtaVeb&BbUzrX)oHZCp|_d`=RrEN^FX%Tng zmMR})y`6(CuPc0WTp63}Ak*frE3iOj$_iAX@wIQ>HD9PcKacd2&JkP%^C86tO!oC?jnD;}ZV7GpO)9>ct+DCOx7-pxivi`JTpM5&EiLO(vI15$ z6D}BCK*lGZ#btY}thso;HW7Wjh;ce_GJQ|9wX?cY_Ir|ejk`SQEp+l z^96=(U_-(ST(m-IMOFB!AL_$YraTZN);LXV!v&j>cy(2A?Kf`~#gNP@6A!)y>rR(( zd8cQaS9s$#Db~9MjXRe|jTM}n%3QjDHki$}-N~?xigF((vH!VJWgLmcK3o9K$k=si zR}L@*a_4CS!a!pmqXwL7B|nq5ynHVIm)3GiSQ~Sq4cA-pZVKA7GC9EQbW}T#|y(Hk(%@5euxnhMt~YcO{AG^0&3pVXbjRGqdOlIa7aHJ6MZ}|4nUC+r|0`*YT4*j`kK*)YKegD=aHT znt57r)BV>d#YKix$(U_eaeJf>miUyFl}n%f5POO#nB#Lp*;v}6Z$lf>7enRe1*_7} zQ}S?FC5o?LAnz8@k9(4el2k1%bB9N;)I*_0a`}sZx-87BGv@U{qQjy7xF>SOY{bxa zSvWrp3|kR!!{j3u38W)aIvi;J#pVA+AWi{}OeS@D3G>Wrzydj#y<)|EA7|9yo$I~7 zb|^N!A)GDIyRo;MBOy3~97HDZTEuYZtR`z{lM3|4x5oEg)Ahxjg=3t0TV8N-=$1bC zWgiQ0HjVG!8v?qm#_U&X*$Wb!oXYd@E)^bMMekpb*r9;q>UQVZ2flrSh{sNw#ZDHW zLqaa7v+Fz--%jC2Iw5rr!mc+Jcz$jUiZttpQciYiNz^SdsTqC+KRMr%{B((oJ*&LD zYe@8K`)oUP=PPPEj)2po??zr!aDwdzq*I)LU8i(#>cnXp=2qHmYdmLby@wqga)Mop zBXSpm&`YgxY7B3AOQDA==+PVe_BcQu5U0>MxZ7jJ>Pn`DMARNJ5;r#JbO!%lir$~wyMtJ zfHN}d8|hKd`j71WA)!AVU(i<4&OU}amey@wTH^&AP7WBWo)*M%jfyHI@W~c79$d(K z^&NrfeMyYy9M(2osM~LsFy7e)V>oUA+M}e+ne0{DTAG#k-6=16h&cU7tlUdgR4mU* z!(L_2JbU3zq)qLj)_SX?5f^ve#XZV3RiDyE8sGig`IkCbJtZhgs2}`&=oB|#;`8@% z8QML0K}aJ+Xhx_Xu~?EV6Tl4SECq-ixQ}#ZFH_0oyOJ5ATb(egPL{UP#!*=nk?xVT zG|qiLN)HbLJ%c?55h%=NB|M#*3zK($zM)WN9wfUmqP|IhJcyGC_mR_Nz+brbhcg<0 z&h1|Y+_d0VWjlScqh}| zPxQx&d*XS%V3dS1Wd25Pttt6Nx6#sC7jNiI?>O@770-lizPd?HIYG-I-3LK)`OeHI7E4Ozv}(ds3nB{S1OqHpf2a z2;txbhJlDcnlxd7)7WbTJqHF9IG~IU-HlU&v^6)~;G?|02bk1Zz+hNLQ6PyL2`>#K zHSX0zv|?0g?*IZ``pw|Bm89EWgBw;ClbjANZc=*h@H#^i%LfdSS;vx(G-g zQ(Z%PYl;tcw-k`tE!c!IH>M=QR1e0ix#PbN(2KdSY;Qp@dZgHHdoE{z&FtQaON~~v zKErKE)QTpc)9|v+YqkC z%L;RI+k(d1Z2omV5R6|qfqtomox7j3y59-K5A z{&*D*h(SE}yzuxF%uUj6KqK_t6bVF+Hx+xvoaLoD#!mf8*4$sZF= zs#~uOpMBO`_dTpCE9(hGq#o`goZxSBlJ1LI@G0?_Gy@J)%gx{pJ9JL34w#JM0Qhys zjLe{clDykCe8d1DmJu*v^Nq&c7t(!&-iL!$<{zz#4SI??wayMhh$#_*4sw0xcdt$8 z567odnCN|WjPaD3TNAy($t33UaZgn$msn6PTizMcWKap;w(DMFfx^=)$s5#w9Qb4e zo$h!qVt%VdCQo^Ey!-%+Qu`~OABj1WlW5jTEFOI+f<|%NYBr+mlA;kH|g?q zmT_kjnk%0WAHj%=rT{}qqi73{n5jztZqJA>1dXF57rf}~6L`#c*<~)-rfzMy3S+v+ z#I9eqMFU#RXKzThr+srQu3Y5wpYTK)E2mp%lruAap;Z;%tX0ns@{~e!0M%2bbN|lO z%Oyh4E`6GI(Ia4Fd9+MP=f}+JzRv|!Q`|pWRX1qp*`3o)yahbt6WAsne)qkV5wo)H zO2@ktCH~AJrR{*P_4@E|Kmi7F=Ru&0?_!pPIHG<&VH_WbiXojpb8%Rv%M?ACs1D+R z^gSl4Yl|Gt(@xlH6g3%&)HxBcN}!OB+o%Jmkd#-Ul}H2`U(OBY2*s9ePo36z$>00+ z8gc)d;OWBy(z#|bRX2l;J{`uWB=2?m0+SfnE|{(+P3OCRV*6JA!;ZzALlrOrVI|+* z);7FX@=%A)dzEf?KC#GjzAG@_Ke8+!e$g@&iT*CwC_F_*rkgE1P(I}T#uu7>kS(f#y){l^ z1(-FW?`^2s+JyIL>CO3;C*kk&0I;gj!r{aE8dNlUY$tnB-Q#z~J{$eKfX3DLhs|L8 z)P~0`D_T$GAN+4*tW7;_R6!r0_@lQzpdEjKEB`;01^gZH1@Y$1Rbsk>1q;c`#MVSO=qRgN(1DUTGlxwe?up}px zxkCI}$M>AItkx9`jt}2t*&4+hBIO;?B<;z(yz%j>Mn#*?Cc=-X}oP{&;g&Qmx*T)6JyA%eYrAw4s+mpue5NFpJ%tkmcbQe`f4* zru_Tmvo()JJq!HKO`6RoSTEH+Np#-i(;3XyHJr8|Hq_XF@zRp9ghbUiy@i1 z#7=c{=~tmnS}#-YqL9sIZ^^4H_y&qwLnZA>+*H@ZA%<~OPRaSSqORE$x28^fE-Ef^ z$%&ZnM(#3S;eVZZf*BpYB9mA3P6z>N9FRxH+#mmdi@XH8SNVbl^d}wk-KKh+38$rz zu)g+4gg(suP#JKRyL$Y5r#&IJiQ6cCLI!;+T_ac!X*2D+g`PHy;WnNZ$U<+UYb+pN z-M#?!;)n^Tn_N{x3YaKj3fS6{URL{~yDCCXIo*GkK#rZ#M-l;Udx~d>WSlxV`9STW ztBG#uY;;s|T?Hy%msD5uvq8k2ok%X{A0!75>Yht1kPOi_q)wqOCL2?YRzJxC)L4eA zq59)yVM94OW&4JZw#iJrN2-LO>0AfJL{Yy0y53Er$#0$(y#PJe;NAVP+x94-cqmP7SXM^K_@=8$6Q3kU#m&Q2T3UOsItLfT?R_c zpxb&)mqR5F{JjcTJ~u49fjs>xR@WI_>mSJ?I5{+NE|PD%Vx=C8(_{nu_fID>imy&h zC{U_6zbph%1_u#zO9Cy{)ryw6~B;2hH4EKz7RkP_yvIJ9- zJeD^Gdn;LT z+#ZE>#~rS<(!&e6D6o1Lh((0221I@kVH>IUl0;PEDD#^_m?h}A{=|;QnPS$<1TWbj z>mcYEMZ;Y#-9l7jm&ROKpMH69NhKV&+jkE$nJnckc;FV^y{9@^QF|}Y+|CJW?(#5x4(m`s9HAnz-+HN$EXU@9c#aes3~sk0AP-Jz))1 zErNM!=j*g{I;pJB)b9dh8&h9ajiJSk=Blga>Q%g|VqN#Be40YxM5~e$;B zk(k>eKj->8kaJ}HIr|3lcp`QII|+t+1le1>{t(FnrvKU7JD|O{0n_>1xZjO$v0R3z z@LQT6g@<{4P6aT-&NbBSufK&`Stn0!^++DxV9(@juAdri2fmQ0)^QXCL)$6OM_2hX zYwr?BVCKcy=Q>tateJ)UO7qf!FvY0mbXekoD<=NJB$3=6dNRWZc}hDTwuh45va*RE zbLa>lGZXi^5Jk*gH#9|(tyh6bvf8q!vV+b=C>E|px74(mcLk*1H0-t=$n=2ik3D8( zopc&iDo3rqy?3klz5JOARsSjzZH#{V=Mom|NWklmVcA98P;*=xk+~+fm%|HFPzw(I zvava^InWP!fN5tz=)!`}yNz_1vR*6qW8@TxfIoeD&7;cE;fPOuG>E59a^Ah9Uo=z=${%B>4 zB%ij?UeWTFU0<`Ml-nzM-gyaK*p_$>>s*-+jv1u=IiYhNYg66_`|++jExR|MITAkm z%fX_fLYq8LbJ6*1gh(BZxaSe@UrS7TNon$>t$|a=5)cof2-Apknj_P3n*%Qq5Fa9C zXHk#I`;*Nj9vDF|4wu&Wd(${7Q{E}dd-r{vtYz=d2AL7GZ6AZhX;Ryb4tDEoTTz{B z20_S%y|3-LIVnH1h_`MonW|2t$v;y=Wk#x8n!Ln3n9iQUX&^K`MRx$EJa<4)Vv?@Q zO8se}+h_<-m+6l$v8G@Y*!JH?4`!26Qr=DrL|bRh zd0;IMt)6{8u;A@qLO$pMRggQMKm2Q|^!bTj0^nrt@e#xb0h1J1zeB(*t2-zSAV~d;3@gx^tptaPDX52$sC}9DESj5uNuSlx{nFqC)^O z!&mOPnaJZb&jjWr2qxh-M4xYVh6aD$-->-2Xti7`+F}P|l~PATY8GoQ*dO}iRliQ8 zU4jJ?vAmY`U>ctj81t=Rtko&S|}CU|JB;*!@W^7`kc5cG1B#{`KBv9GKx3 zX*W5R?QJ1IB$AsMsn~OAxpRNFGt*|&v1cVX)ggen)-k^D@jOkuKXa{G{3+3FReJPz zNwWvnAY!3^uwb}PWp(m`N?J2G)OWVuR)Z?MS|5ON+f|kDy~W8B_nYqUTWh(Z=jJmX zy(ibI{tyo`gL#gKx zEI5~P%vb6>(~0UIY(ERPb5x)P7ldbT!>o+z1nox(OYAM83k~<$vSN)EojJEG1b&(2 zsgTnMR&YJbB?79_$29u$9{Ol4eo7$Q!_)roSP-v)?qHJ(<;ACzHPS2xkx+K4MOSn! z*@GcQl;Q>v@x0E;G)2X3pQn1Z*sVZ1y{Q7Slb>)43^m zU|zFVr&+Aw&Cey0m@cP+w81umisbIN?Zv^CDMMy$V;k{05WMQL|0Mw|^}@#!)FflG z!=FQ#J#H$(j^ynh62-ENYOGd zDVyS99**9tM;BoLeCpFh&^y!J7-vkp)B6^$4*|Z@|5y5;6TnIF%-{b06YZT7uRg;*|5FuyrH>Xv3l0mZVSG?+Qoo67dHmDFu7 znWCXJ&{$NO#@R6IK}nkHK$3_oc`!9CBh#uNflNL-vv8oTDa=EIg>vC8KZQ}0NY1pa` z&=67)WC&j^uX3f_Z^bzHhhn5l%26C~0sI$Aa{H8W!{LD_m`0?>Mn?ZJ17<6>^S!BI z@-B~M3pD5eu3x0<_p;K?Y0>rNGyAV%XScG_{F#k?aamv-_29@}M>Kb2p&?pcRClDt ziCwpBUb)H#I6rtHRMi>jiM|6cr&lQo`t zD)3aoc1$S#&eMqT(C-TFsCOJHrSXvN8S4qTGYQpKlKw2g9qUDyJ>F*VJpC#YFJSAf z$4KH^ZWCY2s#)wPfR?mxtPkRz_`dv{)n$U zx8fknll+Ifz4~DKUsbIO2HYPtzGlFni12r&lMStNw=cwyije-GF|6H)xusd?$o16M zoOj;i&d84y_h%vgX+hd7qad7$5SQ3EX7+3Yq_VsnHfgy+do;Lr0lrE?Wv~LH=f61P#o8@f z%>8KGu=sIdFr9d_ZONne`UMgKE=2(>z+2wvP8fE1t17a1g;K)1)C>28SaA-_e{?Kz zGt+%2O=kExA3(YZpQUzSFy?}J4=iK(?Yxs06l{9#{C1+ro!?T8eRf|?cw;IW5RRgY z5#4d8TM;`y**n_8)xB{YTQ`LI^{VU`Eyws+bfRrx@hOau2>DlzN1*sP4#0ndr* z0Qyjnk$AtLorG;izU3~Y(vmIpI21N%mf91}`9W=8*D|$>pAXBM*yo2aWDa1~uR7qu zyR(E!$tDhB9!RO{${u`1U2qRui--JlAA)CFyf9CiuoGyCkcx5s%j3hXNeYRsUdWo+P|DX}{ zJZivy3AmMmYNXk1q$5EQME|hZCyZ1|JAz8Ax~hnyLxmKa4yicb^wg=Tkub#FdtATp zJ4-YGGV;KTh*gw|lKfJO_j1!L#N=HLzA_*@mj}>u0{LBDKsr*dVyP44-so&@!Ch*j z>*_$WKNQxk$Ssbj%!QS1EZq5oUklf_fox?9>&t~I6WJ5k(coR|CNh6`cL`>@(EhE2 zSN5cIjkrHqL9DUSq+W8Nwq0WP4!GbJ%s26m82;#37V-vt!?@1Ewi|cG8t{I0kM}7~%VB-cyfX+zRPc?x^ z^GuanZRakCFD=Bk{>E0@r*&CA3%@b!4);jyo(DKuz-lq|IwWH1rP}d3F9Js%A#r!( zsG9W#G?tP%-O~ku_ad`6m7v|t+BZ6@H|x($`s^jc3n>l^S?e4>N2g)8eWiLN_Pp(* zqcBGGBJIGQKI?Sxa!u9|`Tjg$qSQvkpL>J&7G$8&*G;#Yejst zaz)j0c!{~+!6D?)`|Nhf1BVPJOJ6Imu|g*>!ledY$i|qgI1SWSbQTyg3KtU50iuxk zF5O#uV4M@~+xyU-D2Jb~_7WCG?5p=NsfX(TJTLUWuLtv+*-?yRa>+W54TJTU)|e9S zOxL>P4duDL zeYh966`rL?QF{@q;yPB&f(Pr7mA2HNf?)d$9nI~VS@B?4V|RRd%dxYLWwh>4sp{>k zpyadw45fps!W~M!v#0omo`GP_NMPDy)$q^*fzwCTSbQi7F$$*Q*Gci_$w}6?v*Z+< z=o89HA>Ri%0kw=5I!|l8#`aX6JVSjE?G2+qcTaoSzXNl6yLLVI%APdMI}R#$R30rK47iaPH9kjL{?ZCuLm{cR&3nt~WAj=JN^WxoFQ zS6eI8Z&kd73DsKv?kA*gyx%iitm9X$V23kDFTohQPfqlFbONm*W1i+VvA>% zoj3jVn{ebnfj)JvepPyf zSJyjGy*!;g1Ol~FK6P?g3Ks2Q*GX$-eGhg6%k3unDE#}cwgQ1P4UN_BcUs47Pq%L@ z{=|a_$5AtF57fR(0@p&OPc2ezcU>-PXv80sOq;-t-AoqQi~=K^dbC-_?~tmzwtCNR zWx%bRSlNB8Pq${Bh&_0-dUNlzLOhSx4)%uu9we1p4))cQOAZnRdS7*P0JMt~?qbKx ze#Zt99E?;9!Ao!h`aJ(a@5-dt>m=U;W6`IC_bz)HPb*J*ApT;neteUHK&}!kDHnW= zwU+wL_CnteE^CYMyaF`aB4=f<3)jye7V}PEf6VIb>lx=7$W5t5`Ye=BDf6X0Dw}Vt z(A|!^^E4a`USIm6hi@?O!8wvg4V>m7Qul}X?N>kspTaYg_iCnpCMl&#NRx9VS#(?T zmHFtui`pKk{XV=rst(1FWAowmLmyra{_+r?1HAM_5ge|K_f+-Dt0%|KW~PX8&(-H* zn8!vy5x3vyOt%;J_%C3aV?5dwF5GL50TX|zD>iyT|2O(B+mYIZIRl3wPk$YIL{}nv zAMYU2yTAqPtsQ{*-wv-yKvA)!W}TzGpop$E-xZJY@|mdCZSbu-1O*Je^w+0KEe8>H z;*%XdU2%bfD3Lo(^QNMI&1hAseALKg9x+fK!A{lBfx>vK+my%nIhmw6VpR^E+j93o z#&|CdT6jJ5%~jRtd!(G)jR)Ab^$7{5?rhNSAk$aQ(}^*!FlhthJP49e*F(rT?IQCE zYkMx-v6s0!eunmR*=t#U-wP+;Fkf?2#?nxe+(E)H|i`~?pmnF-Il zZv1jR)wiLa&N{hoph@?tJs9>>QdED~KP~?BE0cXVw6Jjx)O1Src7eW(`LQOSaq(Bu z%rmlmsf^kZk6nqgW`ts$FOh`0lj8J?j2nY!%?B{uiH()54_Lm?loc}!fVNe0+{z)p zJhD8G9O%{LIcv=*P^p{39yVEZE{R*0R{D;~YanV^fpy7Xee~}P=VkazHkeM?G|0si zwK!tny*8({@S{jJq5*W!SWeZY*jrdY-HM1MJVL)qPK|hBC19>Ar>3m7Jb*-R8a8gp zPFH!78a`K`_)BEH?dh_ihO^OK3eN#r)+FIKO2k}5d&#K!+HF`J0{F)%Q;bL zo5-*F&~Rh2kq#??%`fYT1XIYS#$*qqz~n}5P?e9(?vjP*KW*)a!flCu^6A+PUEH3p z6&mKO8d}HEF1aldXbgWewC=t`V|(}x>0V^Gm(rE68K&>HKD+C<^FvO^uv4>|m3v;K z{OM>1kHWU0@Hf`c>Pr^XBDZPz`lsPFPKu(B$(A!!)**2g+JPt@ zr!Qw&_CAtO!&PHAbicC?5|hYu#g+7NjmRg0PC=fmp2BlqzL0&U)pH$=acXp3!ESY! z_EcbMT#)F2lBdMFpiGj(x{labRBiiw8nNsdxe|w@@Hxa)ZS{ye`pWq2b38AFZlrTA z`+#LVsIYW42QdbOW*Vp_ZpnP5^;WxO!3rGIiB~2^u;iZz_aQ^0KeL0c|0^Zu(_zl& zX?~sC4l@R9+IHwD^T8G86t?f-D|@|FQ=Z*pK``46H}pp-H=z+JnbikseN5xi^ZVKO zmxj_oD&5vpw1+e*`P#wE7ra&N^)(I2qZ~_pq1$IBY~ey1%9u;v7{Owu4Y2_ z>`+f@D4lGZHw*$R<5y_nB@(-V4gc>Am=fqSbY7gyAO5n0{lZY20bl(QIbf$;$Wt58 zw)*3w_k&tBt)^GNm3x+04LdGQisH65Rm^Y=;fy&#v0FKI+7cE$k7&ZiDp$ZT-u?j!DPi13nOR@j9TomP z3}`W|^rsfg%*W1?B;@O2d|lgGw!d?6@jcV1vU^_+YZeM!>bbE!Jv}lahcK#DB^h!? z!biq7XQvnK-iFi{D#h4YM3$54yu^y4Ypv7j2jbO%|8q+jdE66s=UzVT;}~IC*ghzB zzUBC7R61g0HVB^t5YJlk6C7U1pEo$=c5ZLm_tTi|yf=a;4=|wUmaJVoGX4KRTs4;; zfG$5bff3rC`d0Dn^W8fQT5dF!lUQaqic3(H={1!EK0&k3$rE*l234qgHRuK}Z%7j7#SzB=E<1f^ z1;z=jeAYoPx7M+<=Hk^*vD;&WvP!ILc-wygR!(v;Ovd>_2i6& zGj~3Xf4sAk6dJEprmVROa2rn_)x8L|X`y=LPY6@UfNXH#&K}8E$ZvaC|x9 zp%N|~SpM8J4`V;A!0q8#!60My@@niht;3Ivyf9|V=(U2UUo+6Y#=D1083@@FI~PZ( z)7eSVYSLo$-G2DY>1`^r?e#K*4OWYCgvUN=@0Rfq}TDG^rO@m>FP+fF3WlWl#=xP&Qr|tGx_8lLm=GVxQ zWyB=aCWqk$d4c?48w_7KBiz*TZtBl+ZF!7eQr;*|x*2upjtVr}j|yLIpUb}-oRV5* z?d)@w3^BJNAVaS9c8Sl~q*mzFO}t@;eKi`YbGsSk=5V!Rks9w5f6kk6oE4X%k#^YU zkj<+MwYm#ds|XqlQLWIB!?2On=GZb{&G`LieOjM;DH&t~Y9WxIZPK@+bY|Do{4 z_)IWwG=_)|%+e3UGDt5DTyEXfnKnVL?#wX{q+?`zPw1C;Zt!3R$SqkzTlNdO*CdU0 zHlC-q-<-TSWAu$g#9#Jcobaln`TFi^MVJT=V{Z6r)2xdvKK{Z`ibm?qkW*GMl+>&J z&UsJ{oH=29H{EBktqB53o@m!;y>_tNaP%K@%(oj68t|thx<`b>O{RgC)>#kX!pnJ1 zbpQe*PIymW!>DR9?u z@v;jb5*7r_W~gE}VKeURj(pW@UHN4zWiJ&Zx&*{ zTWATI4!15#+?F_l%Gr`5^|9ruE$XP)_S~s!E@fD_=Cy;U^kna`tfgJ7TPQB8qbVv` z00V2`MmTuC*tT3!0CEj#9;rzZ=-s zo$2u`NbzfS@7G>EB2n$P#rmf^nZ4}*eiVMM|doepCb?<5LqM%`Tc18o}NAAfqzWk zG=b>154Z_WVwrS7i7S@@wLxU^h(mP3N53>|aAJ?!{Fr#2el=-FdeJtWx&Wr-`!``QB3lc-^ z5E53_Jx|;SNjI2UKZ5Ho&t*Ys&#^u#d{6%^>KZz;j@dju-IaHpJu<6Tub$9M@6#O` zq=T3#e?OD*5GON!b`-a9ht$((h=Th>zOQWH zVaGWT6rl%VWi6;yk$VNG+7Sf=4Zop3Pcb4cI`04)p?4q}SO2CknX$?!%)`?EC1X9m z@#urNI&R^)81Aq2uiJhJf@d*D2=+rj3fL{zS2hQkz2JTj=Kr^(=;vRvkcv_ftJ;w( z-yogXHxD;(u2HKzEf<~UUH|bnh|D>U`@K5B^*$&MDkS>f1zO&@$K(R7*ojA8K#N$Q z*`VXEQvUBR@)(B)8(3BZ((ZGB(R;g5uZ_yc1;(86TY+n*e*ENdclgAogjX}Z>oNG7 zhe-P3#cjOT0;&xEKUfNDPcGBem1tMsZdiB~Oym??PuE6h&(meh2M2L$I%BJr{!;TV zV*SK5AR(<<)q@&doQpETm1#7JjJ;cSZLmSUS|ap-492{ZOAx#8%mrsR(qsc<(1JED zHRygmwg`2DaW18x<9E<%kiMUGFU!EK9!b&QN0Hd=8VG<~2;ohK5Gutq(irMOqA0+n zF}Cf6iwD~w^B$NityV%RhtM~2ttyD8|2hMurj=ka3+)CkPz0R`?W)X*Re3+L1kdrV zywcJBgVUoaylK+zhtaEfHvmaMn=1PUInP;yoTR~I9&ta{5cfC3Ntumu^zVC*<0X|M zL)gHO%RJzjR}p>^DncN)=WhEwe<}Q!GWU|I^W3ONSLf?)!vZL^O?SJP8Z;-=ma(s<)=s zo7KG#nPM7z#CYO%+n__sGdFZ~2+6SQsbOnZnbG`8nIEe}DtTVv_L{`G zI>{OBWua^G)`Vr;OkJl2x-GAEgrq7G-J|hdbr!WcBx6~LFx3#^8!0WwcCG<;VMuf& z?poTS&(}p3%JXQqoDvpa+;^vsYS3EbFQsNR+gQ;a4Rq%B&B`5WfipWgq5-I{h9anG ztxh37!3}c@>aL}!i?OA^H>rEc?*8ovs=K{zqT*Pn_F;VfoPEa3w87ld+AQZq5q0c2 zlcZ+nwl$gRYV5xG96IFe#;tACg|(5x-1c$^wQ;8d7U5hf0Q;}&^n(V2+AxuL+aV2X zxd5&(zsp)dQ17+vRJEW?^}^H--nZ)2j(X_#QS10P!UsYSk4US~cwqn}d5d-cQiJ?h zfhHpq38h-o);KvWa*nE%Ka$YHEyT7zq*xG*Q%l@=~IlrwW5GXpb z9XaL$`^P>v7m@w!GUm>YA>=?{JJoBl6~4PY_rRnpH~5fMv0RDPyuAe_@?x~}DBS_+ zLYys+NVlUe(kn1a#EY4;pLui|sJj?JbXjgkR*v-(2pMD^!ZR!Uo6y;hD3v z%k4Dc%eNchzmcpxsC|DW;;eZ@&8t(DMeK8w!e!ZKfjx&VKu^!WYoq-gcRZDAhpBE( zbl88`!Z0#w{H{M(GX!|D49ok~FKcRUIe_WzkV`Mjx>)Y?XrdFNHM4^e8mcNs!mO(8 z-o6`4FDTjNoa^1Hc$P#ls&&4UpzPFO{vFggUeYn%FK8Q4oh_my-w?dKJdclap1VDg zoNMSsLk=*kj^wWVG)()n^r@|nU5W%EF6$z*kQ7yZu!6RD|h z-p+Z(SbaCC9d?Da>EXAViN+B&RU;sj;z$<9KY1){k)QOKL|J_!cP}+Er(RW4s?886 zGw*gjcq5BSZqVWLte_X<%iizQG56_4_Yf>#g5B_o)z>|RUgW%UD>)}SdaZ(el@`)N%FWFbPE-rrGKzKmjv7PU@iir{&fo-9RUJ(114OstK@ z)nGpO5|20I)*@dH@!FwYL6s_j??i&$-Mdk}*=-tC4>wC4Ay+I~LwCfJPjiY5aaPZn zi+-VThrl!XQAcl}V6tpKDALNvaTR^SxFc)@EM9BeB}T&NoqVM)uTC|m;U(skOkDfR z)#7dmp=HnWjwI{XIn3W40)m5zlZF?sQN)xQrtn_HcWg_!xP5--_EXvu-3(DbSSc8b z8+x607zIm)`gOy1h0TsMU(iT*Jsf{9e|yLLMCW--9Li5w!spd&8)>`hCNToZb@apo z#E2DwC7l1OKC0+^RZx3ro=&O^*qyQ7p^9Ib{bwa~+y!l&{ z^5x~vh-=Of3sRc#`{AD9TYL2`HE>SJpQrhSD1L-)x zYWLYSaa1W(z|Kb=wW%$#ScnyBU_oNG2?ZD^cijpTHi5n9Ue6X0+aUM=JVDWxB{r9F z6Ldx$&k7mGUbTf`$Lvm%N zFOSlQwM^9aM0oCpvS#IWt7o=jBM}OuZgRUsX(->VCIK|5=*(&7SvLoc`z4-(*s@nP zGu`MCPcesry3nzh>rkh&6~Nbov<>O`NhtvJn{xxfm~LhPF1lHJ;&y>g6%EBnHrJH-3`yJ5H~>8DHU0ri`{ z{+^AzV)qvbB#$sd@`!ER)`fD6k(@~T8+IE=aPYkTL=8;JY%a0KxpVeoOPTkKsz8vU zC&Wo@gTW!F-B{@4lDE1PKK_6umDYm5mLp%;Q&MEuo>fNF1j74;2VZl$i*~6F=ZYMO zlAQi>4NJIt+8Ci%RqYhHJ~L;qvY;^VF4k`@c%%%-*wwI7y<@&1;qz^0n^iWABpbwD zR0#x%j|r3C4%qsqi?1Np_xE>O>SWf3ol|R51dt&?B zSaTvvXI5OSzN+Vxj~c*OFL|Z>Q7p9Svk!%z9y1QmdRa0*HwW?kEwBqach(oqk(?O7%R8E z!aUmj7c4hS!)66Y*N&EK2oZC8bKr6?% z`sbFHFK7?WtttVNQ97tC2={%S>SCR-!R;%fc$B76g`ZeKq;WBblXN2srwkUIG#j-x zS-KwxeaVEweZ@<}164`bL+UfKd=~Stx=yd!h8Qki! zL96$NaEfPp3lM$Iozb@YS2zU`_3wmwC%^_iM}R6U#C?IH`C5-Ho)e`Ww5FPxJGuK{ zzM!z~6mgUGEUcCWb_E(Q)$2~^5uX<;T3tx*v4tXQ`bSH&@ACD8mR9h*a!a!#eXSCt zLUd=!?Yyn6Ptv<`?8h`LuMW%v98-TAQb*-MrY;kD{JJ0(vQ?P3R` zbpL%G;fxO8WIHh@0;G2&uPjmm6L7|~+b)A<*P&xZ5!QZgkrttg`jh2u4Yo19Pn=M%>9(P> zB8^@N8Reg;4-)c;DM$m^GA&S7LDgfH)j+RTYWo-y#LnV2vm4ibJS{+Qn^opw(t6LD zhbtK1yMAFm9d@Eps7oqcVlNmtGM1)D3mVN=NPVCI^K$bR=LHKV&D3f9r1nkUq{?PB z!O5V%v%M;nuunW8bgq27a||y|S=y;ar#DMNC-Uj7rfMZB_`Ag07_ObTO;nNRPVfT0 zcIwBJ{JW5Y>;#1)|LSiuh0_eGn3)E+SReL-cjOXVn|n^X@N#9-L4f zosXgvkj_?v;^5#xPp6rvV4J~t2gE5^kd)uv*)sG>%=RUcZq*q^xo#Ue9y9*6=s}Bb ztIKGe1-faXu&?W@j*{KmWT@(Ex27$hG$fWL4Y}r+w%tg_=I7Y*Kx@tWbH`K+COXJn zr==P%ytb=&;VXzehd>7fLq%U|UC`#-c)!CeY>lM0dsRU+hOMbS9lR< zH{*tKv9Pn|MiaWg##LShbckQ+Eib3B`tajtyM9HXIZzH>-Muk89Dx* zEcM1L&g7duw;lfZ9|Vw%>F+&sXER%(pF4KCYWqk_N}!hAz{`qn68@rF+aVDC%cVk< zxumJ={ij`?TzAC1huGjm32Dsk+rUgG0q2~0VD&3iA9#yY>~jI4pRwJgUB(O*&)6 zi%}NA6of4zgxX(a26pX+CYL?`6`mj=%ZoJxM|gKpuE+=tDd1pwfdz^t4hTePTcZ;4 z+Llyr6I3J=Hi8oYyjnA<9eUuedU7H3maiFl_=&(M$Dtjww^1jd&*))Pf|PL3TM1Wc ze>*wGv{-w4O)`LMtgaA3<^}q(x*(u;LQyoFp2W9IydjD>cYLJMm_%K`VR^QX4o-Ua zy*+HIv_9t6cC)&D{@WwVxG~m(0wG=p{mrdj2TOg_LO^7#EG@Bq_(NT9}HM1i>P&xa-P@ehllNkwDZx4tzH@`UN3_0nGU5D@+DDPdke>(2l z8r`N1Uf&`@YK;*72_X1g)8c*&#^ihFT`9AzAM_h~5$OaC`RaDvZWEMdG>fpJ$Q~gp zeKn`m#fVLp!_P*h-6$LVRy#+;-$DW`bMfZ$U$fhE$J56LHTyS-RmAr9sn1|q*Iil{90=VwkqmleiupWhjFv5d@Bz92PZtr$ z^YW;_Oj>JjV}E0S9mbF8jwbZFeU@&!5QN}lU@SdaiQLC7pvi!S4K^wm<=YEwRr&Y{ zx?2X36u*=~EhyWRU>iLZH9KO9i*O-&cOM~35?#H2k7TxN z6ahG*e<18|b%@1*h|i53`K(JlB@9(+GL+*gVGE^4)*H~mnufu%8MLM zs-P`Tica;qs8-I}%8Xj;cAXnt-|eaHwWcNlc`Lx;we4MJDn3CkF4bs^*D&XSV%32XMMLu}0C-Zk|j6 zuX_BHz#*PTmC&yCuRu>>fPjv3!CWEt&*h5&(K^c9wu8bunqta!W+4Ixo%x+#-rosK z^^TiIRYwHA7UHh{nshHxiH<%@G4mv2`LI>e3%S@8ws0*4T zPsXGCC1+}mV1_|srixLm#ySHuK95awqHHq?9L)J4b9n5clcM3K_a;Hk>weR_tMp`S z6oQCq=*Ok~2>M!AK1-6tn?clBAjje6$VB%p;-i2GN%=|3G)uxAn>sP(TtXm`a{*&r zc}(*rF3B=Kxx88<;~QT}DEjCiZ%~MM8d#z3cI=NDgthqyfZWDuZ|!@}CcLLR$>|_>Ii2b7KRD!Q|D#5AJ70 zyIwdTX7kh~vXc?d1)>mP*tBs4|0n^#&GmTqHFugr5c@;s0dGpGT$p0`0=iTK{7+qV zvkZ73w)HCT`dj+19bq*Qd0%eRO}u$#4su5{O*!UA$?jiUif27Ux^Er>2^VtO@x*&m z-|p3S^7;)1qjMN#iT-@$+)(nF>X~W&QttH6kDYWmj&9#Mvc3Ct_E8Yr#s% z^lUSI*YxHs7pra=MULsZs43%&7=AcNzT30!090<62qC_gHg5Q9d8vrpddX*3ZI_EP zNW;twzAyEg3>IUCp8N%K0-k9-$8RBQmick&(Z6+BzTk6B=5*UB2WK}hGu(yXH1_8!}LN=)J8EV95AezhPn zs3}o<`|z8HNFx4IF$`wYrNc!Krd*=&v)I7oGm)a+_!{-5b-U$(Tsv`Bbv;fo>M6cz zQ+{A5mw~c4#I8{sg9R4hHq1B(UfgCpBldQ0Q6{7q1yNd+;&iHJjwD0d)h|b{rP95{ zarw?V>3Em|HaIZXrsoiTP-b-xNSoioj}=P(XyCZ(|5rq}M7SD8~D! zj4sSL7HGn17oW3?o36c72>F)s{^xpORrfc8mngIAS!~}hD8DE4TTi@r1l&_Fq^SG` zJR4%GP%n?_JbLiGrVIkRB-aBKJ%`HDL9pR?3v_c1yNICYTC(GH3ep|W%s`J_l~NtD zr`dt0JKFp*{LPb`B-`U6`0Mh865-k|=29jtCv3lzc80zuuXZ~l6x*>3Tn#HXNy@UJ zoQDAYpxO5-&tS_6B3wXp^O^Filbv~XP$ye%-u`6)1!A@Xa*eE)PqU6-6P;$}HS{cP z*ee~P?tq9zmVu(`rewsKiv{p#OdhjWa2cvbP;>9)KxlJilX3Q6A7z;)RAQ%CUEIai zVT^$fNc_@+#4oYRebig_cHFhfG6KP2^^9&NtfC)y;R{3@Iwpwk^UL++K zO-8gyU9jqD=tt&Hi_n`wDrzW;oINnq5Lug1K)g6~x@qXuDRL!Z1jjU>ZrK5X zi;&)Nju)XP^BQAGfm`WquoZa(=ufd(T?~#?BF{jwc#GaM{;^ru8B=axY1@rCsd>u9 zfmY6S=lPm;sd6pNdd+lK-KE(@-huwEgMjA_ue`7|kf?vJU!rYVXY_aTGfF!sDCI5m zC1X#MKx``GVy_gpvASc0U)06{ngW8edSOMh-o`R59)}R+5VQ?jRlkFzJmz&e_4h-A z)$BYB(xTU(vVlsx)TDBy1xiV0cv>{(yJjpcq)3&}RPqHRlr7Y*BXoPRM#l^&QSC5( za%)2ipc*=_A)iv+KN5GP<~Tq5RZTSiiS?361V(*e&?@A5767ZxDbYQ zqvD~+&nfEhx2v97r)c7Mbn-t=XJ_h{*jRT>f0F5>3+Me{`dV>fIRVrMCl>&KE)4e2&Kb@*pkqljq=%b9Felj$gUvI0eK3$L9A&th^O zSrT=}6hZDRl_^zsGI->?0%b|%Jh$Df>&*9z!4LIkzhoKu4uW3t`?0eR>{5h{8@`gY z^L?51TrY0hG5nGkQWKVabDpqP{E<8zb5it9Ji!_Y14_`iUfrm`&dYLgak7-0>aLQ5 zwtUY}@&+WMV-4rWlN`?A^L6EgxT74O2JvgDLTz8Bwdx*RUwFOA+|sfGw#AzsOMbsL z@QeNLX2SpI7jJV^f?q5&0N zOOa~OHs|jz-%0j%|Jc1Q@ihBY%0{UE&CDezj5>7MsM@u?nyJTqSxP@@m{C+!i8Kwv z6(OKcX9%^l%>Ub3T13#4bfiVaGbqRUs!EGh!0zS6bg4@i+LYw6&x_f9KOzQw@1K${ z0W`O|SdWGbtW-X_);GM!1*Ix+fN8J*;P##I&|(v8>1nKK9@lxK`y<+d>!Cx-T8ukL z@NJ_ouROgsRoez__H1xe6}4HguAm$7K3D4_94_lptqmM4c$8R`?--2nn>?T$8teE7SDwU0`&? zyO48YqVM<+?Z9i+o_1Z>gb5P?2|5uF+HkSd)|fh}NfVYo65$^{Y`LI~21bJ6sv6Y4_gS(5YKFD(@S zT*i}MeJTGaW@ZOuo<7;vsxG;ZU)fFg1n&Xe0!5+}TwKR`(E0I3SoH{4SHJ5S=p#ZK zV#)}wYYWYM5R9NBP1x+)`J|hf0WPeP?GPyQ?!H>BnJV#Q*zZV*JSH<*$|WpSXIXbL z#4YV`Fm%Ssfe`V7q$|CjKiW4jIb*_5M4742zF8o#E*`qLlvI$a94W2=NPyZD14^=z0KgvyrgnIUd3*QMef_oGi`RBOlO7>SnMGtQTHvP8UT$ZP_9X%P*s)H7E zxm8HqUG82$r=&aYA8KHla9^?Z1%iWSmeY(TgzF{u;1~>ulSQ^&2C!qQ_tm{5ww2KdZlvq2X?JRSWIFSfc{r>Ld_jx zt))6$0)B0_nZW@!i!YkbxSpi`7Jq87TaTH%L@clzESy>ZY!x#LA-Y3s0)8k);7{j-4B-;#Svfvj*>sM~z|oB)5h_=~rP zJ-H6(XB`Ix>a8sPzxFEKZs18ilzT(JJ_A=I5&Yz!5hUJxflW;{uLCDo&qu5x44OL8 z{^+`6(X^cBAUHYl*hBT#Lw=jReL@~FEW)Rxo^2E`!rf*Yhd8foDoqQb;Rb0tr^y?_ zPh^o>AWu~&t@kyp+lECRSPYr$#f^)8kGCQ+ecc{GF&2~ zAy-EjyH!dE&|pUw_UiX5BxMly@Y}X6yN$$Pz1*;MvpBSt<~uC`7veU6xD#vfHG^>8 z0-G0~@r<5202Dwu>0)KsH=^F(VZ5i|P~oUKid4~%BL|xK%nK**D1xZi+*cu2!$o^& z-p0i(MinAGj;gP~G%DR*ClrH}5~5P%{$NIDW3f`<6JH&4M;41dCf=mEyb_dWY)~hs z=6j(w7Gm9hU$H%Fu&^xR=nGmH;*-C&iF<4q;@?*9N)0S}+%Ctq^fV+qyi{~2c;A2p zR|jkv6CdwS=aB59>&>3^9=G)xw>!e{RWrx_>Q&1|GRIOiSW`o}k9I(}`XW@%cX{!_ z&eyYJBHBQ(JXa;PefK3#m;laaRBpd5(XSHEaSK>0b%jFRB3=VvCtS0Lu&vwLlx-SK zrBn0djbhdND_1W47_ulbe=`MyVjJ`}#<-)LpOea;(W=$}($t{<4qj zq3Hj!U4Z|HO8ld3@W0YFSdA_!cpl6tK`PZ1LUkMI-6!0?ANrvn$U*Vt+t1m2Ra{4{ z;y=^TZ4ELMy+6*mW9IPR&vyU4`SRwK5?QLhcE8}D+j-P)&*6tm2hQ((^*4vyMg6@Y z1~!b>)Gx6pslT|uUl}<#ZexU+H*|o96XR3~T2l7Q4g@W?vFme5;<)_+1qJz|U&U~V zn!sB{Gi|1#zQ{f4gI*vo3l>f;msJMJXsnFayF1v8joHe1a=AT_VBSm>3`xVW-q)Mp zr)hU{$Ugk_2U#?gCl}?G1mk8Z6g9O9@#aUjW5!Jy4O8ns=g~q-8zgi7(+V^17B;akRQu1*g z*x{rn7Z~a0dU<_Nmu^5--BR@mMvZ*dN%75cfsV)EZW<#KPAcj!dfG5yOcwWlO~fXT zoA3phoX_PS7N3ScRU1zfX1uAala@ZVK3#Dq00DVmSmXP11b;=s015-PhkgDaymvEI zElf<9R(s(3@P40SKKO#00p*8f^$)Rr+qRJlW*&9X_TuZCvqRYqs$Uju7|)KE?js9Pgh!d{cS)wgidSIO~JI+RwGx zOqH}9vh~{sW{&*)8rUZa=vkS4M)j+@*3$$2Oft(KqFM1vOWHuNi0-Jn@KE*`)DsmQ zxqkcl^_Mk7!@JO}b>|-zv%(-G_M7X`g?(hQlU$!j{WI{HDb^^BpDV^8kIec7=6_}# zPA60oFmY?m1oy;Tr+$a2W_F1ig=>iX7Xsu0W_vukqdEsK&nG_V0k3TW| zL#WChP8IFveG6;uBg0Z^;3$==-Ye=tJx&gv+mOW0XG~TG-XNz7o)7fAsPFRj)Z8LE6ZP%)*rfYwtt-V{Cx|| zIQz5(O}#v6F=R!K4&v)b6VrC(T(TVZJT&WccvjmjC1v(3G%_4I?mi_W5tex|BA!0% zv$gQ{^{ISg2~&wJi}e5b=u6Qwf9c*+MKE8Q|8s#?*?%d?&HKh!pi5;Fr_`(JLMkAUVZeqiR9L+J=LM4$#sad zXiMX(=DI}7@~4T^;ILZlO6x#o>p|bkY|gSVN}LPui%ES|1~7DGit&U-QWmb#?nKcE?soOvO6-|jqnA7EBmH(3oFBZYt6fI0!ns<#zK3iPH zS)r#GWoGoP2VS9fuvLE(rM6+rbr{r`nj^TyI}+PP5|!34Ym}p9*JNz1mb!f%VAD;k z98y_-^i6Q|mB|B*S6y0CSu#ZHkWK0PU z5@O^ydC7z1ww#v5ZS^*HVKj16XFYn%SXO56Z>Oe>OM8s$?m?M!!olVN+r-}I5 zqUYY_`Qiy#@f<)rQ3_5`lX$A_od7F zl-7y9JWE|Ztk!CgGjZC^f}353SNi7JAosqbtLV@B%IN=a^yugdr~90zCS(dvEf(1K z&)X&V7m=bWx4vU@tJnFl|6U{(dxxegFKs?-U^BC{w6C|4fsN07MUd^d`v8R|p|kLB zK^O$#>)#uLkVXb^#bMXRzTx38&I-#YDJ-r8e|Uj5{E`9M#tW>c<_c= zSO^DJJ*+IFN2S{x*Ut)b7Uli#35WQv*Ka7WxRM=zJY5INC@MxF_BTh#rrI8WSo02T z;cSsops%XbS_LykdBIKQ#x~{EPbGbgb^|R0W(%)-4C4)-Bu> zFd^6XrZ`10i_!@>wFRP>jH*&zNAg7b6Z&^;OG)zkuyx2LOvzPYgE;!Rhbn&g`7FJirV~AaOJ;Y@O73a-wxhJg-NKe70 zi=fJg#)*&6Ji-=xGiR9H8lYLdo9k6s()SWY|H{l`Wa0T6#fsv`-0S<>juZCxp42-V z0ptf5#fKv)PHSBli~aR(1%{Q>NZzmsnfK_}lG%Z&%9)q_7B7p!wu|wCSRtm( z((;i~RDrM)c6$E#NU@LKIB$l&;~U56ifY_+yVv@3{2pI=OwnoQ*%d5&u-_im!TyTu1~tJU#%etOZlZyj;WyO%bTqq}f}LY7P5 zE=DTaZ*3TsOz_KheOcB$9>;rG*#?8nHBZmtY^NNqdaJrmMyBmd@KR{y+L_=(a7%R@ zuF34{rrDKd9HOd(1pk@>cs||5lHk4-`cUrP091D_c5qUG;KHqK(^j;cXl6Qnk&a=e)UhX|rG`7zq5JG_j6WH8o(IuTqkv*ESctTonsh`iljE4 zPxuv^z?!PG^T%&E0z*sZ3p0)ek7DOV!ae(nfYADo-T<+Z0ILp^RHlaH(r1t96ORUM z7l;1jy*7E=^1$fo5tfF{215D~G>Gbi0Qy^^6W` z1=6c{yBAm2>z(L!o$JUE!n+Yx`;>?2%;vWc^U!NKZe}-&z~_#d>TlaHP(_gNj$f!f zwefc;(Ny}z4y<`F2gGbFyLAmL@qk9a?BdO~w1;QP7uOaJC9e!i>toCh-wH+Sy( zm?neK_8ZS4llN03MSxCbsS{*6|!A|$YRg6CJD;qqE;EhS(4*k zT|HcWQRTkJ%xWZMnEG zaMOD7J$g=>x%wg`0SDV!t7R*LPhZK}bHXXx)oo^Jg&yl&5F$BE+%3?aYg_5YuxOcj zQS9$fPcEp+>E&*D7m=rYWmgn+N4M6g=j%FurZ|di>p@=rl)4F!E0^TumJwZe;~kDFIR| z3%9M8GAU&v3T;pCp_WP96(qkij2owU<3K8{sTki>GInn-X%qoY8PJzNQ_&Fey?nOJWrnBQ<+tbbWGq$FTE{a7M9?^>06 zaix&wF~xmZ5O1j5?h)HSVBVjDgT~Y+apvc_dl3rTICl(;e4b)%a{B;jS%OCG#1j|x z!e)c~j2&+tB{Vk{?7GhG!gX@H2QR6s%lJ^RM?msRyQxpvtZfdHlh{7x1AKJoMETq} zGfvh9AADnt&mY_t?JW0X>)2Scd$BKpAm+IDzWwlUM+p5@6#?ZNkFQG7K2yCI9G}&f0(m3BXqEIW6dgpP@U}y9 zZ%fn1gA6hiM3ctaT74n*S6=Prv9#AKf`+~69P%Kmk_Dkd>=IM@<^5p_hp(S@64=6( zu6*{B;L~I4f$#6b<+!4ab8ul1Px{2&yBO&!L370~7`Ns_e}y%AcJr=%u+I1O^rO*% zq|TN=+2PGyBU`)pa0P~7X?8yHRn-xQMmZlUDrlvrmGY>iS7jCNqc05XyeY#de8AK& zZ3Am7faUzgYv%Uz#j*%MR~dAq@` z?ZMtp>Vu>;Lw$o-=J$J!yv7PFQ>(BY7Mmw3m@%GxYK(StK%V`VK$5(Kdr z>^m!kAm><~LTMYbG*O$C;@QRFsWY{S;vHXf^#r#Zfq3QwPDI2vC6pwocJN~O^Ef>5 zlDd(YdUw@o_cEE8EWLa6lMX7GHz1A4G)u+)M8==CHOKpu;^1l2+GriOWe{`BcFIE$ zk!323g)oWkkYr(wHEQ;>-RV4~B|Ny5@y%u=vz1F$RC_bJ^LmkI$B6CPDIqNOeLp zr(KqAAyb%Yc!vCz(IzbyQ}J2>9&M(y2a>Fkg*efhx)eU`%@eZi5#o-+uD4sB$mPlXUfMqv)jTu&yw@3i&j!|NY70NBhAhpyeN{6 zfBMOOCCa(q7;RlY`_y1r$D8lzd%2Au_}>geLmC{03kRfmwj7`HRiBu$I4)5;YeoCk ztef9Wi-BX7s!F;zPT{1R&OBX024;S@4Q-mT^QLCPvb>&tzsTBzo9FZT`wtk(u&fg@n0GW$!MQA{LXgZ<|4{f&wBP|=3?QLw3*CpiwqgdaZJXJg&MyB zsXt{C)U?kOdz_toW=B!0Dd9MZUitL;bBpf=Byq+_2>6y5QDC z^J-=pO~Fu##u-~}hD27z6Ug!%-@Aoh8;2BvD;T9edOmZcUT&u-#ow zwA`yW8Rkag7^!e$uKoj0GUkJX@Ku%HlkJZr%(RQNw_SPA8#p?b&5QAENX>W1{^lw` z(Br8hAM7kOVw0dhbeu$Gn`<_ENL<}al0DK%&pkozLJK2dZz}Q`O6d=u?DhjWPoCtK|>J&*&br^EX9jhvL@2xvQ!$2_E zZobp+E5;|GG4hJyU)6s~f06Ipq0{rdb~@&IIBwap;L?r7&b3JW%egmOE)oC|cpgGgkhTN(VDnr!BM8J{A}Gv#Y)3;j}(S!9u;`8i&_m?jG~q{wdj1UE=W{c zrfwmv8shZtYf&h-#lC-Jcz;I060Ox9>JHJu& zi8}(}#pPo)>tFj9lHLp}nR#s4z0lyZI+}CKeZmx%XCA)u-&gZr4zt*5D|Tg2=7js8 z=4vND{el*Hthp>vhN78cHuHFs2N5!fd=ZCj>q{of3`?f-j%A~Ac2WV%`mU!c)Xw`M ztv}E;@<-bu`>=RBvUML4gQ)i-1;&S&8`aGhxv(etww{*y`2u}Ocz%CUeDDrUcyMmE zknQ@5{}YR7xDMtvDTqRA2Y^#kQKryFJf07@|H!$PR~u(U3?68E#q3DK2Y69^kE+7I zhW>BQ)ZhSQipnmL^CtrFtajr8pJ4{}3ceUwkEZ$|i$9>opJtE?4=zoMeEo-v;D;eg zfPYtsA6IyT0C)eN`1xH%k0^MN^EQS?W-jtS%!8~xEsS6OU4YnkWbZ4*r>$?s zzrvBY^TY$GpDQPu1wU39QvUh$UZ6C;`xdfMbN-JE4#9;Dw4CYHu7LF^iFpO(;U5op z;{h9H3unQ`#<~j|_wyCuZ65z&b^qgW)Q@2!oqlxU^*sT2f8O;D@%4Zx6C!|TX)&$q zg#}JPdjrf&l=+UrbU%A)p0vK-exF2Gffs4;6*=*kNor&p@;&9*2rb@tJ#_zLF#Z^fKL+DZhUHI&rH?bFN3DmkbP<&oZ~A*}0xJHLpZzvM z@aSu*=DBe_v%XqLc9M5tc~Zh>V7+%W#K zrCjAao^}IQRxOMz>rC$6JL+UQ+`N9^@K5W1U+56k$iJ{;{>#+j_ci0RK_$htGWz62 zK7q*(>WOi6MHkfKbClv%yk$!h8kOBv&MtznME&f?epDxd$pC{m z`h`cWC(SJSpz}IFF85ZU3bKks>MpD@q^A*j&A&0Gh7ifm#Ggc)^L&&PEfa|4!P=d$ z6PuF53J4DF;9>bu!+8VhR}z+&i$|-__e>c~Zf+{c%|NpZe`m%9#$MS@P=0@*Fad?EL^;fSh+0s;ZH)UAQX-GcLh+XVR(c>*Ec|zB zHMPD|TgZtX50(+uWj}jT4~s(p@iVggtmKEpFrQJUx*d z(hyBk)A{p=bj0qE_sMkWz)7bfO@9mDlh<_ZT%v5)yi$N|Z`}Uef>ZIl)%2Dyo%gAOGbK);|7^ ztPLS}>9R(LU{h-y8%2)*%diLMfr+l~3sK$zJSdpgz5Qd^nwLN?L^U*|q$DYo^&~z~ zr{+bR|7Tk9`mf_{d?(fz5R2m7&E)q#iA8N>(Iw#%VwVB2rEaG)s+o|gzBKTps+-d% zd;H%Rp<{)X%g8@v33J*&TtdRY2jM}BkkW|Dg2z-wgkAhW60Z~vrM)s016+DrFAQN~>B{L7!$&1F_K!-bHgSOW8 zqTIyPZtct{uYV)+2R0O3GTX4c-yw{sm}Ucvc8BHDKx|pKOJ* zV1R&N>@?cpxy3>hu~yMh5J>;aV4M(pxqsnf@^DLHX2k^7B4`N6EBEJvD4+w>C8}Pw zfhLPV;hyz#-UG#Pw5Ho39@6+sDNu96-)Q{{c?Zp@6vf%A;*n=Nbn+o2`181vV4NG$fK)0%^04pI73e?zwyfZJqyZC34OqH;g>+CGb;NfO>i!p( z18VRwEey=Kqdvwg3H~e>(i4A%vb_N8FxICJBd-4krB$WOY5th}4V{p3Q2M`QZTdyy zK>%J4;4V?YKSlKWH+A^Njwn6wqOrXC-|7Je9&!W)UZ?32P5u+qlA%X@hgwWQii@*g z>Lu~C;yvhp9Z^jzrv~UC2?D*S+eVG@*_#2wkePM6^`8dlP;@^$w`l*J+EfdM|C(A# zq=+xgwZK!CI~4ze$Z8nTcr;N^OTjdagYY}lK9nMT zU4sIWa?+n;M{nW*)V@+;q5ZLwb%Ma36ByD(E=cPXp%ftpErRhsD1tF1^9l;RE__+M z``;=80oV3$W@F>=H=Z#j{_RrjSeZ$J*q!26+Bc4CCz=Dzx|V*=8C4| zp8Q}Jx2pUiTI#6hjEzl^Qf#c#vf<|AsWzh+-ke7`Mlt;)8Vi`SjMD5R8-ohJbsDgX@HSUw~0-B*V_Gr@7DJ zWq6uONtHTDNBr}8K0M7)A&p%AqKri8t7*}HbD01LA=l0=_TrwU?;|i)J{Cc_eul1F zB;crn#+-SBBItR*Elmtqg;aJHHIl2R^FfR#tdDt~oA>ej+Qd*V7`4zFDr&Lh+T2;* zZzj(V-JWUF(t6V0#MFGecrYM^{n}(hs1ob)UAhQa3wE-T@!sDR3R!_cxQSkN-fuC9 zwp~Sl(wS5q0PWW4+Tm~L&z?2h2ZDGZPqzVa-W(j|Ffjj>?1T+*Y(Oxr#utX~QnLHa zBd&w)&?0z(qn`0?YI&=_qL=Bec0Nnazo#98mC+rkv{@rL^hUDBISo^8_+nCi9tq^t z{SM8Ipsh*bp{8ou{CA1mDBVIg+&}d`ejclP{}k!aw(HllGzz@>4uZ4i$mxJ#O;o&K z137(vJ6A)H9?+-kjAKc6A2(=`Lz*>PO%X%vu?1csLzBE`U!+_mg7kH=ShSG$5Kg%<)=g@`kL2Uim6!+t$ z)_#tTLBGd(5P{Ydkoj}-#*3WaDqVM0D&NZ(pODq)HhFul-^M4A;9BTvsilJXfG7_R=Ks}2M8mF!8Uz-d`4B^2P@lA z@qtx$0+-xn29r+VG|o3Mj(hLrGRCfV;)Pk<=D>uUsZmu@sTO7N4PQ{5(eI#_sU(7uJD9kJzMBpm7kt(`(3bWF|^Kj-o6mheUBzW z{E9ORzQ%Z-FYJ9Fy0@|9$zK0W>KTf0=Ry|kF>T%k1cx*>N+I9zAstsI0h%tJH3w12 zK6xbLQ0=pAp+&bU%eorFY5R&? z3{U?iR)`$=OZ{`t6c}#@Km6F7%7mQ1tGIW{#VgqX+@{99@KE_gBakCtQ`-})-#J-> zG61MC^`|<|fy{7fjesYo;Mpq3wD*@}xQF!dx#kKl$^4V0sUb%v)C6~*+B7Q23Y2)t zk=+I3(n_*AMHG0-`(IyEF!Haj-J8%TQM&vL1_tL(c&rON-}CvFh9@U3oChtQ`cFmF zAAa^mgJmfep~q|H6RLLW;Bz(Zndw5ODE<1b0hd%SF=O$a`WiqjWhjq@<>4y$gm=Fg zgXpbf3ZtfsNPD7`rXCcYmZ8jSYwsuM>9>GNt8(hY4S5)5QE=P;D=DLA&A1SqghUA&Upffp8;UN}8Gao9_MIZTU z;vvml$H9(#ftKGwqZ|0*kv)_cg0=$c6FPKA$4_-4$szIiY)E4??SljCkGuJy?p1VD9aD-h8L}`OE46hc3GHs4DY$`13YIITm;NsMzpwAP< zJf;nl3+{b*hT%SLWJ%ZV>Nz@N){2Pmlf;%FC5RMv$RS=iqTUg!%)P5STLY%wc`D}` zRsr5lL-ihQU;;5H#^te>^=CW`*t)IGfPAITq-m>t77rz48L+k_85jd=q4g8x= ztoPRRay>c8Podqy(BcOXe&b-I$2AH7U*xZ zZReqMJN3w5*cGH?+_{LT6E0=mc7kRSAX$HBmY^PTkE|5~PLe<1FSvr%qY1uuOdi|7 z!hml{&p?@)8cD!V<XWd#= zeqzjLJbuoQp20(bK$Y^o)lHBNMx%~|_Uf-s><39PeUc3)GOFM{Vd+#vxu ztVEVzGUyW$06?gfZ~{*}`g$;+#o9dI>kfky894ifaGgXnpr3J#;@;+Jzdqw+lRM(2 zV8UzXhI@VM-_uvE4TD;h*3;k>WSQ>I!O7GaQ zow`|EkIuI&3%1u!6wb;5-th_XK#m+>OV}84AWlN{c}^puDXHz>0dO^r?Hz~NY`pTgKcEW58pHnc&OA2W$1FsK>)BUx&?h$ z7)a5pwtt^eseQ70qJegX-)*aNQmsF6Tb}D0GPTD16ZOINm7}3c?BVzhP<{#eFiI6_ z0?;<&BsL@UI6QJtCoT$BqcO!+YBcle&1#29%0c?+_jZI7%F&>g= zqB~a12M9F`S#)^b@vFanB?!V2BP0+Qx>RfEaZTkO=92DxqPRh}%+pwl5^;M=)!Zd} zR;v`p^Rd#mu_6>%=LE1L61Az=ev$`(Dm?ii=?Qr!2@ogZ$G45~Wz=vZJ+^xU>~XU} zdT>@$r|7NX@k-X7bbBJHQvzfnAczBM^hrnue2kG*>2OO`yShBGo1+4Tr>!&UhEV!M z9R+Wvu5#$3Iu~J!g3KRUC-^t)%0W#^lQvS`ZpM!A@LJiT+NLBl3P1<>yvgc9QwpKL zQe-6aC4L@8SwLs233mWL|SZw*gKnThX>{99=vJA*%pqM5-ViP6a+{kB z64EbEO9!h@U@><;Z&I5&aC-<4lMl!yb0?S{r%4pOyps`|nH_%Muzhe71iP3Iw2M*)JQD zu&36iyM|_rsRn%B8r@xjG8J!;%Zx5oM6-f~Q)HaP;3f;tiH_D> z2agwFErOQ54$}L=XO>J#D#37?f_k^kxqZdAfvXP!>25sn(bP$PB%!*W*OK^I>eoEh zukxwU!q@`*Xf0M3pj@Q2l{ax9FBjZd`3ep|R4Ab)UbGk6aF79*rr0?Ou4=J&X@-2& z9H1il{ys}5JVt&3XzDNIM3QCEo)}@+qjPShEw)n8B8K0yy%BiL!CwRQ?$Rn;W_rPx zqfSMa!Q>$|=(+-AegtQ6J9)Vij(_(v(us^o*;BLQ=CPU=Fg*@6UZ!PDZK{Gmv0t$V zdq}Dz(GuM9*+*P&_TPA=6T0B2z4l|+y=;%q zPsEFbO3ATfg?Q}Rj{r=Sm{adCX9VZFMlC{xC~;IBukckE?hmYGegM=;H>7AGt}#P$ z6L%X?wx_@aLzk_+mta!+#SIwps>rX3@TyqU@lvj`uQwlW@(Bf!SN$aez0WTs=}e-z z0B!X6%GtMi798R5TI7A;YIuy`{nc58IFl6W=F|n9#>FxW;LLZrF&PKA`Zk{wJ1Log z8=@cc$^ud<9N-gk3ohw?s&a?rOQjuIA6p*h2wYX+h)8q$LQxdWc>J~+6KQ~vwxY?E zHHXOF8_gW&p*7Akf4+2bipkG?|J`h62#yH_4s0+H@M1Oeu6U4-W{(#SJkolti_HMC zd+AF&s;u-3V7mt#ISB=RGt++o5#j)(x1nebIo>}iN~XB?vbc>|%j*nC;a_)dJ{@1C z&5syeNkS@eFmYC?9}eg07fWJAEW#%LaTwU1K-I2YfAk=2?9m4dWUXFud5lL}x~rg_ zZd?xhFPa-q6vvVz;~PcZ)mClB)PU@PDp^&h5h%Q`ugpz8gE>94!8@^(I#Yl=dL|^K zyQSY_ht5=rmN+f0vH~nP!NC}n~PF*I?3}56&14d zY55*=rpkMFbH}apT&xx3RaCecKc`~js-cG5S({n6B@1RN} zT1+-Bz!;D#=Te}$nbv2@z(*<+xW{QgoDBd{jyC_NLjb(w=2uT3)t*IJX{vrdPcrp( zecG(F@QYhs9kvmCDtuw`F3KESwflRQJJZ@eY`h_%u=`+oAz#-&r_vN}WWZ=QPS(!+ zu#`1RgTCw9mEOLtZ-sFZ3UvEW@bsI-64&toHplG3Q2JOtIOZY8C7X!*TthEK&q_~E z(L7>d-eq&&ZnMgfymMtBSeIkl;qd9IS|u&sQ1LQ}wCAKs>8*VR&^XaQzfHuh=5nDK zQnDN(06LW^cc6TC4kq}SFOKGsxQtLBY*?u)(KN)iplMbmb5*iT;o+cAWwg2_~8cW(71-6NwGt-tJa|we>vaQ zz7oi#a;I?s3zMA|*XSG?RD3QXQG?6|+T;wVfpPPRla7g}f{K8=l&H!JFylPVdB@W? zeVCcTomjXWFwzgs{N{0a zu!5xsIO=xzP^o9F^c$+eqI>A=h_-jCr#N9CKTd)zIcN)?T_Tla`tHfg{p~Pxq%zq0 znLEn%IdP4qvkUOlfh*mSiutiEP6FBf99Go>XWA-UrY+Jv@6E@Wo$ui&bGc>QnVH=I zLB%f`I*B?+AmZiE2fut4m5#?&(!>98;AX+XMGSZu;cfntJrYL>xNNE6 z3+1Q#!HHXWzWR8i=UZg_GYSo+}&Whya3L9^CH-m-9y{o zS|Vi~o1MuroC{KIr;dKW9u4k3{NXHoIW}5pop4Dx!t|?_GueMZNF()9`C4j$1nK3Q zxAZTFB#IO<_;Xy>hlebl^G~d#P6`&6w3QOSUiKh!Epq!?3Up?Mv*_`Z@$`1N~!^67Zy>mJ*v)XYb-EO zy0Mb@rrdUpz9&sdHjOd3_M%R6t@VX?6@2)!`_fhv)Dek&k;&JfHH5I<7~=;~AO0j1 z3tgOD;;*24R-XRGc~)cmbM0@FGPEjh&RMzaPN_(3FP{#`lKt3^R#tfk?m)h7RkfQJ zh0vlYoqNagQ03^DN7rY7soLECIkq-ufbXck?gtn#Pw&;3RlXEFO(3&b#-QuavwwRX z!F4pi3FoZ=&-K{^i$J%F3DaRLY>A4gtaOEMAKRW{vRM;)9UfW|D`3$4*I$g$62d}? z!r!d!rJ@+S?}|wsFdTZJ9%HAV+m7GBPT|8l(aBczYQ@>ZxvUF#j}NFD zBFXK#J06eN6(&CV8fdW4dux3JVK$kbU6r$7yU?qhrd(NHHC-23^XjrxlH0Lmo}Spd z0ih2sw#5Tsw+QSBzlCkib*b_1=)64~-rXRQIyw*=?2Af-3C2s9YITeL>t4)XzC&i9 z=~4rMAKh$;7>O{T4SaQ(UTSwexH)v^X#f1~bfi+A#gOtwnQAURt8Oi}n)aK3AdHIU zkC=RhS`+wmZUgsHPI|Iv|5f%R>j`DH>>LbLx=t)95=M=3RaaDxB?|? z(yU%EAk16EiZ#F$p0j4nwJ3g`Xu zPGjPHdUZLrF+)uu>F#sv$yT07?q!>=@R}wK=XSkm8pf|nL*(3GNzJ6I|| ziMyC3xx5lB95~GR;=fg|XEN-7r+z-fYaWLo2A`v75=7y--xrkrTO?=Vf#?E<&Ra3p@m6zekEVx8(AF(T2t)4N_#1z`pn<>zg9Lwl0;yqfBu9T%A zl2x^LX8(cg`c#uqg^^u3Lki3OMw`GSxWk5dpNwmjrQD6rWT+_psk5z!k zb-G254>44fnP)wLJ6%oTx}$a5YE-{R9hZ<~?OCuP1C4A9@8eo5+D3;NC2%`?X-C@fPB;2Z-+Ly~f)fNzTZ=4u zBqaGAPlCYSnnBd_fhLC%%8oirt=k+l9n_Iu92g*k_@eMsm>~8kyBLIj0RWV#)l#FB zm}Z3u;1#n2`3VzJttd^#CBmTjzM$JI%HiHBfDzP zKU(@?cbLgv$reM?x#ZzV2U+D0B;3z*ESS|89_)Nw@07~VEAVD$4_+HATwr{Dj*LRh zJhpmkP-?wf;c#(bZ!=P2X|Oo5x}(snx~M5LP}NJ0q@9F)mZf8bcqK(4xr*JSQ{In% zFYHN=e3e+d#Aki>U-$kmcn~T`>;=2^pqq`zI*&ZbCI=o_RK&>Vc80}j*|h|QGkaIf zo2YuJYO17{>jN2rJwV;cg3{5FOsIu(-`8#@+8fuj`Jj%5L1AHIAzMYV+Er5|@aZ^N zG|#qwdRE%S{LfEMjZA?Hy>nIsj&{!KoqrvmRmm;tduxt(%*jf2ALx+AL&H!xT!-ObR zDj@KY_X$erXZ*6$(uM5iySwB$RAp zlx{Dd+#2mKQU%-{61M91w-&JHWUjgF+p{2Wb3c!}n8sy0ZPQLZ!)9!iZz0?1LQibt z-)DY@*xwpSa@-uW7r?~1`X*G{^?k0?YZtb9iTBT*CrX97BF}`1vwI=oERb&hZvCil zp%6QkKe{FQ`gQHQh&z2EE*0cLEs&aTcbW*QZ z(Gbwggvo;qrh*7!2{zf!>r=6fz@xP8?yHjFp3^Uni9td76_$qql@n6;^@?;qaCiI_ zOzueTFsnM%63LYJN%dk@u79^&liU{YP{k8O3(3ZW=x4W6?tevNlb8YS-AitJ0$4NQ zNFM+CBg~`gD{~HB_(_u`6X(K&s9frs!?Q`%M<`5Goc5PgTH*pUSC45Uq~p_rmqyBE zSy`*B$8L`y#_LL15DywVDTRPLhV`_>7ee!&{>pbwV_^V)b9eQ_cJs*f>l9fV$|vVSfAVV?v`94#3%Mk((g!B`JJU@2g%C>44hNY??(J z)E(4AvkuIVntuUt7J;@i`%h;!fC%h)hx8~#Hn5`)EwPEJEEhXFsG9n^1tzW9zgVVf z?%!^(-%z_LdTEw$U9+4YPwu*W;e26dnH|raqaA{!byc1q-qji^`Se~3dpF{Lz z<>4!StZ+$_zN~V+sWg}Utyh+PN5eLOllv=u0Jqs%o+{{nQ1yaEDBA2V`8LWeFc*fbI6k_IG8a^zlFAc&Cjg?(T*fAV^kk>1OXvOzj_%067cEtd*O)w}OQ#v?u59KKwVxssjkCjvV^H*fP= zV6;VUC9f$>;x+kcGJ{++w}_qiQ;7<)hlr%STk5wX-zR+1lw)NpmdZCQzB9~G(o^Mv zOQ*i2^T>K-l#kV{H;92}V0NWIy|{sFWn%N0FhTa?f_sojgf{38#FV1+5e{@a+HFwP zpWjOH7E(&H&1DgA$&PZdzq4?8-1P;ERh8XBn!bZ+?Mnqj#wI`1(rK z{)^HNjvLb!iCUHASCZTs&G9_(l}bUlpW!IP-fzc<+1n&te%W)d z*055~I2@l_HK#uX0JH2<@a-M82bsCZePG!y<{ZIV?AD~Px2w*?bs?r7XGF2oj2lNZzX)NkuzU6|U+xV;3dL%-{t z@3ah?GR2<5m%E`Xq#?-uno%#=K3u!`IZ-KV4_vwXNX>nN`YKX+W{O%#x=C%lI5J z^tP8ZMe}Nx{3e5}Ck!P4jyJ=|c#1-T=|cxv?2O(t25J`&$Ssme#FV&ml}&t{?dTe> znuy_Z^3l{}MDSkIs;Nzz#pyME1gv~juf;}}ChY(jyucby&#=;Gh$dV(Q1`=L6R;V^ zcGtLXE4-@+q6srnVU`&zH2d0rc{;+(@{LTi+`qz>&QvS~vKqL&?TWowhlBHXm#eD-{omM>yO1sEcf@o0P9}&gse`E9 zVDS>$$0~cwBX$Ra!GciVx_7)NsWMd`Jj-2Z6xkM;h~u+$oa`rvKK>UmM05%VzXq zm$CPrt&GcJf4DUfXWqQ%{x|NitF{?b>mwiuBv!P|W~eNnHI5HlQtFX1K7Bh~#`Q#- zZBGhU56x-*j*oc}9OXU3z8}kyd0x)ST<`rV!(Mu{7wIFCgj0`~;piVbXcf(^a>qUh z7@0m_vf0_4#)AeF^l#7FVv>?*s(gNBRD zCA0BOlRFc#j|#l)-=@o03>EcM+4X5=CJMPv=NU8^nsnBc-tB#cK~Z->qd&Ti%No;~ zy-_HTY@BSRayx|g=n1FTU|f;=(mEI+>qxL>-R|oWs(O*xwiq?>P*&N zsHBXyC|Oi`_Jd6lsMg-|FRQ!U zKS3sd0KDOy_eLZrL{33V8CoWHV~zdAyi=>^(FUM5pIF@%(1CQMSJDRYemM2?+(&S=NZMBajGFv9$ACtj4dsE zxaezFc`e7eFRkAiTSs31@CYsW9#~cuB8Nd}ygwLi+*!VjSGqIaw6xzL6T)}u6VP9_7LrD>{@thsH$9+pm>r z!}I2Q%z&Zc3rHm?#_@t#JCt}qZ}xlSBXKqnypLlN84s&32o0#XS126L6En-V3LK9` zXMG6cM6ASTu3<)ZZ8<&(N4X{!caN4!7lm!s{4FM;X#vhTAr>jaON2q@!eDK@IFr$b ztG=@SnJ!|eFIUE}E#~G#1BK5*34#Sd8^H@w7^Pp(jLyFwDdw@Ctcv|y$Y}Y_J8G9t zoPCWx>}U%l!^fg%e^wrZ&Vs6k$90#VBuju_1fa{~WCVb{Ajx7qZtQThD}i&_jL6%^ zhXZ7b^cpH#qxZ$DoIUS+4k$&1l6s!r&(!eYHjj%?Qh7YQh2L&%`{v8_(J+zQcIDLPEG_zTWPqnhH1HfG-^J>m%-95#GR0?} zNlyO~?PzM9pB7pZd)pS1a-lo*yGwbvUIK4pdf7p1#N`3v?Jt~9Z3V^!ZX08a+5+SF zhx-CIy$LH#?5=?Xn?Fc(=4I=I5GewiB;2zT{vVD;NE-y|)|CSL(FMN1BjSr~& zn8~NKWBHF5-WjXd71Q$!P$!$puE-O{;aPl?-z@b-mK1~=8p_#P2HR#!uk?r#cRhpy z+1)p|ek~yUgwZ2+w1IHr_^6R`0ft!DvbvB=<;*hMxz4@{9KBJE30&@E3o;P(e@~^B zN$++wIol8eBS0i;$H<>&!8)^6-)y=93L)exkycss+arDN=YcsoNxbxLuau<+vm3V$ zS8W9t=Q-~t*Zc8o54oUUktiR2vE4jdRC28L=9nnM&Qwg3lnH2NvSO4`LVTfiHZ7z>1*!o*<#wx_gXy6IE!Ew98b4Nu#N|= zCZfFgB&WMz-`(c8Y5K{JEPSg{F5#VIIIGcMUx$oxhU(4NypLmD(#8GbMelZcZxy06 zo}AzLX?TI2ono~s8`aySLc8!SSx~l3HZghWP>VNZZ1`a6~Jlrhru5V_NB%=0YMNqK$=mlX#n}O+^;#mTVO0W zVMpS{g_6ZQ)6RqjLEsJ;mD}I?UI<($GpDox zh%g(Ilu>n1U--m}2C4U1luLwne-0n|#Y>hJ_5EGa zT+<%2B#;_dT2PdYr;#Wy>5{W7oAXmF&s!*W=W0Z!K-Ei>GfDbgW*blHp?<7PM9WY8 zoQ9q-xri1?up26C7B|&-*-UmTc&isDxY{rFKTyunFdXZ88hhqwoJ^K~Kx))+;d1%s z=R{gJUG~Y(D>_~{Xo(e27xg94-*y`JdTvnbG4OcOUu?i&ju#lL=s{j=i1?p+j;c%@ zzZ0|vxv+57-u@-03SV_ls_0Db)7jwmao8Zz3WH75Unq`E=24Q4;ceUC&FrkBd{A)}oWb<^a>lSQX^Jt-b-= zYje&%M0ZWVru4pO0PQlR42TJ?@ zKhAFN%^qV;)!4;Hss0tV7>@dfJ}$EEu3hgc8NPezgbsNw`%Im2LM@-J>urZ%CR&cv z+lTknj13m1Pa!dv^Y%Le;}D+KwlQCx2?wGJ4*yKO{gx_1dZ5bX2Z!6*hP;#@+h5#0TJr66fM9@KrW{ zG#jFC-{XacAgfhxNl2CC zvcD{!H#w)AyE{kIAxv6!n(2XZ`PPzXeBGg6+{+O4h5#Dx$-=(rD`Rd?C)?Z-l@@oJ zK|$1F@Tzn{dnA>ZjDMa%+v9E`9L>ROx?HD?29Z98GyD~Npt^(54Zw1IZV3)cpdU!=t~3n zVp@(S@61QaJ`%g*__sL61{#k?zQOrT)(}UzCNXLy*+G`{xpDlI@xNco=yUojs zAI#z#Wd$sP3|peglZ>yXDI{y5YBq~URI*jaN9s0f8Smign0b0G`eW1)!lsjcHu&(z z4P0v>&_;c#4wA~nXZxU^1;s%k$OE19aWSZaep~2MB4lzMa@_!Nl=xhy5wX`*8dM>C z_h3U-IFNH#Y-RM`BnWU2m)!Q3I3FJ$!mk=QS|4t5UTMTuN_w*97I@FL>6=xxrUiAl z58J}L3=PQIP&bgNP)ZHaDa82CbBq9FnbArol#@N-RH27iou-m)Kppw* zQNc!paeVZ*a4F;jQSZ~IzBn<92=>IhF zvYolD&vo2vq`=ZW0&R9Wi3ZB`_AddjnxGqUlAy9kY=cn+3M+V;!Im4-aKj#uoFg8~ zl-Fm|o&o8$@r3_S!Xic$p)<6PEB#BXlb6&%WPE3(Vx#4br6#k)OtIamq)!+x3i9eN z?0s{%*~B;|)E2ogu88Vknc6M;s|VC*AJ!2|MtB>{4KEKCYB$-m!3!4n_ZP3yJt!zS z963ow6QLsCZ($C;Qj4RNP2w_T13sh!pX$Aq&Eu=zD#+aF@i{$PYp};hg?kw7OUlXC zh zj`Q82pkc^8U1b;aUo;O}X1$rh$)Rz^N~ra@l3h2P=d!h!3L0u&dW;xf_sgogTpu=< zW(8_$P9cB!?&)nGo$MD`iVBpUx6Hdu zyNTl;EE#;03goC?GOXLl#CtLEll*gf>FG64f^6*1{h;3(HAlBQe_bj;Og0cCbPY|2 zfE_4bsnTtxK(wuA2xD-Vjot+IbRcUQ6d`9-J*&b(K^d|^dW@>4#G|NV0%R@&K{5Eq z$-nm4WuKp>OgwmhHPATE?by{}(*Jhe<0)1|F;=$Ima{x#X`*SZW1})ESCSf~@ESDb zu@P2a{mkgT0yZGkSdIvSu+?iI34vQ-Zcbtw-}pH=R;s}-Q+`hr6=js!Mb>F9NgxPO zMVrb1)p*QVMskpAX0hihy>6;BlBT5s^DfGl=sqL*_DnUoi!H!Yqu#Hy9m4zV)UQGN zTsTj%statdVlsgK!bHPln4X{S1EoL?Zo4wsD$wGTvYmN%g2`;@YP(VsD zYQyQBh-n0PW*kRulGC2NV`ph^1JX1l$yJc3zw2p4nedtyKxQ3uXD z*#>S<_(ZMx&rFsV%1`>G>5-BWB=yjqN!xG=fpYVL)nI|#bW5a(B^&w5!mO!|FUg3W zr4&VWjNMA{80*x4k(ifdU=`?vQ!;m(SDr&b6iB#&w8|J|1NpwdzE(z{Rh1eIsFj2& zr7PD-KcrL1iXV0~bD=UxG7Zsx0RjT9QIOI77$9)$pG!`Ze*k(jl>pI#NG5?=iV)cdhT(K`qyNXPQrI}}!6VMn_0J2%x3SZ83)5wk5k)1nhEv9a#3a8j#349OuIm^al>1IERh>DbRB2Q$DMxj|l*CWwdfAiVbu|As)h_ zW`}J+qli@IgW_d_rF_U`EYMsvu1f;DdEAR&A!-aG{vS6m#cO-T5bYF+Rmly zCXchPI!wy>!^vjcF}FiF$24?8FI?TR9VULJ*uEXCJ_WlG@YKvC%v%6;%9?ejiU@QR4Zq)IA=*I`&Gu&kHm zeln=2O1*#9Ksq)@O_e)C{o$rt_m-~j0IK~9SHPJTv}Z6^wMo3QK%!v;p1Wa6dPp|6 z-9Ay!CD|lF8y%%Ml%m~f^p?b;f7M-gFK|usocEcMqwVSm=Pi=zJ6^CgmlE%P7NHkP zgt;+k8ztf4LrYI;{K%?FY&vL(*Pg~tUv@xyRTZ6cJ5icSY z#=8-WblL%?N}Eq_jv3}0O*sg_u>2*PbdN}%oP**)JgPY zTk{$OfI9cf?opzHkKGkal7h&BqN?w{DGm$xD^BjInT6>G--;3|+izFhOX#ng zD|3`-%~VLX>Zw%P?;hPp^aVJjTSixIZ|~nUGZ+~;PE$WHZc|x>Ci5tnOKNBZcE@vE z_Qh&-Jx6Gw9@Q$GiETqaJgZT#S^ua-sr3&>b)LZ{;q0C~88y zxYe*oAj4yJtkrOv__wjulQ9v4vl=!%Ennj^%avd8tzn6IQu&Q)h<;6@eiK#`8MEC+ zPtU)U(c-j)ahs-Sk2Tck!-YQ2?W*l?`j4@XY8{-mnqJ=`xZ86weuAt+x4dQ?pxVH2 za!j>2IIf(!r57tAaeyn1rBZSNtc7B9BsgV*-%SFfm!%?IH4Nq>gKPUPuHP8|1u5p4Ga->o{qnERv4UQ z>-BVa;}SR|=3hgEKW_RiFoDJnpTSH ztEX14RhI(LwS%7vi9E zN`7U>kE4u@&!Sxf6PMR1w|Sp~yQ1S>KqIWefF>_=3zCzC!NViAQD0p0=kve^KF=4M zLNxrsgY(w__dL>Au)d+LsQzE<{bf{?-S+?tD}sbUhmz6~f}}`_ga|`75-N>^BGQZ? zAyOhGAt@;#CCwlpf^;`XcXz*MbVld)=l}WeetMp@T#JP>cwOh5ooB~6d&B11K%JEH zzw4w_!7Cot{I2oD2^#luNx!MZz7;}0UY(ri zx4i(k!hPvYg9pkO)1y6URRQCp6cC~ZYr4~xf~;9~e^Uq)a=FmTb;fJa5|7C+=x5`VyhjP#wODC|ODdt(vu@Q03-;6VK zCs6Bf&a0gU{VcpfNKEk#HfSoq#7l#4E@)l>^+;qKg0z;!fr-9xZFd*b3MX#23Rj&3 zTF1Q{Zj7%Ep|J(#Rug%q&|gfzV069xQCJaI=VM$U9*Uj#+qBK*z~~*oxmV<>vHRU? zP~(~?+%2IJD@2nr(W2i%tM8fmv(M34;xG^2ni z+A#}3d=CY+H{Mu%75>aNJfh`zj5a9p%(d^?UQ3v`a0T0m+XrM-EELPM>NQ$EZX5yM zCFOxW^wM)pmCc5Y*AF~9TLxeUG$Oe~0FLC3(a1WqAMeBABD{=TaGN~vsNQvw<>ck^ z)MaZDy5l`!DLIFCO!yRlVt#uDJlrNJY$znE*txRuZ2oWO$#mGnk$_J`c3vC%Q>;X)p^A_ zPs@3*nqCtmLKCy;nRGVtYdktu0qNUe!r~Q~qVqd~X0UDQXHy;U!k{B)=aBWrGJ%t5 zsQXAn0s-SJaF#lTAIZfPPiI8eNb1-_BIqA+C9j@wpGC_jzuP^@7nWF5<%tR_VyHZl zG#^Ny^Y<%bFO&F9bo0lt{M8J$A&f`{f2f;b#}1rAty2>`2tEOo&OjF>>(^6=x=DM$ z6L~+{=+svm($uk%j?)1;703Z^+P3dWQ_3bz?t{OuF1i#uCplj_$^2>6B&&!oM$C$% zxT|gHPovoYZ>(e@itjS(0Lm>Me~A6*qr7AWrEc(@tJ3H1hnTZO%bxKdkE&8Yp9cV% zT_G&O{F~=~8>g#=vHMI~`LN-g#}5g2bH!X0#Ompn1aG&|FCA+k3LGkC1J*C8&_EPD z$I}9y57%y0r!FFLkec6jFG_jWT`UK!+gN$4aB2Nr=VMD|$kjs>F8#SkfY+)jG%%yc z@#kpuC2WUN-Bq*R9P05@oar=+*zci&aBSTsMn)C@*M#=lt0A~Z7LIDP{VEkc%WK#% z=l!jAAD~B}F{-Wcg}y4mAVSs$Lh=C^#6T5ot0-F4FQ17sgG5WN8V!vRn?L7E2L?o& zrox&j@Va>@d&L8r2!Aon+&3BLzg94P8pnD3YqFNl$ z4YQdU7BoBel;<*b0Y38G$sHmjJThfabwpjRP*5>a*=j`%(TqU?l#%j1U+Fm)g~rs) z^@x)_;Zlm+-S4GKWz~VgCxbxVOY8>aqUav~t^bxg!#S)Nwvy8+3fczNxG@dL-o3*g(&U%+6z#T#PX4v1o4fMX+M4+i|m1l`F)x1?{7NR zwnu9mwVZY*z{qHRzmT0R&dA>s#$muEJ&yi2wxJ``B)X9vF3?Z-k(x6vMXN;_y~pXh zY9aIKkmLf!Z|^-AmEJ;-#i?d>0h`(@pF!4riUQb;(tRQ_X#65QW0X;)#om2j9?il_ zHe4gX@!~!vN+*VWj`LzlQ%qrCv`chV#^{F!ZR52zM?NfqWrj%E7AB$2$)mVWv zirjB}$A=wJYv!YcIyaKsWSR!n2dBHcLfT}u@-dava4Me=m=az~pWmuVk14Hu#_qvr zL0*C+7^f8Asq4?aL?L*J4a}eS$YLh3$03q%R8{~&@U zTx<{kzJM>}+fBUjl=v;W>?hqy+c9Y-+~}K6S_hkoDDut5?A(+B0jCL6s3S`Hzm5Q3 z^^Q~#MU^?>75?%0P3UDm@I_Yce~GT)?LGmlXrrdK`hGvJz2J2{$6126o_90GcDA49 z&F}ENVZqSugJ%i`S&A~eK?V&{1&s%p@iLCW8pw8tK44ZVS5-uL z>etV~S2W1wJpz*#Ox?;m+n)LJJ0YvSOz+e#SCW9~sS2?}RVU;?6~$KR5wp(N2}pNP z<$s9rOB=;AxtlA*H|w-9b@mg!y|Y`%?;fy>J+$)vXq&Hm6yFqV#Ab$%f0eFv0@!aa zsz>{|QM=y*;k74olg0D1mqpUmMf)FRxRHpb6Rn?Q@C9b%P>Sy9Vcd0dajE&XQ+Ukn z$Q7yBpsnnNEH;RuXrG^QzmLv%a9X#TsrxRYGurkU@3}@Y>30`GR2M7`UZ>9w^kYJ> z!>2_u=ipZnu*mu!ix!mQ+@r!{6C{Md=AU%Lt0GB~0YSkG6S znB-}xUJ!C5m)WxI<$t3Z7wMuFE#2K4E@-K}cTEv4j(=kqyn3m4GtqdK?8e*ajAS9g z?kPvl=P$d5`gYa96t>a#2XNEWdB~a513?ELoXQ74mDiH+Bby(_Q-c+`Q3N1$s-_CC za3Hj#Y)bKFoo2%1@>>Lq_GPdfiH`H+l zYdc|QPOf}31nXkpuliN9-41NnnS?E0k*ul<)L!YU5;r!q5J;-Iu>R3_Gizh%G}GvZ z7b1Ld>Su==q4Vxx`^j4uKJ2d?+>Cv6%oEVt>#f+?mp?OaO`q;IgKd~E?)JAz)_~)- zaJqKT>poE{b`w8T_@SLIKUl;ckws4%d3E+9|B1<&(d*Q56x{TWm2Hj*?V^(3EOYwuSlce zM04*Kc5iSKE6nUS`1Wm0txWpkz+<+A=Gf<_8g4il5&!J-YQ}@G_Qc?^Yt4>nM4b2) z@Pn=%lbrfU>fV1Ly}>A-TqVS|duN}qdvT>_-%+XF=$Wla)^$c$4(4sf8KzN_7qs01 z(YFaNjUw&s|1K+D)&1JR>9BUE9rXPn+_awi3h~OTk_N6o)D~tR`h|n%^3b2E5NN_b zoT@WJj#m%g&qrt)5m}9O;88ZDMzF}h`}F=+_Q<{am!dKSc36k{H#>B1xaT?2cOJELHd=@_&I?X zJPmQ?l?wXLV&DA8wr_u;Q4?sk27)$-jDb7&fJT;zd2h9&#fIvo2P(ZI+osrA>lyM4~dsgU>M8fd(s9D;Dxb(W+X$A zffA^OSfB(dV!@XIKVDXhp~chs-lYN+b(v!A&5qi7#d=N8Zt)j2{`_zUc!Y4j%~cP~ z;<%;4`*T(?0q}KdQ#<+R*Qz&gu^&3sN!SOta-0u|A|xr1OWp%4JURN1I0eqT@;RBv z2*Qu*_aDYgkfQh;jDBYPa+H`X04ZGY8Zy!N=Xls)Jo+Ia*;Wv7pf3w&K{OU%mH;gO zT8cH~C(boN1B!-qX9Em)1C$rIBFvzWkN$IHKJCvj(YZi2vmq_=t_;FM*8c_hjp;JcUA5=5~D-Rupb|Z+257!9~qF?>V zvq;1tY3&ba$Yq|Q{07LHOr;kN0?|02g~Qc?wQmSk8V7^d^7GTV|95NpleYDswk|y^ zHiP-U5-QdYATrv~-$IZY9>sdumqPo8KKj!@qJg(8@Q+FlodmGFu}(nyxpsGP@D<0h zJP%Y<1raj(Bx4o^ zN3h08owQRw87*EBd=)3pdGzz^&qgJ-+yrR=e_fJ)bsK?jxgP=|tS_X$>Ht`mDY92b zc;KPz0HS9nY6w$S0$9nuFD+Tn&Vk2Cs&4$Psy>{R{;}IXcKgR}aQS!tr`>=_@@F97 zpLYAD&Hrtt|2ETqo9Pe3>!0oR&vpaGD~fyj|F5ec=fQ|cEYDudrNBI=HMh?s5`;d#cxDHiUKC}qXh|vUA z!HySN!hGd#jFsE;-Tzt_*~RwDOCkqORzF@GF4CzTI0x3TBsz8%4Sk=);b;MdU%3_# zom#UDJ5lh;Z~c_cgRyqzPnQF+G1QBFKc~NYt9W;OB{O64Gp-2d(2Pj5#yeZF=VJE& zl8Q%+kq+b|;29dyIf=+3UY(^`jchGXuj#(VAZCE&o+^6OJf?p$HgZe?%I@Xk6VDp!>38MjQtVYF;sJ`y4*fLgTw?GZc6^k>oPyk8Cj&Yh#A7j^6fm6u!CUuTq&`Lw-yg2oKaTmw zG5?hBzg_9CQXuwkyZ-M6i!^BdA?A;LYqyhM*{NX0E&?OL(D(K{5n|p z&$~uq;9uAQ9@9X?V;qP0B9XNK{>5hg1+Cz$ffN+vhkwyLM9lRcVvtetfAL?y3;%Bq zjH9EAY^5vMX;0F+FzAuXQ8!-hdQu9Ewq|Hnz{2Ao=_-7ZkF zEjTmS3pJ=4j|+enAqqfwuSyx?!6P=u=muq-NB`F;V!Q`JF5d>_hD=dtfroXgtyUKW z5YTn^wlx??X1(Yo;`krZ;YX5%hR{8MT4c(SF>;9c8wxrNZUeNDk8j-nO$+ooTF%M3 zH${>D$&EcI%S8?a=cMFw=l52xT614LT2>ZCnTrqr39j9sES8>~vkN{Ly{nF<5XzG% zj~Fs@cGaYoH`CWdOUj`9{m;vvaFUW?c=u_p^MU(V1Bm-re~uY%=zfI?4k^Q^k~yk8 z{LjHhu{<=_A85-f^7s#}5SkmzCpL}dDhek67wmp0%E@*yCIG1Xy=%xb#DFmk7SUX- z;MD9Zvvfs);up{2(I{q!#o@+*)hn;i+MzJVNBBkJVE+x2x9G37_5MIxzndS*B)?a7 z%H0Ef-)T3rD3a)DCv(_u;<&2=ie|mNhaw1KchOwoj3#rJvPd0;&?v&ptP~&QqW~W9 zwGWK?&GC4e@C&%?S70cJq!DlrfCDP?guTe%{}@fxAn6C7;?@*KsDNq!v{kI{GN2GG z9p{lDT&R?nN>Oow%HC#Z^@wZ2Z82SUxxcmhYF3@{S?R$JhV{Ywm{lwYw-1gGz!#^q!3$VlYpl#D)UX z-*Tqtr9Y5%v!YP>??|KJWNq7muZ-)%4Dv+w53**0Jg(N#7~+ui56GL)OMej5xLM;O z%DgD6C!%Ycf)A$LWSO9dGGPx;t$F9?Gi8 z;72R))L))Q)a6i&0PlF_{qCShP`gpZ&b;%ma3+@5si;`<~)0;kt9;CRm zJ#2pxaDEC^XP~_J+P$jfokq4QsDO8in=TaGO*!qzrqXm4LbVw$iUqm|6y>rt-$WrK ziV%UjD%AUJ8{lrocdCcq`r{jFsJ8vdRH9z|hlIc0m16n$@T;g#kn5rm>jy%fOJ*Tb zpV)4N1oIl!Pl3Bz=@y8C_J82zJt)-jMz3`sTl42dC6vYg693oml6J?!%VpxXLMkPt zg<|6yUPeDO`zx*xHzaXK3f*s}1dC1<&gVEJ5&_M`(A^B^^FVvuZK-^H0j#6%;C-`0D z?>}=Ruk-d3U_hjLUSElzGv#`por|JZey`$nEWnMEutnK}pBI&WAr0k&*fH3R_jZa` za4;bIB$R6o0Boy3RMqnPVZ;rkAfDuS8G6&szmY?X242eqJ&Grf0Vm2o^UCdO(rt!! zbRYg!B)^v@Mk5TK-E``C_T}eArC&%x`QUyCtlagL$D_nJQJd^H$JfAJydetN-%|T~ zdC#i|z)_{}=Tv5Q|5F(6KkF1j1Mp&lYs#`jJeRa?d*2I;Z+Kl=_g51}%n3X@x0Si{ z3Ij55x8y%Q(J!L>yt*_|$x6gCr}MOS0z1mTSRnkbBJR!rZauP{7VZf3U<{6j{MC7I zM+Yzvn0C~MgBp!_-sejwZiQU23qV{F@mKnOFnV%pw)3#Wz31TQaocLX zXqi##$ugdmec7P@MA7+=A^bpUxVyjXUUg$^cs<55nFlpBYa5dL6nu2s`qzSuQ!@UL3HS7%J#C?gUL9 z$*dmx>0}-**O9}hGXg?`+%`kT=9JZ{)d|G#1ejyy=Fe4~RG;*{oTMb$Y5VFK! z3Vq+Dk_zCj<&N9ySUuj+7kRfDmgAycyy6PI?=V~BBCe^HZV?P_q;8^}$#yB?8)4c+yD@@35{oNU6p%7&&y<${<*%hv)(ePDah zP%P2i&yWNhX0=i1Zq4xho#kQH2vzcMu)!5!OH&_lkB#gc@7Wx#om{7IS-lk!bb#D~ znc)>nM|;jiO%CdW{jdkz-=aO-D?5Q54F*+vkshzCu1CO1au0n(Hjl^3H)3xdy@MSn zTa6WIR0n<1 zo|vM$BF@_i-sei1Ad9ui=pzRsjpAGUNAn+W_(9iMKk^#LOzgopQ1x4^(2dc;g@c5B z*uuQU$&q#8`pyx!V8;nscU>9ldkDQYbhK=L(Y|~lyza5ONa!x~la;G%@plhBTdJ@7V_P{eX4PnYze=i|VrlPGk*%UsSavmatMkZ*)UVy%b$c_S_D(~+xZR>} zMVAWlH7@M52k8~BcV(+FNxN_ww!O!}P<4;%tyqQ@k^tV&Ck_-^-_FXhzwd;W$Wtxx&S+#wV6#Q8XPooLyAKa%mV|2k^?^KeY2{eu6)%*G%XB@!+C{K@_lq?a*lgquz5Q3)|cn>&`h2sk=PCV>}_r&Gg}5h99~Sy1MEk z%3Q_|cH1VNfuNtttEv>J)*gt)A|?g|$Gjq5=2o*h%MW`*^Gy{QUra{oec|J^nI>!s z`ypM8*!nFmjz_qFCE~owhL_|!Eixd1MHNfJofGo`Oc8qfDI;-CPunF|a5-GY7E(4; zMbEEEy;dXKbWuF{dgz)Bb0Qdy9@%W^VWrAY$Rd5+?!`aqV!K-g8~ik5DM*bC+x6SQ zN{u^SRZ`UuPF|f1X+5uhvd^#Hvymn(OfPiMe^U6^a?3e?EfIrBf4@T%2iN6$1<7F# z@|w2T2z(>k)&Q6u$@m%VsU;$-89f?3-rn&dt(ZMjGtz)kSAG=^#MVC;=&dQL+!|gT z!-ZX6EE=usv^X4w-p!rH-GVm3X77tyTvRPH*jbLQA&lGg4=al3bt_z5y@FdZ8mo5_ zlA$^ zNBK7ThEG~QOE;0d1199GHrGA|*exn0kJuI4-iyl8A?*2Pw1<5*PU|5jhEvo{3hEAV z2Na~S2ScfzgCpBLtf?8InV@&Ve&IqlYiZn8W&}ipVA&p~kCo%_B|qh>>ygb;p!;h^BD81zGTa*p{9>!o7_j>>G*4lbDpF$(Q9!1#`IV6X%0#lWA;zr0-yy1Y`uH5X*`k&>?ch@-*fT=Etf&v=cIQ}t zwGfBusO>HRPeX#A`A@s05!|oUa>G^DagUcVryQ(u!hrBSpGo>DP-3j^M%FhhN8K!M zOofidWf$&0+;ARscDu1!)!b zcdP3p9W}1C>w>fTv8i6ON`)|Oa?ZZ!^a`t~GA@={g>wygEcLR>Op?Z$YQ=sP=C#oc z^(cEU+g8^ODp*<0e#MJrG*bP;&#Q+sFysBt*D)Y^s~)}HK+B$CwfKNWx8gjykQ)89 z6XRqOKyMDDl9_2 zrT2;{m-YDhpI%FwE}UG@oiYyWR>zhPDd%7(N6_o#hf^oVHc@jN=Ayf0& z2)da>?IkU`pQ$MPHf!Ihuf|QF{5!@BTV|e{wVuuA4UO%!3|!TnJ|N2Pzn1U z$BJGS^ZLNzQQkdSe1{p+RZIGnnxbN7Bv}UkJr?a1FP zS48;uX23Aq48)=(Aws|9v{FGa^!RXQs_A2c(N12;qUD>Tsg3p~Ib%ld(FmPqGgJI4 z0sOJOq-9*V3BIh&-nU+y!g>yVo=;$jnU3EGx#1>;7j9^(tXs~^NOZQ`2ff}f)8N9--(MJZd9*RTot43z+uFGgUc{^? zN)j?F#8PktNpxV(>Q5KlHm$~I1V;K&&RC(Y-o%$+A@rEi<&$=4LbHJaY9g%iwa!<> zAEJl@uNu(h$U%*KXhI^1dB_=lM&zW zksL8%iPaKS{xx&+-KN_4#vxqdBe!N_otKq6D7rl`Fb9iP)T{5s-L&%tolfK!WJ#`E zOw}v4ajVf<8ih)j)sRN8>nJSro-i&HnsvVY7Qw-=5yldh?13?1-&pFhXYOHo)*Q5G zmsM_0#OThPcG+IU&@OpGM|tz9|3zvM`NxkRtG>VEcD)i!HA#wrAbF(I#?;GDz0RVNa$~K;VNE=gRuacmB~sLJ zo$Y9&l`5INNYr*(C|My+-t4PCiz+iijIDr?D-`>v@$eZIayX!NadqH(mELALKmvg2S@?08``BBdtS7|HqglONtvdsso;J!^Ooq zukbu9t52qyqZ>ai4HUxK!dQDlEtHh5N_GVfgmM|-+;rX+V%IK^-xK`)l6F_sZ8QM`4q6gQRmu3YAEc|@t{(W^GcRn zkdU%;Gs}!>dg7tf+uU{jgt;LFZ%IZrzOke`!Du`tEhcW}b)*Y%5N>h8V+zxuU4cuy zUd|6@de*1(l?DpT4o8Ac80}X?nBT6b#Acnr417u1{^TVr)nOTsF)WU^^4-0XCu+I5 z*8QMimO>=A$tF9O+{R3Oi7n|=;n@qz$&3B@--HN$2|SHK*eOp&^#%bLr6*%c5xx`_ zLK9fg;04;9fF^!YO!6^Gt2PoLAxsmU_g428T9s1dF432Qj!DcG!}p%sK`j=Je~MXC zOvzjC3kTu@=>R?+*Zn(@3g&1F$93rM%9p7L31x9bb_?zWSr3=y?m90&5DGrIyVYv^ z004SEO{b_LrPb}IRB2;6V0N~hu)wHMbX|L{(1X+K`4O)_SZhdcZ4zK~lB<*=bId?C_z z-J%Sj67IGZ96dMxfGZ+5KKbF-URRFBr#X5GDn1v38ikm4zpSrKm~=$ww{(OqaIVL^vu!2LkRD5gRu1yuX z(M%d@qM(x2xVkZz*3KQ(vA6M6*&WT1$LP1peEysm4KGSFVLFfxFRHjko{RyZOK-dr zyU}x0W)F?vv)u0_ii+eGRpJ{R`=+_0@Up3?6xJSPM_UW|tKG}#>L^|n z9@;C-Uud{AckE|MMXiZ?%XVnY=6ne;J9X{D!W@%4kNf51Osid2rp9_O}WA&Lxc}X$skruh6lFFQ#h~C2%fjm(@rC;+{C69*_KDvYVYjIX8iyc2~`-Hcz^E(9T-=rB0<< z*>yWA&Uj4WZB5tYWnaQnukXnp(w~_#1X5goSa$~|$UX<(&hVZr^srxfZ<>Q|wR!_6 zg=~ok#jhkyk@nmNlOYWcd{P-wqQh7<-guvPY+h+Rpm^+wfz8H)J^fbDzCda=!QOw> zR@iFje9bk1Z%rN;4|&mWN19ibibUIQ+&xczKvcPJZX$VVN<~73I10`-_7qZPt_}x) ztXO5W(sW!Itw#GMotbT(Cq3rf=1Frsv-#d}om%x0A2UU2dP9n+X| z*12oPNw&VvSglXq2fTK;RODy6yE^!QEO34E3+W1ZkK`2uQUP|+WlxER82FZ?f=zWf zmsko1p%mpA;Yx9mAd227pi>s8Jzfhz+NfE6$_bP5#}hXn5T@#dQ`=`AShSZ|4v*Sj zh;yYrM;gdl;jW(0;U|5#p-z z_{N&Ne)&X1yHdLH;Y9`Lv7=xufA7O*<<2@Oaz%8^<*U`F2Fe{RJggiRHFET16qy*Sh=P3HrF{L zfwf79oxO4HaH6gv!k|5l6014dp5KKr(r9m;!Iv(7maerc2bzP&xY-W6u#&A+q;1=M zuTuI_lCWHm+|v&`!76;zuhRUDyNFetEtatNdfw7Z9E^^F&Ax$;?cR5jiQTo%sQn?0 zN|zEtVfptmA=>!2)A04*?8CQanvKQ$BMH;p-I>A6H1U&1XPpAKiXM%WV^Rt^sFINP zTaH!p(!Ob6){=&NeCuh?;J7*Xr`GQBJjje<(J`ESn_0h*iOlI3?{eGQ&F$s z&;O`z0dy3HBxNw4LD>3ur`+QK0SS1xdU=3Y^QKgbAuZr`^y=K@lMdOHPVWn_=<)So z`?znshM5OCIy=2NTEHO~3veDNn9I`YHGHuyrAvW5)Z6;-TU#PQ&k^DN)1kcOoS<#X zg8q87&8Kn_cq`d+=G%)3#3#ObritnFTnu-KQZlu;JE@_MG!CJS;gI*B zWBfPs<3r2En)+z|)R$=m(i0|%k1^kIOQQKX(eYuQTsT`xHg2bVb?xne?lGiu8NY zLXNS0?4}u+siaYIZ#n(y0^eQB+3=evKcn28G37;bC0Y5nSO0{${o3)K2}hQ`sBZqQ z3ur@2(3y~>WB=+Un{|Vmd3T0*lGJd^2hyI*eu`7Pb=F&hD^$ zutQB^tC!hy(8z%q!XmCjzTr{qq!4(vhNF%2T8zRaY8Y8-`}MOIDc%`;O)+Y$B;cqs zQ7a2Jft#qUbuZ$ERf8uQ`y|-Dm+` z&@-)N4sn^$N?otF6Zf@(2&Kfyo>7$_J+o&~riW!V%I#^ry|E^ky9?9DKQ?R(m(-i_ z9J!vT2SnzK-Rx@dy4)If#j_>jsY@!9R`=>YsbY`~1;$A}W8`_HDJwE~Sd{-{O6p5? zr3WDiZSHM`+ul#-*~2zs1R70Ozvt%p#}PhTN52Uq06)#Tf^K%HNdNs;YHPeS-zN|t z0(3m>g4tW+;oK%ItSwjdW0UU^6N{%&z3P*rq>z^0+g~WbrtMnY_zH#1C!AzX&XhUt zJexOab{zbq+m)`OuT=+)@FP`t9d~9O4b=<{24*P9=aTqKo{ZNx3A~YJ=rx*n{l;-S z`#`xd=iR}#b^E2z7|k70zxna+5KR|;-$?!y+g$Y+oe>eW4Ccsb^q!*^`Usi0ufwKS zE}xkIZIWsJyfC0!TA(>V$5k#$;)LGxG!89O6r7 zbBe}Ol{i*S?&s*OSh!e~r-(w2H3LRpFC6TzbZsB*RJo2guMB^CTXG0&)oRi;-&Nt` z6m^vryeLx}nqLmM!5e@D##;$daL-O+>%=3eg?5Pp+9dSa7&J|}%)1P=GDxG&Q{L30GiZnL zWb+x`!j|SwS4=3-elGxwaak-zD;TF0JAVN5~08geJ5&>L%WW1BrbxY&f6Xd zoSqAEF*l;;yFXl&6slah(TvX?#WR<2)%f)JAO$GgwUsrk-q~CGsy{asfw^FPb%Tx1 zVSkQ^r~0Df8mzYaL;Ky@pb)0kdRdOjzQCLIR#!Im(FbGWPLJNU6SBGF=QB_QZQjXy zd1oz+%z_EVagg6PakwXYcasQmJGfm?YPU4FSaQ^Ay6KB})20`j@l5UJ9Nkrumfbs- z)~lhugiP`(AJi*&+V5_*@@W*(^5ia9i;Eh!q+ba{pRf+wAwT&#<; z>*4kyLCR)pifBRuFr()DIE*_&uWsz3L-dq-kP&6 zcshte;EEqPPnzV5vlWkK={N_9U-4glcoOckTK9lburk~CO-r;+0NL7EV&>Pu~>obdR65r`TI8&Br(PuB~6b z5S_#?bnr;jQRW1#xSWO{fgox&iGNjgOg3DOD40okcSNMU;8H>ZaBvc@KeUoo7?bb* zIO01(gH622F>ta1)%Ch_i@f_qSud=~IF(R7*{RTM0j~O;(V*Zm znZ0cz#w>gPj~fQ_UHGTJ*2{Zp7Y>+~Qi~o7XDBC^r^vKM)3 z2g+jYkttkUD1NvHT=Z#53UGh|#2b+%JRIUZF38NSb$J$S=baqT0Hzfr<3kz{L+L|GH9L$FG zx=l2Cv246G0&MKBnk%ni!CJHiN^GfJ50+?~Q*_KDDl4hz5*mD{kAvoWvJ%w!g*bHg z=_>Z7?=%;d*h)8IF-M&{G1?TtbgS#lie~u$eC@ju$*_ukVtoTqrAV$XMwG4|{IlZ$ zrCn#l3B%A^e!=${cq;T{+G+5(nQ#0IFbuG`_)?H|^?h1{FJr2O<`|%Zb^IuPoS=R1 zWxmDtCC3Xnwmgo!ge(cZN>9<;?w>UCmnqfxU+NlUa^jn?nICq3&3MQQd)va1Ht1@z zNvt;n)Gik>OK1ex#py{3r5gtetVctgc9!Wk%*9W*V8h~smAJ5bt!2$?%PPkgNt{=0 zRY2eiLhL%}d%s36b$`pke4fl`Q=FWH|6{$oeOT#CY7KlGj$=3Zh7 z($@O1cV6N#J>UGU?B3EV7IijAIrnAid}H=2f!`CUD4M4Wdt=q|-C8M5d&Nm_nRce+ z+JujM!jQhaf4E^bZ?q<0ABTrg!LkvfSzyY(wQ}Oi<~;7}J#IUL5h;y^&^$mlEz*F^ zgOcc7KPHIi6r7X7Kt^=v@Rt9FhkW`GzmF%Y7 zyex=q_Pm~woV6N`Rh7Ur>r83C$NlXs@K&n1ImABrM5Ym&57)MUrxL6yBU2ZbpRRsy zf8Kq>9=f1EjqBAWLD}bZF5;#AbQF(S_L#gXMTg6HEiTVR->=lrTT(UO-OPKlS+Y$u z$~K)xiq~*2?2zi2veM2KBm$t7J5#h1TD>ofDo638A8m*AVN^WytjPnxR9b_4qeeFZ zk0ku4n?a%@Vj=wBR;?ay%;a?4>j)Zs)mEDg!)~sUm`)0+Of>5xVg6EHLn^((*{J=4 zXXZwZbRqS7+JzZ-(qv;V;L$=QT(@Nqf=@F(irrZem7@rj5#CHJ?M!WLufeszU}e>C zgJ|U&t4FulwpK_&4|8>=Qy~X0??zl>+_>{Adhq-?C6LD47m3^lz~6{`_Bjn1H?Tyn zu2`l9Qm1PXqo)bCr+mas6Ge7FqiZGFm|d&GB)tjScQ<#Km9mo(6AiET95LW9jD4~@ z>B(|#AF1#O&CPF}o(LN4l4ll^2QZ{%lx%KxDk$zOFYyFVZiy4R^=S5m_O++BDuN(< zNM=uwwT5~B`u)hAh_;|%dsmoJk_iuftK$Ug$SKyg(+M&(H;d0AHztE{pec=I5@PS3 z0y;(lJqF}MPSHJlh0ry4#%KvPH`YQo{c;=FdB(0UjzT?4pSjBBuQpD(te#tAyD{c9 zCC2fEY1*dLiC4R6D}7h~v&I~nj2!EDF&e;ppZi0E9 z1BxeHP-ZX2d0{P^^{I&be0(>jt2@ry{ce{(->JHVUhJ?lJmq;| zw707*sK57?-Rk%2<|E~0nbuu;dJ-sV;f)wjy7X1H4k}m>3M-oP$Qb6mAGQjRA5J&H zo*NY(mvi*(HNRK`6(l#t|2O3}zH$evd61fV-Pj}g! z6CbOn=Bg?_L^X!OY%+jfYS(oxhK}+)S=);Y)vGyt?J zjhIgKZ33Z;wA(%+ZWikg%B<0e3ll>;8Ry@AvK*A;sNBsaqD`C1P<%nUIQYp`i(S5B zZ`fWxQJOkSmfPeSL0Kx~wQF~plCM+{70re^fz#KQmr~!kePv_anc@Q;e=>0UI(Ui* z+9j4~(xHUrqAnxAni=aVVXrk%I_t;UMCH`(t(742Xc3a3l^-_E$5GMce)E}&_|?uq zS(WQAn;r&rYlu+0MBCI7lH{dfN`D%|;&<_<6nw`h_cmEi*;D_}-uDcOu7~IAh9%y0 zQUhI|iy?)E)b)%&*F%qFN6PVEx64jC)dAz1P|1&}aa^w=mc(KzsIffi&iv(6(w?I& zi+JOnOf@$d;f3DR64>3aZ?BqD&$8-192R|CEw8s@a=pD*zcnlbYrDTgG#Xb(QFreE z=CpO$=v$~#e_8;)MPmd9DKXpIpgfZuj-Ix25V(2oBEK}*cgV2$kWBR0bqrH($o}*3 z#ck&_={OPHG)Qz^f$M?Q7}PhD(L(-M8xA1y2q7M2{N1oiV^Tl z;8yGDKeJmjLl;vO&q2soedzUJ$NUVX=p1LsDUY9V-?j4T45nl9TpbTXuRb4$){#B@ z5Tv6{-wk7VH9l^2wOxLHI{^Cm-OQv!0(Ou^jkl;L*_g2Ww-+^;w#9aI2`%xrICKc+ zRX?cT>KDGt!IQ36k@)iBMs|5onCHmV`*pdAq*1Fk989tea6xL;OVLT1O8Uvz%WK9# z?++onBQ+Y#)q&$6xyn&Jkh%(FcWE$|HHtWj4Pi)uvjz{1o1_cPn|XU%-lT_BVqQ^{zNg24CayAlT6SXpos~q6HP5{DmDcF$JLfgz;A< zK?X9A{W>9H)5KzOx5+v1(KfAq6p~jr=Vb?Fwdi>!5(0Lo4VrQ@)?n`u&Brz8R9+S*W)0s?zb|4I(PlVa`#Hr0ecyDhT#1rfLp!_22iG5vrj%DorgS<{ z4YiG;?XJMAQ?qqP-?$2@nG%3p($2`Bc3=qM(Y{^MbTfH-p+!6Gy*-sEi;Zblc`ux) z&QOeyc8*>0rSl|m(0dvyWYZ?ifqW~kHd7g6qAP2_TI;WREi8py@d}06(@&( zW@}maPWaxSrII?hA@IvN{D0QB4Oe)SAooEO`P{;>IuJkOXE9s&RK=}7@(#rKkheD|p0bkikXqy6(BLhVa~`)m930+doulYB-Fx2TTsq9k7DUROi%523q_ zV9aLqtIsd=6QlynneIMZpLFDb#}GK)MwD{smCI4PZicMdTgeY!q*NuI?g%*)=2jM7zCVy~?-jrygJjwho~5jY4chQDVM6_l+z$b9m6AA|~M z0w)ux;#_;;%zH93jbDgR3p;s4@wwjWv^v_K3%#bR4bkGfRPnIZzs;~eZ%bTpBe)z= z@`S+*1n{}yLOn;uewY-kv6O7~mzqXBokAr2dX!I&>5zG?hGqOt_+oU*#w$l++R=hLKnPC?KG=($?>I^IY>CE&@!bD zXWiT5HENF1Y92q2MBOR0Pax4!s~!_Le_otWI`Yhm(}>t@FZ_fA^a&0`l@22xDR(Ta zf-N8yF8;htxic)s8hzpTGEWK@AnVM9aEBxY5eLGYFMdqul!ZD!D7wB}7U%nN;sgCo zul|a7mJWY7$RGs=S&db%h4NcpD|I_M3*x?f8A8%GIn*-Jlr-|dB78x+Bt*W_ogVIE zVXx8_T!kx3hyO8{iz(&D@S-^9$@w3o$%JG_z4HZUB9xq#3Qc%xb<_HgwE)67Cv2SN zl6TB%yhn`$p}~@d7^1!v&bYo_%X(2CqWPNF%U)WmnXZrdoDc>xo0~2Z&ijiD73Z`~ zZuR=WjixEQ&BW7=pAD<)KW~9_G4`jRw~JTq^Zp>^9?oa^dogwk1 z(+Nluc7D9CpQiOKgees-*5&S8XKIL%4CG^50EV@cv>yrX)oR`(3zYc!X+gL_fhlRS zeLBIHd&xryalqyIAeN`|uqcH%;iuq!UU`m8c%&wRBTk|}-$dq4&Tg8RTwA|xIe^Ac?f+(P1)3yPAz5gyw#JUbGMqmnHcQlYo6h-Et?^e=`7VhdE!5GK3|e=u$B;o~%3 zYv#1sp8cdNr*c5+rFm3+dA|gR(Xs11!%FQrxE$+3eJuD8)A$w9)k(`D>(Sekg4@B4 z^7Op(ekt6+0uHNWyw)SS`k9kU1Vopf1&aT|CLSI$N*ur*^)o>!8r4ykwRw~ubh>q6o@%{&`4!_jh zY7mf0@W9ykc5@#Db)9JIe`QHDfuZ9|Y#uy(7Q{sIME^#6MI6Zf*1?_fwm6ScI}2I( z_J%htIRUoA6w%|pYmEVkcz_LZ07;4IZnZqNlyOMxNgjtUOqx+V5*le&)NXU0~p`f3K=tK$DZlKn%BZB9J!f zCftlpz_yRKKmSZftm#k`8 z+P8$F&s_NbvG-PCRd(&#u;5fmS_$cpE@|oRkWi#M1f;t`Qo5z3OC*&BX{1v?Vj|s> zl8%2&zo*vvp0&2Vjeq0a;g|;p+;iL`t~jsrI>&Y{*5A&3hY~EBE_KEfCWyPMQKTS$ z#@*DvF&0$ComancI@`|IK2lZ_MG{T^YU=9hailZ)KIh?jUI!$VvBS8>fX6_m@o5L; z;?Ej?s>5{y9f;4|deOIUfX&5eNrNW%Umo$iHaATlzf@}nrM}qBDcFqk@u>7Q&RO@; z($dCqG;NsTsLzOk1wc8~3l!`%%~q0sTEOliozMtvM}v$K`@jV2&5z^4rsMD0tg6*! z=q99pxeWv?Hc+R-q{o;z*$W^K$)L7a7?1 zG9p}%27>x&|7;n(NGW4Wj968qcvywH?h^x_K{mose=1jXf$-2D30C5V zCdYNWKHhp|y$$mPViL36ANmOm(Sk4avD41DC-|iXP!;QrzDOrmn@Ga8_FVjz%wfnXj4-!;g2+>Os6oXFg<| zMEa9wfq;UN?uL5y@WK|5vJ$y2s?AyHSO<>^6fcZddVQR3uO~UX01sxk0r=(h&Fm09 z`O9BBGooQQENB5T8`tzdLE!@y;%(D{Bu(bNnIHAej~WyR-VMJw*~zc5oRorEPUOi7 znl7^|X7@fI=1pB2)-Pto^C>r5f|WmbL?4&M%YbF;(Bsn!m_U|W0F7$%fAGf}`1#2K zQqOxxkR`l)h7)v(i=%0#qsskLhW^cLOPqmd8e>Jw+gyQH&yI5lIJ_&= zwgAGF(Eb?8t?%_zO(Nj^Pi+&1`A@oP*j)K)0S!#*8)K`AT`Dn)MwIu^@FH@r&K>); zJbGl<#Bg0k1P&xz0fjDgXV{wZd0x!7`1LT7EgIS%lYl>4EaES)bgoAuL2Ha#R{nDT zlqcJD=mGJxJhpoAZoo4l6vcrWb8{?V>8@~m)K~LcP;eNzy)SzGypJRoHb2V7ujjv) zWF?lbxvTyUDqA=_#y}prHwehI{;_Nlf9wo9gx?vXoQ2WUZ>Q+4R{uT(sNEyrc-i_nlAU`DYvBVca#uE=4;p99It2H66k55Nk@95 zSxz>jfdhXAqO?wE|86Ls)s#|p1Yu-PQB)iB*{f_6ezyjfH{w@J`2ZZzuT6D``UvQD zxty^9oR1!`dtu%T4?K0=^1{|MjZ;m`vc(hn`PUrY@qZ5IS4;$UOo8Cxr*Sm@pX~DF z-%+i)7;YoL^{Vz@joh1;S6Yu!uWl}(M!Lsupr3FQPd7&O!n|Su*|ycWa?h72Qf=yb zw$@kC=114flM@b2!Q-0*J5)tC3}V?9-&r2-{>zS&vGT*HUO$vhZ_db_z z(x7}daN5y7Asj?(FfJ?-9S*p&#C{YF3XDrC9Y$Jz;CqYYh=QINd67i5z1Zl4hmW}| zp3AR2tF(n0T25{~(d<^C7rL%#1!aN9Tpm(QI=-TMTCF}F0TvWqDy?ZF6^7+%*B4wM zK?$>M)s-NAtS5MJyeanP2j|ObCqV8n)gv}ExxRp!)Y}F~q7o0K&YBLTkDkUU9LaC( z{s2{!9SFhGoO1AZw^%^ID5R%YQO*=FR+kJMW)V>qnt3G=P-I0%{p$0U`GLb#AqoUv zU=3hna0nYt6@N(NsV3p_J}+?br7Z|_L`t+i2c#yhgGw}rbcbG2Y8M5`hFLfqESaYA zyFRPr=%4y-3EhI1SJ)rcYvFBp?afJE>{QbqFGr`LU#?o<<;&yeZcQ?dQAJN2Sn)$W zt!KZ;BRiOlB{B2ku)Wx>Jj#1BOQT+>^b3NmF(5Q-sedy>?BhL_R}Y8MIv4;y`w_*g z{PXdGUym*yzdWQjsYH?XPvLwWrM$UIEzG)8XECuMG`WgIkNDGOg! z{9voXgqA9#EUCA6(Fb|6@qezIE){*N)VHfqmP-6w=8;9j-+28U#6OCEdnKT+pm8T? z^bb_XPYne`)%s-Uo||J~eOmfPO%;1&R}I3gJ3}|fQ1q~msEX4<#Pp`!5kZ`eYdL;v zmZM7)9((oQ;e7&rzb3+gzu9XLo-Hu!P%0@7<)Jl(#!iaElvDVe1FLRq@>_$@rbhe_ za!tn9vwT(E_e}i1b^70xwm9B+-7Z}-KLYD)K|1N*cO;SF%wLG|j%lKpihCj~=Nsk` zIlR*Y$PT%6F7M%FBGxCXwrVZ`kU#y6NGE(}FDYcMpom+ucmurf`a74S zKmJ5LtC`o%G`(bREUUf^V8&-5mu2=$=v>dQw+G4Bm=9Adaj*{H)5k%dSFDsbt2{&V zeNKC&bvFCqo-_tQ^6HOYDwFy+H4O?XznvORw8bnM)f(sosC zKFqL|AfA%eT12+Rffdz?l6ydFPFQVpNyhJ@ie34TS&RJJQp{jlEyI`6m(1B;8K12O zd;XDN-$9nZ00q1zD=YX9?STh>M$%vP5P#|{J1sTb0)j&r&yW$BOun4!J7=R?Y{G$8 z0aGgOgIQBI?#zkNpguEob+k5^LJdU)WQtdQ$lEt-y!W)jd7_sFYtC%*Ek*<0LFwsR z#J-I0%_BWTkZ-bODqlK9anULI3;Vi*cmwaa0Y>T?tY9Y@A!d@e#gb^Qk=$Q3hkyAH z0|DU$H9}@bnwZ6s-CaYsfBBm~8)(R5B7mQjm6|54e-ubV`ZO=)HGmv~akl=hy8TJs z{rfi}D{vlf;};NjH-70F_zOb(mk;Exz*r#i4}O87*9Y_eR!0BVanZmr55ze6Qt;xc z9fs5Y`bU5K5(^PLJ@8IRPa_}_FW*1OAcZFcG57ysDE`|A_|S(z;I;6X+3c?(-Cy(Z zj}L8dmhvm3B6uN3@a}&F9{+Y{|M-eO!UG+xdt$iBk1;y_w{iGm!O<_sbHRltVBUEu zV8`^UVI=vkw0a7`69(@Q43s;`!H+Aj4~pZ8+lIa4HNT_@aMMVgB{Wekkye z)Nf^s0r1Qx>oxhG?3MpvvjJcx>$g4lhbj2StNk^qfG3~`RMGjI3_v3uV4cFqjg3qG zhiCrIzzzNf7R|r@4+S7f$RdC6Xp;Zk)dAfE@rnH1*MFx>|F#u?0lRzvj*{-Ik=egK z^^ad-F@YBhcoKX8_W1}{r+?Ni|FOmY@fEmWCZ8gF%YOj^^x~gv*8kf$kP*Ps#qLZl z>jINxfA>-eQw&%CvCLnf(%-h_AA16fdLEbzT-Xmhj=xFA|My`2SK`ILKKVVIa)Khm zQihlvCXXIs_`i)q1Q{449K<407>*cjG|{xH2UhCY7_u_oo|)TTcq51n2ykTxO?9GF zv5+P1WUcydENZEu>zZpo2A>=+~W?fw{3bw z<&ZU)&Svxx`&k<*!ChpCsK}X*8Y&qZ1{OH>La?`B5pAgbU>)CVxsVm(vg&7H$k}1D z%mkfh6r3oCN$4-ib?YT>ZwTd)T)W1;QQ13f>JWFe6`S1EbV5Kp!48#^On4$K*QZVQ z?p;z?&RC+FTFJ!8ujtG<<;9E7+BH`4Oe9!YtA!Xnqg_W!)xa`eW~-&^fX zjzdif&53)YszQ1|7<3ong+lzpJO1Q`M84+)npaJ`94cID2iBx6{0@I2yScn!P8I8q9*@ki_PPC?2s=-I3eXpe z9MCbS2qhjiPtS5--0pxg-HI;8g$Op8 z1U((C?=aT3jcX{3@I2gbp4scW-CD*uNBY!!)V}$77;n3IJ;&}!zDk?M<`b)6GnSHa zRd3h|WveTqzNv*lt_Bt|g@4Va>T{O^K~CRMItINcs4_Nd>Eay(GQ`5@?$NzBl}>KT zOc~Eer8QU$72A+7<49>foGDZn<_X-ME67(4t6#bFVDrKKR#cgWCvc&qNnG#o18MF* z7kl2Rf6UF?Dysb*iYyA-z=4R6CqPsS6-8a4S*e!Xa`H_T;ZzPN6-OKErc2dVJw%~6 zSoP8V#%6lzO@2DNZJg?P4~d~sPvzdujf6xnFjK@>EY2rgeWN|S@-7J|sOvMDjLWs7=)LG!(0 zT+jW++jsf;UACW%k@mHj-9wjI$PLI47B=#=t~u3nh+E93r6)54cd?h^^fl(m@lqG> z_}k&gWJsMckolFfr*qr&HP2|&%bqdZV!<-VQg>qOVrP?tM(kb=;#mxy75f5dqjwJ^@;}Po)X@i`3 zv~<5-)jK-cUs`$jORnwp)Y%fx1N2w)1Zh)w*%LihSl(xz9SJy|a3=7f3-!NX;hj|` zXW2`d&Y*sIuE1Bd&ORT}d`-M?E%LZzmZ|KTM>0B!)=uyOuPmKVkzX?K$uF5?ig$V^Lzn$t+5+Cw=n-(m8nj%td; z*!f5+&+AFoQMnoh=Y^T0y!<9f_UB3Iujv)Fyf9zXFYf3f)^<)ot&+P=f8vfhSwkOH zcDr0kw(Adxor(vzZ|cv=zAR4>xaZbvf|Iej2(?Vv z*H#P=MT8KG_)X0(wVLY`=6bTKMeJi1Ne87KKshD^hGND2^cVD=GNyic({QbsNu!$( z`ib`Y{NX`^_QQOIu%Oyrcgi^5g8dgX!j3$1vEB&p$`23UkYRfz+EfsCBO`W0+?p9L zESWO+-E}o#OR&5xd+8wci4QOMniR?q!zzw0$UZSr;yVAhYOelDLP&3ZbDZ$hkwK0y z2$s!2l-?{a@+&1%z$;OSq=kkymAiRAgzMWsE8?&Qx*L#3QvQ>^nIGR z%cNsz`;f-8bp1osi|X)X(Xn23YT%pGxGFw_zII2G z9yJ~gRlHNx_RVtL5xj5)XT~J36xr21`A4-0P)k~jF0`epRVDdV*r2Sd`oQCcv>bEb zhP6?47929aguw`}(juY*y1GsuRPH4SQGr8>`lBsFxB20%rjL{FmHD$vC&tj>!??t% zXKoV&smUk==L}>ITlyLoOOLB&a0k#^`XDmT?;vJU*)3+tAD<4JZ`4eOzKgc5S7q4N zC0>O{uV5M6!uHAza;O#zD%!p4i;m}KD#Dys1Q6dBBlw4#+l&aeoA<$B#nNTcV+^B; zU|Y%3g6Lw5P)Z9E9#VG!pOjJQtIMpXpoaz9Hw#f6>^_%#h}-l4hi_?v5F#eMxZj%m zdb!=0GF9>lvmqo)PP)m80Rx76w%kKhV`g(@?w&;adPDC(Gqcv>K1`XI!$|;Pq3vgK zKCQ)R)_P(k9`0yTrW*#7gV>gr=sxJNGxK&y97+$xPf>q}7U4QI_(ptq0}vs;hCz56 zz72;*(Kn_ZoLLH|CY1;ySBBxfF+F{MbIpyO z3^GUN9yEjCAu#gEe5X^#B54IM`Q zNx3QY4r#2wPKR@HN2Bf7$Ki5@+Tj%8j6=;#A+-`abfnXJ2;zvX=PS{Pw=b{2Lo(kTiiNq@A#L40t&R4UB0ZZzdsRt#2Nyl z*89RI{VA1wiJ?oURg#dsFz4b8s#;XjW|M&F06K&Tce-Vh>AGPlaI9ruzPQL9DYTrq zV}dJiL;|T(Toc3x#siX2o!kuH&fAxz-^p1MOJk`xdBn;=82nAjU|YFxGn(sw^*pha zmW#^+2l_1@-RHecjgtrG8z^z^T(jJ@fE;x^8~VLk_{*SpC6=S=n<6xMStIvT1?|7^ z=!|)P9~mO+$Mbk@zvF5Ci`X%hi5w#C_6IoG+a%q!=4)9^vv=G^E$gAUHpOUIQt4Xf?pr!_`qHSGI+m@5U1d&8?OvId=C zR+5l)8j0n@TYe~OuyiB0iOP9g_!2VzdMmX@zS!tEBTn*8b%D~3x}n2?z_bqe>|Ht8 z>*T1umtD3z{MKMc{Xy(LnO)5S9{OP73~Kqvay5_P7uL5)?>^0a%YI?SmY>RA)U_b9wIk( zoky5=!DZ-hlc-aO(0^cDq&@o> z2rdkjj$zR~T{dG+D$;6PBepr>TYbZ_O*xi?`>lAGMV>I2{i=UQjm#S^vJ=Uh%43G9 z`-qi79J0$)UoIL^sZ^qF8t( z4uiex9=b?uQ9zA}($YswC4oe~=z+*+PMkyK$r3&osrG!zm0jiC!%tZ_GzKDzA?4-R z;hAcMin7X0c1ZdCp}te-Y}v>VPRI$YPG)>qs8sy{yc>Xs}+OG(~h5lh)^Go#HhVSS$EX@ z!jLSMwPq9}sZ6R0<7%un=5YMB&%Vr5t1K~Nj*bz>D7!y!A1IttZo98rH3LnN7HudY-kJr>)-th%4Ha3}D~UYJ6@~ zOo>Bjh+P~5P3|DM&ga3pyJ3{xzSRNhO#-2LmPzOdZ$V)a$)6Q>A05%NHY zk@1p6cSs{0%O2kRrJYvE407XK2$t)s20hLvsV+C9;xi6~`31U_rADtJ{L%va?jr9% zSzI1x0@qc6-jyh^BA)_>4h3 zQb6-Eq?}#Te%XwC(E>4?cDGPX`V;+VDJj0nM?1IhuP`gyksq*f#(2y5#)mm6Zv9Q~ z6+=;W=4rTt&V+o_LJMz`V;xqy%s$GBg1ks|L()te&RE-n4|%7oJ-bGXH|fmnaB?gG z1j@}kBDTPGMv>d?tvGA#cj=ij{U7sA?vzjUz<8Y8~e7~`A#jiBas>DzQQux7Kr}!_skS`h_ z`d+)Ge)-5R`FcG613r?u!@kT@PDTixmvf|xZ6ruB?N#wY%R|lS(SH;`v=Qo_{FqEA4lMK(e%q(Tmsc+L=JOUx?JR-+0yjWhx=&Rvd`-f zUq&^`9?NFQ%aKTQp@*X4i+=qDak+9x;${^VE$;N36AUqRx%Og1U`DuMS|2|4B<+(n zEj69elfZxwE8J<3Ln5LL6MtLI9(HGx7$P9CxWCt5vo$N;7twG$ER#}g*yDqllH7uq zrjh2U*~F4__l!CC5GCK9iY{_DD11TWt0819VnH!^xaWD~{nte=jlDFT-@C_grms@6 zPjX{tGq|=LAIlUP$!?)VijqG=*}1qTzHU0JI}{^neHGHd4;jjMmn%!Aqe651JR~Qf z7Mb$9TTjD#6l939!FkPFcoxgx=*nO@hk(r*K)W#qhQILP7h1Vm!vmFxi`B6q5<02- zh!{`oOomOho>46vEd0t)NO+3YsU`aq)GcJQ*LS{vgJ_<`h;KW3=DNgl&+WG-z_7kB zAk#gDAP!O58T3eM@vn!n7ws9*ZgLt)zb0NF$MXJ#7wOJ;Q{80K4@~=m?=PASXL{dv z>HI8hqV`HWMb=;S22ow#2K-0*`v=I>VP9vKM~^#_FB61#t4O7%JARTNUI`|&M!)oC z!%Qqs8Ry6CP!J(cL1s#G@QWg=lXHEksEAoBpRC~eYwZmH!3%W7pD}_sRCdbHTO1re zQ9N&4MgH5+?5i#g)sDh<)3eV!0NQEy5V(v$hKn8ak{g4^CD(L;G*RqII7rpjQk>V< z@()(&)BQ>JLih7zJHyt#$%yPNGF{EFM*E3#5{`yky);+u9Gwzh4x)(`(2a1wZx3Ik z2#F%{^LvZ3FF$d`?p!QaT=Z@HOu(+9IDqs=!77gh$ej~})EF!$OVvkqNAEx=Gwy`% zzl!LQPQFR$#E5o7;G`c0RKUNdT7KPjG|>Nmm9|>g?;4R8IK(E|#l<1{8nY8aQwP?j zEZNYG1Hlf)q!yQRyvSX$TTQ)IXF~>c)Ev?BX>Ob~3h%^ULFH8-hSsZk2LC~`hKMLj z^>uXcS>H3VH=gDnyd*(s>amLXXVQ5X`+R6iz68h5A{zKN1yI>}I<`z0ISK*LI=8S4 zJv%H3$sr6*EU=f#ECz9Ba{(v`>1D#*o`ML=0)U-OI5Zy<;n^}9ic=xMD+UNs$fH;Q zIK+PCgoelhkb3|Hn;QWv;k{oV134DF#(}W-st%GJcF%(4H9(5Jg9Ao7g_1TS6&HhS~4wIbz0n*@LE83no&sV4(`&HpC0K&04Te?AGR3K z^Hvmt;LQj4$pdEzDq|@G-0%k6Y*b_jye@Eu7mr2M!U!Q%J{3GND;o?f`iTc3LLr!w z&P}{3Auv-PtHt~GabsHKkQLi)AEZg&(a-;_OIP_}Zkcc=Xej<0k*dczn zE1*w201~_f4DT4ccGLVF;FbTso>WjYl7$zIPPB-CEpyM|!LnmVsCNSabNrymYwK4{ zp99e&i9u@_E)oHSggDqQ5(cBp$aU~`5EicVFvI^k1I9mbfXu^(`aBfyNJ7*<)DG?7 z9x2_1Vte`RNGBhE%>!YC&CZ|SwcL<2>9z2})_X~$FlhJYt0pEXJCQ-eB5o#HO zA`nDS!>fwZR&S6McUHrIk^Kf)Sz->PQR0rzuQWXPj>FCA0B_hQHVDK*M-Yq0@|Ub7 zUsQ!}s|h=rV6f-^v8|$l-&!0E+z!%#M;eD^ihSLKZ=Z&skI|suvb{6Heg(-Z z#}SL)C+b+k{;KhsP&J$Myd|jZrazMpoK`963Et9zGihxEDUwfytBTPAx)? zgl{>kKl6zL zY4oZJT-P0Trm?kZETYm4id9!P{E7(XUkrtDl>(Yryh$5z61>|EZ>O$U@plY|n-7UJ(P*T1KmVl0c+uYU0y;wR){hu1uQG$kChc zA6ax8U0!@idmQ?kV`88K?svtT4u^nG0b9uw>4)gduH;MQ5OhvvcA zbj6U2SyD0F^&j`C8Wk67q1-C1K7yvA%^sL4&=%M?0h|*!&rv8zX&VJ3SelS!dm<13 z?|dcz13z?9wS~vFkw8{x!Lu9)Hv4uovAy&tVOLnsw3+WB9D3sO>svV^6%tQM4EE&O8Aoh=`K?@ys3j7^mAT8yWV zU~En>F#%F*srNxT(5;Rw_#Ch_hOYn^Ot!t!0&>f5io~Z!kAKe|zz+VJJ#=_x@OonW z*Y?zAS*^#ozVCH`j$Xqtey%0m5yhfpHVT@8(2ZNgFw-?H+9L)rLC+H)C|G)4ZgK#W zp8lbDw~_33`~sxa$+6n3Uo|#g_5-Kk0dy{q-r)>pqFs{o^cP%?Yp0qT452b2 zAro-o9?FNi!*R#oS#P1OE%7&#=?Yg9Y|siL`Bj1%MbQOz6SCk{olMDYNC(nTFHXCs zcMzBs?)$x!kAkNvxr6a}ZK4)&)Ls_p3SgdPX-1ZSJnr8wF5q;^@4N*m)A}6vy-Zsc zC{8`emrLYx;t?PIKOHyBD9DP|Z5zEx@I_*RFOn*B9Gsvo8Zqw;SnF*9NYP{Iu4tNQ zI5q1XD)-UQ_xbgG@oAKNCK;)@cA}N~@ zL;+-LD^J60PjUH z2_X0Dnk6^LF3APQeu>U;nvVdyWLMabm;|8RV)=7zfGXErI#PN7Vh{y;!J1oYe6AUu zrJNs40io_q6Vk8|_}SBg<7oZkvdsWY$l`*d2>G_kAsD-bwNRfFUXRZ(fUU5iFV`dk zY1q*M3ovrJpv81ZF4# zdFy9`8T^6>caRlv$VL5S5nnZNp`cC@OM}zflhXMG0lYMkoYO-wF#Um8pFRQlx08rK z0`Lq(-4nMMpu}>%g9;AuM|jj$81Dhne<3SiWXa?|7v{^ak4uv^mz!~c7vd*}^gTv{^U~l~-{?rIwn&l8&g7>ri84x_c znxTLnpekyxWSAWPe%eCTfm;F1YpOqy3FM|e>2mEn6vGu~LP7n-S~rkZ8|>D@%1S(2 zd;5e~=IzE}n|JUyVANuvp(RBysuRpfM71@pb#DWoUHE?PU=%vT);$62sV+}@XQ+uPWvz3Yz<$*@kcG( z&G}Oc0A-+OP~&H*Q}r)O^BpjX=rZ`O8v5CQ23n0MZK2*^P|^8`zzkK24c4It(sb)Q z-^v1R@n*(t57@VpRNw~ljs!eUIME6A9|L85K?8GOgF2~LxAg4}-i^Rbl?8B#4w+KG zhC~#777bqE^z;~_ZL(2dK)iq4 zV=xbNTSy0?KAKE8H_OQ_59>P3sBwk00`+?S&>+%#s1LK-gThtY0wjw}zOg58S#d*Y zhWsm<|&)2s%f_+!x`SQw=?;aLbnf9xtu&>f< zd=g0ImLj}HW4Q^W;jx+fK<2AM-)NAgQR)J3t%@QQl(1&~MW=hAbTIc&tvcAebU3Z0 zI)t=ATCGz>>&*R^Gd18FiUulRLBuNEJhvuLF1E{|t8{0MWfEbk?6wKhU*4c)@Y*Zr z9bSJ-2%>Duio81YJl-%ofKt2*4_CV(1^z?fMacx#W_!!zb;0i0C6I3|3r%u)Q7;Xq zy4YqO2;}kPpFQAbqPvlkeLVgc+>=3Q@7eOb z?g01UqeuD0ZzG<9#gC|W%jN_vbT=$L(9MZuaEFH4jS!FR!Ur#&6<-atd^u*Jayf7h z#*>6woXc9h-SFWnlHl8A7!VQL&EB5M?Q+dm$Y~u@Z*Y2c;9Zbj3{#rZP!-y?nQxHP z{$h;>)vX2n=F*|9=BC4$YFIlI^)!xYg@f3YlHn`j6MGFx=qf3Z` z($3`~_?At$C-y#U6}+;=f}u8=_Lnc!b|?pYQ+XFw&(dRQ)yS%ng3!l1sll1<`#wX4avj4wa#oK~ma zmi=_b&Lp}e>Ky=Hqrgk(05+(azc+E^`I8?H`s=-6$Ne)s94q2$a0$!o?a;pDUic+9 z-@Z2>>D2?(^#OZ!Z8S05>byA(fd5`vuR(waC(l7cyhol=Mlh+{q9~V@+nO)`IZyBf zX!P1lfO_soFWyem8aP=`SG>gaziPSM!YS9Jb=kMA0Mq;8Wq$@gE0BPCl;XQxwg5tA zZ_FF-J|75_iU2%W6gXG$h|_mfO5dwYJ;z&xym8T_|+(4Z4W=oAL&oID}B$wO!bQ|VwB1@9A1%b^?Oh1|plCx;P(Ynd_igZi*v-MJBdv3=S9K;Mr!R<$N zR!HMe{ud5D?dwyK-To+N+K<@9oMjonb#xD+mx+PWpvx}9!RfPKi=S8J5=$7Mf?sT| z#m{YeeW$LP-%iEM(0*NyAmk`kM9e&QRJa!EfObvyfU8YdRvRC*qP6)T>eZ~I3R=f}L z=p2eZNwyE{@8(k1QQsv+)2H$ai!mSs{~^QHpQJ_Wv+zlLg`)d)n%UhM6kM|lZ+*zNF2m&FFmP+b1B%RI^x%erYBsFuypL&@+sVSXK#;fS?CzQC z{>^n`mnTbYXM;Q8DilpGc@fre@z#5Ad#XIC>zTt!LTmpFEs*VYSaqfF&8$*Ry>5&a zx(HlCi;cXIr=FZ@yLG98`A@M-*M213$t}{q#pWtaKd)}JnU_js=Xwk4U_h|~q0&ct z4oe`uh5abu9_YIT%88_nz#}%_M+e%vt#^QIDEl=KKydox{e^B5td zpt5%#?F!ty7I#)TtKhz=(L5AI=5nVPiB$sl7wA4xrB=xBm8lY0yBFv>J(PTS6T8L8 zx%uNW&%uzIcyN>A_V=;Av3?<{9sD$K9_cck6!*5F9#wO}j_wmzJMoz=EVWC-ZcOj|B$CRaF7L+Pi zS&xNC4JCzsJ`?Y1ddJ)tPz*Vmt5tK%XhA zb_7?5ki_3|uPR|Y=8V&IR6NlFQbATTy|HgsCqjvf?UR7xuP z-D0As!Sq(pe263XAVvo-_!aOfE7V=lE3;46$%8m;7rv82x=ap?26KfU+8poK>MnDRf5wWs}AHePu~n?wf4On**1f4_i@a4^bxCaBj#{W*Jh-W0)LwC+Y8Agl!?SbAPUH>J)MqOm_U|+V(%tfQUQaD2 za__r$l`*xb5OFs}Gg|Cb9Aj1?o?imxaoT;`6|tRBY0n=~Q#Oh{KbkBjar#foboE6( z0_EkbG6a8y{)$poC~#sYAMK4xe%d6(IYxy5blenETCny$zF=EtiqHW`yKN-N=15tKl2mQcJ-gG%ani>o*G zEB%jl`-P@r>!0l@Yh~b0l1iKTi?k{BQHYW>@CH`As;{R$#cJNC)eECxQw7?zE%_`f z#>?GoR=VgtDsDe&?5(@r1(^wAIf07>40Vjj5Sx3h z&c}^fVh2!fGyDkVDvg!*>VE2Q^*4RFyx&>-Nf(@p9wt}-Lt%9(RsU)%+&=U#D13_F zxumIm1e;URKicmQ7sNJP`pkS7WiG z#`cwP;*o}q@l0V#%58>7FtmD|Joq|X4bgwKem#lkLN2}W$<7NywMD#Qrj*Y^(LxAO zXL~LD+8SXuJ+t_21$RA-caZQ|be0=>0=NkL2C6T9XL2pqy{FBt` zO`Jbl;765w@J%{x**a49zH^unN<$4(9hKin4W$YD`RMbQD3;>Y#~_!w&6u>=&uHrd z#@!Dpd8;ZIkqS$I%GAi-x-=!y6tEq9ff^j@ekB~w<6L@SaY6k?7x9QIzmpCIxiEd)QEK~vbW5z!P87lhSl}IO#q=0iaESxB zA))x0ET?~fMHgzR%JgEJF@eBhDGFKtcww|TvMh|t&@njrJ4jIpUQ|4NGglYfWd}r5 zzRlszn0`_$>HfZ-j=KChHqidQ3}Ob~FSf|RU<~hR{LxOOHa~Mi@e))ENwOx=N)^ex zhp~R6fhdlh`MdU$CHXtWg;FW*&(kAGGxE~|*6Rxtty10floq+(9Ii+PpCUIN!h6^Q zCmvFdO7vV7oZzD}M_gxzT%?U+P1prWaH^=}T9qS1D4JeO3Gv_M`RscTN>jrAs*F{i ziUB#{*mCUpwD{9AHXj!pF|imv+XaUHo*K&v@{2~ZLH;PIiJS){^*IOQtuw(~+V$ZA z-K39o6Ub$$AgYp_2dIP(kweuD*XtjVYG=Ap&KmT}rvVeyf2LT=m^Pq=R9^XJmirxJ z(Zk_K5=dAHqUv}k%RyLULmdQty~ZtD-p~N@P?{~F33S1oVLX-^zSkn|G028&Y_G>;YPXUEK4y4dVtjsL z`e8AaDr6?^iDSKr=@)^oV}2cyr+atL`J9teN^ulL7VM~uhEqSc;~ZdS@`*Z0af+6s zNMTQFcNjOxh$T^cS|$OzvxY1xB;8X8TXF6{mNOY_QcApxL$FuWIfwdoDQ1CQfjZz z*}cxxk^~V$Y0jAUrYre7U`#E|i(wP2qb6$uVb+^t?sCfSvqSDk`QUcn>9Bw1zw(am zy%LINrpK=;V%$)6Dk%l-rjTW=$)}<0Ha&XHq+B^)W)oFf5s0`Npmrq&8ZWOGqRgL% zaW~;8IyKq4c)K)&gl5=1rYM}L)|mF8?Kj1FMw=r`X(3r^tsY9_v#PUYy>WG^K9w%9 zszgntYEFA#1-G-B>Xwk~QuQ#JFav}fyAX_dYZ8MJm9D0mZ3!6}mol|e9vkmi=R&)H z!!dcQfu&F#4AswS0dEDTX~@wD*diz_>(vl{KJK)NC2tJSk)e*crBMJkb>~qYrboS* zb@>@}@pxv7DQcZKi>&Uj^A?{ImZF8QHIG%;JXMaYkz0KtO->jQ zUxIlEIO;pkWyd|?N4@fyB&SN`Pc{Y#MA1&PMicy>cUKMS^qbC5cFJ47RF`SjcBrWwBT+9E|&q$x(X0v5rbSc^=B0(Zm(* z#VXBj_#nsc>v)Np<#>UAm;BjR|Bia3n6$yA5~Me=2o9m~l@#r*R1cbTRqvq;3tcvp z-I3{%HJ8BEg{27y5y;QGEtlbS00-BLJnGK=`(&eE#XU)#E)yo;`2LP#SRmPx`|?MX z880@b^R0J@Rg?hc#_WuFmbsgGpb@Fq2%mFmuVfuhKlcC&V*BALE4ZgAT(fUXk_l0Q zGpvhRcW(tU3b|}~i-gJUw&ozWKk=fu$sD|}1**=;!aG}uMLwDBga#RazT-RMJ;!>ZN5w{YQyQtUHCdI46GeJ5u3ml7y~gPB_DhTlLNE z3u8kuT(-IUo&kIOqth1Ahls9A+Aoym;ORR{lz9mth8tbc;A|VN$>E3j-JLGnBv;u> zW9d>=(M1nQ<-Q5dM`7tG;?LL3UmMsxPdMhZr^77crA(gCu12%nc`=3mF({PSdCp#P z;6yzqEad=-^5aLVZ&u}+zWb`Pb#DyqAY}*!$vbX#+ZI9^9yRHyvhsK7|+}JsmNJ`++n&kLq zh0|gOf$2dygNZGf|$UzMana zw2Yd_E7WC`Do0*uUj*$4?*!BGAy&++=m+UcnQvH%=@FKs-cC*t3!(zU+bWZ4;I84_ zbe-)T_lpcyJ!7y~+-W^L1ScHz4)&}R0?)kfQVwqtJw6r1NII3Ei_Y`8y9ODRn7T~j zqO`s3_<1i~Boq>{|Axg5?==1y&L}nEal0-Lg9L7?0}G+|yl>W4DwQzWy3cP@5bM+e zP7w#U$}ozU#wN8b(#vW2C0jgpbj_F4%Nu#KUKg7))~UhYP*Gpk&%Be(f(GjTx@M_!#OQu+0M(6UVHS7a!?i!)CBRJA$M zeV8yMm-Tcz@+rfo)n%ajV@P+WOOQW5_2Vncu{^HEn~RdU?U&Cw7BQv7ZZDxdQpln& zzE+!j3&)d8cME2ak>MJZSihv{UU8z%3BzS~5>|odO(kTZO6{-e%WZ&cJB;V-6$z)s z!)ONQVneJDm;K8-<)Lgi`pp-L;Xm09-<|>YK`ek&{GxPduD7yyl;>kVi27f<*{J)n zN=3K@A}~H{W3ycwSUqIsa}@#S8{=zU+pao}qE^j@f!jysR~0e-!~%_1&|B~R?nt6; z19EEGndM|JeY&Iy?lvmshm^D#>fOj>n4&~CL!xyt@wz5;CR2RQppDmd`#YvXN9l5; zbS^89H|Go;FEMw2k^Q38$I+NM{xaey%Xgvk8#X#~EtyvZX5*34HYwq~9f28ev5ywb z$>J+AL%;kuPlJc(%NDU%nsz5Uh0|50M_tUzMR70f#$|s-e}1%^#H_tggf{jx;YAg# z9_<)b#K==2(Sm1QXKbf<#6*c-!z`AlA$wCW6c@101lQTObJ*lLVf;cWLz9Y}D!FtB zL?0jRi)nrkLAc9+MPHztWgvk?!ez{I^$qW}S`3JvXcGcC#WZ7($BzEQ$gGDH-^& z6+ifGjT(R0v_SAQ{;2(kF_WdFs@}1%Q$ko&q6KK!X+J>mIs2)-=d?UZ@MLP`8(RI? zmO{0lea_9z^lq1=<}aB`!$+~5pTgjY!hsx!nn}e*2f@~FsqaV0L1`fp(Rq%Nri2mm zyhS?N1+Rzn?4{>MwvX4Xcj@cUXxrA>1&_%X!T$R=YXAhD6|7HR2@Eh!}>-LRGJ z2BllN8wmlCkS^&i>F$u)G?LzTd(MsLx!?W%0DoX@)>`kJV~#QAoW_zUEQg`%>HH&h zg*2O;`S$Ufz0vR`Pg_WbEDmWe+U#&=C=CnG^CB1l5o<~{h@pNNRru#)0+<6x?J|{2qhWn$`{{iYtaMa)Rv7$pA4Wq)51~F-*1fxuJ34hTZ8k7 z88J|qWC8osNnFGc|aBmt_cqipVh@Ql};`usujsXdUG*8>-%uISuPc!@VcM{z)5L_F9Ge-U}#elJaK%Wm7;3tTjj6`akD3DuWj z#fdaq&01CajO@JuJy>q{%5fmP(T&lDTq=-dd4024q6+ww)Q}zfqN$lqw8X(8F-Ajq zB-ceXTnxKi2i&_*h%_OJD-x05Baw|ZLZUH+Vg4RsI?5u%J0nhE>PKC+_$!Lc*WpnI zYXJ_$)C84ex5M|u?FRL{roY&fxw6+SPrp*9ifJiV?~>Js84H7{ZeNI=>Ern^Og(+h z6e_=t`kf0bx7>J|-yMa#0ZvOG+~8V!SNL?W1pjj>$eP&rJXY@(f3@fts62?d1&T?p z@L>}BK*^oI{qu-eHQOQ=KNZGti@|sJs`&aI6%5aRpA38lyU~u_%nl#38+YA?%E}0Y$}{I)Z_sxmaK?+=#sm)N^-cROCW~z`!eo(U`w@>=~$biV)K1 zp|yLw7R47jY$r9ZAtWbbaS*8S`F`z6@Qxu^_F)H;kL;T>4`Y)tV~Das)pn=u|ih^P>15w8$1es0c5 z-4CHZVqPj7F;uidql&RsqvwwO-s8f`7HatXN^yyIQrMmv3Yo(~ce*13 zF&2xrP#el+FF}8O2}(oTXO4a_q+eHSU5?ED<*$B09s@<$+-o4z@;0+Qyz=&r=EN?5 zK@qyyZCfK_JtqX?!)~kIXGEK}Ik6+;E>X-@!y1Nlu+m9#wOzi9nB71nSZu^H1l-p6 zp$gjKBdRCEC>yBeio+-$>8O3e0-9$4$#4W8kyuN#4|qu3^v!P+{-ek5Rmx;ZQtG)O zhQRw@LZ{m4Mav(*(x>kDEO*u|L@}j2fq%&u%hw^%KM8@YJFs4ofIMR&|B?N2Ndh!ady`<1F`JS3|}xXFcdQV zCN{;2AVKS%C|~^KBSDMpe0}CV=%NI(pk%3Km{Z<-TL*uwiH<8DNADVH9znB3g6z!y zw1KhQ`z9-We|~~`9TX-2b!BhCL9Fzxd!3(XlPgeiwtg3kYeg4&KMLPP!J1qI9ho~Ui~FulLo(CkT9=JFhI}Gbu8r-L#h^K zzR+ z)4GoS?guWh7-Pr>5*!!fN@*B05&_=MZ)fVx+gRZ{V|lm!H;MyKevtisbn1M$$g7?D z4p3|*RFV1R4mnQ+1Y8fhzy^ep`1Y+^`tY~x3D7vorP}0&a=a5mAotSR?Ql^cpwljW zYEdR*wpd`Uwp(l{?@IQ)$Rzg@eVa^=51;nn5p$ZTX*g65y1kD0tQnfr_C}rYK?s#y z=A}}HLUdf1|QxB7|fu3IG`@*J)e-#QUnc|PjK*R zt!4+s*7&bBD%W_(gek?K5G=~qKSFGBLo<2~QeGw5e~*1GMD;~VInaJ1o&TjZ8ij-Z z?xklEt2Ysi?jlP-mNR!4Xg)51_>Mho0QrMO?EFTQ2-j9E)FFor@AH^?3wd zN!-pG^Jg=woi?p|&|7<0`>8c`D!|YVkMqR1DsFD%pu=XGqO;47-u!6TTFFFUj6QI> zIf+9v0G8rt%2g9U)yrp^{&-95U{xE?Ta8XIT#lzzv6fJ$7{UDfzEPPh_oEt>AYHXi z39i;&>=;9KI8zR>L)PYiK_#|*%l$RFP2Tt~8@C13*2$PevfsoG+%spCvj+zjBl<>C zRJEQVyZe2LJo)|kO}igfk9}3?qx8G}_MoCKT2Ju7oU^kvHL6~)TQ-xVY&^`*1t!Wo`sP*!8rR9; zSS*gHdUskN;N=BD850fx$M#D>7>v`nlh%KM%JX@b^hRf>qaLP|n#&>JLn3>Lj+K>V zF(08|n5Y-4aTfzgGX#v19WplL^}ha<3?nUm^7PCVY!G2KXt_Nmx7{cSViFG!xtzdB zllXwD(%6es9OHhzdud12*}?N|cDX&6S19{nsW}{-pq~T!7C2nx>w}4%cez%r;H(@8 z>f#biq4eTSwj7V*ZHm%dsZ(WEM&C>PhcmBg6N;t2;lV5XN|C z)Tvo_WS<+h&hann|DN1av4L7gGOo~`OA<1Ol4~IxdW8qY&m;J!IUNLZ&`3k8a`@3|dqcN#Aj8HyYNwZvPl1GQKKajV(TM4I8AM zgY*Emm80J^vi*C;Rxuve`9=mgE)J5yxByUd$hJqnF7N}#l1v=Ce-lW0I_+bE56>1H z2kO&}0#Y#9Ou#MY{hpzy*72zkUN$1&vTuYZZOQ<3!$m{J+c&zSPk^m$SiiNQK&h;@ zT(*ia0eg9)JY7UpSj|0`iq-YdWpPbyCuy1*7!>1S#y5ryztO-Qar5hQr26kUKxF3r zx3XN~cv6H8eSLk7m5h1Bkao-S!IXj5HR~#L+(qZuZ4N*zG52POy^4RKRGIKHi)Vn2 zdVE@(i-V%{s`Ky$bLrSxmIAwj1*p|XMp2FFN9ep%Qr4z9U4cB zAFMf$)JnSU^yUub4ZwLtmqTcbgn2GIqcfGf9lUUW+v|K9fj1QnDuFdByv18aY=w_D zoDOCGVscN(!ixr5`9B_t(726uCq5=zM`d_t7qpp(OO;wzE$M!U3M2}$ ztfFm@LjbJ-&gPTfWgh1xEaMY}BiJbXep#l{T*oKhfP^D?W>BquD#?XoJ;q@VQfDlm zxgs~npaB?*t`Y#cDfWI@^+sUw39xyMNwXz_otSJ$$?%q&)Y?~BV4p$8Yc1-z z=+BCNPt>EM<#J_}0qtpXrMuV!f`(M^FhraZb@iJ~E}BShqtpBM$GH9+5;5aV?m8~x z3X^WM(MVAp&vxOedX8%Fzfokl7%bp6LD3^}tZ3gr<1k5<41u=EWnZa^68eVGe93*= z`Ec<_D@b{u(oZTr=5sMM{cQEHVshBFI6qQsnH4harDVGAQCnlF?_Vn{z9TM_&nDDg z(7LIA5s>s0jZq?xav(^&R5oJ-H%z zQElie;BjVH<8yavZVuLA9Km>o1}z&Q)TuK$xP!vfsmT78gxY`wXiGL9Og8k=EMD)( ztdNTI)a!drnIiU(26w70oUKO664(9Y7}Q_pM~1AiR&}Fa`t*L=VGgknJgN|K*^R&zfpIF{9peM~0c*bxf@w&b;F5ggf`_gA$F>)wLyb#fjbD~PGt z{o<*90ZH>6@UwR2?{N%5Ax^rJp+#T*0@gaD&9X#hw>Gtojbb%@^=ey_aCz*HRD4C; zK&YeOHu5g7AtK;5+Zs3RsyGLH@)C`~n{dehY{FW=n=`m{AS^Z_{pG)~dd%b+cCQ1; z#K9h;6>`jJWDwtBy2DmrFXOQ$ez&pYj}mD-t!omA!rG0MGH|kqK2wQb%ELxn?`xknyldGoirS9`g;YO{+hT2s3(Z0j^+UbR=PwB!Y-JFRp zHCgip1JF7mn=^{CcSTXK4$by&(oed)&x`sq)EXh&%i(4CF%RIatx=mQmeV$dz^hrY zpvtC37ODe0jrHcmOIMu&sYJGSoI<)YI0|5;=7_Fm zMk=brG*xE)Trq$ulyRv5icIlR~&urN+Z=*N&qn9 zD3^H|DF5Nr^yu81V{B9jw~{oNAIAz!1E6#`q)>YO?eHy~hf` zEv3T0{!nlm#BgCmmSJ<%$`pIu9x!E1#Sm~@jykZC75Y5Qx#cE*exh+R zZA%-hoVmm#`qk6qLUWWH_y>*JAjdjJ%td?yCq^yMx7lOp-QLu!H{Rw1&DOh2!Dv-O z=9NT5=@7MqpkupUz4`W7oU4tP$Ij4I9_Hab7{c?bNJUxeTd%xTrKmelUznz%-$9-fWxR0~}5NFdp77B*^Z`1O>s@ANQepqcMin+=gsUtb?LzmdGOAy8hcgREo3>1E(%g`~>|xjr2-U z0Jpkq8GNKauUT);b0xSQ#sZa3{0^ZSY1XU$Sq|Gdiw>b5ODTbR5(kw1VjDw_DqQ&} zM=QucL21OSCy?|vjV;Vwpykin4aeqfnKO)0%iFJ^=O;N z?gJccrX(sn-^6R&Y1$z>0F+m)W{+AOC-e_$y4)Yi2vYFLzestjgw_=6_JdP47K{`4 zj#hny@~{NJ(4r7zM+In{p&h1tNkb?-VbXFnJ8FG>u^_T6R@C(^eZ)8Cy?tBz@7HRJ z4bSTT7JnlKgr1Y1C}1Q-A^_CD8hG;_P+uvW<6h|qfo~Rwvu!e_pP%mbs>b&GBpw6)G z=GPr%AE{Flw)`3tnENaWxDzq=7G^&*z1TJxXOT|AaaWYX1Br|&S9TPhMp)~m#tVmX z#f;^gLJ{YQ1W0Wr?H*v0%^fM`gNh}faD60c)%zfUy|G+4&E2z)kpX)RPLlR2hPsIn zb?W}iF~esoi*uw_r{5kLO@EH*&Do=gfOdSUEo?tG0wRm@^oTZtD1_W-Re11)5!Pba zq9n8L{Vm7qY(76E*)Ll|^Y-n|FAF?ch(vvO1ouiEF;};~x7zT8S;TzL+FsVZsek*M zXDq;8xA~eye&dBR1&!z5S~WFRL_slCZRzqw+;pIyUwsvBZc3XPR7=AhQB64$!s#Nd z{w|_?8r4@pRurK8vCr?{X=C`o{3^ik`(%X_&h8MdU9PF&3{N6jGk$}``9Am1bedQ- zAhug$A~m~7J9#F`ak<|fqwQA?lsS~(nh>sN^C@ltR94Pu)~_Y^wGPNBNJ`lR;BTX| zfjGHFR4^3+5G0R7D$Fm2a+i8T)J2xgeY%Ouzb z@!+|p`8%8418s*N+VIo&w8kZJ$}^kvBvfUHE-ld1~Y#_k6|0A z>=GuuD|OEGsk}x`c;E+X3NfE=a2BRF{X3J#qE#6MEWx~%Q_O;LWg(_zxV-x^)5W*F ztRKn<+2kN6@?@lw&%bVST zzEx9(&=clmRV&j?(D^4sr9hL`JMAf`p=v)LC%=8SyV^d+3FWzhIdh(IxW1#p8d z?6tAy)vK2zRu*RVUmQ|moHYr_$D;|3A>XMrOaG+AlKavfX_*{GNvJWLR@=`r2u4He zybFG&U>v}VAgx{&q?QA>Itlq$6xmHu^ZArzy4Seo&-I;e@{7!ZXt)!0f%;8qrMg#K zyc!-yku>Re)$H!SgV^GIW1&PC0k5f z{vI%_AD~+h-U?}AUK{)py&H4;aLAj=z~o}2QiE28KfKc-Ez-V&%%7VVC9%$VzuQ*= z$zbUavL*c8Z%Rqz>LdKOV9L4LBX;M{hk-C-0(%fL=sR=xsB&c)3#g(MkzaG+WW473 zRhX68wd8gB+|AWwgBEKX$k~4&1wbZV+4QYSy>XXZcWuR@2p0wvQknr$H16WL zS3r*gROyqZJpWfuV_-YjLG}b%Lh~Q651B2~=tCrsvdw8Gp^#|)`>XAuuAfW8Fog(Z zZss!GD+h9CTEUYVMgn-qvfOMaT0hOxVCKti;p4@R@MfUaSM}C!!lmLPlXAtlR9bxl z#WSzHr@!g=0&{%L!(1Vk$s#Ow%4e%2#LIzT;}~z)x**ux9fdz@FcV5Iu*^$T)fK*N zCvC3OSNli5jNx;%_K1Vh4)6GY0$;i{R;?hB$bJjIdQ8cea`dE!o(?sKs-Hr&Ku@*oXUYpMpwQ{DQH8;oK+&OIhVLRib})i$LS zT|^wn(o6KORu>)zjZl9*@R$uYX>u^dulWAlS^&XU2Sh9(3})dLGur53Fh6_x2K?eL z*klfl)e2q=&nRr}GUZJb)r6}{^PDZEYs(~k512ByC5ba1L_Q|HPS z402I0fbgj30`Rq7D8H|C(k9>T)w ztzV?yFpANXZnXZ@$8b2c+AqUF?kXS??{RKlI9r*yNw+Bp4mFeu&(0xvjK`XML$0Qv z#w1I~or`xu*SOCSm(lC~iUHq9Y6cWCcP(0C*Ki3$#n$nB)o1t4Efq~McVDfwNlRpf|ocU45|)f$5EIldOov9Ty;Z#!I$b?n#(HSvozCxw zq|++G!|XVanDNdZI>#svGrS-}dzBXkIu$b+$>if8}knlT1r{sI&oR%DEPCKrqOnXHSgY-@W5i(p~!sK1(_qg=ol4|vD$`lr4znbT? zg2rVp^BR_e0-;oaq-5bi&}%!?7(rJXJTzvI;@Dx1O{^LuMcre{H|fcghept?>>u%l@2XMC8b>vmXJncKvQqLI?+t zx)3$=SQs_sQ3HZD(cFC0*S~g$t1!XMtECtG6JL5#0|Yfrfwn9V>?yjz!3;Jl_yL8+ zy-9g5q6p4f#y-IBrtmk7uJE-b%EKDBC;qiB-BgrS0ZBrXYaX)E^*}QI+yS`{$rL>X zyWq6{<@fca+7ID6`wNb2D^jCXgO=YJR47wF>OPc&5{^)chX$}0hj3B;sx)Iu(eLdP zCdDEX=*4_#8*R(M@R;i9V+F2HDvTID3$dWaoIt z091#~xqO6cJ(R{a1*}*~88$2@W&8Ap*Q}rL0+{cZUn8sym)h>%?b$$aE!r+G&+wc2 z1>%9>dF7Om0uRr%=S$DbtKE_jw=Yps_{<2h7;09va0_q88iW2=H~R)LJBXt2srw{+ z@y@_;If!$n5iC_E{#+M3@b+=$+f|N9R&mOw)LCy%GI^}iO*Zg^OuE7}jhmKB`dI7P| zW;64;;G=FEz;{()D01JP?t(3sAp>1g-&!4r>=H}Sx<)^n4NO&`L8RWDA^V(RgU4t% zD4#UUn@+SsiWVbemXc1)!CIm=^>_F7;~V7m0J0a4x&7!a7_kNZXcjl+`cTojq<;{zpT9=4(54lpkzN1M-r?1E~P({TiJ(fcHtyt zD4vB+efGKe!HL zscv?j#PO2vW$QVcDE+m`dK1x9lGo*+f}CV#Ac;=qjpI{k=B8|r1C3#`XTR5nG|VI| zP78wL0B6e%x{B!S%;vo2aq7`DR<0Tq(ohmT0Ky63kidIt7r^3ClS0)4e*KV8)!H+87G?A3>)b8!m#0-DzmU^5}h!E|PwuMXQ>IN{@R{@{F zI|l+beFBL0W-vv|=9osRR(~kEpkFQ7duV(xZ;}2ZK_QT^p8yu&@^$iG zd;~tLPD;?nJ|N85Ld}{&s`CDP*UakIml$*XzE}o($$qm^!#0VnW~kEjCA?qc&x&4E zs;ZM>l~_7N6bf;(Lm=1im;eKJ3#&|c05)H=)AZru}KO<0y{)`cnHi+Zl=6;4W1Q~;WQc?a>r z=M#(rr#K0CW3s9-Aoe|tcibWp2bQSQxV-x)3emI-?~AJ_e>LaQP;7vYS>;xaR(-I^&nc`k8^ zg(-ph&o0}cJCK$1$DZ7cv=D1(3$eTILeFuGv{a=f*xuG+mR@p=6YV-$qa*Rf1zT<7 ztR0<%C1&woChM!Q*1^>CUpUPB9A#c!YX^uydr4^na&Uf(h`JMjfYSD7aSFjRjEt@x_cXfa7Jy}##C%O|^^+rOU^_0}E z>oZ7liMQ%|9=t}e6_Ww(LP3AtZI{_ z!`ndO>Yqc(dd~&kWL$HVygPO}MjfzUZfWl3%aMV|(jnkv=yq6MgS%@xG+yZf_SDw4 zZ=`rZi*k0W$R`9_Ch%x#_)!Z+8@OIugVXyL%bYSn`qZf*a>`8-4`0Ua8!;egWU^!G zCcHa{G~)z<^Itz{I%PGTHh>?>s!YglgrKU8h_?D!&tEjI9)J~{mW>{95bMH*Ot-RW zz{xgIKW}z0qDq~KNqh2)bhxbX(EO2_dY|Lv;yDrZ0zX}}kh1ibivx zZG!Kgz~mQ)+;5YVK$q$&l?asMP*)F3VJvq$Mo&+EE1{bz&CQh1D`qMR{Zl1h{7EB$ zNqzR?!;bwh;!E%Wxp~~|@cX3k-p*eFp!v8Aw#+g|egdIN{iCOJoDPj$UXE9rmN$LF zC=ZQ;;)E++0b6Mi%A?Ajc7%=+hX${DkX*`J2J}Ds%6_PPT1T*G7iGs$+%2}k5vjAN zXEV?LoCT24T_>Jvf6BgJ?YryxXEbMhW;4lPy;|V35yjo-0o#r%nWA$uv^$^@*beYG zEE^J@FU ziH!8Qm|FM@ASx#ug~LU?p3KqlG3<=yeC>jHuXVcb555|yz|%ZOu?gDU<@FNkF$HcZ z(~y-H3@He{ra)>$oI=bmliRZ11evftOJEqlrAJ+MH8^-<&^r=Wnp(-v{C0-C7xy>t zWXk%xyVSrh5MF*wW#25|XntGk?VHwX?Z$t3laa9Nq2EoN#NnKvUSD>?`b)ik26`v- z95?_QAw;~`lAt^>q>BAHw)5k?QrfdnwdU-&Cei~$>G+x5v+x#`{4v~nz_|&%wwhI6 zZ^Ltv0m0!}F3iknPDmpQ%y<>`*<`#X>P<^zc8`H;8vhkh@5yC^n=AP(ht*hEy zw{_31cn?jtnH-d)&%gfJ1ZjbShRFy)Kxzp6x()+MQ6VodtrG@jY;S;ljFkYa50KI( z_mK(mRC#%|&$$2mxN7dET6N^hAn1DE1z6~Aga+ZV_l$a>2D)}bG5^`-7k<4tA_F(PmQgSL&TgsDH%N~2rFJ??;X(1c@ zII3#?uTcxcS^GhU^uibWvZqMds32nXu$a=}1w1J9{Tn>vy6kQCUXm{L%bItbATXd1 zVG1arAdEQoshf8){&b-%N{UVfPr_2(rSM!FT>~y zJ?BP|9H7FlarDFPSBs>4+L{4*>d@wBnf^f*K&4G`5gnZ=cGOqqBR=%>VV`b)s!hjb z9h|3!(Cf#9>DL2Txq!FCu0iz5JjBe}FB^lr-(j=g?BjLoU++$j^IbzEjQjz>&YN72 z9qGUFyimpH?sh0vFA@1nYD`x^TQ$|jj^;^4$i3(wf1d19bobgIy`8%xWSfswWn`>LaB5{S6oDbd@N~<}Q=VCM3y;TQSgtCa_$@inQKJ60IXy4o z0qaBvLogP_mgzR#{%6seuF~I({YGSMpu?!Ry*(u@4{EoPdyTyBT5qSk} z@%Cr(TorLSKOIfK>wm5U&2;ZFsaSceuQOl%EMSLLwcDnvO3+G{(oxf`A-BPaX)`xB z|Ai=FHWQTrklJ3;)&n(zHrOE964Y+X`x~@l$a!K=S!g028s}PH9Dx?<^WwHg{Zpk{ zNxlruJQ&MRy(`owlx%jfC?Qy&+a$iqc=-5WG`o!~(e`ycb_?1F-@4URV&SQ22)*xZ zMFQNLSnE1|Gublt;J!;WSoi5He}wq4N?yU-VJlR1SL98U6m$Pd9iWtL#Qv0bjS(J# zgNN*oVW8;Zt%4?#dmBt)vtsRplhi%-zGc73BG2y)SDQ07e7?fu?}_ceaANO>+tm7J zCBq~=m*fq~COd9W0dzunqut~d#ZT{bxuS!9@|?e|jv$8i_<)`v0Tx@D{xYOh z2|yGM#nxrQ+?MIQWq7ID^r--OJ?Vdq&7c_1SRVkB{i~>7hjo8^LK1@p2}+4tg+81N zeGxLkF7{m3Yvk*G>o3F4o)@;20vhtUB9I(0V=&lK9g1~&Uk#Hc0*DxWV#+5 zGtkGno1OlBF5x3ylnixOcorpr$>`UQM~x1f zv@RB2nKPS#-j*L{I0Qb^e%ytVhRyW|JkYdh;FhVPkka0s?|-rDH4*5X218+VW+vH6&nY ztNAkQhQMlHU&rdgkJkSUW&t z)sWT}NyO!w3%_6o8KyDhOFy6GBMg9IsiU(^DiMyQ*I8;tFApcbjt49{jaz$Vh{OPE zG*8fIf90nK{UNjv1u$lBXm_ev-IU08{773hMw)7_%7Vc2VwR306AvI9BaUa!*5Kpc zkKSS+qfD{?&={YqCNak7oaEI1uKxKZS06M|lzW_)B0Y!+HYwig8@T|k7|3^-*WYzP zy)K4AYX)Wfs=Uf|Ki@iVq;YZBXv^-_q#5_2w9;~V*=yOZF`uxP5aApFpeNNcc5&cu zx9B!bU}gp3O4!rl;3U)O2CXW3ds`#N$gS1)m^d24{M$&9_CY>iWI?yYgjmY&@uZML zaIgF((I8uVQhkqBzdP@F;M>|Nq}3P=rB+w`DA6xkVvX^IH%GcV6&6cVQvG~0Hl&QVX9wYoP8o0#9xroq34awY zR!sFkhKT)b*PIrxiJ{md%aKEefu<9#qIZ{pZS8Z?cN0{RU577?y$Ak`cHWTRV{`|a z016_RPZFWe+Q~O?E7y^Mvt7vXd^dj~+cMs*$=wS0A6;wgbHum0|M=cHR~gNq`RmZ~ z#S(I?y^vm8$$edgArUr9Df(~~r&SVI1zwr5u(yi|7TXssbIbT>G&%lD@m(ardcfth zuYBzL8PN@Z?x}!aLUIrt@@ZeSs&egTM`*2~3aLM0(<+6t*p2FN_%(){Zo1zN6ipD{L+*jniZD61W560N)ImxmwSngi!r4x1%NxW!_ZP>*fMVbGT zq&jt_Gv8rzAmT2#x60Eu`bh@zg$E^(k#DWT<{DvaI1FU@m6pRxg}bunBNxP1M2g&$ zuM~IyHK~Q%p(Dx&OsD=3?3?+TgZ||{ISk}D+t#}<;kz^D`BwV`Sgz#o^Rwl`#fA-@ zQ=e9jg}EOCr~lxdi}z<&a9@tG!)$y&r$+(|$;nXqSE-hc%f;+A$q89+TLqR*on3+1 z=g>-*C~k2dv58kPhN?&mf}nd3K9B$4sXhOwZAbG1iK3tvPDw z0V%aTIdc2r+u~WILFWk5b$gGd2s+IOsR(oNW*y<8ZmC z;VD*{q1SN6eb#HYb=yVocYW_lGu?@QV(mc(NVi8v9%qfuKw&g}+zZelbzaN@=*Nuh zV1s~kOY3hAR5cF7c_e z%)>?+yxxR$KVT|?1;0(>bvYtm@UEyJJrywuF|okNQ{!M2z3N<==`Jf>6n2Z>nZM+a zgwdRc6MmSjjH>%VO11H+B3uUh@WIPj$LiiwhaWVl+4?|b-yy+KK*n`?gO31xJ8_VT z4ohD%z-+ekSU%btE!7$@3CL>rD{}Xg?e$+0z#2EAu;?``P3c4xCH0Q=*%1dVAndGG zOq1uNf@`tByGme3otYq)8>(5f!6@rM#vq=f+kK!LbpcG)Pt3g6ySc5V@d~$1D4fR? zG;$+!HF%~_>Q6W{cGq>n!Ut zH04_@qphV$ZLa_2#hjb6T7dPRDz&G8yhvEts|LE!TE6zb&qb3m-p(OM_ULVWJy-Ae z#1&VKp&R?nMkARz+qjF_LGG(u-83F72k93I2gRMuNf=|G)a#i6Qc;w95P^jM<)=m zt;fVgOK1P1-~xqYz)75#+1<|k0>=r{dq)&EGY$b1MN8RP#tMTWnNGlhL$m213Qm3X zPWRr%%zeEX%FA$GlwJDRTOW)327PK1T(kd_f&gkx`eH`{@u2MNvX=Pa1zH?W1V+Soz zNw2NSS5X)I6vUAc(EkN`@OC))%{z%=csx>XLty$tA5DMw0< z9>hR~g-&%3-@mV!{Q?<7e(dM941F?zMc-6{%0i;X8CYApVWED=j6Gpev`8w3uyGOw zX&OHfI-nB36(R`($Rr)FJGa!U^IF*Fmej^jS*67~bMN-%jg(vHGk$k9)r1xEZSQoe zxijIt(Hz+~3elY6!%lKv%eE)5Y5}mbmt>f8H=;?cBN`;-cbH+HiVfmxjT9|~Y@2`whh$ER3cGaswpMsrjO&a>HvvhJ+r-#|9NOVR>vYRY-?e-O-cYh zx-YWdqo|f;`U5SS>9w9eGiFcy5h6zaui6cNnHQXKl7>-D;3aH%@$}Ic@)#aKD8^Sl zVqb!RP@vspx+b^|=8O48h-kby z$PpyQ&Q5?>G!)WXcztm|x=yBlfZjCC3$x4WG75deHTGir*ZE~A2klGOlbgt#H3Ik? z+*PA^4*_smzLu2sJ14ltl>K^^SF{9rq<$yC{O+XSOa8N=42eGiAvj|c-aiVhGrb_s zc*~kE=z$B6_o@ab2lH8MtRAAH;++7kUhm$=q~-%n18;M_SP956>4NO%)lNY;r_hX; z7=to!U^zgx+$$TjqkAblOO*!oe|dcz2nDrgw~AWrd|H^0sB~-V3-F3sSOKxbU)yOH zbfNEPBN&-Hg_-2p*F5&A9Hr0iZm>-L&`ZfB!u)tZHeQ);06qu%jLX%=>yv@1O$JcS zM9{=+{FjZR?FZfq%9vZ=>gh8{e$N67hW_Rtd4SxDn%lQEBx*lma6S~({?m6y`DJLw z;4Rz~GzVZvUH-?gR>7$R_{RVX$v-NDob&DqL55Xt^Iy5koDXP$AfOdP{d%auhQY=3 zu^>`_4#|flU@pWM;aL-jX96eac~Y5l1UyE%Az)&w?Rh%B2} zPW(NVp*KfwpV&H6FWPmmEPOmiv;TSr_+h~GkGeU+f8 z-y?if%PA5MG!9FZ`vLN&IY0mI`H;9t+#hQ;fM1?upx@yG z>J&OGf_G`<_&-Z74r-^J^s=C4rQaO4-k4MP-nP^~!E;{=v31*je=L|!+yKUlCVw;d z+r-!(${lwFA2i#lo`w+W7!CzV+Y7Ftw*>w4|e%O+ZWB-(z- z#5`QerXMu@w_xnvt!H6o9oL2~Vpt1k8boTp{rFIC7W@(n-*WN#p`@bu66y+a1HKo! z=dlZmD0xEw5cTZ%R|Zb3*GZA5_rA9V*1ESIV_qNB8W7*06B<*mrr|dba2ts}s;Am8 zFt%Mc9eh&x>-v18qA#u|*=+M-1&U!J;XP?*5A<}toEJ&D3l5q4HwFE~ERmi~A(xly z6+}}1)h&SU<|9f7Y(`qLESKI(a4=QJ_5JwIc+sH^J?6<_=ix2{qQu@@y4@2ook6)3R9VeTXzWQ@e2Us3v9@665j^Al~OX0WyWsj`ebDnP? zxu9K71e5O)toM$>iA^st3O#+MSJkE+cU$MZ5yR!;-T@&Fwe96_l_5#tOh-F z{e<-RkuS4I@o@~ir}uFV>ZkRsp|m>O1HO*z@jiLfCNuxdh@)@pv7K8JFAkPlM+`0U zm}Oo9`fWumUYsgeL4YUf>SU9*sd=?|6ij8Y6}Vn6#8h>YheAY;0)Z*JU8nJ3N8?H& zOB$wwW`%LjE5cF!yNvlsg3F`Y2Jai5rC}b{Kl5fkJ}LLXUXt5O{Gg(6yoN*iZBYrL zNcr0-xdJO$LXfE$re@ye%aM%OL;Cwil$?dHW{-iwf{T^2vsD-dqi*tAgJYv~&ezj4+8WWxrJL?ss68@Lxd*e9PA%@OqUAx?5w(;GVEvxt5kdVr z1VYa_l`@;8WZZA>1ka_<=xDI#!vSd zb`oeE$rZrz*?n20cSU))%DX-yT1#|-lb+?!{}sikd!$AC3~QKlC4uZ9fl;NOkiZ9$ zevt(-`LWP<>3=+oI~f*eQl-WDv6ciJUtSTp+I|Q#B`Y8FrFPXwmDs*g}qex%&KXwlAB0Hhm_hr%$^8Z_~7h~CY z&UtnMXNE7GUhATXCtG;gn)v#kx+&r-<1c5~ z$vtX*w(&3!ono8EO3A%pnO6yGQa2=oKJ_7{ilaD0p;Nhn73_(a97Pkm!0e%V=ZQ1P z8}mhVIB+{?6+RB{alYY+P-)oT6TL;K>RPC{sps9tLCfkw)n)WWqd0=Ra)rU75!e_Vg zkt*(|E2GmRA0PkG%&adu)1NNNgG}I9dQ9ntS#HKJZ2W(ddJn^i<9pri$~wN5CG{pN zCnDy*ZRuu)&=1cjM+pNfd_@l(3mo7z_z$TRSS}=VMD%Y!u$`?1&+L!)B!_nmk?sl% z0b&A_h6vyi`)vF@kt8^z1CMt6uu)M#%Oo6#i_ZTg*WC1HSQou)aL>KKthBYk^ z+NqymI%i=YA*K`xwQba6gKv`0>-`Y&teFY`nvzr{bkL&5efnQ4GTph2j9ZK3r6njM z5G^SYRk?*qK*HVm%~CCa`VNQPIRSiFq&O5!@U#Gt^Zo$=<|k|!ON8HHYJ9+tHuVdy z1DAjVB|7*}JDv~_>He>t3MiM66g0lYo1#46bq0sY*VP1Rwz&yns^}`z8 z^3fS!Wga@krP3lBBL-n$(7t!{2bX)5z=bU#hWO{kkW3g!5Z2|wK!N8};QD~12VV$A z*sFo*)w>FC_sq=G-+eP9$%SW-FSgQ3Dnz`4lBb;{P`^9^zb_lC^@HLO;5Y4a8pp(b z{!3oOkVG*y|4~F9`-GOA8z2^fxONCV&BrouFCHj=?TbKkLS7f7fiLBQ@t{j6_Qk8A z9$DaYj?3tS#({BY<) z;NZDQ3Lz4dV&JpmQr7V=aN#I8xFPKv2Z;3|F562FHE{+15zdewenRAtP=3D`+W=)Ccb~0$MFXNvtC&>EHKUU*#;L$Md~Ns61a8!Z;Un$#H>5{MuFM|sM!Hg@TBw464G^RRLJ5MPfFJ?s0!kI7ibzM0E?p^7m5!l> zUh`kkQ#k(gST4TjyT}dtBzy0**Q}X$-kCMCB5USeO9S~pJZt1bxG%y93F=$a6NCkc zeZ`}Zpu7HmYoNJkRNDU3lfBj6EX=i*g)_ok68TC*F%q33Hd*b`X~HddZ>5B%B^*Ky z4lKZu$?Q_Xeiog&2n-WQ{3!6WELjg&II>s`EQ1%ZbWK$R{Q0{FCCjre4#z!Xj-f`d3S4q9p%5uglY$!|?-;h#-SiD5X!N&WMJ#a~$%74vjA zAj*@zF#~8hHlrRk&wb_df`Ria|98OvRCtX5vRe24IVw;)SzSq>6xbP@?TZ>Bg?OFv zX*{QO)EblbAWMlV^KyW8NDpWZY9V>b)7_Og6iaKybI_ol@di52{)9Nx)Eh9=-|Ga7 z^4wWww>65VuIs~3?I+~gj22F?nE0#~^`42(xsF!rsU@)!6}Iyjl)c=pSj zE)I_}{5{a&95B$~`fc-^cR$bR>9^(tln@UTFr&iPJR59w)v1aNY1yyOYo7x@N-zgG z^^6+AD*HtbJ+rZTq2Txou6Fh(Dlo^BKqY#u?_Nxa_2K#)RiHCodB!UQU~tb{8x9lg z69Fx|1D35!OyIZ^ID&8g0S(6R&n1WrU?1dP>v;6$XgLmaaa{rq!+0ddjT&rD^YDRV zRaV>+h%;v+&Rq3wB0rb`ZQ$F}_Yg+oJYY50m$olAfwlr7v1U9PAJ7R3i3)t|#^06~ zCek9^;V^EZX^a$(j_(2e39L#Jro_{bnnh;8pZ_T@KFtv^Di?U39s1~&`@urM4Q_JP zo2UUbbwUg6VTT40p-Sl${dg_d7Dh^1j5D#yz(m2D(JEN5#Q=D$R%6|T@cxV}6aZc} zAq$Pl9IN6XYDhEDj6V1EDHBVG9^;LXUx4y->!SpL_|&%$_G17}w}N+6^1XbM2}-TP z6c@J>SxP*^VFrp#LK6R>-4g`x><&~uKZfYxc78TYjx7g^hGAr@? zIo2>w_k8f??(PX@6c``k^82Vpd0T>P?-oTZPq;Nvko^5i)gVz%)x@UZ1^fpWsFYdB zhzIJDK}^+VGzJnjz=WjjwFF1L7)s4@O;h)l7VRtBf+N_WY(!OLlRz=&gMCyg#2IR2 z=~kl2x?_#@g6IP3cNgrgV0(!;7fr;u3M^2KGQTgX5tdY=+o$OGiBk9p9fas`Jd|L` zlt9;DXRkbf`y2r4b!YT7YE&3-19w?D7&$$-=p*D_03X=hBs;{W4UoX<5%@!O>dGBB zOdMQKvAT14iiKDzt#Hhi`3n$7#q6w?MCd1&$)t!O5oJVBE5nY&f%c{uG8*8e^@xf< zDM|tM@HtMDCW`_QkL@RlxRWGel88xKOaclLP>`_rm)+e2{az;1J~Y}hL~KIT{=$If zys#=Df}S$T@WWoYz*W5~939P_~{1+)qag#OTaw3|aczmJd6dPq6AFD;nse*M)EFi#zWrvyFYa zE71ivlqA9kd(M2;bC2XhE5C!wL~cO311hEXRn zV|5kpwg#pS2R{{tjCPCJVW*+9%h`%)PxcsH;Zuj6*5{;FfmDcb@8j0Lq#CQ*$N|V{ zX@m6c%#lQ^qsQBmuNvFqQ&44{XU0PWpwQ+)e3x?eY??%~E~C~Rc(p0?Pi_ZYHAS?9TKp|swnIP$4L7~1!;9l8Rs(>T$-q2! zU^q>RO}uxnm4hOBcl}p2T){2dF(MBoUrV{p9u_Y)CD%#SPncu)!=Gb4*N}7S?V<$b)OkN3=zi;i(rRiDwSc$u&2?pv|YtRWCi_C z(6|@dIE1uk?%?N>tXRy_C2f6%Y9f7)jk%}>dm~-Ap*B!VO!52rUcI~uNBg8I-;A}b zfJeWP1=otlcXnE59`HIO z=PN`jK`?F`#@En|lJb=8@A&FeOOhRFo}JM~B647SE_iW!Yl1W`f8W-QkldiOqdBA7 zSA|-%xA_X>sKR6^FxRE0%mw(DI!A4MrK&P%RUi3V1P==s7@F_wtXjaWh3ac1aHOJ5 zQXDG|#(-FY4%+r+?f%5lI-+3oJsS5QKVDF~UuhI%yC`1Cd5HlARTJ9|6vc^qwY+_I zcJ4#**ZASO`hAPXFZ{I%+rY1{1!P?sC>B|7}NYGZh zNUx{K=B1XXKs1pKxTDkCTwHaWTa6Fm8tvmaX=zuxU`g=-_vRMK{i@~_;1GZ6T^Sm* z44$P)R%WDZWP*%v8tLdjn7kEQ6wOO~NGIvGLmy8~98U%Rh`kI= zE*}%#x04l2f3N@2gZ+|tfr4T)a{J}_c+FGWz!?l2w+zhMK!mi7c&_4{>OwktHrLMz za{tM(XQj%z2zIq1nC4Ya8Buu0+%o^d!g!xw!*iSi6R&|sp}ePw+1%X4PmP3(ih-;) z`~}A7+FBj9ia2J|l#p0zN3)Mq*QV0gaUVb7GoRR1UpU$1n3V6rYQg91L~Vby9G~JU zAsGPF0qIf7Qo?NXX?VkQZn$^B>#SFHwGV>LQbgCQA+euB+WVw)0%*!`KA< zE1vLbph5Mk;p;PXt~z6Dg}6x_ucMbbF#ez~5pyDPU>As^rs$qVpxm#o;17tWppESn zW_LI-CbhxHkq9A}L}O9>MnzG4Ss>%Kp5PWr%rRT4jHwNW;1IqGKJQ+ZTy)xXPagXM zc5TJu6OZntF`g;6B~g2{Qj2zCt0^|^XtWu&5((q*E@f=IW-RSi6d58FBEAo&ENoE| z$58yHwHa|Lg$xNRu z!nBEaI2XZGjUgj+KY+bxyP6r?_`XYX((dOu04Opk^oLZGWE>*ohDK}gQ(bNGmm0Q3 zBO#-ubFZ8`drJZ`TLpL;(o)X}yK}2!iHVR5F5~M+k2CxIJ{?G)hp^04qpa}ND8(G{ zhYfch21*xgQ+&({g^{blN^Kb=!uA{p_O)YD?p=|@?9D`;;+{0WAiQ3_$J^^%j+yDx zeVJpACx;Obaf0aUhmplKqpuFxQD*t3)ra0HQVLK2p_Sxtvn3r!ex9r#6gBormKmIL zZL)|pi&VyWVs|WA`CTD8j04mi0N5^wk8nS>dbe+n>4^S`RX=rAEt=>R{5t!!^^Z?; z)*2opWzt-#zN1ECt?`bIb-I=&Ep-j^iASxbKH?^~_vM2gk_iF85R^Y8dQ(HbA|JpwVDl(@LeYn(>~7Ll0!HYK6e7`JlpSJ+;NFgH}4D zFZG_T!&}0+#EHesdtbdt1wX#DGlF;?NeoUzm*pZ$k!y#=(&R$Ytm1Z4Xfn&CEBE2m zVo+DYWtIyi*4fP%#wq?%{-XOEmA00`9?p32t5lhbh7ITIY7`NoQ7M;PV1{#kSRFaQ?#=0hNYMEVJ6wxw>$Hn(`We>z zZTF@GZ8V$Qo9fSG?JwJRFNf*s%H^*3!6FPZ2P})1&caD9k|J2BQF{UtF&Z8i~7-e5O zW{Q4FrB969r6K78gplhS_5saj0(ba^#`;?)Ruu3XvyIm?(S&!&$$-=;rwIxSVAw#GU>b?36_nMD|e z4BqhqCGC7;qfx$&UN0n|r_H_EjJ%ZTF4xegQ)rJ3jW}VPCT^784(yKzLedYdd#&SL z9$*{Vw%jw3Q$s{w&YG12N1Ic>DO@4?Vd5{?9LBDb>+%%Uhn!Lb{?SAK{CvC-v+OgX zRV!1&nKfpbuK4fBnoUEPOa`mU++|sqVf5}~Oa(5%HeKSr{*4P`bc^oH3b5A-Msg22Nii_XiwXq)?|^-&V%gYac^%R z5#&%Q)VkWjvUr#OKGW`CGHdEXE9-=NStBFNhn);(x-a5xJJ&>7$|eQnM?;|fu#4+u zF`f5MMnzQ=9q(=bB&yn={OXoqKQ%D;J|&P)*~nX8WT_m!*HN`GEZdCUYLnd+sb$1j z8%Q1K8lNIZWIb!Zxv=Limk^jtIO~SZ>Ydc-KD=#^8IKVTNFNe+C4?%})KyqooyUY6 zPf#BhKcU6}{fLmsuN5UrI43;D(|QegS=7^A0lKi^@;cDr!`WDM{y+*H#nAfyc<&?Hdx9QM5`37N&#V+wNNu$qn}9G;c(n;tAmu>!9Nd$ z2ycUc#E?ZL*edQel@?hgTm3NmR0Y9sV7s?q&S_XYU~vS=%3c>s-Y!s8%Bqjnm(t1E zeb84EiY=gI;VTBgbXsQnRSL9YM$+Etv(?6$MY0G zOC6!ELl4ieI*8jW84eildfEN#n%sMHXaKrF%D67kt)u16xvMBwRi?s+=|f3TC#bz_ z?R7@SAmrM*sOFsIjze}zx(BC~M%ckhq3kbT^OWI(_?(>=4oJ>jP3P;Jj;^Q7%;p*K zKcwi;vIEoOwqCb4ps#UZLdwkV)A=+i(Sb)FFCUW!#42_RhRWc5WwERDDRZYvFVwmE zRVDK$TXdg;x@UbwGgWb5L{WKWAkwnT`cQFg==u829bEAmLpw5SMS?G0Qp}@c8hv|| z6;1|;Ea@zlLJg?BxazE9>YFW4Q*}j%{nd3cb?+BSozAi~S?EJ0nZeYLjz8a@crQT` z0=Uton4+R+m&F-Xlc%Vc*JdW$h}=oBI&1+;=p!p}oPs%Dt~p`*l3w31NZ;|gQhC=S z6jqhUf$*@kjaI3JvB)ll!cn#madxWIp2Wj-r%ueXN#`1D&v2bNu`sl%;P+83ps|Xl z?-gy--$$v&x}NJ7kPbWv!(kh8{lKARu-!k;T%Py3MVm?e*#ir@!BQXrEvhTA*Zr znyY<{-k9cDwA(Smx^&)GczTXUXYivMl&;i1@3e=9@|BN1ne{cN`}8cTL9)j!dgzbF zChcDJpb*JuAL}zwr^W?Y`#npKOs>%}uTb~s#YavZD&^5-Ra=Jy+?3u}7?8%Do4hvN zgyGAoVW4LLh^!H`=R-cZvZqWUdq#+O^vYblbZ1P7nb@FbdCL3il$tkf{ROsxX?cXR zs({SwNv?h6pd@M>w zcnchu%({f9%!w?~Td7fJx1r5RSNm4Utu$8xb|h_wWZh?x_dF(X^^m~pyU}4WZTPvc z;ih{ZJEW^Rq*VDkfw$|zmm3J?(;P>CRLbj|*hQIjbnwiP=d<)$RmCI9R)H$J_rIYL zF0)Q)*;=uSt@};_WtN8=K1+{IPW-@9iartnhu*VM%X7A8Hg;R9-M<%I;C+2n%-6`n zJKFZLl)b`$2OoXsfo&cxVT>-T%O`QSbh8WF<6^j@wA{5tbN>*}LmKNml_j^t$qLAY zjRdSDZpWB(-(SKMDRdfk?au1kpj!RVgB!iiH}%oWckp8Fu>;lcnL9y$?!^&zoUumc zCat08`mU@lnz^J7)q7jzT)fSSD1Nu&!v%lW;#<+sE75R8GIE^Yf=Nu~JXsgsZM7q@ z(cy^fE*Tytbeq)Uvd-s?iexR%53IC`oV&W*tAB0^IVq9XF-C8b$0#z+f8*%0q02{V zSXn&fbeDIvYuog=E5@hNDVp{kk=L!+AN|lt^+;MahyJDEqFq8CpUb#g3GT*;*V=E~ z@VVaedNIxr_Yr!FPodKKC=At}H>kyVDDn9H6Kk16hA%e8w%{83vP@%=FU%BPeA*o@ zceduJ*VzvjQF+Fa2i<931=q^cl53jRM$a%D*R(9>ZpjNZA3I%fZ2vrQD@Ib(OoNx` zMnM)|=?WL4L6S(ZW7x#9xHEfL1b3?@utk~e5YE~`vvwWc(vzA&NTux$&s-l!r2;6e zFLCW4hyi!PWa4hF>u+_W^F2IwdnJ$-hU;Axa5k?uUZ}6?j315~-7bj*VU)+oSj8DV z+?8UgqUkI6vwN6oKUkq!brm{q+j)yo96Z(h#|E<|6$R!k!g^!Ra)+J6UZbi#>_b=J zK7hi*w91>g0P4ngyA%Y>Smm6=o#H?Bh)7VIW&6vn;xl>BF=sLkPY6B|yH&HeQd(?+ zyI%ajE%SaGey}-y?@fgI$H8t~g!m41PtN^D@-O|It-cS0bASX%dYmXwBrTmp=Uk3 zHe!mLFZX=n>k=(&d43Tb4e{*O-2*Qyt-a-}`%6&=T_N80*3@@1EioK-V1qq+$&maO zvo+^M&MUi>NyUrklpxa^1!$sbY$q=9UR-9CjuBFA0@m%xm?H zmV9nY&$h6BnEvZ50G7I{9{erm?Abmen|r;*bN&hsxF60@`cX|L@{4!!3iO?KUB@!k zE%S~Tlq@vpo-f2fi$x&N7Dx*Fm z4%%B#>Mga>gntvNCe0!x$ED^{*67_=Fjz!TiK{8{KOX~+(6h8ne^^X2CMFDis8}Sl zWVwtp^wy#zwPOH;Wus%Py{8!8kX{f?kjb@zHbBzX$L36y!KV$<4_0sW^xio|xl~kp z%6Ad%=9->muFJ)lA=keqr`6zgVTxX@q<4NUDcy2eS3(d|I^RmqBtdW_6c~2v84$8d ztvx~tJ{G{x_-x(K#u(SexwWmVXmM2;3!A8kWNu0o`5xTEwx)Wn*H5MatiHN zu1==KY}5{25Lq)Wr3_r;5ec;*9 zRFd>tm)3wG!D0w~!R&I?qbg=M3o!+*0O=2@2Ml%=&xz+Ryq_3)pPC!$R)|^=ON=pl zVAtJh(i###M*A0fmglGIq3n+l79k4Tv z6m+mCx1vwYymhomC3&y=3^X#*S0z3!TdBINhji6Nwp$5UT~?i(6-F zrcPSmOPDuGoGD={lh=jb&?2$MI%6Pt3U-Ly$;cs_|KkILsj&G`4YDG!+iecrX8WHD zz%8XN)bNOI`i1c+EenmJVwZACl?4T`NH07^fig+bv7m({N#e@KuiZZ?VwST?zpHG4@ArL}hWOmc+UR<{X z99<;iYR;FNfAdN>Ji>2vH}Tb;MN2*q^pwE5MV|e{&`_s&Ns+{2_u}N7kDCrp#%`5|ApMt+dsz72 zs{L0e9uIY0X=N#Pc}pp!Eckp-1G*+bihDz z7YVny272E3Z=&3PJsjXkKLKPt)})aygp^f7txXY%{&6angTNtLntn39;9g+>ho@jM`J3vzm-n-_6+`c=Xj_m z*FmL`&B=^!X#M-T%Ttk#XQs4aYpCP{aYy>AlNJ;6q_mAH1TQ{roBZLkb#?DZD z>&qVr;UIaOl5&gKx5fJ3H)CwTy~_}PwV#&ICLt(Nz*IDX8bH&+uTMD`q{V9KEzp~E zaMP1FY27!TEu$=B5fpTD_wOuHte%X8MzPEQ?SBvP?FngsJXUbL?N7hx=BEsSd+}TM z#cclUXICtc1|AX55q8yWb@gp50rL%q{q0Kaml+OA$ z@BA;gmm#IIenGWJ>8zg*q)F+lpSMCXQabAwq8(B?>*uYIl+OAEN(v{Xvo`anAMjIB zI_noyin*w%HYU^u0^dBCMRH^kn zo7<#Oe_1N2QtKN+`JS?oDz*Mno9{_z6Gm45-#`MQz9cHgTofA zuHP~A(iE80Xs|n?zh@&wIKJnLgIg`C$Kcn{c+8*`}l7) zU-E!=R@V5frq6!8(&j<5%=~Y4*M_)1R^mMPTV1`@{QVX-Qn4$WFyiY~|L#{9<{2q|&fm>$iGq)hR?Hw1RBDf~U<-|Nd7az!XNdJo&BWX_EPVSM|RZKFNH4T2$^N z^ZgH(`PEk>^Zj{pOY**7qtbUnPLlWiX;C3a-uL_L;w#W6k>{Tl6&Z;<|2(pj$n$rR g{42fyg=s;yplCk?1iDunfJmK8NlsNZ4Qb@@e+2Dt3IG5A literal 0 HcmV?d00001 diff --git a/docs/provider/hashicorp-vault.md b/docs/provider/hashicorp-vault.md index 27c271c32a0..ceeaa32d26d 100644 --- a/docs/provider/hashicorp-vault.md +++ b/docs/provider/hashicorp-vault.md @@ -364,7 +364,7 @@ set of AWS Programmatic access credentials stored in a `Kind=Secret` and referen ### Mutual authentication (mTLS) -Under specific compliance requirements, the Vault server can be set up to enforce mutual authentication from clients across all APIs by configuring the server with `tls_require_and_verify_client_cert = true`. This configuration differs fundamentally from the [TLS certificates auth method](#TLS-certificates-authentication). While the TLS certificates auth method allows the issuance of a Vault token through the `/v1/auth/cert/login` API, the mTLS configuration solely focuses on TLS transport layer authentication and lacks any authorization-related capabilities. It's important to note that the Vault token must still be included in the request, following any of the supported authentication methods mentioned earlier. +Under specific compliance requirements, the Vault server can be set up to enforce mutual authentication from clients across all APIs by configuring the server with `tls_require_and_verify_client_cert = true`. This configuration differs fundamentally from the [TLS certificates auth method](#tls-certificates-authentication). While the TLS certificates auth method allows the issuance of a Vault token through the `/v1/auth/cert/login` API, the mTLS configuration solely focuses on TLS transport layer authentication and lacks any authorization-related capabilities. It's important to note that the Vault token must still be included in the request, following any of the supported authentication methods mentioned earlier. ```yaml {% include 'vault-mtls-store.yaml' %} diff --git a/docs/provider/infisical.md b/docs/provider/infisical.md new file mode 100644 index 00000000000..617730bf906 --- /dev/null +++ b/docs/provider/infisical.md @@ -0,0 +1,68 @@ +![Infisical k8s Diagram](../pictures/external-secrets-operator.png) + +Sync secrets from [Infisical](https://www.infisical.com) to your Kubernetes cluster using External Secrets Operator. + +## Authentication +In order for the operator to fetch secrets from Infisical, it needs to first authenticate with Infisical. + +To authenticate, you can use [Universal Auth](https://infisical.com/docs/documentation/platform/identities/universal-auth) from [Machine identities](https://infisical.com/docs/documentation/platform/identities/machine-identities). + +Follow the [guide here](https://infisical.com/docs/documentation/platform/identities/universal-auth) to learn how to create and obtain a pair of Client Secret and Client ID. + +## Storing Your Machine Identity Secrets + +Once you have generated a pair of `Client ID` and `Client Secret`, you will need to store these credentials in your cluster as a Kubernetes secret. + +!!! note inline end + Remember to replace with your own Machine Identity credentials. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: universal-auth-credentials +type: Opaque + +stringData: + clientId: + clientSecret: +``` + +### Secret Store + +You will then need to create a generic `SecretStore`. An sample `SecretStore` has been is shown below. + +!!! tip inline end + To get your project slug from Infisical, head over to the project settings and click the button `Copy Project Slug`. + +```yaml +{% include 'infisical-generic-secret-store.yaml' %} +``` + +!!! Note + For `ClusterSecretStore`, be sure to set `namespace` in `universalAuthCredentials.clientId` and `universalAuthCredentials.clientSecret`. + +## Fetch Individual Secret(s) + +To sync one or more secrets individually, use the following YAML: + +```yaml +{% include 'infisical-fetch-secret.yaml' %} +``` + +## Fetch All Secrets + +To sync all secrets from an Infisical , use the following YAML: + +``` yaml +{% include 'infisical-fetch-all-secrets.yaml' %} +``` + +## Filter By Prefix/Name + +To filter secrets by `path` (path prefix) and `name` (regular expression). + +``` yaml +{% include 'infisical-filtered-secrets.yaml' %} +``` + diff --git a/docs/snippets/infisical-fetch-all-secrets.yaml b/docs/snippets/infisical-fetch-all-secrets.yaml new file mode 100644 index 00000000000..e0ff9a5c9fc --- /dev/null +++ b/docs/snippets/infisical-fetch-all-secrets.yaml @@ -0,0 +1,16 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: infisical-managed-secrets +spec: + secretStoreRef: + kind: SecretStore + name: infisical + + target: + name: auth-api + + dataFrom: + - find: + name: + regexp: .* diff --git a/docs/snippets/infisical-fetch-secret.yaml b/docs/snippets/infisical-fetch-secret.yaml new file mode 100644 index 00000000000..eeb8153e394 --- /dev/null +++ b/docs/snippets/infisical-fetch-secret.yaml @@ -0,0 +1,16 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: infisical-managed-secrets +spec: + secretStoreRef: + kind: SecretStore + name: infisical + + target: + name: auth-api + + data: + - secretKey: API_KEY + remoteRef: + key: API_KEY diff --git a/docs/snippets/infisical-filtered-secrets.yaml b/docs/snippets/infisical-filtered-secrets.yaml new file mode 100644 index 00000000000..51f7d498505 --- /dev/null +++ b/docs/snippets/infisical-filtered-secrets.yaml @@ -0,0 +1,15 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: infisical-managed-secrets +spec: + secretStoreRef: + kind: SecretStore + name: infisical + + target: + name: auth-api + + dataFrom: + - find: + path: DB_ diff --git a/docs/snippets/infisical-generic-secret-store.yaml b/docs/snippets/infisical-generic-secret-store.yaml new file mode 100644 index 00000000000..c3f1e7c3b2e --- /dev/null +++ b/docs/snippets/infisical-generic-secret-store.yaml @@ -0,0 +1,25 @@ +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: infisical +spec: + provider: + infisical: + auth: + universalAuthCredentials: + clientId: + key: clientId + namespace: default + name: universal-auth-credentials + clientSecret: + key: clientSecret + namespace: default + name: universal-auth-credentials + # Details to pull secrets from + secretsScope: + projectSlug: first-project-fujo + environmentSlug: dev # "dev", "staging", "prod", etc.. + # optional + secretsPath: / # Root is "/" + # optional + hostAPI: https://app.infisical.com diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index 17367e81a22..0d090e530f2 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -39,12 +39,12 @@ extra: property: G-QP38TD8K7V nav: - Introduction: - - Introduction: index.md - - Overview: introduction/overview.md - - Getting started: introduction/getting-started.md - - FAQ: introduction/faq.md - - Stability and Support: introduction/stability-support.md - - Deprecation Policy: introduction/deprecation-policy.md + - Introduction: index.md + - Overview: introduction/overview.md + - Getting started: introduction/getting-started.md + - FAQ: introduction/faq.md + - Stability and Support: introduction/stability-support.md + - Deprecation Policy: introduction/deprecation-policy.md - API: - Components: api/components.md - Core Resources: @@ -68,72 +68,73 @@ nav: - Controller Options: api/controller-options.md - Metrics: api/metrics.md - Guides: - - Introduction: guides/introduction.md - - External Secrets: - - Extract structured data: guides/all-keys-one-secret.md - - Find Secrets by Name or Metadata: guides/getallsecrets.md - - Rewriting Keys: guides/datafrom-rewrite.md - - Advanced Templating: - - v2: guides/templating.md - - v1: guides/templating-v1.md - - Kubernetes Secret Types: guides/common-k8s-secret-types.md - - "Lifecycle: ownership & deletion": guides/ownership-deletion-policy.md - - Decoding Strategies: guides/decoding-strategy.md - - Controller Classes: guides/controller-class.md - - Generators: guides/generator.md - - Push Secrets: guides/pushsecrets.md - - Operations: - - Multi Tenancy: guides/multi-tenancy.md - - Security Best Practices: guides/security-best-practices.md - - Threat Model: guides/threat-model.md - - Upgrading to v1beta1: guides/v1beta1.md - - Using Latest Image: guides/using-latest-image.md - - Disable Cluster Features: guides/disable-cluster-features.md + - Introduction: guides/introduction.md + - External Secrets: + - Extract structured data: guides/all-keys-one-secret.md + - Find Secrets by Name or Metadata: guides/getallsecrets.md + - Rewriting Keys: guides/datafrom-rewrite.md + - Advanced Templating: + - v2: guides/templating.md + - v1: guides/templating-v1.md + - Kubernetes Secret Types: guides/common-k8s-secret-types.md + - "Lifecycle: ownership & deletion": guides/ownership-deletion-policy.md + - Decoding Strategies: guides/decoding-strategy.md + - Controller Classes: guides/controller-class.md + - Generators: guides/generator.md + - Push Secrets: guides/pushsecrets.md + - Operations: + - Multi Tenancy: guides/multi-tenancy.md + - Security Best Practices: guides/security-best-practices.md + - Threat Model: guides/threat-model.md + - Upgrading to v1beta1: guides/v1beta1.md + - Using Latest Image: guides/using-latest-image.md + - Disable Cluster Features: guides/disable-cluster-features.md - Provider: - - AWS Secrets Manager: provider/aws-secrets-manager.md - - AWS Parameter Store: provider/aws-parameter-store.md - - Azure Key Vault: provider/azure-key-vault.md - - Chef: provider/chef.md - - CyberArk Conjur: provider/conjur.md - - Google Cloud Secret Manager: provider/google-secrets-manager.md - - HashiCorp Vault: provider/hashicorp-vault.md - - Kubernetes: provider/kubernetes.md - - IBM Secrets Manager: provider/ibm-secrets-manager.md - - Akeyless: provider/akeyless.md - - Yandex Certificate Manager: provider/yandex-certificate-manager.md - - Yandex Lockbox: provider/yandex-lockbox.md - - Alibaba Cloud: provider/alibaba.md - - GitLab Variables: provider/gitlab-variables.md - - Oracle Vault: provider/oracle-vault.md - - 1Password Secrets Automation: provider/1password-automation.md - - Webhook: provider/webhook.md - - Fake: provider/fake.md - - senhasegura DevOps Secrets Management (DSM): provider/senhasegura-dsm.md - - Doppler: provider/doppler.md - - Keeper Security: provider/keeper-security.md - - Cloak End 2 End Encrypted Secrets: provider/cloak.md - - Scaleway: provider/scaleway.md - - Delinea: provider/delinea.md - - Passbolt: provider/passbolt.md - - Pulumi ESC: provider/pulumi.md - - Onboardbase: provider/onboardbase.md - - Password Depot: provider-passworddepot.md - - Fortanix: provider/fortanix.md + - AWS Secrets Manager: provider/aws-secrets-manager.md + - AWS Parameter Store: provider/aws-parameter-store.md + - Azure Key Vault: provider/azure-key-vault.md + - Chef: provider/chef.md + - CyberArk Conjur: provider/conjur.md + - Google Cloud Secret Manager: provider/google-secrets-manager.md + - HashiCorp Vault: provider/hashicorp-vault.md + - Kubernetes: provider/kubernetes.md + - IBM Secrets Manager: provider/ibm-secrets-manager.md + - Akeyless: provider/akeyless.md + - Yandex Certificate Manager: provider/yandex-certificate-manager.md + - Yandex Lockbox: provider/yandex-lockbox.md + - Alibaba Cloud: provider/alibaba.md + - GitLab Variables: provider/gitlab-variables.md + - Oracle Vault: provider/oracle-vault.md + - 1Password Secrets Automation: provider/1password-automation.md + - Webhook: provider/webhook.md + - Fake: provider/fake.md + - senhasegura DevOps Secrets Management (DSM): provider/senhasegura-dsm.md + - Doppler: provider/doppler.md + - Keeper Security: provider/keeper-security.md + - Cloak End 2 End Encrypted Secrets: provider/cloak.md + - Scaleway: provider/scaleway.md + - Delinea: provider/delinea.md + - Passbolt: provider/passbolt.md + - Pulumi ESC: provider/pulumi.md + - Onboardbase: provider/onboardbase.md + - Password Depot: provider-passworddepot.md + - Fortanix: provider/fortanix.md + - Infisical: provider/infisical.md - Examples: - - FluxCD: examples/gitops-using-fluxcd.md - - Anchore Engine: examples/anchore-engine-credentials.md - - Jenkins: examples/jenkins-kubernetes-credentials.md - - BitWarden: examples/bitwarden.md + - FluxCD: examples/gitops-using-fluxcd.md + - Anchore Engine: examples/anchore-engine-credentials.md + - Jenkins: examples/jenkins-kubernetes-credentials.md + - BitWarden: examples/bitwarden.md - Community: - - Contributing: - - Developer guide: contributing/devguide.md - - Contributing Process: contributing/process.md - - Release Process: contributing/release.md - - Code of Conduct: contributing/coc.md - - Roadmap: contributing/roadmap.md - - External Resources: - - Talks: eso-talks.md - - Demos: eso-demos.md - - Blogs: eso-blogs.md + - Contributing: + - Developer guide: contributing/devguide.md + - Contributing Process: contributing/process.md + - Release Process: contributing/release.md + - Code of Conduct: contributing/coc.md + - Roadmap: contributing/roadmap.md + - External Resources: + - Talks: eso-talks.md + - Demos: eso-demos.md + - Blogs: eso-blogs.md - References: - - API specification: spec.md + - API specification: spec.md diff --git a/pkg/provider/infisical/api/api.go b/pkg/provider/infisical/api/api.go new file mode 100644 index 00000000000..298463c6ddb --- /dev/null +++ b/pkg/provider/infisical/api/api.go @@ -0,0 +1,257 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or impliec. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package api + +import ( + "bytes" + "encoding/json" + "errors" + "fmt" + "net/http" + "net/url" + "time" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + "github.com/external-secrets/external-secrets/pkg/metrics" + "github.com/external-secrets/external-secrets/pkg/provider/infisical/constants" +) + +type InfisicalClient struct { + BaseURL *url.URL + client *http.Client + token string +} + +type InfisicalApis interface { + MachineIdentityLoginViaUniversalAuth(data MachineIdentityUniversalAuthLoginRequest) (*MachineIdentityDetailsResponse, error) + GetSecretsV3(data GetSecretsV3Request) (map[string]string, error) + GetSecretByKeyV3(data GetSecretByKeyV3Request) (string, error) + RevokeAccessToken() error +} + +const UserAgentName = "k8-external-secrets-operator" +const errJSONSecretUnmarshal = "unable to unmarshal secret: %w" + +func NewAPIClient(baseURL string) (*InfisicalClient, error) { + baseParsedURL, err := url.Parse(baseURL) + if err != nil { + return nil, err + } + + api := &InfisicalClient{ + BaseURL: baseParsedURL, + client: &http.Client{ + Timeout: time.Second * 15, + }, + } + + return api, nil +} + +func (a *InfisicalClient) SetTokenViaMachineIdentity(clientID, clientSecret string) error { + if a.token != "" { + return nil + } + + loginResponse, err := a.MachineIdentityLoginViaUniversalAuth(MachineIdentityUniversalAuthLoginRequest{ + ClientID: clientID, + ClientSecret: clientSecret, + }) + if err != nil { + return err + } + + a.token = loginResponse.AccessToken + return nil +} + +func (a *InfisicalClient) RevokeAccessToken() error { + if a.token == "" { + return nil + } + if _, err := a.RevokeMachineIdentityAccessToken(RevokeMachineIdentityAccessTokenRequest{AccessToken: a.token}); err != nil { + return err + } + + a.token = "" + return nil +} + +func (a *InfisicalClient) resolveEndpoint(path string) string { + return a.BaseURL.ResolveReference(&url.URL{Path: path}).String() +} + +func (a *InfisicalClient) do(r *http.Request) (*http.Response, error) { + if a.token != "" { + r.Header.Add("Authorization", "Bearer "+a.token) + } + r.Header.Add("User-Agent", UserAgentName) + r.Header.Add("Content-Type", "application/json") + + return a.client.Do(r) +} + +func (a *InfisicalClient) MachineIdentityLoginViaUniversalAuth(data MachineIdentityUniversalAuthLoginRequest) (*MachineIdentityDetailsResponse, error) { + endpointURL := a.resolveEndpoint("api/v1/auth/universal-auth/login") + body, err := MarshalReqBody(data) + if err != nil { + return nil, err + } + + req, err := http.NewRequest(http.MethodPost, endpointURL, body) + metrics.ObserveAPICall(constants.ProviderName, "MachineIdentityLoginViaUniversalAuth", err) + if err != nil { + return nil, err + } + + rawRes, err := a.do(req) + if err != nil { + return nil, err + } + + var res MachineIdentityDetailsResponse + err = ReadAndUnmarshal(rawRes, &res) + if err != nil { + return nil, fmt.Errorf(errJSONSecretUnmarshal, err) + } + return &res, nil +} + +func (a *InfisicalClient) RevokeMachineIdentityAccessToken(data RevokeMachineIdentityAccessTokenRequest) (*RevokeMachineIdentityAccessTokenResponse, error) { + endpointURL := a.resolveEndpoint("api/v1/auth/token/revoke") + body, err := MarshalReqBody(data) + if err != nil { + return nil, err + } + + req, err := http.NewRequest(http.MethodPost, endpointURL, body) + metrics.ObserveAPICall(constants.ProviderName, "RevokeMachineIdentityAccessToken", err) + if err != nil { + return nil, err + } + + rawRes, err := a.do(req) + if err != nil { + return nil, err + } + + var res RevokeMachineIdentityAccessTokenResponse + err = ReadAndUnmarshal(rawRes, &res) + if err != nil { + return nil, fmt.Errorf(errJSONSecretUnmarshal, err) + } + return &res, nil +} + +func (a *InfisicalClient) GetSecretsV3(data GetSecretsV3Request) (map[string]string, error) { + endpointURL := a.resolveEndpoint("api/v3/secrets/raw") + + req, err := http.NewRequest(http.MethodGet, endpointURL, http.NoBody) + metrics.ObserveAPICall(constants.ProviderName, "GetSecretsV3", err) + if err != nil { + return nil, err + } + + q := req.URL.Query() + q.Add("workspaceSlug", data.ProjectSlug) + q.Add("environment", data.EnvironmentSlug) + q.Add("secretPath", data.SecretPath) + q.Add("include_imports", "true") + q.Add("expandSecretReferences", "true") + req.URL.RawQuery = q.Encode() + + rawRes, err := a.do(req) + if err != nil { + return nil, err + } + + var res GetSecretsV3Response + err = ReadAndUnmarshal(rawRes, &res) + if err != nil { + return nil, fmt.Errorf(errJSONSecretUnmarshal, err) + } + + secrets := make(map[string]string) + for _, s := range res.ImportedSecrets { + for _, el := range s.Secrets { + secrets[el.SecretKey] = el.SecretValue + } + } + for _, el := range res.Secrets { + secrets[el.SecretKey] = el.SecretValue + } + + return secrets, nil +} + +func (a *InfisicalClient) GetSecretByKeyV3(data GetSecretByKeyV3Request) (string, error) { + endpointURL := a.resolveEndpoint(fmt.Sprintf("api/v3/secrets/raw/%s", data.SecretKey)) + + req, err := http.NewRequest(http.MethodGet, endpointURL, http.NoBody) + metrics.ObserveAPICall(constants.ProviderName, "GetSecretByKeyV3", err) + if err != nil { + return "", err + } + + q := req.URL.Query() + q.Add("workspaceSlug", data.ProjectSlug) + q.Add("environment", data.EnvironmentSlug) + q.Add("secretPath", data.SecretPath) + q.Add("include_imports", "true") + req.URL.RawQuery = q.Encode() + + rawRes, err := a.do(req) + if err != nil { + return "", err + } + if rawRes.StatusCode == 400 { + var errRes InfisicalAPIErrorResponse + err = ReadAndUnmarshal(rawRes, &errRes) + if err != nil { + return "", fmt.Errorf(errJSONSecretUnmarshal, err) + } + + if errRes.Message == "Secret not found" { + return "", esv1beta1.NoSecretError{} + } + return "", errors.New(errRes.Message) + } + + var res GetSecretByKeyV3Response + err = ReadAndUnmarshal(rawRes, &res) + if err != nil { + return "", fmt.Errorf(errJSONSecretUnmarshal, err) + } + + return res.Secret.SecretValue, nil +} + +func MarshalReqBody(data any) (*bytes.Reader, error) { + body, err := json.Marshal(data) + if err != nil { + return nil, err + } + return bytes.NewReader(body), nil +} + +func ReadAndUnmarshal(resp *http.Response, target any) error { + var buf bytes.Buffer + defer resp.Body.Close() + _, err := buf.ReadFrom(resp.Body) + if err != nil { + return err + } + return json.Unmarshal(buf.Bytes(), target) +} diff --git a/pkg/provider/infisical/api/api_models.go b/pkg/provider/infisical/api/api_models.go new file mode 100644 index 00000000000..f45ca88b366 --- /dev/null +++ b/pkg/provider/infisical/api/api_models.go @@ -0,0 +1,87 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or impliec. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package api + +type MachineIdentityUniversalAuthRefreshRequest struct { + AccessToken string `json:"accessToken"` +} + +type MachineIdentityDetailsResponse struct { + AccessToken string `json:"accessToken"` + ExpiresIn int `json:"expiresIn"` + AccessTokenMaxTTL int `json:"accessTokenMaxTTL"` + TokenType string `json:"tokenType"` +} + +type MachineIdentityUniversalAuthLoginRequest struct { + ClientID string `json:"clientId"` + ClientSecret string `json:"clientSecret"` +} + +type RevokeMachineIdentityAccessTokenRequest struct { + AccessToken string `json:"accessToken"` +} + +type RevokeMachineIdentityAccessTokenResponse struct { + Message string `json:"message"` +} + +type GetSecretByKeyV3Request struct { + EnvironmentSlug string `json:"environment"` + ProjectSlug string `json:"workspaceSlug"` + SecretPath string `json:"secretPath"` + SecretKey string `json:"secretKey"` +} + +type GetSecretByKeyV3Response struct { + Secret SecretsV3 `json:"secret"` +} + +type GetSecretsV3Request struct { + EnvironmentSlug string `json:"environment"` + ProjectSlug string `json:"workspaceSlug"` + SecretPath string `json:"secretPath"` +} + +type GetSecretsV3Response struct { + Secrets []SecretsV3 `json:"secrets"` + ImportedSecrets []ImportedSecretV3 `json:"imports,omitempty"` + Modified bool `json:"modified,omitempty"` + ETag string `json:"ETag,omitempty"` +} + +type SecretsV3 struct { + ID string `json:"id"` + Workspace string `json:"workspace"` + Environment string `json:"environment"` + Version int `json:"version"` + Type string `json:"string"` + SecretKey string `json:"secretKey"` + SecretValue string `json:"secretValue"` + SecretComment string `json:"secretComment"` +} + +type ImportedSecretV3 struct { + Environment string `json:"environment"` + FolderID string `json:"folderId"` + SecretPath string `json:"secretPath"` + Secrets []SecretsV3 `json:"secrets"` +} + +type InfisicalAPIErrorResponse struct { + StatusCode int `json:"statusCode"` + Message string `json:"message"` + Error any `json:"error"` +} diff --git a/pkg/provider/infisical/client.go b/pkg/provider/infisical/client.go new file mode 100644 index 00000000000..1df25256044 --- /dev/null +++ b/pkg/provider/infisical/client.go @@ -0,0 +1,170 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or impliec. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package infisical + +import ( + "context" + "encoding/json" + "errors" + "fmt" + "strings" + + "github.com/tidwall/gjson" + corev1 "k8s.io/api/core/v1" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + "github.com/external-secrets/external-secrets/pkg/find" + "github.com/external-secrets/external-secrets/pkg/provider/infisical/api" +) + +var ( + errNotImplemented = errors.New("not implemented") + errPropertyNotFound = "property %s does not exist in secret %s" + errTagsNotImplemented = errors.New("find by tags not supported") +) + +func getPropertyValue(jsonData, propertyName, keyName string) ([]byte, error) { + result := gjson.Get(jsonData, propertyName) + if !result.Exists() { + return nil, fmt.Errorf(errPropertyNotFound, propertyName, keyName) + } + return []byte(result.Str), nil +} + +// if GetSecret returns an error with type NoSecretError. +// then the secret entry will be deleted depending on the deletionPolicy. +func (p *Provider) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { + secret, err := p.apiClient.GetSecretByKeyV3(api.GetSecretByKeyV3Request{ + EnvironmentSlug: p.apiScope.EnvironmentSlug, + ProjectSlug: p.apiScope.ProjectSlug, + SecretPath: p.apiScope.SecretPath, + SecretKey: ref.Key, + }) + + if err != nil { + return nil, err + } + + if ref.Property != "" { + propertyValue, err := getPropertyValue(secret, ref.Property, ref.Key) + if err != nil { + return nil, err + } + + return propertyValue, nil + } + + return []byte(secret), nil +} + +// GetSecretMap returns multiple k/v pairs from the provider. +func (p *Provider) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { + secret, err := p.GetSecret(ctx, ref) + if err != nil { + return nil, err + } + + kv := make(map[string]json.RawMessage) + err = json.Unmarshal(secret, &kv) + if err != nil { + return nil, fmt.Errorf("unable to unmarshal secret %s: %w", ref.Key, err) + } + secretData := make(map[string][]byte) + for k, v := range kv { + var strVal string + err = json.Unmarshal(v, &strVal) + if err == nil { + secretData[k] = []byte(strVal) + } else { + secretData[k] = v + } + } + return secretData, nil +} + +// GetAllSecrets returns multiple k/v pairs from the provider. +func (p *Provider) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error) { + if ref.Tags != nil { + return nil, errTagsNotImplemented + } + + secrets, err := p.apiClient.GetSecretsV3(api.GetSecretsV3Request{ + EnvironmentSlug: p.apiScope.EnvironmentSlug, + ProjectSlug: p.apiScope.ProjectSlug, + SecretPath: p.apiScope.SecretPath, + }) + if err != nil { + return nil, err + } + + secretMap := make(map[string][]byte) + for key, value := range secrets { + secretMap[key] = []byte(value) + } + if ref.Name == nil && ref.Path == nil { + return secretMap, nil + } + + var matcher *find.Matcher + if ref.Name != nil { + m, err := find.New(*ref.Name) + if err != nil { + return nil, err + } + matcher = m + } + + selected := map[string][]byte{} + for key, value := range secrets { + if (matcher != nil && !matcher.MatchName(key)) || (ref.Path != nil && !strings.HasPrefix(key, *ref.Path)) { + continue + } + selected[key] = []byte(value) + } + return selected, nil +} + +// Validate checks if the client is configured correctly. +// and is able to retrieve secrets from the provider. +// If the validation result is unknown it will be ignored. +func (p *Provider) Validate() (esv1beta1.ValidationResult, error) { + // try to fetch the secrets to ensure provided credentials has access to read secrets + _, err := p.apiClient.GetSecretsV3(api.GetSecretsV3Request{ + EnvironmentSlug: p.apiScope.EnvironmentSlug, + ProjectSlug: p.apiScope.ProjectSlug, + SecretPath: p.apiScope.SecretPath, + }) + + if err != nil { + return esv1beta1.ValidationResultError, fmt.Errorf("cannot read secrets with provided project scope project:%s environment:%s secret-path:%s, %w", p.apiScope.ProjectSlug, p.apiScope.EnvironmentSlug, p.apiScope.SecretPath, err) + } + + return esv1beta1.ValidationResultReady, nil +} + +// PushSecret will write a single secret into the provider. +func (p *Provider) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { + return errNotImplemented +} + +// DeleteSecret will delete the secret from a provider. +func (p *Provider) DeleteSecret(ctx context.Context, remoteRef esv1beta1.PushSecretRemoteRef) error { + return errNotImplemented +} + +// SecretExists checks if a secret is already present in the provider at the given location. +func (p *Provider) SecretExists(ctx context.Context, remoteRef esv1beta1.PushSecretRemoteRef) (bool, error) { + return false, errNotImplemented +} diff --git a/pkg/provider/infisical/constants/constants.go b/pkg/provider/infisical/constants/constants.go new file mode 100644 index 00000000000..987fbe370e1 --- /dev/null +++ b/pkg/provider/infisical/constants/constants.go @@ -0,0 +1,19 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or impliec. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package constants + +const ( + UniversalAuth = "universal-auth" + ProviderName = "infisical" +) diff --git a/pkg/provider/infisical/fake/fake.go b/pkg/provider/infisical/fake/fake.go new file mode 100644 index 00000000000..888f8c74b40 --- /dev/null +++ b/pkg/provider/infisical/fake/fake.go @@ -0,0 +1,58 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or impliec. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package fake + +import ( + "errors" + "time" + + "github.com/external-secrets/external-secrets/pkg/provider/infisical/api" +) + +var ( + ErrMissingMockImplementation = errors.New("missing mock implmentation") +) + +type MockInfisicalClient struct { + MockedGetSecretV3 func(data api.GetSecretsV3Request) (map[string]string, error) + MockedGetSecretByKeyV3 func(data api.GetSecretByKeyV3Request) (string, error) +} + +func (a *MockInfisicalClient) MachineIdentityLoginViaUniversalAuth(data api.MachineIdentityUniversalAuthLoginRequest) (*api.MachineIdentityDetailsResponse, error) { + return &api.MachineIdentityDetailsResponse{ + AccessToken: "test-access-token", + ExpiresIn: int(time.Hour * 24), + TokenType: "bearer", + AccessTokenMaxTTL: int(time.Hour * 24 * 2), + }, nil +} + +func (a *MockInfisicalClient) GetSecretsV3(data api.GetSecretsV3Request) (map[string]string, error) { + if a.MockedGetSecretV3 == nil { + return nil, ErrMissingMockImplementation + } + + return a.MockedGetSecretV3(data) +} + +func (a *MockInfisicalClient) GetSecretByKeyV3(data api.GetSecretByKeyV3Request) (string, error) { + if a.MockedGetSecretByKeyV3 == nil { + return "", ErrMissingMockImplementation + } + return a.MockedGetSecretByKeyV3(data) +} + +func (a *MockInfisicalClient) RevokeAccessToken() error { + return nil +} diff --git a/pkg/provider/infisical/provider.go b/pkg/provider/infisical/provider.go new file mode 100644 index 00000000000..3fd7f90ec30 --- /dev/null +++ b/pkg/provider/infisical/provider.go @@ -0,0 +1,159 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implieclient. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package infisical + +import ( + "context" + "errors" + "fmt" + + ctrl "sigs.k8s.io/controller-runtime" + kclient "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" + "github.com/external-secrets/external-secrets/pkg/provider/infisical/api" + "github.com/external-secrets/external-secrets/pkg/provider/infisical/constants" + "github.com/external-secrets/external-secrets/pkg/utils" + "github.com/external-secrets/external-secrets/pkg/utils/resolvers" +) + +var ( + Logger = ctrl.Log.WithName("provider").WithName(constants.ProviderName) +) + +type Provider struct { + apiClient api.InfisicalApis + apiScope *InfisicalClientScope +} + +type InfisicalClientScope struct { + SecretPath string + ProjectSlug string + EnvironmentSlug string +} + +// https://github.com/external-secrets/external-secrets/issues/644 +var _ esv1beta1.SecretsClient = &Provider{} +var _ esv1beta1.Provider = &Provider{} + +func init() { + esv1beta1.Register(&Provider{}, &esv1beta1.SecretStoreProvider{ + Infisical: &esv1beta1.InfisicalProvider{}, + }) +} + +func (p *Provider) Capabilities() esv1beta1.SecretStoreCapabilities { + return esv1beta1.SecretStoreReadOnly +} + +func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube kclient.Client, namespace string) (esv1beta1.SecretsClient, error) { + storeSpec := store.GetSpec() + + if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.Infisical == nil { + return nil, errors.New("invalid infisical store") + } + + infisicalSpec := storeSpec.Provider.Infisical + + apiClient, err := api.NewAPIClient(infisicalSpec.HostAPI) + if err != nil { + return nil, err + } + + if infisicalSpec.Auth.UniversalAuthCredentials != nil { + universalAuthCredentials := infisicalSpec.Auth.UniversalAuthCredentials + clientID, err := GetStoreSecretData(ctx, store, kube, namespace, universalAuthCredentials.ClientID) + if err != nil { + return nil, err + } + + clientSecret, err := GetStoreSecretData(ctx, store, kube, namespace, universalAuthCredentials.ClientSecret) + if err != nil { + return nil, err + } + + if err := apiClient.SetTokenViaMachineIdentity(clientID, clientSecret); err != nil { + return nil, fmt.Errorf("failed to authenticate via universal auth %w", err) + } + + return &Provider{ + apiClient: apiClient, + apiScope: &InfisicalClientScope{ + SecretPath: infisicalSpec.SecretsScope.SecretsPath, + ProjectSlug: infisicalSpec.SecretsScope.ProjectSlug, + EnvironmentSlug: infisicalSpec.SecretsScope.EnvironmentSlug, + }, + }, nil + } + + return &Provider{}, errors.New("authentication method not found") +} + +func (p *Provider) Close(ctx context.Context) error { + if err := p.apiClient.RevokeAccessToken(); err != nil { + return err + } + return nil +} + +func GetStoreSecretData(ctx context.Context, store esv1beta1.GenericStore, kube kclient.Client, namespace string, secret esmeta.SecretKeySelector) (string, error) { + secretRef := esmeta.SecretKeySelector{ + Name: secret.Name, + Key: secret.Key, + } + if secret.Namespace != nil { + secretRef.Namespace = secret.Namespace + } + + secretData, err := resolvers.SecretKeyRef(ctx, kube, store.GetObjectKind().GroupVersionKind().Kind, namespace, &secretRef) + if err != nil { + return "", err + } + return secretData, nil +} + +func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error) { + storeSpec := store.GetSpec() + infisicalStoreSpec := storeSpec.Provider.Infisical + if infisicalStoreSpec == nil { + return nil, errors.New("invalid infisical store") + } + + if infisicalStoreSpec.SecretsScope.EnvironmentSlug == "" || infisicalStoreSpec.SecretsScope.ProjectSlug == "" { + return nil, errors.New("secretsScope.projectSlug and secretsScope.environmentSlug cannot be empty") + } + + if infisicalStoreSpec.Auth.UniversalAuthCredentials != nil { + uaCredential := infisicalStoreSpec.Auth.UniversalAuthCredentials + // to validate reference authentication + err := utils.ValidateReferentSecretSelector(store, uaCredential.ClientID) + if err != nil { + return nil, err + } + + err = utils.ValidateReferentSecretSelector(store, uaCredential.ClientSecret) + if err != nil { + return nil, err + } + + if uaCredential.ClientID.Key == "" || uaCredential.ClientSecret.Key == "" { + return nil, errors.New("universalAuthCredentials.clientId and universalAuthCredentials.clientSecret cannot be empty") + } + } + + return nil, nil +} diff --git a/pkg/provider/infisical/provider_test.go b/pkg/provider/infisical/provider_test.go new file mode 100644 index 00000000000..24fb3450276 --- /dev/null +++ b/pkg/provider/infisical/provider_test.go @@ -0,0 +1,238 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or impliec. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package infisical + +import ( + "context" + "errors" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + esv1meta "github.com/external-secrets/external-secrets/apis/meta/v1" + "github.com/external-secrets/external-secrets/pkg/provider/infisical/api" + "github.com/external-secrets/external-secrets/pkg/provider/infisical/fake" +) + +type storeModifier func(*esv1beta1.SecretStore) *esv1beta1.SecretStore + +var apiScope = InfisicalClientScope{ + SecretPath: "/", + ProjectSlug: "first-project", + EnvironmentSlug: "dev", +} + +type TestCases struct { + Name string + MockClient *fake.MockInfisicalClient + PropertyAccess string + Error error + Output any +} + +func TestGetSecret(t *testing.T) { + testCases := []TestCases{ + { + Name: "Get_valid_key", + MockClient: &fake.MockInfisicalClient{ + MockedGetSecretByKeyV3: func(data api.GetSecretByKeyV3Request) (string, error) { + return "value", nil + }, + }, + Error: nil, + Output: []byte("value"), + }, + { + Name: "Get_property_key", + MockClient: &fake.MockInfisicalClient{ + MockedGetSecretByKeyV3: func(data api.GetSecretByKeyV3Request) (string, error) { + return `{"key":"value"}`, nil + }, + }, + Error: nil, + Output: []byte("value"), + }, + { + Name: "Key_not_found", + MockClient: &fake.MockInfisicalClient{ + MockedGetSecretByKeyV3: func(data api.GetSecretByKeyV3Request) (string, error) { + // from server + return "", errors.New("Secret not found") + }, + }, + Error: errors.New("Secret not found"), + Output: "", + }, + } + + for _, tc := range testCases { + t.Run(tc.Name, func(t *testing.T) { + p := &Provider{ + apiClient: tc.MockClient, + apiScope: &apiScope, + } + var property string + if tc.Name == "Get_property_key" { + property = "key" + } + + output, err := p.GetSecret(context.Background(), esv1beta1.ExternalSecretDataRemoteRef{ + Key: "key", + Property: property, + }) + + if tc.Error == nil { + assert.NoError(t, err) + assert.Equal(t, tc.Output, output) + } else { + assert.ErrorAs(t, err, &tc.Error) + } + }) + } +} + +func TestGetSecretMap(t *testing.T) { + testCases := []TestCases{ + { + Name: "Get_valid_key_map", + MockClient: &fake.MockInfisicalClient{ + MockedGetSecretByKeyV3: func(data api.GetSecretByKeyV3Request) (string, error) { + return `{"key":"value"}`, nil + }, + }, + Error: nil, + Output: map[string][]byte{ + "key": []byte("value"), + }, + }, + { + Name: "Get_invalid_map", + MockClient: &fake.MockInfisicalClient{ + MockedGetSecretByKeyV3: func(data api.GetSecretByKeyV3Request) (string, error) { + return ``, nil + }, + }, + Error: errors.New("unexpected end of JSON input"), + Output: nil, + }, + } + + for _, tc := range testCases { + t.Run(tc.Name, func(t *testing.T) { + p := &Provider{ + apiClient: tc.MockClient, + apiScope: &apiScope, + } + output, err := p.GetSecretMap(context.Background(), esv1beta1.ExternalSecretDataRemoteRef{ + Key: "key", + }) + if tc.Error == nil { + assert.NoError(t, err) + assert.Equal(t, tc.Output, output) + } else { + assert.ErrorAs(t, err, &tc.Error) + } + }) + } +} + +func makeSecretStore(projectSlug, environment, secretPath string, fn ...storeModifier) *esv1beta1.SecretStore { + store := &esv1beta1.SecretStore{ + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + Infisical: &esv1beta1.InfisicalProvider{ + Auth: esv1beta1.InfisicalAuth{ + UniversalAuthCredentials: &esv1beta1.UniversalAuthCredentials{}, + }, + SecretsScope: esv1beta1.MachineIdentityScopeInWorkspace{ + SecretsPath: secretPath, + EnvironmentSlug: environment, + ProjectSlug: projectSlug, + }, + }, + }, + }, + } + for _, f := range fn { + store = f(store) + } + return store +} + +func withClientID(name, key string, namespace *string) storeModifier { + return func(store *esv1beta1.SecretStore) *esv1beta1.SecretStore { + store.Spec.Provider.Infisical.Auth.UniversalAuthCredentials.ClientID = esv1meta.SecretKeySelector{ + Name: name, + Key: key, + Namespace: namespace, + } + return store + } +} + +func withClientSecret(name, key string, namespace *string) storeModifier { + return func(store *esv1beta1.SecretStore) *esv1beta1.SecretStore { + store.Spec.Provider.Infisical.Auth.UniversalAuthCredentials.ClientSecret = esv1meta.SecretKeySelector{ + Name: name, + Key: key, + Namespace: namespace, + } + return store + } +} + +type ValidateStoreTestCase struct { + store *esv1beta1.SecretStore + assertError func(t *testing.T, err error) +} + +func TestValidateStore(t *testing.T) { + const randomID = "some-random-id" + const authType = "universal-auth" + var authCredMissingErr = errors.New("universalAuthCredentials.clientId and universalAuthCredentials.clientSecret cannot be empty") + var authScopeMissingErr = errors.New("secretsScope.projectSlug and secretsScope.environmentSlug cannot be empty") + + testCases := []ValidateStoreTestCase{ + { + store: makeSecretStore("", "", ""), + assertError: func(t *testing.T, err error) { + require.ErrorAs(t, err, &authScopeMissingErr) + }, + }, + { + store: makeSecretStore(apiScope.ProjectSlug, apiScope.EnvironmentSlug, apiScope.SecretPath, withClientID(authType, randomID, nil)), + assertError: func(t *testing.T, err error) { + require.ErrorAs(t, err, &authCredMissingErr) + }, + }, + { + store: makeSecretStore(apiScope.ProjectSlug, apiScope.EnvironmentSlug, apiScope.SecretPath, withClientSecret(authType, randomID, nil)), + assertError: func(t *testing.T, err error) { + require.ErrorAs(t, err, &authCredMissingErr) + }, + }, + { + store: makeSecretStore(apiScope.ProjectSlug, apiScope.EnvironmentSlug, apiScope.SecretPath, withClientID(authType, randomID, nil), withClientSecret(authType, randomID, nil)), + assertError: func(t *testing.T, err error) { require.NoError(t, err) }, + }, + } + p := Provider{} + for _, tc := range testCases { + _, err := p.ValidateStore(tc.store) + tc.assertError(t, err) + } +} diff --git a/pkg/provider/register/register.go b/pkg/provider/register/register.go index 80e0e4019df..1b339c99604 100644 --- a/pkg/provider/register/register.go +++ b/pkg/provider/register/register.go @@ -30,6 +30,7 @@ import ( _ "github.com/external-secrets/external-secrets/pkg/provider/gcp/secretmanager" _ "github.com/external-secrets/external-secrets/pkg/provider/gitlab" _ "github.com/external-secrets/external-secrets/pkg/provider/ibm" + _ "github.com/external-secrets/external-secrets/pkg/provider/infisical" _ "github.com/external-secrets/external-secrets/pkg/provider/keepersecurity" _ "github.com/external-secrets/external-secrets/pkg/provider/kubernetes" _ "github.com/external-secrets/external-secrets/pkg/provider/onboardbase" From f2070ee9e1697c87ec8314c496e75114181d9da0 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Wed, 12 Jun 2024 06:42:04 +0200 Subject: [PATCH 102/517] feat: kick github actions on main (#3572) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- MAINTAINERS.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/MAINTAINERS.md b/MAINTAINERS.md index a9ee31f7d2e..c0ac8c9e768 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -5,14 +5,15 @@ describes governance guidelines and maintainer responsibilities. ## Maintainers -| Maintainer | GitHub ID | Affiliation | -| --------------- | --------- | ----------- | -| RealName Here | [knelasevero](https://github.com/knelasevero) | [Company](https://www.github.com/Company/) | +| Maintainer | GitHub ID | Affiliation | +| --------------- |-------------------------------------------------| ----------- | +| RealName Here | [knelasevero](https://github.com/knelasevero) | [Company](https://www.github.com/Company/) | | RealName Here | [gusfcarvalho](https://github.com/gusfcarvalho) | [Company](https://www.github.com/Company/) | -| RealName Here | [moolen](https://github.com/moolen) | [Company](https://www.github.com/Company/) | -| RealName Here | [sebagomez](https://github.com/sebagomez) | [Company](https://www.github.com/Company/) | +| RealName Here | [moolen](https://github.com/moolen) | [Company](https://www.github.com/Company/) | +| RealName Here | [sebagomez](https://github.com/sebagomez) | [Company](https://www.github.com/Company/) | | RealName Here | [rodrmartinez](https://github.com/rodrmartinez) | [Company](https://www.github.com/Company/) | -| RealName Here | [IdanAdar](https://github.com/IdanAdar) | [Company](https://www.github.com/Company/) | +| RealName Here | [IdanAdar](https://github.com/IdanAdar) | [Company](https://www.github.com/Company/) | +| RealName Here | [Skarlso](https://github.com/Skarlso) | [Company](https://www.github.com/Company/) | ## External Secrets Operator Core Contributors & Stakeholders From dd8c004f471368705cc9a63b1cdac62ee81e9243 Mon Sep 17 00:00:00 2001 From: Victor Santos Date: Wed, 12 Jun 2024 05:24:52 -0300 Subject: [PATCH 103/517] feat: add support to set Type for AWS parameter store (#3576) Signed-off-by: Victor Santos --- docs/provider/aws-parameter-store.md | 12 ++++ .../aws-pm-push-secret-with-metadata.yaml | 21 ++++++ .../aws/parameterstore/parameterstore.go | 36 ++++++++-- .../aws/parameterstore/parameterstore_test.go | 68 ++++++++++++++++++- 4 files changed, 131 insertions(+), 6 deletions(-) create mode 100644 docs/snippets/aws-pm-push-secret-with-metadata.yaml diff --git a/docs/provider/aws-parameter-store.md b/docs/provider/aws-parameter-store.md index cf7be0b0bcf..aeff67a16bf 100644 --- a/docs/provider/aws-parameter-store.md +++ b/docs/provider/aws-parameter-store.md @@ -101,6 +101,18 @@ The SetSecret method for the Parameter Store allows the user to set the value st {% include "full-pushsecret.yaml" %} ``` +#### Additional Metadata for PushSecret + +Optionally, it is possible to configure additional options for the parameter such as `Type` and encryption Key. To control this behaviour you can set the following provider's `metadata`: + +```yaml +{% include 'aws-pm-push-secret-with-metadata.yaml' %} +``` + +`parameterStoreType` takes three options. `String`, `StringList`, and `SecureString`, where `String` is the _default_. + +`parameterStoreKeyID` takes a KMS Key `$ID` or `$ARN` (in case a key source is created in another account) as a string, where `alias/aws/ssm` is the _default_. This property is only used if `parameterStoreType` is set as `SecureString`. + #### Check successful secret sync To be able to check that the secret has been succesfully synced you can run the following command: diff --git a/docs/snippets/aws-pm-push-secret-with-metadata.yaml b/docs/snippets/aws-pm-push-secret-with-metadata.yaml new file mode 100644 index 00000000000..b4999c3d23c --- /dev/null +++ b/docs/snippets/aws-pm-push-secret-with-metadata.yaml @@ -0,0 +1,21 @@ +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: pushsecret-example # Customisable + namespace: default # Same of the SecretStores +spec: + deletionPolicy: Delete # the provider' secret will be deleted if the PushSecret is deleted + refreshInterval: 10s # Refresh interval for which push secret will reconcile + secretStoreRefs: # A list of secret stores to push secrets to + - name: aws-parameterstore + kind: SecretStore + selector: + secret: + name: pokedex-credentials # Source Kubernetes secret to be pushed + data: + - match: + remoteRef: + remoteKey: my-first-parameter # Remote reference (where the secret is going to be pushed) + metadata: + parameterStoreType: "SecureString" + parameterStoreKeyID: "bb123123-b2b0-4f60-ac3a-44a13f0e6b6c" diff --git a/pkg/provider/aws/parameterstore/parameterstore.go b/pkg/provider/aws/parameterstore/parameterstore.go index d6b6f0be9e4..5f0d2cbf9e6 100644 --- a/pkg/provider/aws/parameterstore/parameterstore.go +++ b/pkg/provider/aws/parameterstore/parameterstore.go @@ -39,6 +39,16 @@ import ( "github.com/external-secrets/external-secrets/pkg/utils" ) +// Declares metadata information for pushing secrets to AWS Parameter Store. +const ( + PushSecretType = "parameterStoreType" + ParameterStoreTypeString = "String" + ParameterStoreTypeStringList = "StringList" + ParameterStoreTypeSecureString = "SecureString" + ParameterStoreKeyID = "parameterStoreKeyID" + PushSecretKeyID = "keyID" +) + // https://github.com/external-secrets/external-secrets/issues/644 var ( _ esv1beta1.SecretsClient = &ParameterStore{} @@ -138,13 +148,27 @@ func (pm *ParameterStore) SecretExists(_ context.Context, _ esv1beta1.PushSecret } func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { - parameterType := "String" - overwrite := true - var ( value []byte err error ) + + parameterTypeFormat, err := utils.FetchValueFromMetadata(PushSecretType, data.GetMetadata(), ParameterStoreTypeString) + if err != nil { + return fmt.Errorf("failed to parse metadata: %w", err) + } + + parameterKeyIDFormat, err := utils.FetchValueFromMetadata(ParameterStoreKeyID, data.GetMetadata(), PushSecretKeyID) + if err != nil { + return fmt.Errorf("failed to parse metadata: %w", err) + } + + if parameterKeyIDFormat == "keyID" || parameterKeyIDFormat == "" { + parameterKeyIDFormat = "alias/aws/ssm" + } + + overwrite := true + key := data.GetSecretKey() if key == "" { @@ -162,10 +186,14 @@ func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, secretRequest := ssm.PutParameterInput{ Name: &secretName, Value: &stringValue, - Type: ¶meterType, + Type: ¶meterTypeFormat, Overwrite: &overwrite, } + if parameterTypeFormat == "SecureString" { + secretRequest.KeyId = ¶meterKeyIDFormat + } + secretValue := ssm.GetParameterInput{ Name: &secretName, } diff --git a/pkg/provider/aws/parameterstore/parameterstore_test.go b/pkg/provider/aws/parameterstore/parameterstore_test.go index 2dc81bcaa0e..966ac8de9c6 100644 --- a/pkg/provider/aws/parameterstore/parameterstore_test.go +++ b/pkg/provider/aws/parameterstore/parameterstore_test.go @@ -26,6 +26,7 @@ import ( "github.com/aws/aws-sdk-go/service/ssm" "github.com/google/go-cmp/cmp" corev1 "k8s.io/api/core/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" @@ -306,8 +307,9 @@ func TestPushSecret(t *testing.T) { } type args struct { - store *esv1beta1.AWSProvider - client fakeps.Client + store *esv1beta1.AWSProvider + metadata *apiextensionsv1.JSON + client fakeps.Client } type want struct { @@ -424,11 +426,73 @@ func TestPushSecret(t *testing.T) { err: nil, }, }, + "SetSecretWithValidMetadata": { + reason: "test push secret with valid parameterStoreType metadata", + args: args{ + store: makeValidParameterStore().Spec.Provider.AWS, + metadata: &apiextensionsv1.JSON{ + Raw: []byte(` + { + "parameterStoreType": "SecureString", + "parameterStoreKeyID": "arn:aws:kms:sa-east-1:00000000000:key/bb123123-b2b0-4f60-ac3a-44a13f0e6b6c" + } + `), + }, + client: fakeps.Client{ + PutParameterWithContextFn: fakeps.NewPutParameterWithContextFn(putParameterOutput, nil), + GetParameterWithContextFn: fakeps.NewGetParameterWithContextFn(sameGetParameterOutput, nil), + DescribeParametersWithContextFn: fakeps.NewDescribeParametersWithContextFn(describeParameterOutput, nil), + ListTagsForResourceWithContextFn: fakeps.NewListTagsForResourceWithContextFn(validListTagsForResourceOutput, nil), + }, + }, + want: want{ + err: nil, + }, + }, + "SetSecretWithValidMetadataListString": { + reason: "test push secret with valid parameterStoreType metadata and unused parameterStoreKeyID", + args: args{ + store: makeValidParameterStore().Spec.Provider.AWS, + metadata: &apiextensionsv1.JSON{ + Raw: []byte(`{"parameterStoreType": "StringList", "parameterStoreKeyID": "alias/aws/ssm"}`), + }, + client: fakeps.Client{ + PutParameterWithContextFn: fakeps.NewPutParameterWithContextFn(putParameterOutput, nil), + GetParameterWithContextFn: fakeps.NewGetParameterWithContextFn(sameGetParameterOutput, nil), + DescribeParametersWithContextFn: fakeps.NewDescribeParametersWithContextFn(describeParameterOutput, nil), + ListTagsForResourceWithContextFn: fakeps.NewListTagsForResourceWithContextFn(validListTagsForResourceOutput, nil), + }, + }, + want: want{ + err: nil, + }, + }, + "SetSecretWithInvalidMetadata": { + reason: "test push secret with invalid metadata structure", + args: args{ + store: makeValidParameterStore().Spec.Provider.AWS, + metadata: &apiextensionsv1.JSON{ + Raw: []byte(`{ fakeMetadataKey: "" }`), + }, + client: fakeps.Client{ + PutParameterWithContextFn: fakeps.NewPutParameterWithContextFn(putParameterOutput, nil), + GetParameterWithContextFn: fakeps.NewGetParameterWithContextFn(sameGetParameterOutput, nil), + DescribeParametersWithContextFn: fakeps.NewDescribeParametersWithContextFn(describeParameterOutput, nil), + ListTagsForResourceWithContextFn: fakeps.NewListTagsForResourceWithContextFn(validListTagsForResourceOutput, nil), + }, + }, + want: want{ + err: fmt.Errorf("failed to parse metadata: failed to parse JSON raw data: invalid character 'f' looking for beginning of object key string"), + }, + }, } for name, tc := range tests { t.Run(name, func(t *testing.T) { psd := fake.PushSecretData{SecretKey: fakeSecretKey, RemoteKey: "fake-key"} + if tc.args.metadata != nil { + psd.Metadata = tc.args.metadata + } ps := ParameterStore{ client: &tc.args.client, } From e01fc82ac257c86e9d9af597ea5ebc817cf83cad Mon Sep 17 00:00:00 2001 From: Shuhei Kitagawa Date: Wed, 12 Jun 2024 22:59:08 +0900 Subject: [PATCH 104/517] Remove shuheiktgw from maintainers (#3573) Signed-off-by: shuheiktgw --- .github/PAUL.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/PAUL.yaml b/.github/PAUL.yaml index 2585031c2a9..307f134de3f 100644 --- a/.github/PAUL.yaml +++ b/.github/PAUL.yaml @@ -5,7 +5,6 @@ maintainers: - sebagomez - rodrmartinez - IdanAdar -- shuheiktgw - skarlso - rogertuma # Emeritus Approvers From d29c001d370bb31fa21842f3f40380906240ee54 Mon Sep 17 00:00:00 2001 From: smcavallo Date: Fri, 14 Jun 2024 00:04:19 -0400 Subject: [PATCH 105/517] Add device42 provider (#3571) --- Makefile | 8 +- .../v1beta1/secretstore_device42_types.go | 38 ++++ .../v1beta1/secretstore_types.go | 4 + .../v1beta1/zz_generated.deepcopy.go | 53 +++++ ...ternal-secrets.io_clustersecretstores.yaml | 39 ++++ .../external-secrets.io_secretstores.yaml | 39 ++++ deploy/crds/bundle.yaml | 72 +++++++ docs/api/spec.md | 119 ++++++++++++ docs/introduction/stability-support.md | 2 + docs/provider/device42.md | 58 ++++++ docs/snippets/device42-external-secret.yaml | 16 ++ hack/api-docs/mkdocs.yml | 1 + pkg/provider/device42/device42.go | 182 ++++++++++++++++++ pkg/provider/device42/device42_api.go | 130 +++++++++++++ pkg/provider/device42/device42_api_test.go | 127 ++++++++++++ pkg/provider/device42/fake/fake.go | 31 +++ pkg/provider/register/register.go | 1 + 17 files changed, 916 insertions(+), 4 deletions(-) create mode 100644 apis/externalsecrets/v1beta1/secretstore_device42_types.go create mode 100644 docs/provider/device42.md create mode 100644 docs/snippets/device42-external-secret.yaml create mode 100644 pkg/provider/device42/device42.go create mode 100644 pkg/provider/device42/device42_api.go create mode 100644 pkg/provider/device42/device42_api_test.go create mode 100644 pkg/provider/device42/fake/fake.go diff --git a/Makefile b/Makefile index 646bbb4b536..3badfccca91 100644 --- a/Makefile +++ b/Makefile @@ -257,22 +257,22 @@ docker.promote: ## Promote the docker image to the registry # ==================================================================================== # Terraform -tf.plan.%: ## Runs terrform plan for a provider +tf.plan.%: ## Runs terraform plan for a provider @cd $(TF_DIR)/$*; \ terraform init; \ terraform plan -tf.apply.%: ## Runs terrform apply for a provider +tf.apply.%: ## Runs terraform apply for a provider @cd $(TF_DIR)/$*; \ terraform init; \ terraform apply -auto-approve -tf.destroy.%: ## Runs terrform destroy for a provider +tf.destroy.%: ## Runs terraform destroy for a provider @cd $(TF_DIR)/$*; \ terraform init; \ terraform destroy -auto-approve -tf.show.%: ## Runs terrform show for a provider and outputs to a file +tf.show.%: ## Runs terraform show for a provider and outputs to a file @cd $(TF_DIR)/$*; \ terraform init; \ terraform plan -out tfplan.binary; \ diff --git a/apis/externalsecrets/v1beta1/secretstore_device42_types.go b/apis/externalsecrets/v1beta1/secretstore_device42_types.go new file mode 100644 index 00000000000..c311f75c55f --- /dev/null +++ b/apis/externalsecrets/v1beta1/secretstore_device42_types.go @@ -0,0 +1,38 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" +) + +// Device42Provider configures a store to sync secrets with a Device42 instance. +type Device42Provider struct { + // URL configures the Device42 instance URL. + Host string `json:"host"` + + // Auth configures how secret-manager authenticates with a Device42 instance. + Auth Device42Auth `json:"auth"` +} + +type Device42Auth struct { + SecretRef Device42SecretRef `json:"secretRef"` +} + +type Device42SecretRef struct { + // Username / Password is used for authentication. + // +optional + Credentials esmeta.SecretKeySelector `json:"credentials,omitempty"` +} diff --git a/apis/externalsecrets/v1beta1/secretstore_types.go b/apis/externalsecrets/v1beta1/secretstore_types.go index c168f755746..4b13a7ad3d0 100644 --- a/apis/externalsecrets/v1beta1/secretstore_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_types.go @@ -164,6 +164,10 @@ type SecretStoreProvider struct { // +optional Passbolt *PassboltProvider `json:"passbolt,omitempty"` + // Device42 configures this store to sync secrets using the Device42 provider + // +optional + Device42 *Device42Provider `json:"device42,omitempty"` + // Infisical configures this store to sync secrets using the Infisical provider // +optional Infisical *InfisicalProvider `json:"infisical,omitempty"` diff --git a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go index a1f5b66884c..2bb5ddd6b45 100644 --- a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go @@ -867,6 +867,54 @@ func (in *DelineaProviderSecretRef) DeepCopy() *DelineaProviderSecretRef { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Device42Auth) DeepCopyInto(out *Device42Auth) { + *out = *in + in.SecretRef.DeepCopyInto(&out.SecretRef) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Device42Auth. +func (in *Device42Auth) DeepCopy() *Device42Auth { + if in == nil { + return nil + } + out := new(Device42Auth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Device42Provider) DeepCopyInto(out *Device42Provider) { + *out = *in + in.Auth.DeepCopyInto(&out.Auth) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Device42Provider. +func (in *Device42Provider) DeepCopy() *Device42Provider { + if in == nil { + return nil + } + out := new(Device42Provider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Device42SecretRef) DeepCopyInto(out *Device42SecretRef) { + *out = *in + in.Credentials.DeepCopyInto(&out.Credentials) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Device42SecretRef. +func (in *Device42SecretRef) DeepCopy() *Device42SecretRef { + if in == nil { + return nil + } + out := new(Device42SecretRef) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DopplerAuth) DeepCopyInto(out *DopplerAuth) { *out = *in @@ -2357,6 +2405,11 @@ func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider) { *out = new(PassboltProvider) (*in).DeepCopyInto(*out) } + if in.Device42 != nil { + in, out := &in.Device42, &out.Device42 + *out = new(Device42Provider) + (*in).DeepCopyInto(*out) + } if in.Infisical != nil { in, out := &in.Infisical, &out.Infisical *out = new(InfisicalProvider) diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 2b6ccc9a674..1683d3a99d6 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2569,6 +2569,45 @@ spec: - clientSecret - tenant type: object + device42: + description: Device42 configures this store to sync secrets using + the Device42 provider + properties: + auth: + description: Auth configures how secret-manager authenticates + with a Device42 instance. + properties: + secretRef: + properties: + credentials: + description: Username / Password is used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + required: + - secretRef + type: object + host: + description: URL configures the Device42 instance URL. + type: string + required: + - auth + - host + type: object doppler: description: Doppler configures this store to sync secrets using the Doppler provider diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index d650808b8bb..4f37bfc1dd6 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2569,6 +2569,45 @@ spec: - clientSecret - tenant type: object + device42: + description: Device42 configures this store to sync secrets using + the Device42 provider + properties: + auth: + description: Auth configures how secret-manager authenticates + with a Device42 instance. + properties: + secretRef: + properties: + credentials: + description: Username / Password is used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + required: + - secretRef + type: object + host: + description: URL configures the Device42 instance URL. + type: string + required: + - auth + - host + type: object doppler: description: Doppler configures this store to sync secrets using the Doppler provider diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 54e5bfdf385..81e2ed5325f 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -3056,6 +3056,42 @@ spec: - clientSecret - tenant type: object + device42: + description: Device42 configures this store to sync secrets using the Device42 provider + properties: + auth: + description: Auth configures how secret-manager authenticates with a Device42 instance. + properties: + secretRef: + properties: + credentials: + description: Username / Password is used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + required: + - secretRef + type: object + host: + description: URL configures the Device42 instance URL. + type: string + required: + - auth + - host + type: object doppler: description: Doppler configures this store to sync secrets using the Doppler provider properties: @@ -8502,6 +8538,42 @@ spec: - clientSecret - tenant type: object + device42: + description: Device42 configures this store to sync secrets using the Device42 provider + properties: + auth: + description: Auth configures how secret-manager authenticates with a Device42 instance. + properties: + secretRef: + properties: + credentials: + description: Username / Password is used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + required: + - secretRef + type: object + host: + description: URL configures the Device42 instance URL. + type: string + required: + - auth + - host + type: object doppler: description: Doppler configures this store to sync secrets using the Doppler provider properties: diff --git a/docs/api/spec.md b/docs/api/spec.md index efd79408a30..69fa80ff7db 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -2234,6 +2234,111 @@ External Secrets meta/v1.SecretKeySelector +

Device42Auth +

+

+(Appears on: +Device42Provider) +

+

+

+ + + + + + + + + + + + + +
FieldDescription
+secretRef
+ + +Device42SecretRef + + +		 +
+

Device42Provider +

+

+(Appears on: +SecretStoreProvider) +

+

+

Device42Provider configures a store to sync secrets with a Device42 instance.

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+host
+ +string + +		 +

URL configures the Device42 instance URL.

+
+auth
+ + +Device42Auth + + +		 +

Auth configures how secret-manager authenticates with a Device42 instance.

+
+

Device42SecretRef +

+

+(Appears on: +Device42Auth) +

+

+

+ + + + + + + + + + + + + +
FieldDescription
+credentials
+ + +External Secrets meta/v1.SecretKeySelector + + +		 +(Optional) +

Username / Password is used for authentication.

+

DopplerAuth

@@ -6192,6 +6297,20 @@ PassboltProvider +device42
+ + +Device42Provider + + + + +(Optional) +

Device42 configures this store to sync secrets using the Device42 provider

+ + + + infisical
diff --git a/docs/introduction/stability-support.md b/docs/introduction/stability-support.md index eb639b0a557..9388fdfd42e 100644 --- a/docs/introduction/stability-support.md +++ b/docs/introduction/stability-support.md @@ -56,6 +56,7 @@ The following table describes the stability level of each provider and who's res | [Pulumi ESC](https://external-secrets.io/latest/provider/pulumi) | alpha | [@dirien](https://github.com/dirien) | | [Passbolt](https://external-secrets.io/latest/provider/passbolt) | alpha | | | [Infisical](https://external-secrets.io/latest/provider/infisical) | alpha | [@akhilmhdh](https://github.com/akhilmhdh) | +| [Device42](https://external-secrets.io/latest/provider/device42) | alpha | | ## Provider Feature Support @@ -86,6 +87,7 @@ The following table show the support for features across different providers. | Pulumi ESC | x | | | | x | | | | Passbolt | x | | | | x | | | | Infisical | x | | | x | x | | | +| Device42 | | | | | x | | | ## Support Policy diff --git a/docs/provider/device42.md b/docs/provider/device42.md new file mode 100644 index 00000000000..94c35c8e3a6 --- /dev/null +++ b/docs/provider/device42.md @@ -0,0 +1,58 @@ +External Secrets Operator integrates with [Device42 API](https://api.device42.com/#!/Passwords/getPassword) to sync Device42 secrets into a Kubernetes cluster. + + +### Authentication + +`username` and `password` is required to talk to the Device42 API. + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: device42-credentials +data: + username: dGVzdA== # "test" + password: dGVzdA== # "test" +``` + +### Creating a SecretStore + +```yaml +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: device42-secret-store +spec: + provider: + device42: + host: + auth: + secretRef: + credentials: + name: + key: + namespace: +``` + +### Referencing Secrets + +Secrets can be referenced by defining the `key` containing the Id of the secret. +The `password` field is return from device42 + +```yaml +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: device42-external-secret +spec: + refreshInterval: 5m + secretStoreRef: + kind: SecretStore + name: device42-secret-store + target: + name: + data: + - secretKey: + remoteRef: + key: +``` diff --git a/docs/snippets/device42-external-secret.yaml b/docs/snippets/device42-external-secret.yaml new file mode 100644 index 00000000000..6a2080a5bfb --- /dev/null +++ b/docs/snippets/device42-external-secret.yaml @@ -0,0 +1,16 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: device42-find-by-id +spec: + refreshInterval: 10s + secretStoreRef: + # This name must match the metadata.name in the `SecretStore` + name: device42 + kind: SecretStore + target: + name: k8s-secret-to-be-created + data: + - secretKey: K8S_PASSWORD + remoteRef: + key: "12345" diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index 0d090e530f2..0dbb8015a0f 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -95,6 +95,7 @@ nav: - Azure Key Vault: provider/azure-key-vault.md - Chef: provider/chef.md - CyberArk Conjur: provider/conjur.md + - Device42: provider/device42.md - Google Cloud Secret Manager: provider/google-secrets-manager.md - HashiCorp Vault: provider/hashicorp-vault.md - Kubernetes: provider/kubernetes.md diff --git a/pkg/provider/device42/device42.go b/pkg/provider/device42/device42.go new file mode 100644 index 00000000000..dcd2c04f1ea --- /dev/null +++ b/pkg/provider/device42/device42.go @@ -0,0 +1,182 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package device42 + +import ( + "context" + "fmt" + "time" + + corev1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/types" + kclient "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + "github.com/external-secrets/external-secrets/pkg/utils" +) + +const ( + errNotImplemented = "not implemented" + errUninitializedProvider = "unable to get device42 client" + errCredSecretName = "credentials are empty" + errInvalidClusterStoreMissingSAKNamespace = "invalid clusterStore missing SAK namespace" + errFetchSAKSecret = "couldn't find secret on cluster: %w" + errMissingSAK = "missing credentials while setting auth" +) + +type Client interface { + GetSecret(secretID string) (D42Password, error) +} + +// Device42 Provider struct with reference to a Device42 client. +type Device42 struct { + client Client +} + +func (p *Device42) ValidateStore(esv1beta1.GenericStore) (admission.Warnings, error) { + return nil, nil +} + +func (p *Device42) Capabilities() esv1beta1.SecretStoreCapabilities { + return esv1beta1.SecretStoreReadOnly +} + +// Client for interacting with kubernetes. +type device42Client struct { + kube kclient.Client + store *esv1beta1.Device42Provider + namespace string + storeKind string +} +type Provider struct{} + +func (c *device42Client) getAuth(ctx context.Context) (string, string, error) { + credentialsSecret := &corev1.Secret{} + credentialsSecretName := c.store.Auth.SecretRef.Credentials.Name + if credentialsSecretName == "" { + return "", "", fmt.Errorf(errCredSecretName) + } + objectKey := types.NamespacedName{ + Name: credentialsSecretName, + Namespace: c.namespace, + } + // only ClusterStore is allowed to set namespace (and then it's required) + if c.storeKind == esv1beta1.ClusterSecretStoreKind { + if c.store.Auth.SecretRef.Credentials.Namespace == nil { + return "", "", fmt.Errorf(errInvalidClusterStoreMissingSAKNamespace) + } + objectKey.Namespace = *c.store.Auth.SecretRef.Credentials.Namespace + } + + err := c.kube.Get(ctx, objectKey, credentialsSecret) + if err != nil { + return "", "", fmt.Errorf(errFetchSAKSecret, err) + } + + username := credentialsSecret.Data["username"] + password := credentialsSecret.Data["password"] + if len(username) == 0 || len(password) == 0 { + return "", "", fmt.Errorf(errMissingSAK) + } + + return string(username), string(password), nil +} + +// NewDevice42Provider returns a reference to a new instance of a 'Device42' struct. +func NewDevice42Provider() *Device42 { + return &Device42{} +} + +func (p *Device42) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube kclient.Client, namespace string) (esv1beta1.SecretsClient, error) { + storeSpec := store.GetSpec() + if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.Device42 == nil { + return nil, fmt.Errorf("no store type or wrong store type") + } + storeSpecDevice42 := storeSpec.Provider.Device42 + + cliStore := device42Client{ + kube: kube, + store: storeSpecDevice42, + namespace: namespace, + storeKind: store.GetObjectKind().GroupVersionKind().Kind, + } + + username, password, err := cliStore.getAuth(ctx) + if err != nil { + return nil, err + } + // Create a new client using credentials and options + p.client = NewAPI(storeSpecDevice42.Host, username, password, "443") + + return p, nil +} + +func (p *Device42) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { + return false, fmt.Errorf(errNotImplemented) +} + +func (p *Device42) Validate() (esv1beta1.ValidationResult, error) { + timeout := 15 * time.Second + url := fmt.Sprintf("https://%s:%s", p.client.(*API).baseURL, p.client.(*API).hostPort) + + if err := utils.NetworkValidate(url, timeout); err != nil { + return esv1beta1.ValidationResultError, err + } + return esv1beta1.ValidationResultReady, nil +} + +func (p *Device42) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { + return fmt.Errorf(errNotImplemented) +} + +func (p *Device42) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { + return nil, fmt.Errorf(errNotImplemented) +} + +func (p *Device42) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { + return fmt.Errorf(errNotImplemented) +} + +func (p *Device42) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { + if utils.IsNil(p.client) { + return nil, fmt.Errorf(errUninitializedProvider) + } + + data, err := p.client.GetSecret(ref.Key) + if err != nil { + return nil, err + } + return []byte(data.Password), nil +} + +func (p *Device42) GetSecretMap(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { + data, err := p.client.GetSecret(ref.Key) + if err != nil { + return nil, fmt.Errorf("error getting secret %s: %w", ref.Key, err) + } + + return data.ToMap(), nil +} + +func (p *Device42) Close(_ context.Context) error { + return nil +} + +func init() { + esv1beta1.Register(&Device42{}, &esv1beta1.SecretStoreProvider{ + Device42: &esv1beta1.Device42Provider{}, + }) +} diff --git a/pkg/provider/device42/device42_api.go b/pkg/provider/device42/device42_api.go new file mode 100644 index 00000000000..873f67a1ee0 --- /dev/null +++ b/pkg/provider/device42/device42_api.go @@ -0,0 +1,130 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package device42 + +import ( + "bytes" + "context" + "crypto/tls" + "encoding/json" + "fmt" + "net/http" + "strconv" + "time" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" +) + +const ( + DoRequestError = "error: do request: %w" + errJSONSecretUnmarshal = "unable to unmarshal secret: %w" +) + +type HTTPClient interface { + Do(*http.Request) (*http.Response, error) +} + +type API struct { + client HTTPClient + baseURL string + hostPort string + password string + username string +} + +type D42PasswordResponse struct { + Passwords []D42Password +} + +type D42Password struct { + Password string `json:"password"` + ID int `json:"id"` +} + +func NewAPI(baseURL, username, password, hostPort string) *API { + api := &API{ + baseURL: baseURL, + hostPort: hostPort, + username: username, + password: password, + } + tr := &http.Transport{ + TLSClientConfig: &tls.Config{MinVersion: tls.VersionTLS12}, + } + + api.client = &http.Client{Transport: tr} + return api +} + +func (api *API) doAuthenticatedRequest(r *http.Request) (*http.Response, error) { + r.SetBasicAuth(api.username, api.password) + return api.client.Do(r) +} + +func ReadAndUnmarshal(resp *http.Response, target any) error { + var buf bytes.Buffer + defer func() { + err := resp.Body.Close() + if err != nil { + return + } + }() + if resp.StatusCode < 200 || resp.StatusCode > 299 { + return fmt.Errorf("failed to authenticate with the given credentials: %d %s", resp.StatusCode, buf.String()) + } + _, err := buf.ReadFrom(resp.Body) + if err != nil { + return err + } + return json.Unmarshal(buf.Bytes(), target) +} + +func (api *API) GetSecret(secretID string) (D42Password, error) { + // https://api.device42.com/#!/Passwords/getPassword + endpointURL := fmt.Sprintf("https://%s:%s/api/1.0/passwords/?id=%s&plain_text=yes", api.baseURL, api.hostPort, secretID) + ctx, cancel := context.WithTimeout(context.Background(), time.Second*30) + defer cancel() + readSecretRequest, err := http.NewRequestWithContext(ctx, "GET", endpointURL, http.NoBody) + if err != nil { + return D42Password{}, fmt.Errorf("error: creating secrets request: %w", err) + } + + respSecretRead, err := api.doAuthenticatedRequest(readSecretRequest) //nolint:bodyclose // linters bug + if err != nil { + return D42Password{}, fmt.Errorf(DoRequestError, err) + } + + d42PasswordResponse := D42PasswordResponse{} + err = ReadAndUnmarshal(respSecretRead, &d42PasswordResponse) + if err != nil { + return D42Password{}, fmt.Errorf(errJSONSecretUnmarshal, err) + } + if len(d42PasswordResponse.Passwords) == 0 { + return D42Password{}, err + } + // There should only be one response + return d42PasswordResponse.Passwords[0], err +} + +func (api *API) GetSecretMap(_ context.Context, _ esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { + return nil, fmt.Errorf(errNotImplemented) +} + +func (s D42Password) ToMap() map[string][]byte { + m := make(map[string][]byte) + m["password"] = []byte(s.Password) + m["id"] = []byte(strconv.Itoa(s.ID)) + return m +} diff --git a/pkg/provider/device42/device42_api_test.go b/pkg/provider/device42/device42_api_test.go new file mode 100644 index 00000000000..6248059c745 --- /dev/null +++ b/pkg/provider/device42/device42_api_test.go @@ -0,0 +1,127 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package device42 + +import ( + "bytes" + "encoding/json" + "net/http" + "reflect" + "testing" + + fakedevice42 "github.com/external-secrets/external-secrets/pkg/provider/device42/fake" +) + +const device42PasswordID = "12345" + +func d42PasswordResponse() D42PasswordResponse { + return D42PasswordResponse{Passwords: []D42Password{d42Password()}} +} + +func d42Password() D42Password { + return D42Password{ + Password: "test_Password", + ID: 12345, + } +} + +func TestDevice42ApiGetSecret(t *testing.T) { + type fields struct { + funcStack []func(req *http.Request) (*http.Response, error) + } + type args struct { + secretID string + } + tests := []struct { + name string + fields fields + args args + want D42Password + wantErr bool + }{ + { + name: "get secret", + fields: fields{ + funcStack: []func(req *http.Request) (*http.Response, error){ + createResponder(d42PasswordResponse(), true), //nolint:bodyclose + }, + }, + args: args{ + secretID: device42PasswordID, + }, + want: d42Password(), + wantErr: false, + }, + { + name: "bad response on secret entry", + fields: fields{ + funcStack: []func(req *http.Request) (*http.Response, error){ + createResponder([]byte("bad response body"), false), //nolint:bodyclose // linters bug + }, + }, + args: args{ + secretID: device42PasswordID, + }, + want: D42Password{}, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + api := &API{ + client: &fakedevice42.MockClient{ + FuncStack: tt.fields.funcStack, + }, + baseURL: "localhost", + hostPort: "8714", + password: "test", + username: "test", + } + got, err := api.GetSecret(tt.args.secretID) + if (err != nil) != tt.wantErr { + t.Errorf("Device42.GetSecret() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("Device42.GetSecret() = %v, want %v", got, tt.want) + } + }) + } +} + +func createResponder(payload any, withMarshal bool) func(*http.Request) (*http.Response, error) { + return func(req *http.Request) (*http.Response, error) { + var payloadBytes []byte + if withMarshal { + payloadBytes, _ = json.Marshal(payload) + } else { + payloadBytes = payload.([]byte) + } + res := http.Response{ + Status: "OK", + StatusCode: http.StatusOK, + Body: &closeableBuffer{bytes.NewReader(payloadBytes)}, + } + return &res, nil + } +} + +type closeableBuffer struct { + *bytes.Reader +} + +func (cb *closeableBuffer) Close() error { + // Here you can add any cleanup code if needed + return nil +} diff --git a/pkg/provider/device42/fake/fake.go b/pkg/provider/device42/fake/fake.go new file mode 100644 index 00000000000..ec7ce9d4739 --- /dev/null +++ b/pkg/provider/device42/fake/fake.go @@ -0,0 +1,31 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package fake + +import "net/http" + +// MockClient is the mock client. +type MockClient struct { + index int + FuncStack []func(req *http.Request) (*http.Response, error) +} + +// Do is the mock client's `Do` func. +func (m *MockClient) Do(req *http.Request) (*http.Response, error) { + res, err := m.FuncStack[m.index](req) + m.index++ + + return res, err +} diff --git a/pkg/provider/register/register.go b/pkg/provider/register/register.go index 1b339c99604..87ce099cea1 100644 --- a/pkg/provider/register/register.go +++ b/pkg/provider/register/register.go @@ -24,6 +24,7 @@ import ( _ "github.com/external-secrets/external-secrets/pkg/provider/chef" _ "github.com/external-secrets/external-secrets/pkg/provider/conjur" _ "github.com/external-secrets/external-secrets/pkg/provider/delinea" + _ "github.com/external-secrets/external-secrets/pkg/provider/device42" _ "github.com/external-secrets/external-secrets/pkg/provider/doppler" _ "github.com/external-secrets/external-secrets/pkg/provider/fake" _ "github.com/external-secrets/external-secrets/pkg/provider/fortanix" From ac0eaedf168d979fa6d6fc3a55f1b38ce8705225 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Sat, 15 Jun 2024 12:02:08 +0200 Subject: [PATCH 106/517] fix: parameter store should be called only once (#3584) --- pkg/provider/aws/parameterstore/fake/fake.go | 2 + .../aws/parameterstore/parameterstore.go | 15 +++--- .../aws/parameterstore/parameterstore_test.go | 51 ++++++++++++++++++- pkg/utils/utils.go | 12 +---- 4 files changed, 58 insertions(+), 22 deletions(-) diff --git a/pkg/provider/aws/parameterstore/fake/fake.go b/pkg/provider/aws/parameterstore/fake/fake.go index cea9cafb820..591e37167aa 100644 --- a/pkg/provider/aws/parameterstore/fake/fake.go +++ b/pkg/provider/aws/parameterstore/fake/fake.go @@ -29,6 +29,7 @@ type Client struct { GetParameterWithContextFn GetParameterWithContextFn GetParametersByPathWithContextFn GetParametersByPathWithContextFn PutParameterWithContextFn PutParameterWithContextFn + PutParameterWithContextCalledN int DeleteParameterWithContextFn DeleteParameterWithContextFn DescribeParametersWithContextFn DescribeParametersWithContextFn ListTagsForResourceWithContextFn ListTagsForResourceWithContextFn @@ -86,6 +87,7 @@ func NewDescribeParametersWithContextFn(output *ssm.DescribeParametersOutput, er } func (sm *Client) PutParameterWithContext(ctx aws.Context, input *ssm.PutParameterInput, options ...request.Option) (*ssm.PutParameterOutput, error) { + sm.PutParameterWithContextCalledN++ return sm.PutParameterWithContextFn(ctx, input, options...) } diff --git a/pkg/provider/aws/parameterstore/parameterstore.go b/pkg/provider/aws/parameterstore/parameterstore.go index 5f0d2cbf9e6..4b52bf0c5b8 100644 --- a/pkg/provider/aws/parameterstore/parameterstore.go +++ b/pkg/provider/aws/parameterstore/parameterstore.go @@ -41,12 +41,10 @@ import ( // Declares metadata information for pushing secrets to AWS Parameter Store. const ( - PushSecretType = "parameterStoreType" - ParameterStoreTypeString = "String" - ParameterStoreTypeStringList = "StringList" - ParameterStoreTypeSecureString = "SecureString" - ParameterStoreKeyID = "parameterStoreKeyID" - PushSecretKeyID = "keyID" + PushSecretType = "parameterStoreType" + StoreTypeString = "String" + StoreKeyID = "parameterStoreKeyID" + PushSecretKeyID = "keyID" ) // https://github.com/external-secrets/external-secrets/issues/644 @@ -153,12 +151,12 @@ func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, err error ) - parameterTypeFormat, err := utils.FetchValueFromMetadata(PushSecretType, data.GetMetadata(), ParameterStoreTypeString) + parameterTypeFormat, err := utils.FetchValueFromMetadata(PushSecretType, data.GetMetadata(), StoreTypeString) if err != nil { return fmt.Errorf("failed to parse metadata: %w", err) } - parameterKeyIDFormat, err := utils.FetchValueFromMetadata(ParameterStoreKeyID, data.GetMetadata(), PushSecretKeyID) + parameterKeyIDFormat, err := utils.FetchValueFromMetadata(StoreKeyID, data.GetMetadata(), PushSecretKeyID) if err != nil { return fmt.Errorf("failed to parse metadata: %w", err) } @@ -208,7 +206,6 @@ func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, // If we have a valid parameter returned to us, check its tags if existing != nil && existing.Parameter != nil { - fmt.Println("The existing value contains data:", existing.String()) tags, err := pm.getTagsByName(ctx, existing) if err != nil { return fmt.Errorf("error getting the existing tags for the parameter %v: %w", secretName, err) diff --git a/pkg/provider/aws/parameterstore/parameterstore_test.go b/pkg/provider/aws/parameterstore/parameterstore_test.go index 966ac8de9c6..4aeb307eba9 100644 --- a/pkg/provider/aws/parameterstore/parameterstore_test.go +++ b/pkg/provider/aws/parameterstore/parameterstore_test.go @@ -25,6 +25,8 @@ import ( "github.com/aws/aws-sdk-go/aws/awserr" "github.com/aws/aws-sdk-go/service/ssm" "github.com/google/go-cmp/cmp" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -239,7 +241,7 @@ func TestDeleteSecret(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - ref := fake.PushSecretData{RemoteKey: "fake-key"} + ref := fake.PushSecretData{RemoteKey: remoteKey} ps := ParameterStore{ client: &tc.args.client, } @@ -262,6 +264,9 @@ func TestDeleteSecret(t *testing.T) { }) } } + +const remoteKey = "fake-key" + func TestPushSecret(t *testing.T) { invalidParameters := errors.New(ssm.ErrCodeInvalidParameters) alreadyExistsError := errors.New(ssm.ErrCodeAlreadyExistsException) @@ -489,7 +494,7 @@ func TestPushSecret(t *testing.T) { for name, tc := range tests { t.Run(name, func(t *testing.T) { - psd := fake.PushSecretData{SecretKey: fakeSecretKey, RemoteKey: "fake-key"} + psd := fake.PushSecretData{SecretKey: fakeSecretKey, RemoteKey: remoteKey} if tc.args.metadata != nil { psd.Metadata = tc.args.metadata } @@ -513,6 +518,48 @@ func TestPushSecret(t *testing.T) { } } +func TestPushSecretCalledOnlyOnce(t *testing.T) { + fakeSecretKey := "fakeSecretKey" + fakeValue := "fakeValue" + fakeSecret := &corev1.Secret{ + Data: map[string][]byte{ + fakeSecretKey: []byte(fakeValue), + }, + } + + managedByESO := ssm.Tag{ + Key: &managedBy, + Value: &externalSecrets, + } + + putParameterOutput := &ssm.PutParameterOutput{} + validGetParameterOutput := &ssm.GetParameterOutput{ + Parameter: &ssm.Parameter{ + Value: &fakeValue, + }, + } + describeParameterOutput := &ssm.DescribeParametersOutput{} + validListTagsForResourceOutput := &ssm.ListTagsForResourceOutput{ + TagList: []*ssm.Tag{&managedByESO}, + } + + client := fakeps.Client{ + PutParameterWithContextFn: fakeps.NewPutParameterWithContextFn(putParameterOutput, nil), + GetParameterWithContextFn: fakeps.NewGetParameterWithContextFn(validGetParameterOutput, nil), + DescribeParametersWithContextFn: fakeps.NewDescribeParametersWithContextFn(describeParameterOutput, nil), + ListTagsForResourceWithContextFn: fakeps.NewListTagsForResourceWithContextFn(validListTagsForResourceOutput, nil), + } + + psd := fake.PushSecretData{SecretKey: fakeSecretKey, RemoteKey: remoteKey} + ps := ParameterStore{ + client: &client, + } + + require.NoError(t, ps.PushSecret(context.TODO(), fakeSecret, psd)) + + assert.Equal(t, 0, client.PutParameterWithContextCalledN) +} + // test the ssm<->aws interface // make sure correct values are passed and errors are handled accordingly. func TestGetSecret(t *testing.T) { diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 1a9192f1570..50218b4b54c 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -512,16 +512,6 @@ func CompareStringAndByteSlices(valueString *string, valueByte []byte) bool { if valueString == nil { return false } - stringToByteSlice := []byte(*valueString) - if len(stringToByteSlice) != len(valueByte) { - return false - } - - for sb := range valueByte { - if stringToByteSlice[sb] != valueByte[sb] { - return false - } - } - return true + return bytes.Equal(valueByte, []byte(*valueString)) } From 8ac205c0a21c905cfe412bf10395da6630406297 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Sat, 15 Jun 2024 14:49:30 +0200 Subject: [PATCH 107/517] chore: update dependencies (#3570) * update dependencies Signed-off-by: External Secrets Operator * fix: fork sprig to bump pulumi Signed-off-by: Moritz Johner --------- Signed-off-by: External Secrets Operator Signed-off-by: Moritz Johner Co-authored-by: External Secrets Operator Co-authored-by: Idan Adar Co-authored-by: Moritz Johner --- e2e/go.mod | 44 ++++++++-------- e2e/go.sum | 84 +++++++++++++++---------------- go.mod | 46 +++++++++-------- go.sum | 94 +++++++++++++++++------------------ pkg/provider/pulumi/pulumi.go | 2 +- 5 files changed, 137 insertions(+), 133 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 799b2397c1d..04a157cf98b 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -2,7 +2,10 @@ module github.com/external-secrets/external-secrets-e2e go 1.22.3 -replace github.com/external-secrets/external-secrets => ../ +replace ( + github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 + github.com/external-secrets/external-secrets => ../ +) replace ( github.com/external-secrets/external-secrets v0.0.0 => ../ @@ -44,7 +47,7 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.53.15 + github.com/aws/aws-sdk-go v1.53.19 github.com/cyberark/conjur-api-go v0.12.0 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 @@ -54,17 +57,17 @@ require ( github.com/hashicorp/vault/api v1.14.0 github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.66.0 + github.com/oracle/oci-go-sdk/v65 v65.67.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27 github.com/xanzy/go-gitlab v0.105.0 - golang.org/x/oauth2 v0.20.0 - google.golang.org/api v0.182.0 + golang.org/x/oauth2 v0.21.0 + google.golang.org/api v0.183.0 k8s.io/api v0.30.1 k8s.io/apiextensions-apiserver v0.30.1 k8s.io/apimachinery v0.30.1 k8s.io/client-go v1.5.2 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 - sigs.k8s.io/controller-runtime v0.18.3 + sigs.k8s.io/controller-runtime v0.18.4 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) @@ -74,9 +77,10 @@ require ( cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect cloud.google.com/go/iam v1.1.8 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 // indirect + dario.cat/mergo v1.0.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/adal v0.9.24 // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect @@ -137,7 +141,7 @@ require ( github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-sockaddr v1.0.6 // indirect github.com/hashicorp/hcl v1.0.1-vault-5 // indirect - github.com/huandu/xstrings v1.4.0 // indirect + github.com/huandu/xstrings v1.5.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -177,26 +181,26 @@ require ( github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/tidwall/sjson v1.2.5 // indirect - github.com/zalando/go-keyring v0.2.4 // indirect + github.com/zalando/go-keyring v0.2.5 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect go.opentelemetry.io/otel v1.27.0 // indirect go.opentelemetry.io/otel/metric v1.27.0 // indirect go.opentelemetry.io/otel/trace v1.27.0 // indirect - golang.org/x/crypto v0.23.0 // indirect - golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc // indirect - golang.org/x/net v0.25.0 // indirect + golang.org/x/crypto v0.24.0 // indirect + golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 // indirect + golang.org/x/net v0.26.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.22.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240528184218-531527333157 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 // indirect + google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect google.golang.org/grpc v1.64.0 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 5f124c13e8a..2f3bddb351d 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -48,20 +48,22 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= +dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= +dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA= @@ -100,8 +102,6 @@ github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy86 github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= -github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 h1:ly0WKARATneFzwBlTZ2lUyjtLqoOEYqt1vOlf89za/4= github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5/go.mod h1:W6DMNwPyIE3jpXDaJOvCKUT/kHPZrpl/BGiIVUILbMk= github.com/akeylesslabs/akeyless-go/v3 v3.6.3 h1:fMF8SMDiBL9CufVjLUyF1Z+Z04t5CC3KGOROSjaJ/eA= @@ -113,8 +113,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.53.15 h1:FtZmkg7xM8RfP2oY6p7xdKBYrRgkITk9yve2QV7N938= -github.com/aws/aws-sdk-go v1.53.15/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.53.19 h1:WEuWc918RXlIaPCyU11F7hH9H1ItK+8m2c/uoQNRUok= +github.com/aws/aws-sdk-go v1.53.19/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -157,6 +157,8 @@ github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCv github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/external-secrets/sprig/v3 v3.3.0 h1:uO5rmIKSjjONthpCIU8xKbBpAJd0zL/6XFEdC+JsSqU= +github.com/external-secrets/sprig/v3 v3.3.0/go.mod h1:tvPBN33djer3sQffmfEfcQdL5VYKYmetb4Zbe6wtAq8= github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= @@ -330,11 +332,10 @@ github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06A github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU= github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= -github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= +github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k= @@ -408,8 +409,8 @@ github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.66.0 h1:lW1QNPf06P/8Yt7sYims5uqj57NM+B0GezT4H1yIQnw= -github.com/oracle/oci-go-sdk/v65 v65.66.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.67.0 h1:bKcbNQyWUDiDgyE4crer3hZmiwpZ3rQnMi03jdKta/w= +github.com/oracle/oci-go-sdk/v65 v65.67.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -486,8 +487,8 @@ github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zalando/go-keyring v0.2.4 h1:wi2xxTqdiwMKbM6TWwi+uJCG/Tum2UV0jqaQhCa9/68= -github.com/zalando/go-keyring v0.2.4/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= +github.com/zalando/go-keyring v0.2.5 h1:Bc2HHpjALryKD62ppdEzaFG6VxL6Bc+5v0LYpN8Lba8= +github.com/zalando/go-keyring v0.2.5/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -531,8 +532,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -543,8 +544,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc h1:O9NuF4s+E/PvMIy+9IUZB9znFwUIXEWSstNjek6VpVg= -golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= +golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= +golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -613,8 +614,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -628,8 +629,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= -golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -694,8 +695,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -704,8 +705,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -720,8 +721,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -777,8 +778,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= +golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -807,8 +808,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.182.0 h1:if5fPvudRQ78GeRx3RayIoiuV7modtErPIZC/T2bIvE= -google.golang.org/api v0.182.0/go.mod h1:cGhjy4caqA5yXRzEhkHI8Y9mfyC2VLTlER2l08xaqtM= +google.golang.org/api v0.183.0 h1:PNMeRDwo1pJdgNcFQ9GstuLe/noWKIc89pRWRLMvLwE= +google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -856,12 +857,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240528184218-531527333157 h1:u7WMYrIrVvs0TF5yaKwKNbcJyySYf+HAIFXxWltJOXE= -google.golang.org/genproto v0.0.0-20240528184218-531527333157/go.mod h1:ubQlAQnzejB8uZzszhrTCU2Fyp6Vi7ZE5nn0c3W8+qQ= -google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw= -google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 h1:Zy9XzmMEflZ/MAaA7vNcoebnRAld7FsPW1EeBB7V0m8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 h1:HCZ6DlkKtCDAtD8ForECsY3tKuaR+p4R3grlK80uCCc= +google.golang.org/genproto v0.0.0-20240604185151-ef581f913117/go.mod h1:lesfX/+9iA+3OdqeCpoDddJaNxVB1AB6tD7EfqMmprc= +google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU= +google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -911,7 +912,6 @@ gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -944,8 +944,8 @@ k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.18.3 h1:B5Wmmo8WMWK7izei+2LlXLVDGzMwAHBNLX68lwtlSR4= -sigs.k8s.io/controller-runtime v0.18.3/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= +sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= +sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/go.mod b/go.mod index 9f0c9ccf690..18fe5bcadff 100644 --- a/go.mod +++ b/go.mod @@ -2,6 +2,8 @@ module github.com/external-secrets/external-secrets go 1.22.3 +replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 + require ( cloud.google.com/go/iam v1.1.8 cloud.google.com/go/secretmanager v1.13.1 @@ -17,7 +19,7 @@ require ( github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.53.15 + github.com/aws/aws-sdk-go v1.53.19 github.com/go-logr/logr v1.4.2 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 @@ -27,10 +29,10 @@ require ( github.com/hashicorp/vault/api/auth/approle v0.7.0 github.com/hashicorp/vault/api/auth/kubernetes v0.7.0 github.com/hashicorp/vault/api/auth/ldap v0.7.0 - github.com/huandu/xstrings v1.4.0 // indirect + github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.66.0 + github.com/oracle/oci-go-sdk/v65 v65.67.0 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.0 @@ -41,10 +43,10 @@ require ( github.com/yandex-cloud/go-sdk v0.0.0-20240529122015-8b0dc5b8bcbf github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.23.0 - golang.org/x/oauth2 v0.20.0 - google.golang.org/api v0.182.0 - google.golang.org/genproto v0.0.0-20240528184218-531527333157 + golang.org/x/crypto v0.24.0 + golang.org/x/oauth2 v0.21.0 + google.golang.org/api v0.183.0 + google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 google.golang.org/grpc v1.64.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -53,14 +55,14 @@ require ( k8s.io/apimachinery v0.30.1 k8s.io/client-go v0.30.1 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 - sigs.k8s.io/controller-runtime v0.18.3 + sigs.k8s.io/controller-runtime v0.18.4 sigs.k8s.io/controller-tools v0.15.0 ) require github.com/1Password/connect-sdk-go v1.5.3 require ( - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d @@ -83,7 +85,7 @@ require ( github.com/lestrrat-go/jwx/v2 v2.0.21 github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 github.com/passbolt/go-passbolt v0.7.0 - github.com/pulumi/esc v0.8.3 + github.com/pulumi/esc v0.9.1 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27 github.com/sethvargo/go-password v0.3.0 github.com/spf13/pflag v1.0.5 @@ -161,7 +163,7 @@ require ( github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.118.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.119.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect @@ -175,7 +177,7 @@ require ( github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect - github.com/zalando/go-keyring v0.2.4 // indirect + github.com/zalando/go-keyring v0.2.5 // indirect github.com/zclconf/go-cty v1.14.4 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect @@ -183,8 +185,8 @@ require ( go.opentelemetry.io/otel/metric v1.27.0 // indirect go.opentelemetry.io/otel/trace v1.27.0 // indirect golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect lukechampine.com/frand v1.4.2 // indirect @@ -192,7 +194,7 @@ require ( ) require ( - github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect @@ -284,14 +286,14 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc - golang.org/x/mod v0.17.0 // indirect - golang.org/x/net v0.25.0 // indirect - golang.org/x/sys v0.20.0 // indirect - golang.org/x/term v0.20.0 // indirect - golang.org/x/text v0.15.0 // indirect + golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 + golang.org/x/mod v0.18.0 // indirect + golang.org/x/net v0.26.0 // indirect + golang.org/x/sys v0.21.0 // indirect + golang.org/x/term v0.21.0 // indirect + golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.21.0 // indirect + golang.org/x/tools v0.22.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.34.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index e246200bf66..baf81ebc7ff 100644 --- a/go.sum +++ b/go.sum @@ -57,15 +57,15 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1 h1:E+OJmp2tPvt1W+amx48v1eqbjDYsgN+RzP4q16yV5eM= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.11.1/go.mod h1:a6xsAQUZg+VsS3TJ05SRp524Hs4pZ/AeFSr5ENf0Yjo= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0 h1:jBQA3cKT4L2rWMpgE7Yt3Hwh2aUj8KXjIGLxjHeYNNo= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.8.0/go.mod h1:4OG6tQ9EOP/MT0NMjDlRzWoVFxfu9rN9B2X+tlSVktg= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA= @@ -110,8 +110,6 @@ github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy86 github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/sprig/v3 v3.2.3 h1:eL2fZNezLomi0uOLqjQoN6BfsDD+fyLtgbJMAj9n6YA= -github.com/Masterminds/sprig/v3 v3.2.3/go.mod h1:rXcFaZ2zZbLRJv/xSysmlgIM1u11eBaRMhvYXJNkGuM= github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= @@ -191,8 +189,8 @@ github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinR github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.53.15 h1:FtZmkg7xM8RfP2oY6p7xdKBYrRgkITk9yve2QV7N938= -github.com/aws/aws-sdk-go v1.53.15/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.53.19 h1:WEuWc918RXlIaPCyU11F7hH9H1ItK+8m2c/uoQNRUok= +github.com/aws/aws-sdk-go v1.53.19/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -283,6 +281,8 @@ github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCv github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= +github.com/external-secrets/sprig/v3 v3.3.0 h1:uO5rmIKSjjONthpCIU8xKbBpAJd0zL/6XFEdC+JsSqU= +github.com/external-secrets/sprig/v3 v3.3.0/go.mod h1:tvPBN33djer3sQffmfEfcQdL5VYKYmetb4Zbe6wtAq8= github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= @@ -507,11 +507,10 @@ github.com/hashicorp/vault/api/auth/ldap v0.7.0/go.mod h1:pzTe33By6QLpjbofi4I2q9 github.com/hashicorp/vault/api/auth/userpass v0.7.0 h1:7Fk0qtF2NYSJyQ6EOO+Kt93dEobI30AqBrrC5wE6e+8= github.com/hashicorp/vault/api/auth/userpass v0.7.0/go.mod h1:3tZ2KAAui23OKlo5PZ+sBycoJ4wdurY6oZdQWJ0UStg= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= -github.com/huandu/xstrings v1.4.0 h1:D17IlohoQq4UcpqD7fDk80P7l+lwAmlFaBHgOipl2FU= -github.com/huandu/xstrings v1.4.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= +github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= +github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.11/go.mod h1:jmQim1M+e3UYxmgPu/WyfjB3N3VflVyUjjjwH0dnCYA= github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= @@ -636,8 +635,8 @@ github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS6 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.66.0 h1:lW1QNPf06P/8Yt7sYims5uqj57NM+B0GezT4H1yIQnw= -github.com/oracle/oci-go-sdk/v65 v65.66.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.67.0 h1:bKcbNQyWUDiDgyE4crer3hZmiwpZ3rQnMi03jdKta/w= +github.com/oracle/oci-go-sdk/v65 v65.67.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= @@ -663,10 +662,10 @@ github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0leargg github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0= github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= -github.com/pulumi/esc v0.8.3 h1:myeDL6dD/mz34zZjCL8s7d/tWHBJYxfMxDCL11MHoqc= -github.com/pulumi/esc v0.8.3/go.mod h1:v5VAPxYDa9DRwvubbzKt4ZYf5y0esWC2ccSp/AT923I= -github.com/pulumi/pulumi/sdk/v3 v3.118.0 h1:NboaaB4cNuehzsax38PO1jZOS6Mzbx/jNaDNaHPmg4c= -github.com/pulumi/pulumi/sdk/v3 v3.118.0/go.mod h1:kNea72+FQk82OjZ3yEP4dl6nbAl2ngE8PDBc0iFAaHg= +github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs= +github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c= +github.com/pulumi/pulumi/sdk/v3 v3.119.0 h1:CPP0ZxAM1WT0O5/IJF0x13ZyvFMoWJi21gqNxBrLusk= +github.com/pulumi/pulumi/sdk/v3 v3.119.0/go.mod h1:/mQJPO+HehhoSJ9O3C6eUKAGeAr+4KSrbDhLsXHKldc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -779,8 +778,8 @@ github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zalando/go-keyring v0.2.4 h1:wi2xxTqdiwMKbM6TWwi+uJCG/Tum2UV0jqaQhCa9/68= -github.com/zalando/go-keyring v0.2.4/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= +github.com/zalando/go-keyring v0.2.5 h1:Bc2HHpjALryKD62ppdEzaFG6VxL6Bc+5v0LYpN8Lba8= +github.com/zalando/go-keyring v0.2.5/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= go.mongodb.org/mongo-driver v1.15.0 h1:rJCKC8eEliewXjZGf0ddURtl7tTVy1TK3bfl0gkUSLc= @@ -836,8 +835,8 @@ golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= -golang.org/x/crypto v0.23.0 h1:dIJU/v2J8Mdglj/8rJ6UUOM3Zc9zLZxVZwwxMooUSAI= -golang.org/x/crypto v0.23.0/go.mod h1:CKFgDieR+mRhux2Lsu27y0fO304Db0wZe70UKqHu0v8= +golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= +golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -848,8 +847,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc h1:O9NuF4s+E/PvMIy+9IUZB9znFwUIXEWSstNjek6VpVg= -golang.org/x/exp v0.0.0-20240531132922-fd00a4e0eefc/go.mod h1:XtvwrStGgqGPLc4cjQfWqZHG1YFdYs6swckp8vpsjnc= +golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= +golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -875,8 +874,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.17.0 h1:zY54UmvipHiNd+pm+m0x9KhZ9hl1/7QNMyxXbc6ICqA= -golang.org/x/mod v0.17.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= +golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -926,8 +925,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= -golang.org/x/net v0.25.0 h1:d/OCCoBEUq33pjydKrGQhw7IlUPI2Oylr+8qLx49kac= -golang.org/x/net v0.25.0/go.mod h1:JkAGAh7GEvH74S6FOH42FLoXpXbE/aqXSrIQjXgsiwM= +golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= +golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -941,8 +940,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.20.0 h1:4mQdhULixXKP1rwYBW0vAijoXnkTG0BLCDRzfe1idMo= -golang.org/x/oauth2 v0.20.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= +golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1025,8 +1024,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.20.0 h1:Od9JTbYCk261bKm4M/mw7AklTlFYIa0bIp9BgSm1S8Y= -golang.org/x/sys v0.20.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= +golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -1038,8 +1037,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= -golang.org/x/term v0.20.0 h1:VnkxpohqXaOBYJtBmEppKUG6mXpi+4O6purfc2+sMhw= -golang.org/x/term v0.20.0/go.mod h1:8UkIAJTvZgivsXaD6/pH6U9ecQzZ45awqEOzuCvwpFY= +golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= +golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1056,8 +1055,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.15.0 h1:h1V/4gjBv8v9cjcR6+AR5+/cIYK5N/WAgiv4xlsEtAk= -golang.org/x/text v0.15.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1117,8 +1116,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.21.0 h1:qc0xYgIbsSDt9EyWz05J5wfa7LOVW0YTLOXrqdLAWIw= -golang.org/x/tools v0.21.0/go.mod h1:aiJjzUbINMkxbQROHiO6hDPo2LHcIPhhQsa9DLh0yGk= +golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= +golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1147,8 +1146,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.182.0 h1:if5fPvudRQ78GeRx3RayIoiuV7modtErPIZC/T2bIvE= -google.golang.org/api v0.182.0/go.mod h1:cGhjy4caqA5yXRzEhkHI8Y9mfyC2VLTlER2l08xaqtM= +google.golang.org/api v0.183.0 h1:PNMeRDwo1pJdgNcFQ9GstuLe/noWKIc89pRWRLMvLwE= +google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1198,12 +1197,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240528184218-531527333157 h1:u7WMYrIrVvs0TF5yaKwKNbcJyySYf+HAIFXxWltJOXE= -google.golang.org/genproto v0.0.0-20240528184218-531527333157/go.mod h1:ubQlAQnzejB8uZzszhrTCU2Fyp6Vi7ZE5nn0c3W8+qQ= -google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157 h1:7whR9kGa5LUwFtpLm2ArCEejtnxlGeLbAyjFY8sGNFw= -google.golang.org/genproto/googleapis/api v0.0.0-20240528184218-531527333157/go.mod h1:99sLkeliLXfdj2J75X3Ho+rrVCaJze0uwN7zDDkjPVU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157 h1:Zy9XzmMEflZ/MAaA7vNcoebnRAld7FsPW1EeBB7V0m8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240528184218-531527333157/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 h1:HCZ6DlkKtCDAtD8ForECsY3tKuaR+p4R3grlK80uCCc= +google.golang.org/genproto v0.0.0-20240604185151-ef581f913117/go.mod h1:lesfX/+9iA+3OdqeCpoDddJaNxVB1AB6tD7EfqMmprc= +google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU= +google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1264,7 +1263,6 @@ gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= @@ -1307,8 +1305,8 @@ pgregory.net/rapid v0.5.5/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.18.3 h1:B5Wmmo8WMWK7izei+2LlXLVDGzMwAHBNLX68lwtlSR4= -sigs.k8s.io/controller-runtime v0.18.3/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= +sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= +sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= sigs.k8s.io/controller-tools v0.15.0 h1:4dxdABXGDhIa68Fiwaif0vcu32xfwmgQ+w8p+5CxoAI= sigs.k8s.io/controller-tools v0.15.0/go.mod h1:8zUSS2T8Hx0APCNRhJWbS3CAQEbIxLa07khzh7pZmXM= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff --git a/pkg/provider/pulumi/pulumi.go b/pkg/provider/pulumi/pulumi.go index 33ec018d07c..78c0f4e6e71 100644 --- a/pkg/provider/pulumi/pulumi.go +++ b/pkg/provider/pulumi/pulumi.go @@ -46,7 +46,7 @@ const ( var _ esv1beta1.SecretsClient = &client{} func (c *client) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { - x, _, err := c.escClient.OpenEnvironment(ctx, c.organization, c.environment, 5*time.Minute) + x, _, err := c.escClient.OpenEnvironment(ctx, c.organization, c.environment, "", 5*time.Minute) if err != nil { return nil, err } From 199c9103db5986b5b440a4c2e3ae725efbccffb3 Mon Sep 17 00:00:00 2001 From: Tsubasa Nagasawa Date: Sun, 16 Jun 2024 19:52:10 +0900 Subject: [PATCH 108/517] feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache (#3588) * feat: Add component labels to custom resource definitions Prerequisite for restricting the CRDs cached by Informer Signed-off-by: Tsubasa Nagasawa * feat(certcontroller): Allow restricting CRDs and Webhook configs in Informer cache The certcontroller watches CRDs and Webhook configurations, and manages CA certificates for conversion webhooks of CRDs and Webhook configurations. Some clusters have a large number of CRDs and Webhook configurations installed. Additionally, some CRDs have large object sizes. Currently, the certcontroller holds all CRDs and Webhook configurations in the Informer cache. Since this includes CRDs not managed by the certcontroller for CA certificates, memory usage tends to be high. This PR adds a label to the CRDs and configures the Informer cache to hold only the CRDs and Webhook configurations restricted by the label selector. It assumes that the CRDs have a label. Depending on how the External Secrets Operator is managed, it may be possible to update the External Secrets Operator without updating the CRDs, so as a precaution, it can be turned on/off via a startup option. It is disabled by default. Signed-off-by: Tsubasa Nagasawa --------- Signed-off-by: Tsubasa Nagasawa --- .../v1beta1/clusterexternalsecret_types.go | 1 + .../v1beta1/externalsecret_types.go | 1 + .../v1beta1/secretstore_types.go | 2 ++ apis/generators/v1alpha1/generator_acr.go | 1 + apis/generators/v1alpha1/generator_ecr.go | 1 + apis/generators/v1alpha1/generator_fake.go | 1 + apis/generators/v1alpha1/generator_gcr.go | 1 + apis/generators/v1alpha1/generator_github.go | 1 + .../generators/v1alpha1/generator_password.go | 1 + apis/generators/v1alpha1/generator_vault.go | 1 + apis/generators/v1alpha1/generator_webhook.go | 1 + cmd/certcontroller.go | 24 +++++++++++++++++++ cmd/root.go | 1 + ...nal-secrets.io_clusterexternalsecrets.yaml | 2 ++ ...ternal-secrets.io_clustersecretstores.yaml | 2 ++ .../external-secrets.io_externalsecrets.yaml | 2 ++ .../external-secrets.io_secretstores.yaml | 2 ++ ...s.external-secrets.io_acraccesstokens.yaml | 2 ++ ...nal-secrets.io_ecrauthorizationtokens.yaml | 2 ++ .../generators.external-secrets.io_fakes.yaml | 2 ++ ...s.external-secrets.io_gcraccesstokens.yaml | 2 ++ ...xternal-secrets.io_githubaccesstokens.yaml | 2 ++ ...erators.external-secrets.io_passwords.yaml | 2 ++ ...ternal-secrets.io_vaultdynamicsecrets.yaml | 2 ++ ...nerators.external-secrets.io_webhooks.yaml | 2 ++ deploy/crds/bundle.yaml | 24 +++++++++++++++++++ pkg/constants/constants.go | 4 ++++ .../webhookconfig/webhookconfig.go | 9 ++++--- .../webhookconfig/webhookconfig_test.go | 6 +++-- 29 files changed, 97 insertions(+), 7 deletions(-) diff --git a/apis/externalsecrets/v1beta1/clusterexternalsecret_types.go b/apis/externalsecrets/v1beta1/clusterexternalsecret_types.go index 70e230ba3c6..31a4207f1b8 100644 --- a/apis/externalsecrets/v1beta1/clusterexternalsecret_types.go +++ b/apis/externalsecrets/v1beta1/clusterexternalsecret_types.go @@ -102,6 +102,7 @@ type ClusterExternalSecretStatus struct { // +kubebuilder:storageversion // +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=ces // +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" // +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.externalSecretSpec.secretStoreRef.name` // +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshTime` // +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` diff --git a/apis/externalsecrets/v1beta1/externalsecret_types.go b/apis/externalsecrets/v1beta1/externalsecret_types.go index b876cfcb64f..50e43941f80 100644 --- a/apis/externalsecrets/v1beta1/externalsecret_types.go +++ b/apis/externalsecrets/v1beta1/externalsecret_types.go @@ -453,6 +453,7 @@ type ExternalSecretStatus struct { // +kubebuilder:storageversion // ExternalSecret is the Schema for the external-secrets API. // +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" // +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=es // +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` // +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval` diff --git a/apis/externalsecrets/v1beta1/secretstore_types.go b/apis/externalsecrets/v1beta1/secretstore_types.go index 4b13a7ad3d0..0ac7458b7ca 100644 --- a/apis/externalsecrets/v1beta1/secretstore_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_types.go @@ -257,6 +257,7 @@ type SecretStoreStatus struct { // +kubebuilder:printcolumn:name="Capabilities",type=string,JSONPath=`.status.capabilities` // +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` // +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" // +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=ss type SecretStore struct { metav1.TypeMeta `json:",inline"` @@ -284,6 +285,7 @@ type SecretStoreList struct { // +kubebuilder:printcolumn:name="Capabilities",type=string,JSONPath=`.status.capabilities` // +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` // +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" // +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=css type ClusterSecretStore struct { metav1.TypeMeta `json:",inline"` diff --git a/apis/generators/v1alpha1/generator_acr.go b/apis/generators/v1alpha1/generator_acr.go index 6747d727ca8..744992968fd 100644 --- a/apis/generators/v1alpha1/generator_acr.go +++ b/apis/generators/v1alpha1/generator_acr.go @@ -104,6 +104,7 @@ type AzureACRServicePrincipalAuthSecretRef struct { // +kubebuilder:object:root=true // +kubebuilder:storageversion // +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" // +kubebuilder:resource:scope=Namespaced,categories={acraccesstoken},shortName=acraccesstoken type ACRAccessToken struct { metav1.TypeMeta `json:",inline"` diff --git a/apis/generators/v1alpha1/generator_ecr.go b/apis/generators/v1alpha1/generator_ecr.go index e72edf9f40c..0d828594d57 100644 --- a/apis/generators/v1alpha1/generator_ecr.go +++ b/apis/generators/v1alpha1/generator_ecr.go @@ -74,6 +74,7 @@ type AWSJWTAuth struct { // +kubebuilder:object:root=true // +kubebuilder:storageversion // +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" // +kubebuilder:resource:scope=Namespaced,categories={ecrauthorizationtoken},shortName=ecrauthorizationtoken type ECRAuthorizationToken struct { metav1.TypeMeta `json:",inline"` diff --git a/apis/generators/v1alpha1/generator_fake.go b/apis/generators/v1alpha1/generator_fake.go index f5ce8e9b453..0c0b060a821 100644 --- a/apis/generators/v1alpha1/generator_fake.go +++ b/apis/generators/v1alpha1/generator_fake.go @@ -35,6 +35,7 @@ type FakeSpec struct { // +kubebuilder:object:root=true // +kubebuilder:storageversion // +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" // +kubebuilder:resource:scope=Namespaced,categories={fake},shortName=fake type Fake struct { metav1.TypeMeta `json:",inline"` diff --git a/apis/generators/v1alpha1/generator_gcr.go b/apis/generators/v1alpha1/generator_gcr.go index 2302306942c..af4050379ae 100644 --- a/apis/generators/v1alpha1/generator_gcr.go +++ b/apis/generators/v1alpha1/generator_gcr.go @@ -52,6 +52,7 @@ type GCPWorkloadIdentity struct { // +kubebuilder:object:root=true // +kubebuilder:storageversion // +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" // +kubebuilder:resource:scope=Namespaced,categories={gcraccesstoken},shortName=gcraccesstoken type GCRAccessToken struct { metav1.TypeMeta `json:",inline"` diff --git a/apis/generators/v1alpha1/generator_github.go b/apis/generators/v1alpha1/generator_github.go index ed228791859..14815f763fb 100644 --- a/apis/generators/v1alpha1/generator_github.go +++ b/apis/generators/v1alpha1/generator_github.go @@ -41,6 +41,7 @@ type GithubSecretRef struct { // +kubebuilder:object:root=true // +kubebuilder:storageversion // +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" // +kubebuilder:resource:scope=Namespaced,categories={githubaccesstoken},shortName=githubaccesstoken type GithubAccessToken struct { metav1.TypeMeta `json:",inline"` diff --git a/apis/generators/v1alpha1/generator_password.go b/apis/generators/v1alpha1/generator_password.go index d33ba2c63d6..717d0a11738 100644 --- a/apis/generators/v1alpha1/generator_password.go +++ b/apis/generators/v1alpha1/generator_password.go @@ -52,6 +52,7 @@ type PasswordSpec struct { // +kubebuilder:object:root=true // +kubebuilder:storageversion // +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" // +kubebuilder:resource:scope=Namespaced,categories={password},shortName=password type Password struct { metav1.TypeMeta `json:",inline"` diff --git a/apis/generators/v1alpha1/generator_vault.go b/apis/generators/v1alpha1/generator_vault.go index 3f77c81a1b7..24bc599aed1 100644 --- a/apis/generators/v1alpha1/generator_vault.go +++ b/apis/generators/v1alpha1/generator_vault.go @@ -59,6 +59,7 @@ const ( // +kubebuilder:object:root=true // +kubebuilder:storageversion // +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" // +kubebuilder:resource:scope=Namespaced,categories={vaultdynamicsecret},shortName=vaultdynamicsecret type VaultDynamicSecret struct { metav1.TypeMeta `json:",inline"` diff --git a/apis/generators/v1alpha1/generator_webhook.go b/apis/generators/v1alpha1/generator_webhook.go index 5185704b931..723711d20f3 100644 --- a/apis/generators/v1alpha1/generator_webhook.go +++ b/apis/generators/v1alpha1/generator_webhook.go @@ -112,6 +112,7 @@ type SecretKeySelector struct { // +kubebuilder:object:root=true // +kubebuilder:storageversion // +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" // +kubebuilder:resource:scope=Namespaced,categories={webhook},shortName=webhookl type Webhook struct { metav1.TypeMeta `json:",inline"` diff --git a/cmd/certcontroller.go b/cmd/certcontroller.go index c87bd5f9f99..01d1f18bf85 100644 --- a/cmd/certcontroller.go +++ b/cmd/certcontroller.go @@ -22,14 +22,19 @@ import ( "github.com/spf13/cobra" "go.uber.org/zap/zapcore" + admissionregistration "k8s.io/api/admissionregistration/v1" v1 "k8s.io/api/core/v1" + apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apimachinery/pkg/labels" ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/log/zap" "sigs.k8s.io/controller-runtime/pkg/metrics/server" "sigs.k8s.io/controller-runtime/pkg/webhook" + "github.com/external-secrets/external-secrets/pkg/constants" "github.com/external-secrets/external-secrets/pkg/controllers/crds" "github.com/external-secrets/external-secrets/pkg/controllers/webhookconfig" ) @@ -59,6 +64,22 @@ var certcontrollerCmd = &cobra.Command{ logger := zap.New(zap.UseFlagOptions(&opts)) ctrl.SetLogger(logger) + cacheOptions := cache.Options{} + if enablePartialCache { + cacheOptions.ByObject = map[client.Object]cache.ByObject{ + &admissionregistration.ValidatingWebhookConfiguration{}: { + Label: labels.SelectorFromSet(map[string]string{ + constants.WellKnownLabelKey: constants.WellKnownLabelValueWebhook, + }), + }, + &apiextensions.CustomResourceDefinition{}: { + Label: labels.SelectorFromSet(map[string]string{ + constants.WellKnownLabelKey: constants.WellKnownLabelValueController, + }), + }, + } + } + mgr, err := ctrl.NewManager(ctrl.GetConfigOrDie(), ctrl.Options{ Scheme: scheme, Metrics: server.Options{ @@ -70,6 +91,7 @@ var certcontrollerCmd = &cobra.Command{ HealthProbeBindAddress: healthzAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "crd-certs-controller", + Cache: cacheOptions, Client: client.Options{ Cache: &client.CacheOptions{ DisableFor: []client.Object{ @@ -139,6 +161,8 @@ func init() { certcontrollerCmd.Flags().StringVar(&secretName, "secret-name", "external-secrets-webhook", "Secret to store certs for webhook") certcontrollerCmd.Flags().StringVar(&secretNamespace, "secret-namespace", "default", "namespace of the secret to store certs") certcontrollerCmd.Flags().StringSliceVar(&crdNames, "crd-names", []string{"externalsecrets.external-secrets.io", "clustersecretstores.external-secrets.io", "secretstores.external-secrets.io"}, "CRD names reconciled by the controller") + certcontrollerCmd.Flags().BoolVar(&enablePartialCache, "enable-partial-cache", false, + "Enable caching of only the relevant CRDs and Webhook configurations in the Informer to improve memory efficiency") certcontrollerCmd.Flags().BoolVar(&enableLeaderElection, "enable-leader-election", false, "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") diff --git a/cmd/root.go b/cmd/root.go index 5a12549f951..6f77c7bbc9d 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -64,6 +64,7 @@ var ( enableLeaderElection bool enableSecretsCache bool enableConfigMapsCache bool + enablePartialCache bool concurrent int port int clientQPS float32 diff --git a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml index 435fd85aae9..3691932e10b 100644 --- a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 1683d3a99d6..b07fcfec2b7 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: clustersecretstores.external-secrets.io spec: group: external-secrets.io diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index 3bf37e0f7e9..2faadc356b7 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: externalsecrets.external-secrets.io spec: group: external-secrets.io diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index 4f37bfc1dd6..68d47d4c9b8 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: secretstores.external-secrets.io spec: group: external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml index 1db45fdae82..e5aa42fbb1c 100644 --- a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml index 41214dff347..ef5afb1f9c1 100644 --- a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_fakes.yaml b/config/crds/bases/generators.external-secrets.io_fakes.yaml index 891dcc2b89f..fc9ea06b3ce 100644 --- a/config/crds/bases/generators.external-secrets.io_fakes.yaml +++ b/config/crds/bases/generators.external-secrets.io_fakes.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml index 202571d0ea1..50bb4adba60 100644 --- a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml index 6f5b70f1ec6..c2f2ea182e6 100644 --- a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_passwords.yaml b/config/crds/bases/generators.external-secrets.io_passwords.yaml index 13c672c667f..ae8604910f0 100644 --- a/config/crds/bases/generators.external-secrets.io_passwords.yaml +++ b/config/crds/bases/generators.external-secrets.io_passwords.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml index fef6aafc429..acf23bdc957 100644 --- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml +++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_webhooks.yaml b/config/crds/bases/generators.external-secrets.io_webhooks.yaml index b2c4545e7e2..e17a20d398e 100644 --- a/config/crds/bases/generators.external-secrets.io_webhooks.yaml +++ b/config/crds/bases/generators.external-secrets.io_webhooks.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: webhooks.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 81e2ed5325f..fb420cfb880 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -3,6 +3,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io spec: group: external-secrets.io @@ -659,6 +661,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: clustersecretstores.external-secrets.io spec: group: external-secrets.io @@ -4950,6 +4954,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: externalsecrets.external-secrets.io spec: group: external-secrets.io @@ -6141,6 +6147,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: secretstores.external-secrets.io spec: group: external-secrets.io @@ -10432,6 +10440,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -10627,6 +10637,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -10793,6 +10805,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: fakes.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -10868,6 +10882,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -10995,6 +11011,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11096,6 +11114,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: passwords.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11193,6 +11213,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11884,6 +11906,8 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: webhooks.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index 56b50d4a97f..f99254e5b3c 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -97,4 +97,8 @@ const ( StatusError = "error" StatusSuccess = "success" + + WellKnownLabelKey = "external-secrets.io/component" + WellKnownLabelValueController = "controller" + WellKnownLabelValueWebhook = "webhook" ) diff --git a/pkg/controllers/webhookconfig/webhookconfig.go b/pkg/controllers/webhookconfig/webhookconfig.go index f1e42923a68..f81c02f4bce 100644 --- a/pkg/controllers/webhookconfig/webhookconfig.go +++ b/pkg/controllers/webhookconfig/webhookconfig.go @@ -33,6 +33,8 @@ import ( ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" + + "github.com/external-secrets/external-secrets/pkg/constants" ) type Reconciler struct { @@ -75,9 +77,6 @@ func New(k8sClient client.Client, scheme *runtime.Scheme, leaderChan <-chan stru } const ( - wellKnownLabelKey = "external-secrets.io/component" - wellKnownLabelValue = "webhook" - ReasonUpdateFailed = "UpdateFailed" errWebhookNotReady = "webhook not ready" errSubsetsNotReady = "subsets not ready" @@ -98,8 +97,8 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu return ctrl.Result{}, err } - if cfg.Labels[wellKnownLabelKey] != wellKnownLabelValue { - log.Info("ignoring webhook due to missing labels", wellKnownLabelKey, wellKnownLabelValue) + if cfg.Labels[constants.WellKnownLabelKey] != constants.WellKnownLabelValueWebhook { + log.Info("ignoring webhook due to missing labels", constants.WellKnownLabelKey, constants.WellKnownLabelValueWebhook) return ctrl.Result{}, nil } diff --git a/pkg/controllers/webhookconfig/webhookconfig_test.go b/pkg/controllers/webhookconfig/webhookconfig_test.go index c5aaa90127d..888252a68d7 100644 --- a/pkg/controllers/webhookconfig/webhookconfig_test.go +++ b/pkg/controllers/webhookconfig/webhookconfig_test.go @@ -25,6 +25,8 @@ import ( "k8s.io/apimachinery/pkg/types" pointer "k8s.io/utils/ptr" + "github.com/external-secrets/external-secrets/pkg/constants" + . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" ) @@ -126,7 +128,7 @@ var _ = Describe("ValidatingWebhookConfig reconcile", Ordered, func() { } IgnoreNoMatch := func(tc *testCase) { - delete(tc.vwc.ObjectMeta.Labels, wellKnownLabelKey) + delete(tc.vwc.ObjectMeta.Labels, constants.WellKnownLabelKey) tc.assert = func() { Consistently(func() bool { var vwc admissionregistration.ValidatingWebhookConfiguration @@ -232,7 +234,7 @@ func makeValidatingWebhookConfig() *admissionregistration.ValidatingWebhookConfi ObjectMeta: metav1.ObjectMeta{ Name: "name-shouldnt-matter", Labels: map[string]string{ - wellKnownLabelKey: wellKnownLabelValue, + constants.WellKnownLabelKey: constants.WellKnownLabelValueWebhook, }, }, Webhooks: []admissionregistration.ValidatingWebhook{ From f74e08546c9c9bd9cb742e3d1b6c3f2a2a608f39 Mon Sep 17 00:00:00 2001 From: Geoffrey MUSELLI Date: Mon, 17 Jun 2024 08:36:05 +0200 Subject: [PATCH 109/517] Support glob for namespaces condition in ClusterSecretStore (#2920) * feat(ClusterSecretStore): Support glob for conditions.namespaces Signed-off-by: gmuselli * feat(ClusterSecretStore): Fix diff Signed-off-by: gmuselli * feat(ClusterSecretStore): Fix code smell Signed-off-by: gmuselli * feat(ClusterSecretStore): First code review Signed-off-by: gmuselli * feat(ClusterSecretStore): Second code review Signed-off-by: gmuselli * feat(ClusterSecretStore): Generate Signed-off-by: gmuselli * feat(ClusterSecretStore): Fix Sonar method complexity Signed-off-by: gmuselli * addressed comments Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * renamed namedspacesregexes because it sounded funny Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: gmuselli Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .../v1beta1/provider_schema.go | 3 + .../v1beta1/secretstore_types.go | 5 + .../v1beta1/secretstore_validator.go | 20 +++ .../v1beta1/secretstore_validator_test.go | 150 ++++++++++++++++++ .../v1beta1/zz_generated.deepcopy.go | 5 + ...ternal-secrets.io_clustersecretstores.yaml | 5 + .../external-secrets.io_secretstores.yaml | 5 + deploy/crds/bundle.yaml | 10 ++ docs/api/spec.md | 13 ++ docs/snippets/full-cluster-secret-store.yaml | 7 +- pkg/controllers/secretstore/client_manager.go | 13 ++ .../secretstore/client_manager_test.go | 90 +++++++++++ pkg/controllers/secretstore/common_test.go | 2 +- 13 files changed, 326 insertions(+), 2 deletions(-) create mode 100644 apis/externalsecrets/v1beta1/secretstore_validator_test.go diff --git a/apis/externalsecrets/v1beta1/provider_schema.go b/apis/externalsecrets/v1beta1/provider_schema.go index 8c7f37ad692..acbe069af82 100644 --- a/apis/externalsecrets/v1beta1/provider_schema.go +++ b/apis/externalsecrets/v1beta1/provider_schema.go @@ -73,6 +73,9 @@ func GetProvider(s GenericStore) (Provider, error) { } spec := s.GetSpec() if spec == nil { + // Note, this condition can never be reached, because + // the Spec is not a pointer in Kubernetes. It will + // always exist. return nil, fmt.Errorf("no spec found in %#v", s) } storeName, err := getProviderName(spec.Provider) diff --git a/apis/externalsecrets/v1beta1/secretstore_types.go b/apis/externalsecrets/v1beta1/secretstore_types.go index 0ac7458b7ca..31346b430bd 100644 --- a/apis/externalsecrets/v1beta1/secretstore_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_types.go @@ -50,7 +50,12 @@ type ClusterSecretStoreCondition struct { NamespaceSelector *metav1.LabelSelector `json:"namespaceSelector,omitempty"` // Choose namespaces by name + // +optional Namespaces []string `json:"namespaces,omitempty"` + + // Choose namespaces by using regex matching + // +optional + NamespaceRegexes []string `json:"namespaceRegexes,omitempty"` } // SecretStoreProvider contains the provider-specific configuration. diff --git a/apis/externalsecrets/v1beta1/secretstore_validator.go b/apis/externalsecrets/v1beta1/secretstore_validator.go index aa48978a52c..20da62a0a17 100644 --- a/apis/externalsecrets/v1beta1/secretstore_validator.go +++ b/apis/externalsecrets/v1beta1/secretstore_validator.go @@ -16,7 +16,9 @@ package v1beta1 import ( "context" + "errors" "fmt" + "regexp" "k8s.io/apimachinery/pkg/runtime" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -54,9 +56,27 @@ func (r *GenericStoreValidator) ValidateDelete(_ context.Context, _ runtime.Obje } func validateStore(store GenericStore) (admission.Warnings, error) { + if err := validateConditions(store); err != nil { + return nil, err + } + provider, err := GetProvider(store) if err != nil { return nil, err } + return provider.ValidateStore(store) } + +func validateConditions(store GenericStore) error { + var errs error + for ci, condition := range store.GetSpec().Conditions { + for ri, r := range condition.NamespaceRegexes { + if _, err := regexp.Compile(r); err != nil { + errs = errors.Join(errs, fmt.Errorf("failed to compile %dth namespace regex in %dth condition: %w", ri, ci, err)) + } + } + } + + return errs +} diff --git a/apis/externalsecrets/v1beta1/secretstore_validator_test.go b/apis/externalsecrets/v1beta1/secretstore_validator_test.go new file mode 100644 index 00000000000..f146d5aa9df --- /dev/null +++ b/apis/externalsecrets/v1beta1/secretstore_validator_test.go @@ -0,0 +1,150 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" +) + +// ValidationProvider is a simple provider that we can use without cyclic import. +type ValidationProvider struct { + Provider +} + +func (v *ValidationProvider) ValidateStore(_ GenericStore) (admission.Warnings, error) { + return nil, nil +} + +func TestValidateSecretStore(t *testing.T) { + tests := []struct { + name string + obj *SecretStore + mock func() + assertErr func(t *testing.T, err error) + }{ + { + name: "valid regex", + obj: &SecretStore{ + Spec: SecretStoreSpec{ + Conditions: []ClusterSecretStoreCondition{ + { + NamespaceRegexes: []string{`.*`}, + }, + }, + Provider: &SecretStoreProvider{ + AWS: &AWSProvider{}, + }, + }, + }, + mock: func() { + ForceRegister(&ValidationProvider{}, &SecretStoreProvider{ + AWS: &AWSProvider{}, + }) + }, + assertErr: func(t *testing.T, err error) { + require.NoError(t, err) + }, + }, + { + name: "invalid regex", + obj: &SecretStore{ + Spec: SecretStoreSpec{ + Conditions: []ClusterSecretStoreCondition{ + { + NamespaceRegexes: []string{`\1`}, + }, + }, + Provider: &SecretStoreProvider{ + AWS: &AWSProvider{}, + }, + }, + }, + mock: func() { + ForceRegister(&ValidationProvider{}, &SecretStoreProvider{ + AWS: &AWSProvider{}, + }) + }, + assertErr: func(t *testing.T, err error) { + assert.EqualError(t, err, "failed to compile 0th namespace regex in 0th condition: error parsing regexp: invalid escape sequence: `\\1`") + }, + }, + { + name: "multiple errors", + obj: &SecretStore{ + Spec: SecretStoreSpec{ + Conditions: []ClusterSecretStoreCondition{ + { + NamespaceRegexes: []string{`\1`, `\2`}, + }, + }, + Provider: &SecretStoreProvider{ + AWS: &AWSProvider{}, + }, + }, + }, + mock: func() { + ForceRegister(&ValidationProvider{}, &SecretStoreProvider{ + AWS: &AWSProvider{}, + }) + }, + assertErr: func(t *testing.T, err error) { + assert.EqualError(t, err, "failed to compile 0th namespace regex in 0th condition: error parsing regexp: invalid escape sequence: `\\1`\nfailed to compile 1th namespace regex in 0th condition: error parsing regexp: invalid escape sequence: `\\2`") + }, + }, + { + name: "secret store must have only a single backend", + obj: &SecretStore{ + Spec: SecretStoreSpec{ + Provider: &SecretStoreProvider{ + AWS: &AWSProvider{}, + GCPSM: &GCPSMProvider{}, + }, + }, + }, + assertErr: func(t *testing.T, err error) { + assert.EqualError(t, err, "store error for : secret stores must only have exactly one backend specified, found 2") + }, + }, + { + name: "no registered store backend", + obj: &SecretStore{ + Spec: SecretStoreSpec{ + Conditions: []ClusterSecretStoreCondition{ + { + Namespaces: []string{"default"}, + }, + }, + }, + }, + assertErr: func(t *testing.T, err error) { + assert.EqualError(t, err, "store error for : secret stores must only have exactly one backend specified, found 0") + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + if tt.mock != nil { + tt.mock() + } + + _, err := validateStore(tt.obj) + tt.assertErr(t, err) + }) + } +} diff --git a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go index 2bb5ddd6b45..fae7037eae3 100644 --- a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go @@ -682,6 +682,11 @@ func (in *ClusterSecretStoreCondition) DeepCopyInto(out *ClusterSecretStoreCondi *out = make([]string, len(*in)) copy(*out, *in) } + if in.NamespaceRegexes != nil { + in, out := &in.NamespaceRegexes, &out.NamespaceRegexes + *out = make([]string, len(*in)) + copy(*out, *in) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterSecretStoreCondition. diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index b07fcfec2b7..58184ddae0b 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -1646,6 +1646,11 @@ spec: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance. properties: + namespaceRegexes: + description: Choose namespaces by using regex matching + items: + type: string + type: array namespaceSelector: description: Choose namespace using a labelSelector properties: diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index 68d47d4c9b8..74fb9bad0cd 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -1646,6 +1646,11 @@ spec: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance. properties: + namespaceRegexes: + description: Choose namespaces by using regex matching + items: + type: string + type: array namespaceSelector: description: Choose namespace using a labelSelector properties: diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index fb420cfb880..5cf1dd7e98c 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -2203,6 +2203,11 @@ spec: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance. properties: + namespaceRegexes: + description: Choose namespaces by using regex matching + items: + type: string + type: array namespaceSelector: description: Choose namespace using a labelSelector properties: @@ -7689,6 +7694,11 @@ spec: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance. properties: + namespaceRegexes: + description: Choose namespaces by using regex matching + items: + type: string + type: array namespaceSelector: description: Choose namespace using a labelSelector properties: diff --git a/docs/api/spec.md b/docs/api/spec.md index 69fa80ff7db..b4bf821a6e5 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -1861,9 +1861,22 @@ Kubernetes meta/v1.LabelSelector +(Optional)

Choose namespaces by name

+ + +namespaceRegexes
+ +[]string + + + +(Optional) +

Choose namespaces by using regex matching

+ +

ConjurAPIKey diff --git a/docs/snippets/full-cluster-secret-store.yaml b/docs/snippets/full-cluster-secret-store.yaml index 9743212bbd4..bcf82ae4fc0 100644 --- a/docs/snippets/full-cluster-secret-store.yaml +++ b/docs/snippets/full-cluster-secret-store.yaml @@ -142,7 +142,7 @@ spec: # Conditions about namespaces in which the ClusterSecretStore is usable for ExternalSecrets conditions: - # Options are namespaceSelector, or namespaces + # Options are namespaceSelector, namespaces or namespacesRegex - namespaceSelector: matchLabels: my.namespace.io/some-label: "value" # Only namespaces with that label will work @@ -151,6 +151,11 @@ spec: - "namespace-a" - "namespace-b" + # Namespace regex is helpful for namespace naming convention or when an external tool auto generate namespaces with prefix + - namespacesRegex: + - "namespace-a-.*" # All namespaces prefixed by namespace-a- will work + - "namespace-b-.*" # All namespaces prefixed by namespace-b- will work + # conditions needs only one of the conditions to meet for the CSS to be usable in the namespace. status: diff --git a/pkg/controllers/secretstore/client_manager.go b/pkg/controllers/secretstore/client_manager.go index a87cfa7e2dd..8920586bc24 100644 --- a/pkg/controllers/secretstore/client_manager.go +++ b/pkg/controllers/secretstore/client_manager.go @@ -17,6 +17,7 @@ package secretstore import ( "context" "fmt" + "regexp" "strings" "github.com/go-logr/logr" @@ -245,6 +246,18 @@ func (m *Manager) shouldProcessSecret(store esv1beta1.GenericStore, ns string) ( return true, nil } } + + for _, reg := range condition.NamespaceRegexes { + match, err := regexp.MatchString(reg, ns) + if err != nil { + // Should not happen since store validation already verified the regexes. + return false, fmt.Errorf("failed to compile regex %v: %w", reg, err) + } + + if match { + return true, nil + } + } } return false, nil diff --git a/pkg/controllers/secretstore/client_manager_test.go b/pkg/controllers/secretstore/client_manager_test.go index d5a10f3adb2..41b5c0021d7 100644 --- a/pkg/controllers/secretstore/client_manager_test.go +++ b/pkg/controllers/secretstore/client_manager_test.go @@ -310,6 +310,96 @@ func TestManagerGet(t *testing.T) { } } +func TestShouldProcessSecret(t *testing.T) { + scheme := runtime.NewScheme() + _ = clientgoscheme.AddToScheme(scheme) + _ = esv1beta1.AddToScheme(scheme) + _ = apiextensionsv1.AddToScheme(scheme) + + testNamespace := "test-a" + testCases := []struct { + name string + conditions []esv1beta1.ClusterSecretStoreCondition + namespace *corev1.Namespace + wantErr string + want bool + }{ + { + name: "processes a regex condition", + conditions: []esv1beta1.ClusterSecretStoreCondition{ + { + NamespaceRegexes: []string{`test-*`}, + }, + }, + namespace: &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: testNamespace, + }, + }, + want: true, + }, + { + name: "process multiple regexes", + conditions: []esv1beta1.ClusterSecretStoreCondition{ + { + NamespaceRegexes: []string{`nope`, `test-*`}, + }, + }, + namespace: &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: testNamespace, + }, + }, + want: true, + }, + { + name: "shouldn't process if nothing matches", + conditions: []esv1beta1.ClusterSecretStoreCondition{ + { + NamespaceRegexes: []string{`nope`}, + }, + }, + namespace: &corev1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: testNamespace, + }, + }, + want: false, + }, + } + + for _, tt := range testCases { + t.Run(tt.name, func(t *testing.T) { + fakeSpec := esv1beta1.SecretStoreSpec{ + Conditions: tt.conditions, + } + + defaultStore := &esv1beta1.ClusterSecretStore{ + TypeMeta: metav1.TypeMeta{Kind: esv1beta1.ClusterSecretStoreKind}, + ObjectMeta: metav1.ObjectMeta{ + Name: "foo", + Namespace: tt.namespace.Name, + }, + Spec: fakeSpec, + } + + client := fakeclient.NewClientBuilder().WithScheme(scheme).WithObjects(defaultStore, tt.namespace).Build() + clientMap := make(map[clientKey]*clientVal) + mgr := &Manager{ + log: logr.Discard(), + client: client, + enableFloodgate: true, + clientMap: clientMap, + } + + got, err := mgr.shouldProcessSecret(defaultStore, tt.namespace.Name) + require.NoError(t, err) + + assert.Equal(t, tt.want, got) + }) + } +} + type WrapProvider struct { newClientFunc func( context.Context, diff --git a/pkg/controllers/secretstore/common_test.go b/pkg/controllers/secretstore/common_test.go index fb2a1718866..28bc7990992 100644 --- a/pkg/controllers/secretstore/common_test.go +++ b/pkg/controllers/secretstore/common_test.go @@ -44,7 +44,7 @@ var _ = Describe("SecretStore reconcile", func() { Expect(k8sClient.Delete(context.Background(), test.store)).ToNot(HaveOccurred()) }) - // a invalid provider config should be reflected + // an invalid provider config should be reflected // in the store status condition invalidProvider := func(tc *testCase) { tc.assert = func() { From e13e09413e086bb44be91b54473ac629b8f1eb2a Mon Sep 17 00:00:00 2001 From: Idan Adar Date: Mon, 17 Jun 2024 12:12:03 +0300 Subject: [PATCH 110/517] Fix typo privatKey in multiple files (#3578) * Update generators.external-secrets.io_githubaccesstokens.yaml Fixes https://github.com/external-secrets/external-secrets/issues/3556 Signed-off-by: Idan Adar * Update generator_github.go Signed-off-by: Idan Adar * Update github.go Signed-off-by: Idan Adar * Update generator-github.yaml Signed-off-by: Idan Adar * Update github_test.go Signed-off-by: Idan Adar * fix: rename property Signed-off-by: Moritz Johner --------- Signed-off-by: Idan Adar Signed-off-by: Moritz Johner Co-authored-by: Moritz Johner --- apis/generators/v1alpha1/generator_github.go | 2 +- apis/generators/v1alpha1/zz_generated.deepcopy.go | 2 +- ...generators.external-secrets.io_githubaccesstokens.yaml | 4 ++-- deploy/crds/bundle.yaml | 4 ++-- docs/snippets/generator-github.yaml | 2 +- pkg/generator/github/github.go | 4 ++-- pkg/generator/github/github_test.go | 8 ++++---- 7 files changed, 13 insertions(+), 13 deletions(-) diff --git a/apis/generators/v1alpha1/generator_github.go b/apis/generators/v1alpha1/generator_github.go index 14815f763fb..7737797e8fc 100644 --- a/apis/generators/v1alpha1/generator_github.go +++ b/apis/generators/v1alpha1/generator_github.go @@ -30,7 +30,7 @@ type GithubAccessTokenSpec struct { } type GithubAuth struct { - PrivatKey GithubSecretRef `json:"privatKey"` + PrivateKey GithubSecretRef `json:"privateKey"` } type GithubSecretRef struct { diff --git a/apis/generators/v1alpha1/zz_generated.deepcopy.go b/apis/generators/v1alpha1/zz_generated.deepcopy.go index b71166d4baf..02e592913cc 100644 --- a/apis/generators/v1alpha1/zz_generated.deepcopy.go +++ b/apis/generators/v1alpha1/zz_generated.deepcopy.go @@ -643,7 +643,7 @@ func (in *GithubAccessTokenSpec) DeepCopy() *GithubAccessTokenSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GithubAuth) DeepCopyInto(out *GithubAuth) { *out = *in - in.PrivatKey.DeepCopyInto(&out.PrivatKey) + in.PrivateKey.DeepCopyInto(&out.PrivateKey) } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GithubAuth. diff --git a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml index c2f2ea182e6..c9d6eeb5e77 100644 --- a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml @@ -48,7 +48,7 @@ spec: auth: description: Auth configures how ESO authenticates with a Github instance. properties: - privatKey: + privateKey: properties: secretRef: description: |- @@ -74,7 +74,7 @@ spec: - secretRef type: object required: - - privatKey + - privateKey type: object installID: type: string diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 5cf1dd7e98c..29489d08930 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -11066,7 +11066,7 @@ spec: auth: description: Auth configures how ESO authenticates with a Github instance. properties: - privatKey: + privateKey: properties: secretRef: description: |- @@ -11091,7 +11091,7 @@ spec: - secretRef type: object required: - - privatKey + - privateKey type: object installID: type: string diff --git a/docs/snippets/generator-github.yaml b/docs/snippets/generator-github.yaml index 4a1f00c00fd..9b77852a115 100644 --- a/docs/snippets/generator-github.yaml +++ b/docs/snippets/generator-github.yaml @@ -14,7 +14,7 @@ spec: installID: "00000000" # (5) url: "" # (Default https://api.github.com.) auth: - privatKey: + privateKey: secretRef: name: github-app-pem # (2) key: key diff --git a/pkg/generator/github/github.go b/pkg/generator/github/github.go index 4859776fb4d..08af9de33db 100644 --- a/pkg/generator/github/github.go +++ b/pkg/generator/github/github.go @@ -127,11 +127,11 @@ func newGHClient(ctx context.Context, k client.Client, n string, hc *http.Client gh.URL = res.Spec.URL + ghPath } secret := &corev1.Secret{} - if err := gh.Kube.Get(ctx, client.ObjectKey{Name: res.Spec.Auth.PrivatKey.SecretRef.Name, Namespace: n}, secret); err != nil { + if err := gh.Kube.Get(ctx, client.ObjectKey{Name: res.Spec.Auth.PrivateKey.SecretRef.Name, Namespace: n}, secret); err != nil { return nil, fmt.Errorf("error getting GH pem from secret:%w", err) } - pk, err := jwt.ParseRSAPrivateKeyFromPEM(secret.Data[res.Spec.Auth.PrivatKey.SecretRef.Key]) + pk, err := jwt.ParseRSAPrivateKeyFromPEM(secret.Data[res.Spec.Auth.PrivateKey.SecretRef.Key]) if err != nil { return nil, fmt.Errorf("error parsing RSA private key: %w", err) } diff --git a/pkg/generator/github/github_test.go b/pkg/generator/github/github_test.go index 665c2b8629d..4395ad1bc35 100644 --- a/pkg/generator/github/github_test.go +++ b/pkg/generator/github/github_test.go @@ -54,7 +54,7 @@ func TestGenerate(t *testing.T) { namespace string } pem, err := os.ReadFile(tstCrtName) - assert.NoError(t, err, "Should not error when reading privatKey") + assert.NoError(t, err, "Should not error when reading privateKey") validResponce := []byte(`{ "token": "ghs_16C7e42F292c6912E7710c838347Ae178B4a", @@ -93,7 +93,7 @@ func TestGenerate(t *testing.T) { Namespace: "foo", }, Data: map[string][]byte{ - "privatKey": pem, + "privateKey": pem, }, }).Build(), jsonSpec: &apiextensions.JSON{ @@ -104,11 +104,11 @@ spec: installID: "00000000" URL: %q auth: - privatKey: + privateKey: secretRef: name: "testName" namespace: "foo" - key: "privatKey"`, server.URL)), + key: "privateKey"`, server.URL)), }, }, want: map[string][]byte{ From 543a37c110e922e5468555c90cfcde5759fbceaa Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 17:52:48 +0200 Subject: [PATCH 111/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3595) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.26 to 9.5.27. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.26...9.5.27) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index bf373e2bf0b..4fa3fe58bf8 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.0 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.26 +mkdocs-material==9.5.27 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 From c1b0b78959bce709cc0386d18cfa5f8c516dbab4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 17:52:55 +0200 Subject: [PATCH 112/517] chore(deps): bump github/codeql-action from 3.25.8 to 3.25.10 (#3591) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.8 to 3.25.10. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2e230e8fe0ad3a14a340ad0815ddb96d599d2aff...23acc5c183826b7a8a97bce3cecc52db901f8251) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index de82c69f424..27b4f1d94db 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 + uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 with: sarif_file: results.sarif From 564882e85299ea776080ce1e9ef7214114d92bbf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 17:53:03 +0200 Subject: [PATCH 113/517] chore(deps): bump codecov/codecov-action from 4.4.1 to 4.5.0 (#3592) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.4.1 to 4.5.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/125fc84a9a348dbcf27191600683ec096ec9021c...e28ff129e5465c2c0dcc6f003fc735cb6ae0c673) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 513481127c0..b925c1f9fc6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -126,7 +126,7 @@ jobs: make test - name: Publish Unit Test Coverage - uses: codecov/codecov-action@125fc84a9a348dbcf27191600683ec096ec9021c # v4.4.1 + uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: From 73229ac46075eae44abe2f7d54966d7dbbb28318 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 17:53:09 +0200 Subject: [PATCH 114/517] chore(deps): bump actions/checkout from 4.1.6 to 4.1.7 (#3590) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/a5ac7e51b41094c92402da3b24376905380afc29...692973e3d937129bcbf40652eb9f2f61becf3332) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- .github/workflows/dlc.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/e2e-managed.yml | 2 +- .github/workflows/e2e.yml | 4 ++-- .github/workflows/helm.yml | 4 ++-- .github/workflows/publish.yml | 4 ++-- .github/workflows/rebuild-image.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- .github/workflows/update-deps.yml | 4 ++-- 11 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b925c1f9fc6..9a2dcb5cad4 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Go uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 @@ -100,7 +100,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Fetch History run: git fetch --prune --unshallow diff --git a/.github/workflows/dlc.yml b/.github/workflows/dlc.yml index cfcd096b012..4867f1e7fc1 100644 --- a/.github/workflows/dlc.yml +++ b/.github/workflows/dlc.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout Code" - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: "Run FOSSA Scan" uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # main diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 43c788af3b7..37126bbb8c7 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -15,7 +15,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/e2e-managed.yml b/.github/workflows/e2e-managed.yml index dad55f21335..35356234008 100644 --- a/.github/workflows/e2e-managed.yml +++ b/.github/workflows/e2e-managed.yml @@ -64,7 +64,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test-managed checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: 'refs/pull/${{ env.GITHUB_PR_NUMBER }}/merge' diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index e300816fb2a..9accb21c98b 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -58,7 +58,7 @@ jobs: steps: - name: Branch based PR checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Fetch History run: git fetch --prune --unshallow @@ -77,7 +77,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge' diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index fc4b462f5fa..469e8c30590 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a9234d5b68e..79eeba3efae 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -50,7 +50,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: ref: ${{ inputs.ref }} @@ -140,7 +140,7 @@ jobs: needs: build-publish steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Sign image if: env.IS_FORK == 'false' uses: ./.github/actions/sign diff --git a/.github/workflows/rebuild-image.yml b/.github/workflows/rebuild-image.yml index 3d4e55d57a1..746a3b4180a 100644 --- a/.github/workflows/rebuild-image.yml +++ b/.github/workflows/rebuild-image.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0183a7663fa..7febb711253 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ github.event.inputs.source_ref }} @@ -71,7 +71,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 27b4f1d94db..9ef77bc9d76 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -20,7 +20,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: persist-credentials: false diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index d1653c3c292..2a2a7ab076a 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} @@ -52,7 +52,7 @@ jobs: with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.PRIVATE_KEY }} - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: token: ${{ steps.generate_token.outputs.token }} ref: ${{ matrix.branch }} From e459722f8932a02f910585573e1785256d757a7b Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 18:30:10 +0200 Subject: [PATCH 115/517] update dependencies (#3596) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator --- e2e/go.mod | 28 +++++++------- e2e/go.sum | 44 ++++++++++----------- go.mod | 48 ++++++++++++----------- go.sum | 109 ++++++++++++++++++++++++++++++++--------------------- 4 files changed, 128 insertions(+), 101 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 04a157cf98b..fbece5e48ed 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -47,7 +47,7 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.53.19 + github.com/aws/aws-sdk-go v1.54.2 github.com/cyberark/conjur-api-go v0.12.0 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 @@ -57,14 +57,14 @@ require ( github.com/hashicorp/vault/api v1.14.0 github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.67.0 - github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27 + github.com/oracle/oci-go-sdk/v65 v65.67.1 + github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 github.com/xanzy/go-gitlab v0.105.0 golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.183.0 - k8s.io/api v0.30.1 - k8s.io/apiextensions-apiserver v0.30.1 - k8s.io/apimachinery v0.30.1 + google.golang.org/api v0.184.0 + k8s.io/api v0.30.2 + k8s.io/apiextensions-apiserver v0.30.2 + k8s.io/apimachinery v0.30.2 k8s.io/client-go v1.5.2 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 sigs.k8s.io/controller-runtime v0.18.4 @@ -79,7 +79,7 @@ require ( cloud.google.com/go/iam v1.1.8 // indirect dario.cat/mergo v1.0.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/adal v0.9.24 // indirect @@ -189,7 +189,7 @@ require ( go.opentelemetry.io/otel/metric v1.27.0 // indirect go.opentelemetry.io/otel/trace v1.27.0 // indirect golang.org/x/crypto v0.24.0 // indirect - golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 // indirect + golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect golang.org/x/net v0.26.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.21.0 // indirect @@ -198,17 +198,17 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.22.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect + google.golang.org/genproto v0.0.0-20240610135401-a8a62080eff3 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240610135401-a8a62080eff3 // indirect google.golang.org/grpc v1.64.0 // indirect - google.golang.org/protobuf v1.34.1 // indirect + google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect - k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/klog/v2 v2.130.0 // indirect k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 2f3bddb351d..f246c3d7488 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -58,8 +58,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqT github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= @@ -113,8 +113,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.53.19 h1:WEuWc918RXlIaPCyU11F7hH9H1ItK+8m2c/uoQNRUok= -github.com/aws/aws-sdk-go v1.53.19/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.54.2 h1:Wo6AVWcleNHrYa48YzfYz60hzxGRqsJrK5s/qePe+3I= +github.com/aws/aws-sdk-go v1.54.2/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -409,8 +409,8 @@ github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.67.0 h1:bKcbNQyWUDiDgyE4crer3hZmiwpZ3rQnMi03jdKta/w= -github.com/oracle/oci-go-sdk/v65 v65.67.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.67.1 h1:gNmvMT61SgLMmKfWOkzLdXN1NwYRFUWIxEXgJogQFGc= +github.com/oracle/oci-go-sdk/v65 v65.67.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -432,8 +432,8 @@ github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27 h1:yGAraK1uUjlhSXgNMIy8o/J4LFNcy7yeipBqt9N9mVg= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 h1:2vT+ryIQGfF21HN/W5yn/CBPpsTJULuuepWfUq/geV4= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= @@ -544,8 +544,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY= +golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -808,8 +808,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.183.0 h1:PNMeRDwo1pJdgNcFQ9GstuLe/noWKIc89pRWRLMvLwE= -google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ= +google.golang.org/api v0.184.0 h1:dmEdk6ZkJNXy1JcDhn/ou0ZUq7n9zropG2/tR4z+RDg= +google.golang.org/api v0.184.0/go.mod h1:CeDTtUEiYENAf8PPG5VZW2yNp2VM3VWbCeTioAZBTBA= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -857,12 +857,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 h1:HCZ6DlkKtCDAtD8ForECsY3tKuaR+p4R3grlK80uCCc= -google.golang.org/genproto v0.0.0-20240604185151-ef581f913117/go.mod h1:lesfX/+9iA+3OdqeCpoDddJaNxVB1AB6tD7EfqMmprc= -google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU= -google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto v0.0.0-20240610135401-a8a62080eff3 h1:8RTI1cmuvdY9J7q/jpJWEj5UfgWjhV5MCoXaYmwLBYQ= +google.golang.org/genproto v0.0.0-20240610135401-a8a62080eff3/go.mod h1:qb66gsewNb7Ghv1enkhJiRfYGWUklv3n6G8UvprOhzA= +google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 h1:QW9+G6Fir4VcRXVH8x3LilNAb6cxBGLa6+GM4hRwexE= +google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3/go.mod h1:kdrSS/OiLkPrNUpzD4aHgCq2rVuC/YRxok32HXZ4vRE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240610135401-a8a62080eff3 h1:9Xyg6I9IWQZhRVfCWjKK+l6kI0jHcPesVlMnT//aHNo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240610135401-a8a62080eff3/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -897,8 +897,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -935,8 +935,8 @@ k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= -k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= -k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/klog/v2 v2.130.0 h1:5nB3+3HpqKqXJIXNtJdtxcDCfaa9KL8StJgMzGJkUkM= +k8s.io/klog/v2 v2.130.0/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA= k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= diff --git a/go.mod b/go.mod index 18fe5bcadff..4bbb3d3740f 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.53.19 + github.com/aws/aws-sdk-go v1.54.2 github.com/go-logr/logr v1.4.2 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 @@ -32,10 +32,10 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.67.0 + github.com/oracle/oci-go-sdk/v65 v65.67.1 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 - github.com/spf13/cobra v1.8.0 + github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.1 github.com/xanzy/go-gitlab v0.105.0 @@ -45,15 +45,15 @@ require ( go.uber.org/zap v1.27.0 golang.org/x/crypto v0.24.0 golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.183.0 - google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 + google.golang.org/api v0.184.0 + google.golang.org/genproto v0.0.0-20240610135401-a8a62080eff3 google.golang.org/grpc v1.64.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 - k8s.io/api v0.30.1 - k8s.io/apiextensions-apiserver v0.30.1 - k8s.io/apimachinery v0.30.1 - k8s.io/client-go v0.30.1 + k8s.io/api v0.30.2 + k8s.io/apiextensions-apiserver v0.30.2 + k8s.io/apimachinery v0.30.2 + k8s.io/client-go v0.30.2 k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 sigs.k8s.io/controller-runtime v0.18.4 sigs.k8s.io/controller-tools v0.15.0 @@ -63,12 +63,12 @@ require github.com/1Password/connect-sdk-go v1.5.3 require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7 - github.com/alibabacloud-go/kms-20160120/v3 v3.2.0 + github.com/alibabacloud-go/kms-20160120/v3 v3.2.1 github.com/alibabacloud-go/openapi-util v0.1.0 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.5 @@ -86,7 +86,7 @@ require ( github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 github.com/passbolt/go-passbolt v0.7.0 github.com/pulumi/esc v0.9.1 - github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27 + github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 github.com/sethvargo/go-password v0.3.0 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 @@ -106,7 +106,13 @@ require ( github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/alessio/shellescape v1.4.2 // indirect + github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 // indirect github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect + github.com/alibabacloud-go/darabonba-array v0.1.0 // indirect + github.com/alibabacloud-go/darabonba-encode-util v0.0.2 // indirect + github.com/alibabacloud-go/darabonba-map v0.0.2 // indirect + github.com/alibabacloud-go/darabonba-signature-util v0.0.7 // indirect + github.com/alibabacloud-go/darabonba-string v1.0.2 // indirect github.com/alibabacloud-go/debug v1.0.0 // indirect github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect github.com/alibabacloud-go/tea-utils v1.4.5 // indirect @@ -125,7 +131,7 @@ require ( github.com/charmbracelet/x/windows v0.1.2 // indirect github.com/cheggaaa/pb v1.0.29 // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect - github.com/cloudflare/circl v1.3.8 // indirect + github.com/cloudflare/circl v1.3.9 // indirect github.com/cyphar/filepath-securejoin v0.2.5 // indirect github.com/danieljoos/wincred v1.2.1 // indirect github.com/djherbis/times v1.6.0 // indirect @@ -138,7 +144,7 @@ require ( github.com/go-git/go-git/v5 v5.12.0 // indirect github.com/go-jose/go-jose/v4 v4.0.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-playground/validator/v10 v10.21.0 // indirect + github.com/go-playground/validator/v10 v10.22.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.8.1 // indirect @@ -163,7 +169,7 @@ require ( github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.119.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.120.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect @@ -185,8 +191,8 @@ require ( go.opentelemetry.io/otel/metric v1.27.0 // indirect go.opentelemetry.io/otel/trace v1.27.0 // indirect golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240610135401-a8a62080eff3 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect lukechampine.com/frand v1.4.2 // indirect @@ -282,11 +288,11 @@ require ( github.com/tidwall/pretty v1.2.1 // indirect github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect github.com/uber/jaeger-lib v2.4.1+incompatible // indirect - go.mongodb.org/mongo-driver v1.15.0 // indirect + go.mongodb.org/mongo-driver v1.15.1 // indirect go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 + golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 golang.org/x/mod v0.18.0 // indirect golang.org/x/net v0.26.0 // indirect golang.org/x/sys v0.21.0 // indirect @@ -295,12 +301,12 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.22.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/protobuf v1.34.1 // indirect + google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 // indirect k8s.io/klog v1.0.0 // indirect - k8s.io/klog/v2 v2.120.1 // indirect + k8s.io/klog/v2 v2.130.0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect ) diff --git a/go.sum b/go.sum index baf81ebc7ff..e206781c014 100644 --- a/go.sum +++ b/go.sum @@ -60,8 +60,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqT github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2 h1:FDif4R1+UUR+00q6wquyX90K7A8dN+R5E8GEadoP7sU= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.5.2/go.mod h1:aiYBYui4BJ/BJCAIKs92XiPyQfTaBWqvHujDwKb6CBU= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= @@ -141,25 +141,38 @@ github.com/akeylesslabs/akeyless-go/v3 v3.6.3 h1:fMF8SMDiBL9CufVjLUyF1Z+Z04t5CC3 github.com/akeylesslabs/akeyless-go/v3 v3.6.3/go.mod h1:xcSXQWFRzKupIPCFRd9/mFYW0lHnDnWVvMD/pQ0x7sU= github.com/alessio/shellescape v1.4.2 h1:MHPfaU+ddJ0/bYWpgIeUnQUqKrlJ1S7BfEYPM4uEoM0= github.com/alessio/shellescape v1.4.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= +github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 h1:eIf+iGJxdU4U9ypaUfbtOWCsZSbTb8AUHvyPrxu6mAA= +github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6/go.mod h1:4EUIoxs/do24zMOGGqYVWgw0s9NtiylnJglOeEB5UJo= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 h1:iC9YFYKDGEy3n/FtqJnOkZsene9olVspKmkX5A2YBEo= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= -github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.6/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= +github.com/alibabacloud-go/darabonba-array v0.1.0 h1:vR8s7b1fWAQIjEjWnuF0JiKsCvclSRTfDzZHTYqfufY= +github.com/alibabacloud-go/darabonba-array v0.1.0/go.mod h1:BLKxr0brnggqOJPqT09DFJ8g3fsDshapUD3C3aOEFaI= +github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC2NG0Ax+GpOM5gtupki31XE= +github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F4PKuMgEUETNZasrDM6vqVr/Can7H8= +github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc= +github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7 h1:20vl9plHhHuy9A72oAZSAB4ooov+yY9xfu+cCNcrLh8= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= +github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg= +github.com/alibabacloud-go/darabonba-signature-util v0.0.7/go.mod h1:oUzCYV2fcCH797xKdL6BDH8ADIHlzrtKVjeRtunBNTQ= +github.com/alibabacloud-go/darabonba-string v1.0.2 h1:E714wms5ibdzCqGeYJ9JCFywE5nDyvIXIIQbZVFkkqo= +github.com/alibabacloud-go/darabonba-string v1.0.2/go.mod h1:93cTfV3vuPhhEwGGpKKqhVW4jLe7tDpo3LUM0i0g6mA= github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68/go.mod h1:6pb/Qy8c+lqua8cFpEy7g39NRRqOWc3rOwAy8m5Y2BY= github.com/alibabacloud-go/debug v1.0.0 h1:3eIEQWfay1fB24PQIEzXAswlVJtdQok8f3EVN5VrBnA= github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc= github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9GQdZO3mcSUTUy8= github.com/alibabacloud-go/endpoint-util v1.1.1/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= -github.com/alibabacloud-go/kms-20160120/v3 v3.2.0 h1:BJ/eoHB9baVwdpe+nrhKd+bSOPpu4k4IcwAP23QCeng= -github.com/alibabacloud-go/kms-20160120/v3 v3.2.0/go.mod h1:WBWpcZZGFhtfoMVHwznMWIB7KDQBezp+CwuHEzdlS0M= +github.com/alibabacloud-go/kms-20160120/v3 v3.2.1 h1:CZFbODre2r8ECRKqvS1L1DYRemj8F4eZg9KzB7dVJT4= +github.com/alibabacloud-go/kms-20160120/v3 v3.2.1/go.mod h1:x/5xgaahHH2Z72RFj4b+pIa+zKcq9N5lGxh1+Y1jmvE= github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY= github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= github.com/alibabacloud-go/tea v1.1.0/go.mod h1:IkGyUSX4Ba1V+k4pCtJUc6jDpZLFph9QMy2VUPTwukg= github.com/alibabacloud-go/tea v1.1.7/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= github.com/alibabacloud-go/tea v1.1.8/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= +github.com/alibabacloud-go/tea v1.1.11/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= github.com/alibabacloud-go/tea v1.1.17/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A= +github.com/alibabacloud-go/tea v1.1.20/go.mod h1:nXxjm6CIFkBhwW4FQkNrolwbfon8Svy6cujmKFUq98A= github.com/alibabacloud-go/tea v1.2.1/go.mod h1:qbzof29bM/IFhLMtJPrgTGK3eauV5J2wSyEUo4OEmnA= github.com/alibabacloud-go/tea v1.2.2 h1:aTsR6Rl3ANWPfqeQugPglfurloyBJY85eFy7Gc1+8oU= github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZLAQdpmpXMgwk= @@ -189,8 +202,8 @@ github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinR github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.53.19 h1:WEuWc918RXlIaPCyU11F7hH9H1ItK+8m2c/uoQNRUok= -github.com/aws/aws-sdk-go v1.53.19/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.54.2 h1:Wo6AVWcleNHrYa48YzfYz60hzxGRqsJrK5s/qePe+3I= +github.com/aws/aws-sdk-go v1.54.2/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -232,14 +245,14 @@ github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyM github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -github.com/cloudflare/circl v1.3.8 h1:j+V8jJt09PoeMFIu2uh5JUyEaIHTXVOHslFoLNAKqwI= -github.com/cloudflare/circl v1.3.8/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= +github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE= +github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cpuguy83/go-md2man/v2 v2.0.3/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= +github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= github.com/ctdk/goiardi v0.11.10/go.mod h1:Pr6Cj6Wsahw45myttaOEZeZ0LE7p1qzWmzgsBISkrNI= @@ -341,8 +354,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.21.0 h1:4fZA11ovvtkdgaeev9RGWPgc1uj3H8W+rNYyH/ySBb0= -github.com/go-playground/validator/v10 v10.21.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= +github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao= +github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= @@ -635,8 +648,8 @@ github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS6 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.67.0 h1:bKcbNQyWUDiDgyE4crer3hZmiwpZ3rQnMi03jdKta/w= -github.com/oracle/oci-go-sdk/v65 v65.67.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.67.1 h1:gNmvMT61SgLMmKfWOkzLdXN1NwYRFUWIxEXgJogQFGc= +github.com/oracle/oci-go-sdk/v65 v65.67.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= @@ -664,8 +677,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs= github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c= -github.com/pulumi/pulumi/sdk/v3 v3.119.0 h1:CPP0ZxAM1WT0O5/IJF0x13ZyvFMoWJi21gqNxBrLusk= -github.com/pulumi/pulumi/sdk/v3 v3.119.0/go.mod h1:/mQJPO+HehhoSJ9O3C6eUKAGeAr+4KSrbDhLsXHKldc= +github.com/pulumi/pulumi/sdk/v3 v3.120.0 h1:KYtMkCmcSg4U+w41/Q0l3llKEodbfdyq6J0VMoEoVmY= +github.com/pulumi/pulumi/sdk/v3 v3.120.0/go.mod h1:/mQJPO+HehhoSJ9O3C6eUKAGeAr+4KSrbDhLsXHKldc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -685,8 +698,8 @@ github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDj github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27 h1:yGAraK1uUjlhSXgNMIy8o/J4LFNcy7yeipBqt9N9mVg= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.27/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 h1:2vT+ryIQGfF21HN/W5yn/CBPpsTJULuuepWfUq/geV4= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8= github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM= github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= @@ -715,8 +728,8 @@ github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasO github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= -github.com/spf13/cobra v1.8.0 h1:7aJaZx1B85qltLMc546zn58BxxfZdR/W22ej9CFoEf0= -github.com/spf13/cobra v1.8.0/go.mod h1:WXLWApfZ71AjXPya3WOlMsY9yMs7YeiHhFVlvLyhcho= +github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= +github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -782,8 +795,8 @@ github.com/zalando/go-keyring v0.2.5 h1:Bc2HHpjALryKD62ppdEzaFG6VxL6Bc+5v0LYpN8L github.com/zalando/go-keyring v0.2.5/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= -go.mongodb.org/mongo-driver v1.15.0 h1:rJCKC8eEliewXjZGf0ddURtl7tTVy1TK3bfl0gkUSLc= -go.mongodb.org/mongo-driver v1.15.0/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= +go.mongodb.org/mongo-driver v1.15.1 h1:l+RvoUOoMXFmADTLfYDm7On9dRm7p4T80/lEQM+r7HU= +go.mongodb.org/mongo-driver v1.15.1/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -835,6 +848,8 @@ golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= +golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= +golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= @@ -847,8 +862,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= -golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY= +golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -925,6 +940,8 @@ golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= +golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= +golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -1024,6 +1041,8 @@ golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= @@ -1037,6 +1056,8 @@ golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= +golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1146,8 +1167,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.183.0 h1:PNMeRDwo1pJdgNcFQ9GstuLe/noWKIc89pRWRLMvLwE= -google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ= +google.golang.org/api v0.184.0 h1:dmEdk6ZkJNXy1JcDhn/ou0ZUq7n9zropG2/tR4z+RDg= +google.golang.org/api v0.184.0/go.mod h1:CeDTtUEiYENAf8PPG5VZW2yNp2VM3VWbCeTioAZBTBA= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1197,12 +1218,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 h1:HCZ6DlkKtCDAtD8ForECsY3tKuaR+p4R3grlK80uCCc= -google.golang.org/genproto v0.0.0-20240604185151-ef581f913117/go.mod h1:lesfX/+9iA+3OdqeCpoDddJaNxVB1AB6tD7EfqMmprc= -google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU= -google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto v0.0.0-20240610135401-a8a62080eff3 h1:8RTI1cmuvdY9J7q/jpJWEj5UfgWjhV5MCoXaYmwLBYQ= +google.golang.org/genproto v0.0.0-20240610135401-a8a62080eff3/go.mod h1:qb66gsewNb7Ghv1enkhJiRfYGWUklv3n6G8UvprOhzA= +google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 h1:QW9+G6Fir4VcRXVH8x3LilNAb6cxBGLa6+GM4hRwexE= +google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3/go.mod h1:kdrSS/OiLkPrNUpzD4aHgCq2rVuC/YRxok32HXZ4vRE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240610135401-a8a62080eff3 h1:9Xyg6I9IWQZhRVfCWjKK+l6kI0jHcPesVlMnT//aHNo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240610135401-a8a62080eff3/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1241,8 +1262,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= -google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1277,14 +1298,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= -k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= -k8s.io/apiextensions-apiserver v0.30.1 h1:4fAJZ9985BmpJG6PkoxVRpXv9vmPUOVzl614xarePws= -k8s.io/apiextensions-apiserver v0.30.1/go.mod h1:R4GuSrlhgq43oRY9sF2IToFh7PVlF1JjfWdoG3pixk4= -k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= -k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= -k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= +k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= +k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE= +k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw= +k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= +k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= +k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 h1:wBIDZID8ju9pwOiLlV22YYKjFGtiNSWgHf5CnKLRUuM= k8s.io/gengo v0.0.0-20240404160639-a0386bf69313/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= @@ -1292,8 +1313,8 @@ k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= -k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/klog/v2 v2.130.0 h1:5nB3+3HpqKqXJIXNtJdtxcDCfaa9KL8StJgMzGJkUkM= +k8s.io/klog/v2 v2.130.0/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA= k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= From 95b354bc97cfa970229f9473fe5a9d05e576d9bd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 22:49:13 +0200 Subject: [PATCH 116/517] chore(deps): bump golang from `aec4784` to `9678844` in /e2e (#3593) Bumps golang from `aec4784` to `9678844`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index e31f0f1dc2a..a3dc5262afb 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.4-bookworm@sha256:aec47843e52fee4436bdd3ce931417fa980e9055658b5142140925eea3044bea as builder +FROM golang:1.22.4-bookworm@sha256:96788441ff71144c93fc67577f2ea99fd4474f8e45c084e9445fe3454387de5b as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From cc00e7a7ffbff97765722092c676ab10a3a93bf8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 17 Jun 2024 22:49:38 +0200 Subject: [PATCH 117/517] chore(deps): bump golang from `9bdd569` to `6522f0c` (#3594) Bumps golang from `9bdd569` to `6522f0c`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.standalone | 2 +- tilt.debug.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 833f80097bc..cb5e0b9cf52 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.22.4-alpine@sha256:9bdd5692d39acc3f8d0ea6f81327f87ac6b473dd29a2b6006df362bff48dd1f8 AS builder +FROM golang:1.22.4-alpine@sha256:6522f0ca555a7b14c46a2c9f50b86604a234cdc72452bf6a268cae6461d9000b AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index e75bf19b3ad..3f4da4d2cf4 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.4@sha256:969349b8121a56d51c74f4c273ab974c15b3a8ae246a5cffc1df7d28b66cf978 +FROM golang:1.22.4@sha256:c2010b9c2342431a24a2e64e33d9eb2e484af49e72c820e200d332d214d5e61f WORKDIR / COPY ./bin/external-secrets /external-secrets From 8ef07f515df81a493206839359c53b9b3cb71c1b Mon Sep 17 00:00:00 2001 From: Tsubasa Nagasawa Date: Tue, 18 Jun 2024 07:50:45 +0900 Subject: [PATCH 118/517] feat(chart): Enable partial cache for certcontroller when installCRDs=true (#3589) * chore(chart): Remove unnecessary line breaks to format the list of args Signed-off-by: Tsubasa Nagasawa * feat(chart): Enable partial cache for certcontroller when installCRDs=true If CRDs are managed by a Helm chart, the addition of the label to the CRDs required for the partial cache feature is reflected in the update. Therefore, if installCRDs=true, the partial cache feature is automatically enabled. Signed-off-by: Tsubasa Nagasawa * fix: run ct using main images Signed-off-by: Moritz Johner * fix: set helm test values Signed-off-by: Moritz Johner * chore: bump CRDs in helm tests Signed-off-by: Moritz Johner --------- Signed-off-by: Tsubasa Nagasawa Signed-off-by: Moritz Johner Co-authored-by: Moritz Johner --- .../external-secrets/ci/main-values.yaml | 8 ++ .../templates/cert-controller-deployment.yaml | 7 +- .../cert_controller_test.yaml.snap | 1 + .../tests/__snapshot__/crds_test.yaml.snap | 114 ++++++++++++++++++ 4 files changed, 128 insertions(+), 2 deletions(-) diff --git a/deploy/charts/external-secrets/ci/main-values.yaml b/deploy/charts/external-secrets/ci/main-values.yaml index 75eb234e392..61b16e836af 100644 --- a/deploy/charts/external-secrets/ci/main-values.yaml +++ b/deploy/charts/external-secrets/ci/main-values.yaml @@ -1,2 +1,10 @@ image: tag: main + +webhook: + image: + tag: main + +certController: + image: + tag: main diff --git a/deploy/charts/external-secrets/templates/cert-controller-deployment.yaml b/deploy/charts/external-secrets/templates/cert-controller-deployment.yaml index cf045a03a10..a843f045a0b 100644 --- a/deploy/charts/external-secrets/templates/cert-controller-deployment.yaml +++ b/deploy/charts/external-secrets/templates/cert-controller-deployment.yaml @@ -62,10 +62,13 @@ spec: - --healthz-addr={{ .Values.certController.readinessProbe.address }}:{{ .Values.certController.readinessProbe.port }} - --loglevel={{ .Values.certController.log.level }} - --zap-time-encoding={{ .Values.certController.log.timeEncoding }} - {{ if not .Values.crds.createClusterSecretStore -}} + {{- if not .Values.crds.createClusterSecretStore }} - --crd-names=externalsecrets.external-secrets.io - --crd-names=secretstores.external-secrets.io - {{- end -}} + {{- end }} + {{- if .Values.installCRDs }} + - --enable-partial-cache=true + {{- end }} {{- range $key, $value := .Values.certController.extraArgs }} {{- if $value }} - --{{ $key }}={{ $value }} diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 70f95f29f08..3700d6b7e5e 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -40,6 +40,7 @@ should match snapshot of default values: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch + - --enable-partial-cache=true image: ghcr.io/external-secrets/external-secrets:v0.9.19 imagePullPolicy: IfNotPresent name: cert-controller diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index d4183d8c76d..1b789904c54 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -5,6 +5,8 @@ should match snapshot of default values: metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 + labels: + external-secrets.io/component: controller name: secretstores.external-secrets.io spec: conversion: @@ -1555,6 +1557,11 @@ should match snapshot of default values: ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in for a ClusterSecretStore instance. properties: + namespaceRegexes: + description: Choose namespaces by using regex matching + items: + type: string + type: array namespaceSelector: description: Choose namespace using a labelSelector properties: @@ -2412,6 +2419,42 @@ should match snapshot of default values: - clientSecret - tenant type: object + device42: + description: Device42 configures this store to sync secrets using the Device42 provider + properties: + auth: + description: Auth configures how secret-manager authenticates with a Device42 instance. + properties: + secretRef: + properties: + credentials: + description: Username / Password is used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + required: + - secretRef + type: object + host: + description: URL configures the Device42 instance URL. + type: string + required: + - auth + - host + type: object doppler: description: Doppler configures this store to sync secrets using the Doppler provider properties: @@ -2693,6 +2736,77 @@ should match snapshot of default values: required: - auth type: object + infisical: + description: Infisical configures this store to sync secrets using the Infisical provider + properties: + auth: + description: Auth configures how the Operator authenticates with the Infisical API + properties: + universalAuthCredentials: + properties: + clientId: + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + clientSecret: + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - clientId + - clientSecret + type: object + type: object + hostAPI: + default: https://app.infisical.com/api + type: string + secretsScope: + properties: + environmentSlug: + type: string + projectSlug: + type: string + secretsPath: + default: / + type: string + required: + - environmentSlug + - projectSlug + type: object + required: + - auth + - secretsScope + type: object keepersecurity: description: KeeperSecurity configures this store to sync secrets using the KeeperSecurity provider properties: From 23f2829ec15cc4a39c338c77297b6a8a0ae28d70 Mon Sep 17 00:00:00 2001 From: Bude8 <35934161+Bude8@users.noreply.github.com> Date: Tue, 18 Jun 2024 06:56:20 +0100 Subject: [PATCH 119/517] Add logic to skip multiple stores. Add tests for multiple un/managed stores (#3123) Signed-off-by: Bude8 --- .../pushsecret/pushsecret_controller.go | 40 +++ .../pushsecret/pushsecret_controller_test.go | 337 +++++++++++++++++- 2 files changed, 369 insertions(+), 8 deletions(-) diff --git a/pkg/controllers/pushsecret/pushsecret_controller.go b/pkg/controllers/pushsecret/pushsecret_controller.go index 227d13704a3..ba0683fbe55 100644 --- a/pkg/controllers/pushsecret/pushsecret_controller.go +++ b/pkg/controllers/pushsecret/pushsecret_controller.go @@ -49,6 +49,7 @@ const ( errSetSecretFailed = "could not write remote ref %v to target secretstore %v: %v" errFailedSetSecret = "set secret failed: %v" errConvert = "could not apply conversion strategy to keys: %v" + errUnmanagedStores = "PushSecret %q has no managed stores to push to" pushSecretFinalizer = "pushsecret.externalsecrets.io/finalizer" ) @@ -157,6 +158,16 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu return ctrl.Result{}, err } + secretStores, err = removeUnmanagedStores(ctx, req.Namespace, r, secretStores) + if err != nil { + r.markAsFailed(err.Error(), &ps, nil) + return ctrl.Result{}, err + } + // if no stores are managed by this controller + if len(secretStores) == 0 { + return ctrl.Result{}, nil + } + syncedSecrets, err := r.PushSecretToProviders(ctx, secretStores, ps, secret, mgr) if err != nil { if errors.Is(err, locks.ErrConflict) { @@ -465,3 +476,32 @@ func statusRef(ref v1beta1.PushSecretData) string { } return ref.GetRemoteKey() } + +// removeUnmanagedStores iterates over all SecretStore references and evaluates the controllerClass property. +// Returns a map containing only managed stores. +func removeUnmanagedStores(ctx context.Context, namespace string, r *Reconciler, ss map[esapi.PushSecretStoreRef]v1beta1.GenericStore) (map[esapi.PushSecretStoreRef]v1beta1.GenericStore, error) { + for ref := range ss { + var store v1beta1.GenericStore + switch ref.Kind { + case v1beta1.SecretStoreKind: + store = &v1beta1.SecretStore{} + case v1beta1.ClusterSecretStoreKind: + store = &v1beta1.ClusterSecretStore{} + namespace = "" + } + err := r.Client.Get(ctx, types.NamespacedName{ + Name: ref.Name, + Namespace: namespace, + }, store) + + if err != nil { + return ss, err + } + + class := store.GetSpec().Controller + if class != "" && class != r.ControllerClass { + delete(ss, ref) + } + } + return ss, nil +} diff --git a/pkg/controllers/pushsecret/pushsecret_controller_test.go b/pkg/controllers/pushsecret/pushsecret_controller_test.go index 7ce34f8adf8..35a3a17876b 100644 --- a/pkg/controllers/pushsecret/pushsecret_controller_test.go +++ b/pkg/controllers/pushsecret/pushsecret_controller_test.go @@ -44,10 +44,14 @@ var ( ) type testCase struct { - store v1beta1.GenericStore - pushsecret *v1alpha1.PushSecret - secret *v1.Secret - assert func(pushsecret *v1alpha1.PushSecret, secret *v1.Secret) bool + store v1beta1.GenericStore + managedStore1 v1beta1.GenericStore + managedStore2 v1beta1.GenericStore + unmanagedStore1 v1beta1.GenericStore + unmanagedStore2 v1beta1.GenericStore + pushsecret *v1alpha1.PushSecret + secret *v1.Secret + assert func(pushsecret *v1alpha1.PushSecret, secret *v1.Secret) bool } func init() { @@ -59,6 +63,7 @@ func init() { } func checkCondition(status v1alpha1.PushSecretStatus, cond v1alpha1.PushSecretStatusCondition) bool { + fmt.Printf("status: %+v\ncond: %+v\n", status.Conditions, cond) for _, condition := range status.Conditions { if condition.Message == cond.Message && condition.Reason == cond.Reason && @@ -72,9 +77,9 @@ func checkCondition(status v1alpha1.PushSecretStatus, cond v1alpha1.PushSecretSt type testTweaks func(*testCase) -var _ = Describe("ExternalSecret controller", func() { +var _ = Describe("PushSecret controller", func() { const ( - PushSecretName = "test-es" + PushSecretName = "test-ps" PushSecretStore = "test-store" SecretName = "test-secret" ) @@ -718,6 +723,7 @@ var _ = Describe("ExternalSecret controller", func() { }, }, Kind: "SecretStore", + Name: PushSecretStore, }, }, Selector: v1alpha1.PushSecretSelector{ @@ -819,6 +825,7 @@ var _ = Describe("ExternalSecret controller", func() { }, }, Kind: "ClusterSecretStore", + Name: PushSecretStore, }, }, Selector: v1alpha1.PushSecretSelector{ @@ -930,7 +937,8 @@ var _ = Describe("ExternalSecret controller", func() { } return checkCondition(ps.Status, expected) } - } // if target Secret name is not specified it should use the ExternalSecret name. + } + // if target Secret name is not specified it should use the ExternalSecret name. setSecretFail := func(tc *testCase) { fakeProvider.SetSecretFn = func() error { return fmt.Errorf("boom") @@ -960,6 +968,7 @@ var _ = Describe("ExternalSecret controller", func() { return checkCondition(ps.Status, expected) } } + DescribeTable("When reconciling a PushSecret", func(tweaks ...testTweaks) { tc := makeDefaultTestcase() @@ -977,7 +986,7 @@ var _ = Describe("ExternalSecret controller", func() { if tc.pushsecret != nil { Expect(k8sClient.Create(ctx, tc.pushsecret)).Should(Succeed()) } - time.Sleep(2 * time.Second) + time.Sleep(2 * time.Second) // prevents race conditions during tests causing failures psKey := types.NamespacedName{Name: PushSecretName, Namespace: PushSecretNamespace} createdPS := &v1alpha1.PushSecret{} By("checking the pushSecret condition") @@ -1012,3 +1021,315 @@ var _ = Describe("ExternalSecret controller", func() { Entry("should fail if NewClient fails", newClientFail), ) }) + +var _ = Describe("PushSecret Controller Un/Managed Stores", func() { + const ( + PushSecretName = "test-ps" + ManagedPushSecretStore1 = "test-managed-store-1" + ManagedPushSecretStore2 = "test-managed-store-2" + UnmanagedPushSecretStore1 = "test-unmanaged-store-1" + UnmanagedPushSecretStore2 = "test-unmanaged-store-2" + SecretName = "test-secret" + ) + + var PushSecretNamespace string + PushSecretStores := []string{ManagedPushSecretStore1, ManagedPushSecretStore2, UnmanagedPushSecretStore1, UnmanagedPushSecretStore2} + + // if we are in debug and need to increase the timeout for testing, we can do so by using an env var + if customTimeout := os.Getenv("TEST_CUSTOM_TIMEOUT_SEC"); customTimeout != "" { + if t, err := strconv.Atoi(customTimeout); err == nil { + timeout = time.Second * time.Duration(t) + } + } + + BeforeEach(func() { + var err error + PushSecretNamespace, err = ctest.CreateNamespace("test-ns", k8sClient) + Expect(err).ToNot(HaveOccurred()) + fakeProvider.Reset() + }) + + AfterEach(func() { + k8sClient.Delete(context.Background(), &v1alpha1.PushSecret{ + ObjectMeta: metav1.ObjectMeta{ + Name: PushSecretName, + Namespace: PushSecretNamespace, + }, + }) + // give a time for reconciler to remove finalizers before removing SecretStores + // TODO: Secret Stores should have finalizers bound to PushSecrets if DeletionPolicy == Delete + time.Sleep(2 * time.Second) + for _, psstore := range PushSecretStores { + k8sClient.Delete(context.Background(), &v1beta1.SecretStore{ + ObjectMeta: metav1.ObjectMeta{ + Name: psstore, + Namespace: PushSecretNamespace, + }, + }) + k8sClient.Delete(context.Background(), &v1beta1.ClusterSecretStore{ + ObjectMeta: metav1.ObjectMeta{ + Name: psstore, + }, + }) + } + k8sClient.Delete(context.Background(), &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: SecretName, + Namespace: PushSecretNamespace, + }, + }) + Expect(k8sClient.Delete(context.Background(), &v1.Namespace{ + ObjectMeta: metav1.ObjectMeta{ + Name: PushSecretNamespace, + }, + })).To(Succeed()) + }) + + const ( + defaultKey = "key" + defaultVal = "value" + defaultPath = "path/to/key" + otherKey = "other-key" + otherVal = "other-value" + otherPath = "path/to/other-key" + newKey = "new-key" + newVal = "new-value" + storePrefixTemplate = "SecretStore/%v" + ) + + makeDefaultTestcase := func() *testCase { + return &testCase{ + pushsecret: &v1alpha1.PushSecret{ + ObjectMeta: metav1.ObjectMeta{ + Name: PushSecretName, + Namespace: PushSecretNamespace, + }, + Spec: v1alpha1.PushSecretSpec{ + SecretStoreRefs: []v1alpha1.PushSecretStoreRef{ + { + Name: ManagedPushSecretStore1, + Kind: "SecretStore", + }, + }, + Selector: v1alpha1.PushSecretSelector{ + Secret: v1alpha1.PushSecretSecret{ + Name: SecretName, + }, + }, + Data: []v1alpha1.PushSecretData{ + { + Match: v1alpha1.PushSecretMatch{ + SecretKey: defaultKey, + RemoteRef: v1alpha1.PushSecretRemoteRef{ + RemoteKey: defaultPath, + }, + }, + }, + }, + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: SecretName, + Namespace: PushSecretNamespace, + }, + Data: map[string][]byte{ + defaultKey: []byte(defaultVal), + }, + }, + managedStore1: &v1beta1.SecretStore{ + ObjectMeta: metav1.ObjectMeta{ + Name: ManagedPushSecretStore1, + Namespace: PushSecretNamespace, + }, + TypeMeta: metav1.TypeMeta{ + Kind: "SecretStore", + }, + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + Fake: &v1beta1.FakeProvider{ + Data: []v1beta1.FakeProviderData{}, + }, + }, + }, + }, + managedStore2: &v1beta1.SecretStore{ + ObjectMeta: metav1.ObjectMeta{ + Name: ManagedPushSecretStore2, + Namespace: PushSecretNamespace, + }, + TypeMeta: metav1.TypeMeta{ + Kind: "SecretStore", + }, + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + Fake: &v1beta1.FakeProvider{ + Data: []v1beta1.FakeProviderData{}, + }, + }, + }, + }, + unmanagedStore1: &v1beta1.SecretStore{ + ObjectMeta: metav1.ObjectMeta{ + Name: UnmanagedPushSecretStore1, + Namespace: PushSecretNamespace, + }, + TypeMeta: metav1.TypeMeta{ + Kind: "SecretStore", + }, + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + Fake: &v1beta1.FakeProvider{ + Data: []v1beta1.FakeProviderData{}, + }, + }, + Controller: "not-managed", + }, + }, + unmanagedStore2: &v1beta1.SecretStore{ + ObjectMeta: metav1.ObjectMeta{ + Name: UnmanagedPushSecretStore2, + Namespace: PushSecretNamespace, + }, + TypeMeta: metav1.TypeMeta{ + Kind: "SecretStore", + }, + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + Fake: &v1beta1.FakeProvider{ + Data: []v1beta1.FakeProviderData{}, + }, + }, + Controller: "not-managed", + }, + }, + } + } + + multipleManagedStoresSyncsSuccessfully := func(tc *testCase) { + fakeProvider.SetSecretFn = func() error { + return nil + } + + tc.pushsecret.Spec.SecretStoreRefs = append(tc.pushsecret.Spec.SecretStoreRefs, + v1alpha1.PushSecretStoreRef{ + Name: ManagedPushSecretStore2, + Kind: "SecretStore", + }, + ) + + tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool { + Eventually(func() bool { + By("checking if Provider value got updated") + secretValue := secret.Data[defaultKey] + providerValue, ok := fakeProvider.SetSecretArgs[ps.Spec.Data[0].Match.RemoteRef.RemoteKey] + if !ok { + return false + } + got := providerValue.Value + return bytes.Equal(got, secretValue) + }, time.Second*10, time.Second).Should(BeTrue()) + return true + } + } + + skipUnmanagedStores := func(tc *testCase) { + tc.pushsecret.Spec.SecretStoreRefs = []v1alpha1.PushSecretStoreRef{ + { + Name: UnmanagedPushSecretStore1, + Kind: "SecretStore", + }, + { + Name: UnmanagedPushSecretStore2, + Kind: "SecretStore", + }, + } + + tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool { + return len(ps.Status.Conditions) == 0 + } + } + + warnUnmanagedStoresAndSyncManagedStores := func(tc *testCase) { + fakeProvider.SetSecretFn = func() error { + return nil + } + + tc.pushsecret.Spec.SecretStoreRefs = []v1alpha1.PushSecretStoreRef{ + { + Name: ManagedPushSecretStore1, + Kind: "SecretStore", + }, + { + Name: ManagedPushSecretStore2, + Kind: "SecretStore", + }, + { + Name: UnmanagedPushSecretStore1, + Kind: "SecretStore", + }, + { + Name: UnmanagedPushSecretStore2, + Kind: "SecretStore", + }, + } + + tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool { + Eventually(func() bool { + By("checking if Provider value got updated") + secretValue := secret.Data[defaultKey] + providerValue, ok := fakeProvider.SetSecretArgs[ps.Spec.Data[0].Match.RemoteRef.RemoteKey] + if !ok { + return false + } + got := providerValue.Value + return bytes.Equal(got, secretValue) + }, time.Second*10, time.Second).Should(BeTrue()) + return true + } + } + + DescribeTable("When reconciling a PushSecret with multiple secret stores", + func(tweaks ...testTweaks) { + tc := makeDefaultTestcase() + for _, tweak := range tweaks { + tweak(tc) + } + ctx := context.Background() + By("creating secret stores, a secret and a pushsecret") + if tc.managedStore1 != nil { + Expect(k8sClient.Create(ctx, tc.managedStore1)).To(Succeed()) + } + if tc.managedStore2 != nil { + Expect(k8sClient.Create(ctx, tc.managedStore2)).To(Succeed()) + } + if tc.unmanagedStore1 != nil { + Expect(k8sClient.Create(ctx, tc.unmanagedStore1)).To(Succeed()) + } + if tc.unmanagedStore2 != nil { + Expect(k8sClient.Create(ctx, tc.unmanagedStore2)).To(Succeed()) + } + if tc.secret != nil { + Expect(k8sClient.Create(ctx, tc.secret)).To(Succeed()) + } + if tc.pushsecret != nil { + Expect(k8sClient.Create(ctx, tc.pushsecret)).Should(Succeed()) + } + time.Sleep(2 * time.Second) // prevents race conditions during tests causing failures + psKey := types.NamespacedName{Name: PushSecretName, Namespace: PushSecretNamespace} + createdPS := &v1alpha1.PushSecret{} + By("checking the pushSecret condition") + Eventually(func() bool { + err := k8sClient.Get(ctx, psKey, createdPS) + if err != nil { + return false + } + return tc.assert(createdPS, tc.secret) + }, timeout, interval).Should(BeTrue()) + // this must be optional so we can test faulty es configuration + }, + Entry("should sync successfully if there are multiple managed stores", multipleManagedStoresSyncsSuccessfully), + Entry("should skip unmanaged stores", skipUnmanagedStores), + Entry("should skip unmanaged stores and sync managed stores", warnUnmanagedStoresAndSyncManagedStores), + ) +}) From c7fc730019b8624800c00b26959baef5021ec982 Mon Sep 17 00:00:00 2001 From: Andrew Gunnerson <151555334+agunnerson-elastic@users.noreply.github.com> Date: Tue, 18 Jun 2024 03:28:41 -0400 Subject: [PATCH 120/517] fix(vault): Fix crash when caching is enabled and a token expires (#3598) In the vault client library, LookupSelfWithContext calls ParseSecret, which has a few places where it returns `nil, nil` instead of returning a proper error. The most common scenario is when the token expires and the Vault server returns: { "errors": [ "permission denied" ] } This commit adds an additional check to ensure that a nil response won't be dereferenced in checkToken(). Signed-off-by: Andrew Gunnerson --- pkg/provider/vault/auth.go | 5 ++++ pkg/provider/vault/auth_test.go | 43 +++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+) diff --git a/pkg/provider/vault/auth.go b/pkg/provider/vault/auth.go index 6f06e17fa3a..ffced508503 100644 --- a/pkg/provider/vault/auth.go +++ b/pkg/provider/vault/auth.go @@ -147,6 +147,11 @@ func checkToken(ctx context.Context, token util.Token) (bool, error) { if err != nil { return false, err } + // LookupSelfWithContext() calls ParseSecret(), which has several places + // that return no data and no error, including when a token is expired. + if resp == nil { + return false, fmt.Errorf("no response nor error for token lookup") + } t, ok := resp.Data["type"] if !ok { return false, fmt.Errorf("could not assert token type") diff --git a/pkg/provider/vault/auth_test.go b/pkg/provider/vault/auth_test.go index 823d260df17..5431332daf8 100644 --- a/pkg/provider/vault/auth_test.go +++ b/pkg/provider/vault/auth_test.go @@ -16,10 +16,12 @@ package vault import ( "context" + "errors" "testing" "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" + vault "github.com/hashicorp/vault/api" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/utils/ptr" @@ -165,3 +167,44 @@ func TestSetAuthNamespace(t *testing.T) { }) } } + +func TestCheckTokenErrors(t *testing.T) { + cases := map[string]struct { + message string + secret *vault.Secret + err error + }{ + "SuccessWithNoData": { + message: "should not cache if token lookup returned no data", + secret: &vault.Secret{}, + err: nil, + }, + "Error": { + message: "should not cache if token lookup errored", + secret: nil, + err: errors.New(""), + }, + // This happens when a token is expired and the Vault server returns: + // {"errors":["permission denied"]} + "NoDataNorError": { + message: "should not cache if token lookup returned no data nor error", + secret: nil, + err: nil, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + token := fake.Token{ + LookupSelfWithContextFn: func(ctx context.Context) (*vault.Secret, error) { + return tc.secret, tc.err + }, + } + + cached, _ := checkToken(context.Background(), token) + if cached { + t.Errorf("%v", tc.message) + } + }) + } +} From ebae16beb3803038dcaef8695104481d1768db44 Mon Sep 17 00:00:00 2001 From: Eric Fang Date: Tue, 18 Jun 2024 10:21:48 -0700 Subject: [PATCH 121/517] Remove the use of "golang.org/x/crypto/pkcs12" (#3601) Switch to software.sslmate.com/src/go-pkcs12 instead Signed-off-by: yihuaf --- pkg/provider/azure/keyvault/keyvault.go | 4 +- pkg/template/v1/template.go | 2 +- pkg/template/v2/pkcs12.go | 62 +++++++++++-------------- pkg/template/v2/template.go | 1 + 4 files changed, 32 insertions(+), 37 deletions(-) diff --git a/pkg/provider/azure/keyvault/keyvault.go b/pkg/provider/azure/keyvault/keyvault.go index 5b98142d8b9..9e87d7ac93c 100644 --- a/pkg/provider/azure/keyvault/keyvault.go +++ b/pkg/provider/azure/keyvault/keyvault.go @@ -35,7 +35,6 @@ import ( "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" "github.com/lestrrat-go/jwx/v2/jwk" "github.com/tidwall/gjson" - "golang.org/x/crypto/pkcs12" "golang.org/x/crypto/sha3" authv1 "k8s.io/api/authentication/v1" corev1 "k8s.io/api/core/v1" @@ -47,6 +46,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" ctrlcfg "sigs.k8s.io/controller-runtime/pkg/client/config" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + gopkcs12 "software.sslmate.com/src/go-pkcs12" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" "github.com/external-secrets/external-secrets/pkg/constants" @@ -345,7 +345,7 @@ func (a *Azure) SecretExists(ctx context.Context, remoteRef esv1beta1.PushSecret func getCertificateFromValue(value []byte) (*x509.Certificate, error) { // 1st: try decode pkcs12 - _, localCert, err := pkcs12.Decode(value, "") + _, localCert, err := gopkcs12.Decode(value, "") if err == nil { return localCert, nil } diff --git a/pkg/template/v1/template.go b/pkg/template/v1/template.go index 59c17b6a24b..df49cbf7b21 100644 --- a/pkg/template/v1/template.go +++ b/pkg/template/v1/template.go @@ -26,8 +26,8 @@ import ( "github.com/lestrrat-go/jwx/v2/jwk" "github.com/youmark/pkcs8" - "golang.org/x/crypto/pkcs12" corev1 "k8s.io/api/core/v1" + "software.sslmate.com/src/go-pkcs12" esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" ) diff --git a/pkg/template/v2/pkcs12.go b/pkg/template/v2/pkcs12.go index d73f8298164..d4cab3760dc 100644 --- a/pkg/template/v2/pkcs12.go +++ b/pkg/template/v2/pkcs12.go @@ -21,41 +21,28 @@ import ( "encoding/pem" "fmt" - "golang.org/x/crypto/pkcs12" gopkcs12 "software.sslmate.com/src/go-pkcs12" ) func pkcs12keyPass(pass, input string) (string, error) { - blocks, err := pkcs12.ToPEM([]byte(input), pass) + privateKey, _, _, err := gopkcs12.DecodeChain([]byte(input), pass) if err != nil { return "", fmt.Errorf(errDecodePKCS12WithPass, err) } - var pemData []byte - for _, block := range blocks { - // remove bag attributes like localKeyID, friendlyName - block.Headers = nil - if block.Type == pemTypeCertificate { - continue - } - key, err := parsePrivateKey(block.Bytes) - if err != nil { - return "", err - } - // we use pkcs8 because it supports more key types (ecdsa, ed25519), not just RSA - block.Bytes, err = x509.MarshalPKCS8PrivateKey(key) - if err != nil { - return "", err - } - // report error if encode fails - var buf bytes.Buffer - if err := pem.Encode(&buf, block); err != nil { - return "", err - } - pemData = append(pemData, buf.Bytes()...) + marshalPrivateKey, err := x509.MarshalPKCS8PrivateKey(privateKey) + if err != nil { + return "", err } - return string(pemData), nil + var buf bytes.Buffer + if err := pem.Encode(&buf, &pem.Block{ + Type: pemTypeKey, + Bytes: marshalPrivateKey, + }); err != nil { + return "", err + } + return buf.String(), nil } func parsePrivateKey(block []byte) (any, error) { @@ -76,21 +63,28 @@ func pkcs12key(input string) (string, error) { } func pkcs12certPass(pass, input string) (string, error) { - blocks, err := pkcs12.ToPEM([]byte(input), pass) + _, certificate, caCerts, err := gopkcs12.DecodeChain([]byte(input), pass) if err != nil { return "", fmt.Errorf(errDecodeCertWithPass, err) } var pemData []byte - for _, block := range blocks { - if block.Type != pemTypeCertificate { - continue - } - // remove bag attributes like localKeyID, friendlyName - block.Headers = nil - // report error if encode fails + var buf bytes.Buffer + if err := pem.Encode(&buf, &pem.Block{ + Type: pemTypeCertificate, + Bytes: certificate.Raw, + }); err != nil { + return "", err + } + + pemData = append(pemData, buf.Bytes()...) + + for _, ca := range caCerts { var buf bytes.Buffer - if err := pem.Encode(&buf, block); err != nil { + if err := pem.Encode(&buf, &pem.Block{ + Type: pemTypeCertificate, + Bytes: ca.Raw, + }); err != nil { return "", err } pemData = append(pemData, buf.Bytes()...) diff --git a/pkg/template/v2/template.go b/pkg/template/v2/template.go index b1c65fe796d..46040e84485 100644 --- a/pkg/template/v2/template.go +++ b/pkg/template/v2/template.go @@ -59,6 +59,7 @@ const ( errParsePrivKey = "unable to parse private key type" pemTypeCertificate = "CERTIFICATE" + pemTypeKey = "PRIVATE KEY" ) func init() { From 9a6ffcd84461d6d30ad8a7b3fbb7918e2109fd94 Mon Sep 17 00:00:00 2001 From: Idan Adar Date: Thu, 20 Jun 2024 18:50:49 +0300 Subject: [PATCH 122/517] Make UBI more tolerable from OS vulnerabilities (#3607) * Make UBI safer from OS vulnerabilities * Add missing files * Use correct packages * Fix CVEs --- Dockerfile.ubi | 36 ++++++++++++++++++++++++++++++------ e2e/go.mod | 2 +- go.mod | 2 +- ubi-build-files-amd64.txt | 15 +++++++++++++++ ubi-build-files-arm64.txt | 15 +++++++++++++++ ubi-build-files-ppc64le.txt | 14 ++++++++++++++ ubi-build-files-s390x.txt | 14 ++++++++++++++ 7 files changed, 90 insertions(+), 8 deletions(-) create mode 100644 ubi-build-files-amd64.txt create mode 100644 ubi-build-files-arm64.txt create mode 100644 ubi-build-files-ppc64le.txt create mode 100644 ubi-build-files-s390x.txt diff --git a/Dockerfile.ubi b/Dockerfile.ubi index 0a2903cc266..aa3472cc056 100644 --- a/Dockerfile.ubi +++ b/Dockerfile.ubi @@ -1,11 +1,35 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal@sha256:5f1cd3422d5d46aea35dac80825dbcbd58213eef49c317f42a394345fb4e8ff1 +FROM registry.access.redhat.com/ubi8/ubi as minimal-ubi + ARG TARGETOS ARG TARGETARCH -COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets +RUN dnf update -y && dnf install -y binutils +# prep target rootfs for scratch container +WORKDIR / +RUN mkdir /image && \ + ln -s usr/bin /image/bin && \ + ln -s usr/sbin /image/sbin && \ + ln -s usr/lib64 /image/lib64 && \ + ln -s usr/lib /image/lib && \ + mkdir -p /image/{usr/bin,usr/lib64,usr/lib,root,home,proc,etc,sys,var,dev} -RUN microdnf update +COPY ubi-build-files-${TARGETARCH}.txt /tmp +# Copy all the required files from the base UBI image into the image directory +# As the go binary is not statically compiled this includes everything needed for CGO to work, cacerts, tzdata and RH release files +RUN tar cf /tmp/files.tar -T /tmp/ubi-build-files-${TARGETARCH}.txt && tar xf /tmp/files.tar -C /image/ \ + && strip --strip-unneeded /image/usr/lib64/*[0-9].so -# Run as UID for nobody -USER 65534 +# Generate a rpm database which contains all the packages that you said were needed in ubi-build-files-*.txt +RUN rpm --root /image --initdb \ + && PACKAGES=$(rpm -qf $(cat /tmp/ubi-build-files-${TARGETARCH}.txt) | grep -v "is not owned by any package" | sort -u) \ + && echo dnf install -y 'dnf-command(download)' \ + && dnf download --destdir / ${PACKAGES} \ + && rpm --root /image -ivh --justdb --nodeps `for i in ${PACKAGES}; do echo $i.rpm; done` -ENTRYPOINT ["/bin/external-secrets"] +FROM scratch +# Copy all required files + rpm database so the image is scannable +COPY --from=minimal-ubi /image/ / +USER 65534 +ARG TARGETOS +ARG TARGETARCH +COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets +ENTRYPOINT ["/bin/external-secrets"] \ No newline at end of file diff --git a/e2e/go.mod b/e2e/go.mod index fbece5e48ed..ea4951dc6b4 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -1,6 +1,6 @@ module github.com/external-secrets/external-secrets-e2e -go 1.22.3 +go 1.22.4 replace ( github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 diff --git a/go.mod b/go.mod index 4bbb3d3740f..cfc66a2f7fd 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/external-secrets/external-secrets -go 1.22.3 +go 1.22.4 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 diff --git a/ubi-build-files-amd64.txt b/ubi-build-files-amd64.txt new file mode 100644 index 00000000000..0e55ec2e910 --- /dev/null +++ b/ubi-build-files-amd64.txt @@ -0,0 +1,15 @@ +etc/pki +root/buildinfo +etc/ssl/certs +etc/redhat-release +usr/share/zoneinfo +usr/lib64/ld-2.28.so +usr/lib64/ld-linux-x86-64.so.2 +usr/lib64/libc-2.28.so +usr/lib64/libc.so.6 +usr/lib64/libdl-2.28.so +usr/lib64/libdl.so.2 +usr/lib64/libpthread-2.28.so +usr/lib64/libpthread.so.0 +usr/lib64/libm-2.28.so +usr/lib64/libm.so.6 \ No newline at end of file diff --git a/ubi-build-files-arm64.txt b/ubi-build-files-arm64.txt new file mode 100644 index 00000000000..18571f6f6c6 --- /dev/null +++ b/ubi-build-files-arm64.txt @@ -0,0 +1,15 @@ +etc/pki +root/buildinfo +etc/ssl/certs +etc/redhat-release +usr/share/zoneinfo +usr/lib64/ld-2.28.so +usr/lib64/ld-linux-aarch64.so.1 +usr/lib64/libc-2.28.so +usr/lib64/libc.so.6 +usr/lib64/libdl-2.28.so +usr/lib64/libdl.so.2 +usr/lib64/libpthread-2.28.so +usr/lib64/libpthread.so.0 +usr/lib64/libm-2.28.so +usr/lib64/libm.so.6 \ No newline at end of file diff --git a/ubi-build-files-ppc64le.txt b/ubi-build-files-ppc64le.txt new file mode 100644 index 00000000000..4f9e8668342 --- /dev/null +++ b/ubi-build-files-ppc64le.txt @@ -0,0 +1,14 @@ +etc/pki +root/buildinfo +etc/ssl/certs +etc/redhat-release +usr/share/zoneinfo +usr/lib64/ld-2.28.so +usr/lib64/libc-2.28.so +usr/lib64/libc.so.6 +usr/lib64/libdl-2.28.so +usr/lib64/libdl.so.2 +usr/lib64/libpthread-2.28.so +usr/lib64/libpthread.so.0 +usr/lib64/libm-2.28.so +usr/lib64/libm.so.6 \ No newline at end of file diff --git a/ubi-build-files-s390x.txt b/ubi-build-files-s390x.txt new file mode 100644 index 00000000000..4f9e8668342 --- /dev/null +++ b/ubi-build-files-s390x.txt @@ -0,0 +1,14 @@ +etc/pki +root/buildinfo +etc/ssl/certs +etc/redhat-release +usr/share/zoneinfo +usr/lib64/ld-2.28.so +usr/lib64/libc-2.28.so +usr/lib64/libc.so.6 +usr/lib64/libdl-2.28.so +usr/lib64/libdl.so.2 +usr/lib64/libpthread-2.28.so +usr/lib64/libpthread.so.0 +usr/lib64/libm-2.28.so +usr/lib64/libm.so.6 \ No newline at end of file From f1ab7ef89d3c8f512b83824e742d1dbf0f7384fd Mon Sep 17 00:00:00 2001 From: Moritz Johner Date: Fri, 21 Jun 2024 12:59:25 +0200 Subject: [PATCH 123/517] fix: explicitly fetch status subresource due to inconsistencies (#3608) * fix: explicitly fetch status subresource due to inconsistencies Signed-off-by: Moritz Johner * fix: bump go Signed-off-by: Moritz Johner * fix: add rbac to get status Signed-off-by: Moritz Johner --------- Signed-off-by: Moritz Johner --- deploy/charts/external-secrets/templates/rbac.yaml | 1 + .../externalsecret/externalsecret_controller.go | 10 ++++++++++ 2 files changed, 11 insertions(+) diff --git a/deploy/charts/external-secrets/templates/rbac.yaml b/deploy/charts/external-secrets/templates/rbac.yaml index 21557995a4b..4f4ab48fe87 100644 --- a/deploy/charts/external-secrets/templates/rbac.yaml +++ b/deploy/charts/external-secrets/templates/rbac.yaml @@ -44,6 +44,7 @@ rules: - "pushsecrets/status" - "pushsecrets/finalizers" verbs: + - "get" - "update" - "patch" - apiGroups: diff --git a/pkg/controllers/externalsecret/externalsecret_controller.go b/pkg/controllers/externalsecret/externalsecret_controller.go index e3864426a35..05f2d608f5f 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller.go +++ b/pkg/controllers/externalsecret/externalsecret_controller.go @@ -130,6 +130,16 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu return ctrl.Result{}, err } + // See https://github.com/external-secrets/external-secrets/issues/3604 + // We fetch the ExternalSecret resource above, however the status subresource is inconsistent. + // We have to explicitly fetch it, otherwise it may be missing and will cause + // unexpected side effects. + err = r.SubResource("status").Get(ctx, &externalSecret, &externalSecret) + if err != nil { + log.Error(err, "failed to get status subresource") + return ctrl.Result{}, err + } + timeSinceLastRefresh := 0 * time.Second if !externalSecret.Status.RefreshTime.IsZero() { timeSinceLastRefresh = time.Since(externalSecret.Status.RefreshTime.Time) From 490eeacca213546ed76f751821867bac2e348123 Mon Sep 17 00:00:00 2001 From: Timofei Larkin Date: Fri, 21 Jun 2024 23:57:04 +0400 Subject: [PATCH 124/517] Adds codepath for removing finalizers (#3610) * Adds codepath for removing finalizers See #3609. Signed-off-by: Timofei Larkin * Add test case for #3609 Signed-off-by: Timofei Larkin --------- Signed-off-by: Timofei Larkin --- .../pushsecret/pushsecret_controller.go | 6 ++ .../pushsecret/pushsecret_controller_test.go | 55 +++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/pkg/controllers/pushsecret/pushsecret_controller.go b/pkg/controllers/pushsecret/pushsecret_controller.go index ba0683fbe55..bf13900c26f 100644 --- a/pkg/controllers/pushsecret/pushsecret_controller.go +++ b/pkg/controllers/pushsecret/pushsecret_controller.go @@ -138,6 +138,12 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu } } case esapi.PushSecretDeletionPolicyNone: + if controllerutil.ContainsFinalizer(&ps, pushSecretFinalizer) { + controllerutil.RemoveFinalizer(&ps, pushSecretFinalizer) + if err := r.Client.Update(ctx, &ps, &client.UpdateOptions{}); err != nil { + return ctrl.Result{}, fmt.Errorf("could not update finalizers: %w", err) + } + } default: } diff --git a/pkg/controllers/pushsecret/pushsecret_controller_test.go b/pkg/controllers/pushsecret/pushsecret_controller_test.go index 35a3a17876b..f7b16faf712 100644 --- a/pkg/controllers/pushsecret/pushsecret_controller_test.go +++ b/pkg/controllers/pushsecret/pushsecret_controller_test.go @@ -494,6 +494,60 @@ var _ = Describe("PushSecret controller", func() { return true } } + + // if PushSecret's DeletionPolicy is cleared, it should delete successfully + syncChangePolicyAndDeleteSuccessfully := func(tc *testCase) { + fakeProvider.SetSecretFn = func() error { + return nil + } + tc.pushsecret = &v1alpha1.PushSecret{ + ObjectMeta: metav1.ObjectMeta{ + Name: PushSecretName, + Namespace: PushSecretNamespace, + }, + Spec: v1alpha1.PushSecretSpec{ + DeletionPolicy: v1alpha1.PushSecretDeletionPolicyDelete, + SecretStoreRefs: []v1alpha1.PushSecretStoreRef{ + { + Name: PushSecretStore, + Kind: "SecretStore", + }, + }, + Selector: v1alpha1.PushSecretSelector{ + Secret: v1alpha1.PushSecretSecret{ + Name: SecretName, + }, + }, + Data: []v1alpha1.PushSecretData{ + { + Match: v1alpha1.PushSecretMatch{ + SecretKey: defaultKey, + RemoteRef: v1alpha1.PushSecretRemoteRef{ + RemoteKey: defaultPath, + }, + }, + }, + }, + }, + } + tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool { + ps.Spec.DeletionPolicy = v1alpha1.PushSecretDeletionPolicyNone + updatedPS := &v1alpha1.PushSecret{} + Expect(k8sClient.Update(context.Background(), ps, &client.UpdateOptions{})).Should(Succeed()) + Expect(k8sClient.Delete(context.Background(), ps, &client.DeleteOptions{})).Should(Succeed()) + Eventually(func() bool { + psKey := types.NamespacedName{Name: PushSecretName, Namespace: PushSecretNamespace} + By("checking if Get PushSecret returns not found") + err := k8sClient.Get(context.Background(), psKey, updatedPS) + if err != nil && client.IgnoreNotFound(err) == nil { + return true + } + return false + }, time.Second*10, time.Second).Should(BeTrue()) + return true + } + } + failDelete := func(tc *testCase) { fakeProvider.SetSecretFn = func() error { return nil @@ -1007,6 +1061,7 @@ var _ = Describe("PushSecret controller", func() { Entry("should sync with template", syncSuccessfullyWithTemplate), Entry("should sync with conversion strategy", syncSuccessfullyWithConversionStrategy), Entry("should delete if DeletionPolicy=Delete", syncAndDeleteSuccessfully), + Entry("should delete after DeletionPolicy changed from Delete to None", syncChangePolicyAndDeleteSuccessfully), Entry("should track deletion tasks if Delete fails", failDelete), Entry("should track deleted stores if Delete fails", failDeleteStore), Entry("should delete all secrets if SecretStore changes", deleteWholeStore), From 0a4f5102aef6ebae90dee667b39ed04f0b728486 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 13:17:12 +0200 Subject: [PATCH 125/517] update dependencies (#3624) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator --- e2e/go.mod | 24 +++++++++--------- e2e/go.sum | 52 +++++++++++++++++++------------------- go.mod | 35 +++++++++++++------------- go.sum | 74 ++++++++++++++++++++++++++++-------------------------- 4 files changed, 94 insertions(+), 91 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index ea4951dc6b4..cfae1161e7a 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -47,7 +47,7 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.54.2 + github.com/aws/aws-sdk-go v1.54.6 github.com/cyberark/conjur-api-go v0.12.0 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 @@ -57,11 +57,11 @@ require ( github.com/hashicorp/vault/api v1.14.0 github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.67.1 + github.com/oracle/oci-go-sdk/v65 v65.67.2 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 github.com/xanzy/go-gitlab v0.105.0 golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.184.0 + google.golang.org/api v0.185.0 k8s.io/api v0.30.2 k8s.io/apiextensions-apiserver v0.30.2 k8s.io/apimachinery v0.30.2 @@ -79,7 +79,7 @@ require ( cloud.google.com/go/iam v1.1.8 // indirect dario.cat/mergo v1.0.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/adal v0.9.24 // indirect @@ -126,11 +126,11 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240528025155-186aa0362fba // indirect + github.com/google/pprof v0.0.0-20240622144329-c177fd99eaa9 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.4 // indirect + github.com/googleapis/gax-go/v2 v2.12.5 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -151,7 +151,7 @@ require ( github.com/lestrrat-go/httpcc v1.0.1 // indirect github.com/lestrrat-go/httprc v1.0.5 // indirect github.com/lestrrat-go/iter v1.0.2 // indirect - github.com/lestrrat-go/jwx/v2 v2.0.21 // indirect + github.com/lestrrat-go/jwx/v2 v2.1.0 // indirect github.com/lestrrat-go/option v1.0.1 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect @@ -198,9 +198,9 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.22.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240610135401-a8a62080eff3 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240610135401-a8a62080eff3 // indirect + google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect google.golang.org/grpc v1.64.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -208,8 +208,8 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect - k8s.io/klog/v2 v2.130.0 // indirect - k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index f246c3d7488..67ea4d0de73 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -18,8 +18,8 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.114.0 h1:OIPFAdfrFDFO2ve2U7r/H5SwSbBzEdrBdE7xkgwc+kY= -cloud.google.com/go v0.114.0/go.mod h1:ZV9La5YYxctro1HTPug5lXH/GefROyW8PPD4T8n9J8E= +cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= +cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw= cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= @@ -58,8 +58,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqT github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= @@ -113,8 +113,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.54.2 h1:Wo6AVWcleNHrYa48YzfYz60hzxGRqsJrK5s/qePe+3I= -github.com/aws/aws-sdk-go v1.54.2/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.54.6 h1:HEYUib3yTt8E6vxjMWM3yAq5b+qjj/6aKA62mkgux9g= +github.com/aws/aws-sdk-go v1.54.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -286,8 +286,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240528025155-186aa0362fba h1:ql1qNgCyOB7iAEk8JTNM+zJrgIbnyCKX/wdlyPufP5g= -github.com/google/pprof v0.0.0-20240528025155-186aa0362fba/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240622144329-c177fd99eaa9 h1:ouFdLLCOyCfnxGpQTMZKHLyHr/D1GFbQzEsJxumO16E= +github.com/google/pprof v0.0.0-20240622144329-c177fd99eaa9/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -301,8 +301,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfF github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg= -github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI= +github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA= +github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -369,8 +369,8 @@ github.com/lestrrat-go/httprc v1.0.5 h1:bsTfiH8xaKOJPrg1R+E3iE/AWZr/x0Phj9PBTG/O github.com/lestrrat-go/httprc v1.0.5/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.0.21 h1:jAPKupy4uHgrHFEdjVjNkUgoBKtVDgrQPB/h55FHrR0= -github.com/lestrrat-go/jwx/v2 v2.0.21/go.mod h1:09mLW8zto6bWL9GbwnqAli+ArLf+5M33QLQPDggkUWM= +github.com/lestrrat-go/jwx/v2 v2.1.0 h1:0zs7Ya6+39qoit7gwAf+cYm1zzgS3fceIdo7RmQ5lkw= +github.com/lestrrat-go/jwx/v2 v2.1.0/go.mod h1:Xpw9QIaUGiIUD1Wx0NcY1sIHwFf8lDuZn/cmxtXYRys= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= @@ -409,8 +409,8 @@ github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.67.1 h1:gNmvMT61SgLMmKfWOkzLdXN1NwYRFUWIxEXgJogQFGc= -github.com/oracle/oci-go-sdk/v65 v65.67.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.67.2 h1:ieNt3Gm9MSGNuPXEBUg6MoSRE3ByWlxj0GBKlvD/Cls= +github.com/oracle/oci-go-sdk/v65 v65.67.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -808,8 +808,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.184.0 h1:dmEdk6ZkJNXy1JcDhn/ou0ZUq7n9zropG2/tR4z+RDg= -google.golang.org/api v0.184.0/go.mod h1:CeDTtUEiYENAf8PPG5VZW2yNp2VM3VWbCeTioAZBTBA= +google.golang.org/api v0.185.0 h1:ENEKk1k4jW8SmmaT6RE+ZasxmxezCrD5Vw4npvr+pAU= +google.golang.org/api v0.185.0/go.mod h1:HNfvIkJGlgrIlrbYkAm9W9IdkmKZjOTVh33YltygGbg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -857,12 +857,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240610135401-a8a62080eff3 h1:8RTI1cmuvdY9J7q/jpJWEj5UfgWjhV5MCoXaYmwLBYQ= -google.golang.org/genproto v0.0.0-20240610135401-a8a62080eff3/go.mod h1:qb66gsewNb7Ghv1enkhJiRfYGWUklv3n6G8UvprOhzA= -google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 h1:QW9+G6Fir4VcRXVH8x3LilNAb6cxBGLa6+GM4hRwexE= -google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3/go.mod h1:kdrSS/OiLkPrNUpzD4aHgCq2rVuC/YRxok32HXZ4vRE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240610135401-a8a62080eff3 h1:9Xyg6I9IWQZhRVfCWjKK+l6kI0jHcPesVlMnT//aHNo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240610135401-a8a62080eff3/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 h1:CUiCqkPw1nNrNQzCCG4WA65m0nAmQiwXHpub3dNyruU= +google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4/go.mod h1:EvuUDCulqGgV80RvP1BHuom+smhX4qtlhnNatHuroGQ= +google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 h1:MuYw1wJzT+ZkybKfaOXKp5hJiZDn2iHaXRw0mRYdHSc= +google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -935,10 +935,10 @@ k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= -k8s.io/klog/v2 v2.130.0 h1:5nB3+3HpqKqXJIXNtJdtxcDCfaa9KL8StJgMzGJkUkM= -k8s.io/klog/v2 v2.130.0/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA= -k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b h1:Q9xmGWBvOGd8UJyccgpYlLosk/JlfP3xQLNkQlHJeXw= +k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/go.mod b/go.mod index cfc66a2f7fd..a42883ece50 100644 --- a/go.mod +++ b/go.mod @@ -19,12 +19,12 @@ require ( github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.54.2 + github.com/aws/aws-sdk-go v1.54.6 github.com/go-logr/logr v1.4.2 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 github.com/google/uuid v1.6.0 - github.com/googleapis/gax-go/v2 v2.12.4 + github.com/googleapis/gax-go/v2 v2.12.5 github.com/hashicorp/vault/api v1.14.0 github.com/hashicorp/vault/api/auth/approle v0.7.0 github.com/hashicorp/vault/api/auth/kubernetes v0.7.0 @@ -32,21 +32,21 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.67.1 + github.com/oracle/oci-go-sdk/v65 v65.67.2 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.1 github.com/xanzy/go-gitlab v0.105.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240529120826-df2b24336f42 - github.com/yandex-cloud/go-sdk v0.0.0-20240529122015-8b0dc5b8bcbf + github.com/yandex-cloud/go-genproto v0.0.0-20240618172339-aafa8543bd63 + github.com/yandex-cloud/go-sdk v0.0.0-20240621081111-1018f7c96dc7 github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.24.0 golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.184.0 - google.golang.org/genproto v0.0.0-20240610135401-a8a62080eff3 + google.golang.org/api v0.185.0 + google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 google.golang.org/grpc v1.64.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -63,7 +63,7 @@ require github.com/1Password/connect-sdk-go v1.5.3 require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d github.com/akeylesslabs/akeyless-go/v3 v3.6.3 @@ -82,7 +82,7 @@ require ( github.com/hashicorp/vault/api/auth/aws v0.7.0 github.com/hashicorp/vault/api/auth/userpass v0.7.0 github.com/keeper-security/secrets-manager-go/core v1.6.3 - github.com/lestrrat-go/jwx/v2 v2.0.21 + github.com/lestrrat-go/jwx/v2 v2.1.0 github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 github.com/passbolt/go-passbolt v0.7.0 github.com/pulumi/esc v0.9.1 @@ -99,6 +99,7 @@ require ( cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect dario.cat/mergo v1.0.0 // indirect + github.com/BurntSushi/toml v1.4.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect @@ -123,7 +124,7 @@ require ( github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/charmbracelet/bubbles v0.18.0 // indirect - github.com/charmbracelet/bubbletea v0.26.4 // indirect + github.com/charmbracelet/bubbletea v0.26.5 // indirect github.com/charmbracelet/lipgloss v0.11.0 // indirect github.com/charmbracelet/x/ansi v0.1.2 // indirect github.com/charmbracelet/x/input v0.1.2 // indirect @@ -153,7 +154,7 @@ require ( github.com/google/s2a-go v0.1.7 // indirect github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect - github.com/hashicorp/hcl/v2 v2.20.1 // indirect + github.com/hashicorp/hcl/v2 v2.21.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/lestrrat-go/httprc v1.0.5 // indirect @@ -169,7 +170,7 @@ require ( github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.120.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.121.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect @@ -191,10 +192,10 @@ require ( go.opentelemetry.io/otel/metric v1.27.0 // indirect go.opentelemetry.io/otel/trace v1.27.0 // indirect golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240610135401-a8a62080eff3 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect - k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect + k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b // indirect lukechampine.com/frand v1.4.2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) @@ -239,7 +240,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240528025155-186aa0362fba // indirect + github.com/google/pprof v0.0.0-20240622144329-c177fd99eaa9 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -307,6 +308,6 @@ require ( gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 // indirect k8s.io/klog v1.0.0 // indirect - k8s.io/klog/v2 v2.130.0 // indirect + k8s.io/klog/v2 v2.130.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect ) diff --git a/go.sum b/go.sum index e206781c014..b2912b0a1b7 100644 --- a/go.sum +++ b/go.sum @@ -18,8 +18,8 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.114.0 h1:OIPFAdfrFDFO2ve2U7r/H5SwSbBzEdrBdE7xkgwc+kY= -cloud.google.com/go v0.114.0/go.mod h1:ZV9La5YYxctro1HTPug5lXH/GefROyW8PPD4T8n9J8E= +cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= +cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw= cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= @@ -60,8 +60,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqT github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0 h1:U2rTu3Ef+7w9FHKIAXM6ZyqF3UOWJZ12zIm8zECAFfg= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.6.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= @@ -96,6 +96,8 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= +github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= +github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2/go.mod h1:tNlpIXJlIwQlRbobXDPme4qv/Rc8+a1GbuUhE3m4JhQ= @@ -202,8 +204,8 @@ github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinR github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.54.2 h1:Wo6AVWcleNHrYa48YzfYz60hzxGRqsJrK5s/qePe+3I= -github.com/aws/aws-sdk-go v1.54.2/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.54.6 h1:HEYUib3yTt8E6vxjMWM3yAq5b+qjj/6aKA62mkgux9g= +github.com/aws/aws-sdk-go v1.54.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -223,8 +225,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/charmbracelet/bubbles v0.18.0 h1:PYv1A036luoBGroX6VWjQIE9Syf2Wby2oOl/39KLfy0= github.com/charmbracelet/bubbles v0.18.0/go.mod h1:08qhZhtIwzgrtBjAcJnij1t1H0ZRjwHyGsy6AL11PSw= -github.com/charmbracelet/bubbletea v0.26.4 h1:2gDkkzLZaTjMl/dQBpNVtnvcCxsh/FCkimep7FC9c40= -github.com/charmbracelet/bubbletea v0.26.4/go.mod h1:P+r+RRA5qtI1DOHNFn0otoNwB4rn+zNAzSj/EXz6xU0= +github.com/charmbracelet/bubbletea v0.26.5 h1:90pqTPElAReb/qQUgSMUresTkfwVr0Wx+zczeHHOgxk= +github.com/charmbracelet/bubbletea v0.26.5/go.mod h1:dz8CWPlfCCGLFbBlTY4N7bjLiyOGDJEnd2Muu7pOWhk= github.com/charmbracelet/lipgloss v0.11.0 h1:UoAcbQ6Qml8hDwSWs0Y1cB5TEQuZkDPH/ZqwWWYTG4g= github.com/charmbracelet/lipgloss v0.11.0/go.mod h1:1UdRTH9gYgpcdNN5oBtjbu/IzNKtzVtb7sqN1t9LNn8= github.com/charmbracelet/x/ansi v0.1.2 h1:6+LR39uG8DE6zAmbu023YlqjJHkYXDF1z36ZwzO4xZY= @@ -454,8 +456,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240528025155-186aa0362fba h1:ql1qNgCyOB7iAEk8JTNM+zJrgIbnyCKX/wdlyPufP5g= -github.com/google/pprof v0.0.0-20240528025155-186aa0362fba/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240622144329-c177fd99eaa9 h1:ouFdLLCOyCfnxGpQTMZKHLyHr/D1GFbQzEsJxumO16E= +github.com/google/pprof v0.0.0-20240622144329-c177fd99eaa9/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -469,8 +471,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfF github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg= -github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI= +github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA= +github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= @@ -505,8 +507,8 @@ github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iP github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= -github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc= -github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4= +github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14= +github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU= github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk= github.com/hashicorp/vault/api/auth/approle v0.7.0 h1:R5IRVuFA5JSdG3UdGVcGysi0StrL1lPmyJnrawiV0Ss= @@ -571,8 +573,8 @@ github.com/lestrrat-go/httprc v1.0.5 h1:bsTfiH8xaKOJPrg1R+E3iE/AWZr/x0Phj9PBTG/O github.com/lestrrat-go/httprc v1.0.5/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.0.21 h1:jAPKupy4uHgrHFEdjVjNkUgoBKtVDgrQPB/h55FHrR0= -github.com/lestrrat-go/jwx/v2 v2.0.21/go.mod h1:09mLW8zto6bWL9GbwnqAli+ArLf+5M33QLQPDggkUWM= +github.com/lestrrat-go/jwx/v2 v2.1.0 h1:0zs7Ya6+39qoit7gwAf+cYm1zzgS3fceIdo7RmQ5lkw= +github.com/lestrrat-go/jwx/v2 v2.1.0/go.mod h1:Xpw9QIaUGiIUD1Wx0NcY1sIHwFf8lDuZn/cmxtXYRys= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= @@ -648,8 +650,8 @@ github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS6 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.67.1 h1:gNmvMT61SgLMmKfWOkzLdXN1NwYRFUWIxEXgJogQFGc= -github.com/oracle/oci-go-sdk/v65 v65.67.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.67.2 h1:ieNt3Gm9MSGNuPXEBUg6MoSRE3ByWlxj0GBKlvD/Cls= +github.com/oracle/oci-go-sdk/v65 v65.67.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= @@ -677,8 +679,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs= github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c= -github.com/pulumi/pulumi/sdk/v3 v3.120.0 h1:KYtMkCmcSg4U+w41/Q0l3llKEodbfdyq6J0VMoEoVmY= -github.com/pulumi/pulumi/sdk/v3 v3.120.0/go.mod h1:/mQJPO+HehhoSJ9O3C6eUKAGeAr+4KSrbDhLsXHKldc= +github.com/pulumi/pulumi/sdk/v3 v3.121.0 h1:UsnFKIVOtJN/hQKPkWHL9cZktewPVQRbNUXbXQY/qrk= +github.com/pulumi/pulumi/sdk/v3 v3.121.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -779,10 +781,10 @@ github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= -github.com/yandex-cloud/go-genproto v0.0.0-20240529120826-df2b24336f42 h1:l5Wu1kRcM34HqBR2FZI6tWc6QKyPziNj5fGZ4eXTCRI= -github.com/yandex-cloud/go-genproto v0.0.0-20240529120826-df2b24336f42/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240529122015-8b0dc5b8bcbf h1:R46d2p9AmCeotDrb8alxjeSukKOtU1gNLnBDZxsS7F0= -github.com/yandex-cloud/go-sdk v0.0.0-20240529122015-8b0dc5b8bcbf/go.mod h1:CuHkaRm2ZXv5SulglkbSFjdxh1R6VwpyfSM9EXMYz2U= +github.com/yandex-cloud/go-genproto v0.0.0-20240618172339-aafa8543bd63 h1:mHrm9qMyi5zkH1J7wG8RtWZPtbW+0YEiHlrbse6Jqos= +github.com/yandex-cloud/go-genproto v0.0.0-20240618172339-aafa8543bd63/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240621081111-1018f7c96dc7 h1:/8yjsR2CXDI78EYoZNjKWWI1zl80mehvXHWJNDXV0Wg= +github.com/yandex-cloud/go-sdk v0.0.0-20240621081111-1018f7c96dc7/go.mod h1:urEKFBFYulcun3e4CbZY33Czfy7XeI1y4ctASTB/MUQ= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 h1:tBiBTKHnIjovYoLX/TPkcf+OjqqKGQrPtGT3Foz+Pgo= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76/go.mod h1:SQliXeA7Dhkt//vS29v3zpbEwoa+zb2Cn5xj5uO4K5U= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -1167,8 +1169,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.184.0 h1:dmEdk6ZkJNXy1JcDhn/ou0ZUq7n9zropG2/tR4z+RDg= -google.golang.org/api v0.184.0/go.mod h1:CeDTtUEiYENAf8PPG5VZW2yNp2VM3VWbCeTioAZBTBA= +google.golang.org/api v0.185.0 h1:ENEKk1k4jW8SmmaT6RE+ZasxmxezCrD5Vw4npvr+pAU= +google.golang.org/api v0.185.0/go.mod h1:HNfvIkJGlgrIlrbYkAm9W9IdkmKZjOTVh33YltygGbg= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1218,12 +1220,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240610135401-a8a62080eff3 h1:8RTI1cmuvdY9J7q/jpJWEj5UfgWjhV5MCoXaYmwLBYQ= -google.golang.org/genproto v0.0.0-20240610135401-a8a62080eff3/go.mod h1:qb66gsewNb7Ghv1enkhJiRfYGWUklv3n6G8UvprOhzA= -google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3 h1:QW9+G6Fir4VcRXVH8x3LilNAb6cxBGLa6+GM4hRwexE= -google.golang.org/genproto/googleapis/api v0.0.0-20240610135401-a8a62080eff3/go.mod h1:kdrSS/OiLkPrNUpzD4aHgCq2rVuC/YRxok32HXZ4vRE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240610135401-a8a62080eff3 h1:9Xyg6I9IWQZhRVfCWjKK+l6kI0jHcPesVlMnT//aHNo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240610135401-a8a62080eff3/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 h1:CUiCqkPw1nNrNQzCCG4WA65m0nAmQiwXHpub3dNyruU= +google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4/go.mod h1:EvuUDCulqGgV80RvP1BHuom+smhX4qtlhnNatHuroGQ= +google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 h1:MuYw1wJzT+ZkybKfaOXKp5hJiZDn2iHaXRw0mRYdHSc= +google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1313,10 +1315,10 @@ k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= -k8s.io/klog/v2 v2.130.0 h1:5nB3+3HpqKqXJIXNtJdtxcDCfaa9KL8StJgMzGJkUkM= -k8s.io/klog/v2 v2.130.0/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA= -k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b h1:Q9xmGWBvOGd8UJyccgpYlLosk/JlfP3xQLNkQlHJeXw= +k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= lukechampine.com/frand v1.4.2 h1:RzFIpOvkMXuPMBb9maa4ND4wjBn71E1Jpf8BzJHMaVw= From f6cf8d5ee711b25c85fe67e91ed43fe6f5aa80ff Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 13:17:36 +0200 Subject: [PATCH 126/517] chore(deps): bump alpine from 3.20.0 to 3.20.1 in /e2e (#3622) Bumps alpine from 3.20.0 to 3.20.1. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index a3dc5262afb..e4378cd7c69 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -16,7 +16,7 @@ COPY . . WORKDIR /usr/src/app/e2e RUN make e2e-bin -FROM alpine:3.20.0@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd +FROM alpine:3.20.1@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0 RUN apk add -U --no-cache \ ca-certificates \ bash \ From 976ab9f112806128ce5aa61c313fff64e11237f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 13:17:54 +0200 Subject: [PATCH 127/517] chore(deps): bump alpine from `77726ef` to `b89d9c9` in /hack/api-docs (#3621) Bumps alpine from `77726ef` to `b89d9c9`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/Dockerfile b/hack/api-docs/Dockerfile index 91678249e30..cadbc81bbfa 100644 --- a/hack/api-docs/Dockerfile +++ b/hack/api-docs/Dockerfile @@ -11,7 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.20@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd +FROM alpine:3.20@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0 RUN apk add -U --no-cache \ python3 \ python3-dev \ From 88958faf2ffedfd8463ea45c391c5ef51837eef3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 13:18:13 +0200 Subject: [PATCH 128/517] chore(deps): bump golang from `6522f0c` to `ace6cc3` (#3620) Bumps golang from `6522f0c` to `ace6cc3`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.standalone | 2 +- tilt.debug.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index cb5e0b9cf52..a8caec3c6ab 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.22.4-alpine@sha256:6522f0ca555a7b14c46a2c9f50b86604a234cdc72452bf6a268cae6461d9000b AS builder +FROM golang:1.22.4-alpine@sha256:ace6cc3fe58d0c7b12303c57afe6d6724851152df55e08057b43990b927ad5e8 AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 3f4da4d2cf4..bdbd4a888bc 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.4@sha256:c2010b9c2342431a24a2e64e33d9eb2e484af49e72c820e200d332d214d5e61f +FROM golang:1.22.4@sha256:a66eda637829ce891e9cf61ff1ee0edf544e1f6c5b0e666c7310dce231a66f28 WORKDIR / COPY ./bin/external-secrets /external-secrets From 424898f812811b9add5b74ff4b59773534c7413a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 13:18:32 +0200 Subject: [PATCH 129/517] chore(deps): bump urllib3 from 2.2.1 to 2.2.2 in /hack/api-docs (#3618) Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.1 to 2.2.2. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.2.1...2.2.2) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 4fa3fe58bf8..96141b0d963 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -36,7 +36,7 @@ requests==2.32.3 six==1.16.0 termcolor==2.4.0 tornado==6.4.1 -urllib3==2.2.1 +urllib3==2.2.2 verspec==0.1.0 watchdog==4.0.1 zipp==3.19.2 From d1f91e8c02b0d7d579d9dbec0d8774d24260e654 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 13:18:49 +0200 Subject: [PATCH 130/517] chore(deps): bump importlib-metadata in /hack/api-docs (#3617) Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 7.1.0 to 7.2.1. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](https://github.com/python/importlib_metadata/compare/v7.1.0...v7.2.1) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 96141b0d963..7b5b35aa7ec 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -7,7 +7,7 @@ csscompressor==0.9.5 ghp-import==2.1.0 htmlmin==0.1.12 idna==3.7 -importlib-metadata==7.1.0 +importlib-metadata==7.2.1 importlib-resources==6.4.0 Jinja2==3.1.4 jsmin==3.0.1 From 5aefdec4c73412f29637f21814892c3f63838b09 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 13:19:03 +0200 Subject: [PATCH 131/517] chore(deps): bump livereload from 2.6.3 to 2.7.0 in /hack/api-docs (#3616) Bumps [livereload](https://github.com/lepture/python-livereload) from 2.6.3 to 2.7.0. - [Release notes](https://github.com/lepture/python-livereload/releases) - [Changelog](https://github.com/lepture/python-livereload/blob/master/CHANGES.rst) - [Commits](https://github.com/lepture/python-livereload/compare/2.6.3...2.7.0) --- updated-dependencies: - dependency-name: livereload dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 7b5b35aa7ec..979d3028eae 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -11,7 +11,7 @@ importlib-metadata==7.2.1 importlib-resources==6.4.0 Jinja2==3.1.4 jsmin==3.0.1 -livereload==2.6.3 +livereload==2.7.0 Markdown==3.6 MarkupSafe==2.1.5 mergedeep==1.3.4 From 8a7fb7611c1cf158bc0e5d32ef875d8dbb7f8615 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 13:19:21 +0200 Subject: [PATCH 132/517] chore(deps): bump aquasecurity/trivy-action from 0.22.0 to 0.23.0 (#3615) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.22.0 to 0.23.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/595be6a0f6560a0a8fc419ddf630567fc623531d...7c2007bcb556501da015201bcba5aa14069b74e2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 79eeba3efae..4edf88978d5 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -126,7 +126,7 @@ jobs: run: make docker.build - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@595be6a0f6560a0a8fc419ddf630567fc623531d # master + uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # master with: image-ref: ${{ inputs.image-name }}:${{ steps.container_info.outputs.image-tag }} format: 'table' From 22c1af40e09d20b1bcedf2be28cb7022ba67a702 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 24 Jun 2024 13:19:39 +0200 Subject: [PATCH 133/517] chore(deps): bump softprops/action-gh-release from 2.0.5 to 2.0.6 (#3614) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.5 to 2.0.6. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/69320dbe05506a9a39fc8ae11030b214ec2d1f87...a74c6b72af54cfa997e81df42d94703d6313a2d0) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 7febb711253..9b7099a048a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: ref: ${{ github.event.inputs.source_ref }} - name: Create Release - uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5 + uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 with: tag_name: ${{ github.event.inputs.version }} target_commitish: ${{ github.event.inputs.source_ref }} @@ -113,7 +113,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Update Release - uses: softprops/action-gh-release@69320dbe05506a9a39fc8ae11030b214ec2d1f87 # v2.0.5 + uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 with: tag_name: ${{ github.event.inputs.version }} files: | From 907e8ebc82f26f0b5218e429f9aff12e4b8cfa98 Mon Sep 17 00:00:00 2001 From: Nathan Ellenfield Date: Wed, 26 Jun 2024 13:50:24 -0400 Subject: [PATCH 134/517] Fix ACR External Secret example (#3626) * Fix ACR External Secret example Signed-off-by: Nathan Ellenfield * Fix typos in acr generator docs Signed-off-by: Nathan Ellenfield --------- Signed-off-by: Nathan Ellenfield --- docs/api/generator/acr.md | 8 ++++---- docs/snippets/generator-acr-example.yaml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/api/generator/acr.md b/docs/api/generator/acr.md index 49de64ed9d5..d5777ca7dc4 100644 --- a/docs/api/generator/acr.md +++ b/docs/api/generator/acr.md @@ -18,8 +18,8 @@ You must choose one out of three authentication mechanisms: - managed identity - workload identity -The generated token will inherit the permissions from the assigned policy. I.e. when you assign a read-only policy all generated tokens will be read-only. -You **must** [assign a Azure RBAC role](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps), such as `AcrPush` or `AcrPull` to the service principal in order to be able to authenticate with the Azure container registry API. +The generated token will inherit the permissions from the assigned policy. I.e. when you assign a read-only policy all generated tokens will be read-only. +You **must** [assign a Azure RBAC role](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps), such as `AcrPush` or `AcrPull` to the service principal or managed identity in order to be able to authenticate with the Azure container registry API. You can scope tokens to a particular repository using `spec.scope`. @@ -33,7 +33,7 @@ If `spec.scope` if it is defined it obtains an ACR access token. If `spec.scope - refresh tokens can are scoped to whatever policy is attached to the identity that creates the acr refresh token The Scope grammar is defined in the [Docker Registry spec](https://docs.docker.com/registry/spec/auth/scope/). -Note: You **can not** use a wildcards in the scope parameter, you can match exactly one repository and defined multiple actions like `pull` or `push`. +Note: You **can not** use wildcards in the scope parameter -- you can match exactly one repository and can define multiple actions like `pull` or `push`. Example scopes: @@ -51,4 +51,4 @@ repository:my-repository:pull Example `ExternalSecret` that references the ACR generator: ```yaml {% include 'generator-acr-example.yaml' %} -``` \ No newline at end of file +``` diff --git a/docs/snippets/generator-acr-example.yaml b/docs/snippets/generator-acr-example.yaml index ba9a2ed9868..8e653c01ce4 100644 --- a/docs/snippets/generator-acr-example.yaml +++ b/docs/snippets/generator-acr-example.yaml @@ -22,7 +22,7 @@ spec: "auths": { "myregistry.azurecr.io": { "username": "{{ .username }}", - "identitytoken": "{{ .password }}" + "password": "{{ .password }}" } } } From 095537e6adcb1499a89430879f52b3c119fc15d5 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Fri, 28 Jun 2024 06:04:25 +0200 Subject: [PATCH 135/517] feat: add bitwarden secret manager support (#3603) --- Makefile | 1 + .../v1beta1/secretsstore_bitwarden_types.go | 47 + .../v1beta1/secretstore_types.go | 4 + .../v1beta1/zz_generated.deepcopy.go | 53 ++ ...ternal-secrets.io_clustersecretstores.yaml | 62 ++ .../external-secrets.io_secretstores.yaml | 62 ++ deploy/charts/external-secrets/Chart.lock | 6 + deploy/charts/external-secrets/Chart.yaml | 6 + deploy/charts/external-secrets/README.md | 3 +- .../tests/__snapshot__/crds_test.yaml.snap | 57 ++ deploy/charts/external-secrets/values.yaml | 5 +- deploy/crds/bundle.yaml | 114 +++ docs/api/spec.md | 174 ++++ docs/introduction/stability-support.md | 4 +- docs/provider/bitwarden-secrets-manager.md | 135 +++ ...itwarden-secrets-manager-secret-store.yaml | 18 + go.mod | 2 +- hack/api-docs/mkdocs.yml | 1 + pkg/provider/bitwarden/bitwarden_sdk.go | 254 ++++++ pkg/provider/bitwarden/bitwarden_sdk_test.go | 167 ++++ pkg/provider/bitwarden/client.go | 301 +++++++ pkg/provider/bitwarden/client_test.go | 825 ++++++++++++++++++ pkg/provider/bitwarden/fake_client.go | 137 +++ pkg/provider/bitwarden/provider.go | 107 +++ pkg/provider/register/register.go | 1 + 25 files changed, 2542 insertions(+), 4 deletions(-) create mode 100644 apis/externalsecrets/v1beta1/secretsstore_bitwarden_types.go create mode 100644 deploy/charts/external-secrets/Chart.lock create mode 100644 docs/provider/bitwarden-secrets-manager.md create mode 100644 docs/snippets/bitwarden-secrets-manager-secret-store.yaml create mode 100644 pkg/provider/bitwarden/bitwarden_sdk.go create mode 100644 pkg/provider/bitwarden/bitwarden_sdk_test.go create mode 100644 pkg/provider/bitwarden/client.go create mode 100644 pkg/provider/bitwarden/client_test.go create mode 100644 pkg/provider/bitwarden/fake_client.go create mode 100644 pkg/provider/bitwarden/provider.go diff --git a/Makefile b/Makefile index 3badfccca91..f7b8d1653a9 100644 --- a/Makefile +++ b/Makefile @@ -146,6 +146,7 @@ run: generate ## Run app locally (without a k8s cluster) manifests: helm.generate ## Generate manifests from helm chart mkdir -p $(OUTPUT_DIR)/deploy/manifests + helm dependency build $(HELM_DIR) helm template external-secrets $(HELM_DIR) -f deploy/manifests/helm-values.yaml > $(OUTPUT_DIR)/deploy/manifests/external-secrets.yaml crds.install: generate ## Install CRDs into a cluster. This is for convenience diff --git a/apis/externalsecrets/v1beta1/secretsstore_bitwarden_types.go b/apis/externalsecrets/v1beta1/secretsstore_bitwarden_types.go new file mode 100644 index 00000000000..aec55cf62c8 --- /dev/null +++ b/apis/externalsecrets/v1beta1/secretsstore_bitwarden_types.go @@ -0,0 +1,47 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" +) + +// BitwardenSecretsManagerProvider configures a store to sync secrets with a Bitwarden Secrets Manager instance. +type BitwardenSecretsManagerProvider struct { + APIURL string `json:"apiURL,omitempty"` + IdentityURL string `json:"identityURL,omitempty"` + BitwardenServerSDKURL string `json:"bitwardenServerSDKURL,omitempty"` + // Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack + // can be performed. + // +required + CABundle string `json:"caBundle"` + // OrganizationID determines which organization this secret store manages. + OrganizationID string `json:"organizationID"` + // ProjectID determines which project this secret store manages. + ProjectID string `json:"projectID"` + // Auth configures how secret-manager authenticates with a bitwarden machine account instance. + // Make sure that the token being used has permissions on the given secret. + Auth BitwardenSecretsManagerAuth `json:"auth"` +} + +// BitwardenSecretsManagerAuth contains the ref to the secret that contains the machine account token. +type BitwardenSecretsManagerAuth struct { + SecretRef BitwardenSecretsManagerSecretRef `json:"secretRef"` +} + +// BitwardenSecretsManagerSecretRef contains the credential ref to the bitwarden instance. +type BitwardenSecretsManagerSecretRef struct { + // AccessToken used for the bitwarden instance. + // +required + Credentials esmeta.SecretKeySelector `json:"credentials"` +} diff --git a/apis/externalsecrets/v1beta1/secretstore_types.go b/apis/externalsecrets/v1beta1/secretstore_types.go index 31346b430bd..112e5886029 100644 --- a/apis/externalsecrets/v1beta1/secretstore_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_types.go @@ -74,6 +74,10 @@ type SecretStoreProvider struct { // +optional Akeyless *AkeylessProvider `json:"akeyless,omitempty"` + // BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider + // +optional + BitwardenSecretsManager *BitwardenSecretsManagerProvider `json:"bitwardensecretsmanager,omitempty"` + // Vault configures this store to sync secrets using Hashi provider // +optional Vault *VaultProvider `json:"vault,omitempty"` diff --git a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go index fae7037eae3..31c591118bf 100644 --- a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go @@ -391,6 +391,54 @@ func (in *AzureKVProvider) DeepCopy() *AzureKVProvider { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BitwardenSecretsManagerAuth) DeepCopyInto(out *BitwardenSecretsManagerAuth) { + *out = *in + in.SecretRef.DeepCopyInto(&out.SecretRef) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BitwardenSecretsManagerAuth. +func (in *BitwardenSecretsManagerAuth) DeepCopy() *BitwardenSecretsManagerAuth { + if in == nil { + return nil + } + out := new(BitwardenSecretsManagerAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BitwardenSecretsManagerProvider) DeepCopyInto(out *BitwardenSecretsManagerProvider) { + *out = *in + in.Auth.DeepCopyInto(&out.Auth) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BitwardenSecretsManagerProvider. +func (in *BitwardenSecretsManagerProvider) DeepCopy() *BitwardenSecretsManagerProvider { + if in == nil { + return nil + } + out := new(BitwardenSecretsManagerProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BitwardenSecretsManagerSecretRef) DeepCopyInto(out *BitwardenSecretsManagerSecretRef) { + *out = *in + in.Credentials.DeepCopyInto(&out.Credentials) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BitwardenSecretsManagerSecretRef. +func (in *BitwardenSecretsManagerSecretRef) DeepCopy() *BitwardenSecretsManagerSecretRef { + if in == nil { + return nil + } + out := new(BitwardenSecretsManagerSecretRef) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CAProvider) DeepCopyInto(out *CAProvider) { *out = *in @@ -2290,6 +2338,11 @@ func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider) { *out = new(AkeylessProvider) (*in).DeepCopyInto(*out) } + if in.BitwardenSecretsManager != nil { + in, out := &in.BitwardenSecretsManager, &out.BitwardenSecretsManager + *out = new(BitwardenSecretsManagerProvider) + (*in).DeepCopyInto(*out) + } if in.Vault != nil { in, out := &in.Vault, &out.Vault *out = new(VaultProvider) diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 58184ddae0b..5463ecaff67 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2294,6 +2294,68 @@ spec: required: - vaultUrl type: object + bitwardensecretsmanager: + description: BitwardenSecretsManager configures this store to + sync secrets using BitwardenSecretsManager provider + properties: + apiURL: + type: string + auth: + description: |- + Auth configures how secret-manager authenticates with a bitwarden machine account instance. + Make sure that the token being used has permissions on the given secret. + properties: + secretRef: + description: BitwardenSecretsManagerSecretRef contains + the credential ref to the bitwarden instance. + properties: + credentials: + description: AccessToken used for the bitwarden instance. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - credentials + type: object + required: + - secretRef + type: object + bitwardenServerSDKURL: + type: string + caBundle: + description: |- + Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack + can be performed. + type: string + identityURL: + type: string + organizationID: + description: OrganizationID determines which organization + this secret store manages. + type: string + projectID: + description: ProjectID determines which project this secret + store manages. + type: string + required: + - auth + - caBundle + - organizationID + - projectID + type: object chef: description: Chef configures this store to sync secrets with chef server diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index 74fb9bad0cd..eaba10eff7f 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2294,6 +2294,68 @@ spec: required: - vaultUrl type: object + bitwardensecretsmanager: + description: BitwardenSecretsManager configures this store to + sync secrets using BitwardenSecretsManager provider + properties: + apiURL: + type: string + auth: + description: |- + Auth configures how secret-manager authenticates with a bitwarden machine account instance. + Make sure that the token being used has permissions on the given secret. + properties: + secretRef: + description: BitwardenSecretsManagerSecretRef contains + the credential ref to the bitwarden instance. + properties: + credentials: + description: AccessToken used for the bitwarden instance. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - credentials + type: object + required: + - secretRef + type: object + bitwardenServerSDKURL: + type: string + caBundle: + description: |- + Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack + can be performed. + type: string + identityURL: + type: string + organizationID: + description: OrganizationID determines which organization + this secret store manages. + type: string + projectID: + description: ProjectID determines which project this secret + store manages. + type: string + required: + - auth + - caBundle + - organizationID + - projectID + type: object chef: description: Chef configures this store to sync secrets with chef server diff --git a/deploy/charts/external-secrets/Chart.lock b/deploy/charts/external-secrets/Chart.lock new file mode 100644 index 00000000000..1d198fe7ce2 --- /dev/null +++ b/deploy/charts/external-secrets/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: bitwarden-sdk-server + repository: oci://ghcr.io/external-secrets/charts + version: v0.1.4 +digest: sha256:f60d5e4c6ad432fc7efdb0dad33774afaa88e02bd82eb9d5224372828f7d52be +generated: "2024-06-20T10:01:52.49841+02:00" diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index 0f452736f8a..17b32c53b70 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -13,3 +13,9 @@ icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/a maintainers: - name: mcavoyk email: kellinmcavoy@gmail.com + +dependencies: + - name: bitwarden-sdk-server + version: v0.1.4 + repository: oci://ghcr.io/external-secrets/charts + condition: bitwarden-sdk-server.enabled diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index a9fb8ff2116..74334201250 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -35,6 +35,7 @@ The command removes all the Kubernetes components associated with the chart and | Key | Type | Default | Description | |-----|------|---------|-------------| | affinity | object | `{}` | | +| bitwarden-sdk-server.enabled | bool | `false` | | | certController.affinity | object | `{}` | | | certController.create | bool | `true` | Specifies whether a certificate controller deployment be created. | | certController.deploymentAnnotations | object | `{}` | Annotations to add to Deployment | @@ -108,7 +109,7 @@ The command removes all the Kubernetes components associated with the chart and | global.tolerations | list | `[]` | | | global.topologySpreadConstraints | list | `[]` | | | hostNetwork | bool | `false` | Run the controller on the host network | -| image.flavour | string | `""` | The flavour of tag you want to use There are different image flavours available, like distroless and ubi. Please see GitHub release notes for image tags for these flavors. By default the distroless image is used. | +| image.flavour | string | `""` | The flavour of tag you want to use There are different image flavours available, like distroless and ubi. Please see GitHub release notes for image tags for these flavors. By default, the distroless image is used. | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | | image.tag | string | `""` | The image tag to use. The default is the chart appVersion. | diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 1b789904c54..6327f42a0f9 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -2158,6 +2158,63 @@ should match snapshot of default values: required: - vaultUrl type: object + bitwardensecretsmanager: + description: BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider + properties: + apiURL: + type: string + auth: + description: |- + Auth configures how secret-manager authenticates with a bitwarden machine account instance. + Make sure that the token being used has permissions on the given secret. + properties: + secretRef: + description: BitwardenSecretsManagerSecretRef contains the credential ref to the bitwarden instance. + properties: + credentials: + description: AccessToken used for the bitwarden instance. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - credentials + type: object + required: + - secretRef + type: object + bitwardenServerSDKURL: + type: string + caBundle: + description: |- + Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack + can be performed. + type: string + identityURL: + type: string + organizationID: + description: OrganizationID determines which organization this secret store manages. + type: string + projectID: + description: ProjectID determines which project this secret store manages. + type: string + required: + - auth + - caBundle + - organizationID + - projectID + type: object chef: description: Chef configures this store to sync secrets with chef server properties: diff --git a/deploy/charts/external-secrets/values.yaml b/deploy/charts/external-secrets/values.yaml index 17a0be9caef..19525ad8ad6 100644 --- a/deploy/charts/external-secrets/values.yaml +++ b/deploy/charts/external-secrets/values.yaml @@ -14,6 +14,9 @@ global: replicaCount: 1 +bitwarden-sdk-server: + enabled: false + # -- Specifies the amount of historic ReplicaSets k8s should keep (see https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) revisionHistoryLimit: 10 @@ -25,7 +28,7 @@ image: # -- The flavour of tag you want to use # There are different image flavours available, like distroless and ubi. # Please see GitHub release notes for image tags for these flavors. - # By default the distroless image is used. + # By default, the distroless image is used. flavour: "" # -- If set, install and upgrade CRDs through helm chart. diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 29489d08930..7b9073e72c2 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -2804,6 +2804,63 @@ spec: required: - vaultUrl type: object + bitwardensecretsmanager: + description: BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider + properties: + apiURL: + type: string + auth: + description: |- + Auth configures how secret-manager authenticates with a bitwarden machine account instance. + Make sure that the token being used has permissions on the given secret. + properties: + secretRef: + description: BitwardenSecretsManagerSecretRef contains the credential ref to the bitwarden instance. + properties: + credentials: + description: AccessToken used for the bitwarden instance. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - credentials + type: object + required: + - secretRef + type: object + bitwardenServerSDKURL: + type: string + caBundle: + description: |- + Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack + can be performed. + type: string + identityURL: + type: string + organizationID: + description: OrganizationID determines which organization this secret store manages. + type: string + projectID: + description: ProjectID determines which project this secret store manages. + type: string + required: + - auth + - caBundle + - organizationID + - projectID + type: object chef: description: Chef configures this store to sync secrets with chef server properties: @@ -8295,6 +8352,63 @@ spec: required: - vaultUrl type: object + bitwardensecretsmanager: + description: BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider + properties: + apiURL: + type: string + auth: + description: |- + Auth configures how secret-manager authenticates with a bitwarden machine account instance. + Make sure that the token being used has permissions on the given secret. + properties: + secretRef: + description: BitwardenSecretsManagerSecretRef contains the credential ref to the bitwarden instance. + properties: + credentials: + description: AccessToken used for the bitwarden instance. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - credentials + type: object + required: + - secretRef + type: object + bitwardenServerSDKURL: + type: string + caBundle: + description: |- + Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack + can be performed. + type: string + identityURL: + type: string + organizationID: + description: OrganizationID determines which organization this secret store manages. + type: string + projectID: + description: ProjectID determines which project this secret store manages. + type: string + required: + - auth + - caBundle + - organizationID + - projectID + type: object chef: description: Chef configures this store to sync secrets with chef server properties: diff --git a/docs/api/spec.md b/docs/api/spec.md index b4bf821a6e5..163e43741f8 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -1001,6 +1001,166 @@ string +

BitwardenSecretsManagerAuth +

+

+(Appears on: +BitwardenSecretsManagerProvider) +

+

+

BitwardenSecretsManagerAuth contains the ref to the secret that contains the machine account token.

+

+ + + + + + + + + + + + + +
FieldDescription
+secretRef
+ + +BitwardenSecretsManagerSecretRef + + +		 +
+

BitwardenSecretsManagerProvider +

+

+(Appears on: +SecretStoreProvider) +

+

+

BitwardenSecretsManagerProvider configures a store to sync secrets with a Bitwarden Secrets Manager instance.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiURL
+ +string + +		 +
+identityURL
+ +string + +		 +
+bitwardenServerSDKURL
+ +string + +		 +
+caBundle
+ +string + +		 +

Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack +can be performed.

+
+organizationID
+ +string + +		 +

OrganizationID determines which organization this secret store manages.

+
+projectID
+ +string + +		 +

ProjectID determines which project this secret store manages.

+
+auth
+ + +BitwardenSecretsManagerAuth + + +		 +

Auth configures how secret-manager authenticates with a bitwarden machine account instance. +Make sure that the token being used has permissions on the given secret.

+
+

BitwardenSecretsManagerSecretRef +

+

+(Appears on: +BitwardenSecretsManagerAuth) +

+

+

BitwardenSecretsManagerSecretRef contains the credential ref to the bitwarden instance.

+

+ + + + + + + + + + + + + +
FieldDescription
+credentials
+ + +External Secrets meta/v1.SecretKeySelector + + +		 +

AccessToken used for the bitwarden instance.

+

CAProvider

@@ -5975,6 +6135,20 @@ AkeylessProvider +bitwardensecretsmanager
+ + +BitwardenSecretsManagerProvider + + + + +(Optional) +

BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider

+ + + + vault
diff --git a/docs/introduction/stability-support.md b/docs/introduction/stability-support.md index 9388fdfd42e..fce59a6085a 100644 --- a/docs/introduction/stability-support.md +++ b/docs/introduction/stability-support.md @@ -57,13 +57,14 @@ The following table describes the stability level of each provider and who's res | [Passbolt](https://external-secrets.io/latest/provider/passbolt) | alpha | | | [Infisical](https://external-secrets.io/latest/provider/infisical) | alpha | [@akhilmhdh](https://github.com/akhilmhdh) | | [Device42](https://external-secrets.io/latest/provider/device42) | alpha | | +| [Bitwarden Secrets Manager](https://external-secrets.io/latest/provider/bitwarden-secrets-manager) | alpha | | ## Provider Feature Support The following table show the support for features across different providers. | Provider | find by name | find by tags | metadataPolicy Fetch | referent authentication | store validation | push secret | DeletionPolicy Merge/Delete | -| ------------------------- | :----------: | :----------: | :------------------: | :---------------------: | :--------------: | :---------: | :-------------------------: | +|---------------------------|:------------:| :----------: | :------------------: | :---------------------: | :--------------: |:-----------:|:---------------------------:| | AWS Secrets Manager | x | x | x | x | x | x | x | | AWS Parameter Store | x | x | x | x | x | x | x | | Hashicorp Vault | x | x | x | x | x | x | x | @@ -88,6 +89,7 @@ The following table show the support for features across different providers. | Passbolt | x | | | | x | | | | Infisical | x | | | x | x | | | | Device42 | | | | | x | | | +| Bitwarden Secrets Manager | x | | | | x | x | x | ## Support Policy diff --git a/docs/provider/bitwarden-secrets-manager.md b/docs/provider/bitwarden-secrets-manager.md new file mode 100644 index 00000000000..44b481a74ca --- /dev/null +++ b/docs/provider/bitwarden-secrets-manager.md @@ -0,0 +1,135 @@ +## Bitwarden Secrets Manager Provider + +This section describes how to set up the Bitwarden Secrets Manager provider for External Secrets Operator (ESO). + +### Prerequisites + +In order for the bitwarden provider to work, we need a second service. This service is the [Bitwarden SDK Server](https://github.com/external-secrets/bitwarden-sdk-server). +The Bitwarden SDK is Rust based and requires CGO enabled. In order to not restrict the capabilities of ESO, and the image +size ( the bitwarden Rust SDK libraries are over 150MB in size ) it has been decided to create a soft wrapper +around the SDK that runs as a separate service providing ESO with a light REST API to pull secrets through. + +#### Bitwarden SDK server + +The server itself can be installed together with ESO. The ESO Helm Chart packages this service as a dependency. +The Bitwarden SDK Server's full name is hardcoded to bitwarden-sdk-server. This is so that the exposed service URL +gets a determinable endpoint. + +In order to install the service install ESO with the following helm directive: + +``` +helm install external-secrets \ + external-secrets/external-secrets \ + -n external-secrets \ + --create-namespace \ + --set bitwarden-sdk-server.enabled=true +``` + +##### Certificate + +The Bitwarden SDK Server _NEEDS_ to run as an HTTPS service. That means that any installation that once to with Bitwarden +provider will need to generate a certificate. The best approach for that is to use cert-manager. It's easy to set up +and can generate a certificate that the store can use to connect with the server. + +For a sample set up look at the bitwarden sdk server's test setup. It contains a self-signed certificate issuer for +cert-manager. + +### External secret store + +With that out of the way, let's take a look at how a secret store would look like. + +```yaml +{% include 'bitwarden-secrets-manager-secret-store.yaml' %} +``` + +The api url and identity url are optional. The secret should contain the token for the Machine account for bitwarden. + +!!! note inline end +Make sure that the machine account has Read-Write access to the Project that the secrets are in. + +!!! note inline end +A secret store is organization/project dependent. Meaning a 1 store == 1 organization/project. This is so that we ensure +that no other project's secrets can be modified accidentally _or_ intentionally. + +### External Secrets + +There are two ways to fetch secrets from the provider. + +#### Find by UUID + +In order to fetch a secret by using its UUID simply provide that as remote key in the external secrets like this: + +```yaml +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: bitwarden +spec: + refreshInterval: 10s + secretStoreRef: + # This name must match the metadata.name in the `SecretStore` + name: bitwarden-secretsmanager + kind: SecretStore + data: + - secretKey: test + remoteRef: + key: "339062b8-a5a1-4303-bf1d-b1920146a622" +``` + +#### Find by Name + +To find a secret using its name, we need a bit more information. Mainly, these are the rules to find a secret: + +- if name is a UUID get the secret +- if name is NOT a UUID Property is mandatory that defines the projectID to look for +- if name + projectID + organizationID matches, we return that secret +- if more than one name exists for the same projectID within the same organization we error + +```yaml +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: bitwarden +spec: + refreshInterval: 10s + secretStoreRef: + # This name must match the metadata.name in the `SecretStore` + name: bitwarden-secretsmanager + kind: SecretStore + data: + - secretKey: test + remoteRef: + key: "secret-name" +``` + +### Push Secret + +Pushing a secret is also implemented. Pushing a secret requires even more restrictions because Bitwarden Secrets Manager +allows creating the same secret with the same key multiple times. In order to avoid overwriting, or potentially, returning +the wrong secret, we restrict push secret with the following rules: + +- name, projectID, organizationID and value AND NOTE equal, we won't push it again. +- name, projectID, organizationID and ONLY the value does not equal ( INCLUDING THE NOTE ) we update +- any of the above isn't true, we create the secret ( this means that it will create a secret in a separate project ) + +```yaml +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: pushsecret-bitwarden # Customisable +spec: + refreshInterval: 10s # Refresh interval for which push secret will reconcile + secretStoreRefs: # A list of secret stores to push secrets to + - name: bitwarden-secretsmanager + kind: SecretStore + selector: + secret: + name: my-secret # Source Kubernetes secret to be pushed + data: + - match: + secretKey: key # Source Kubernetes secret key to be pushed + remoteRef: + remoteKey: remote-key-name # Remote reference (where the secret is going to be pushed) + metadata: + note: "Note of the secret to add." +``` diff --git a/docs/snippets/bitwarden-secrets-manager-secret-store.yaml b/docs/snippets/bitwarden-secrets-manager-secret-store.yaml new file mode 100644 index 00000000000..0b55da73592 --- /dev/null +++ b/docs/snippets/bitwarden-secrets-manager-secret-store.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: bitwarden-secretsmanager +spec: + provider: + bitwardensecretsmanager: + apiURL: https://vault.bitwarden.com + identityURL: https://identity.bitwarden.com + auth: + secretRef: + credentials: + key: token + name: bitwarden-access-token + bitwardenServerSDKURL: https://bitwarden-sdk-server.default.svc.cluster.local:9998 + caBundle: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ5akNDQXQ2Z0F3SUJBZ0lRS08vM1J1dXR4YWdOeThCdUcyUTJYREFOQmdrcWhraUc5dzBCQVFzRkFEQkQKTVJ3d0dnWURWUVFLRXhObGVIUmxjbTVoYkMxelpXTnlaWFJ6TG1sdk1TTXdJUVlEVlFRREV4cGpaWEowTFcxaApibUZuWlhJdFltbDBkMkZ5WkdWdUxYUnNjekFlRncweU5EQTJNVGt4TXpJd01EUmFGdzB5TkRBNU1UY3hNekl3Ck1EUmFNRU14SERBYUJnTlZCQW9URTJWNGRHVnlibUZzTFhObFkzSmxkSE11YVc4eEl6QWhCZ05WQkFNVEdtTmwKY25RdGJXRnVZV2RsY2kxaWFYUjNZWEprWlc0dGRHeHpNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QQpNSUlCQ2dLQ0FRRUExdlFxaTNCL0NVU01FaUx1b3NkTVdZV25QcWJmQ20xbnZsMWhoUWxjOW1ocDFnSmxDbndjCmE0MmxuTkx0TjNTUmdrZWFNYXppV1RyaDQ5SGdUeTNVQ2xoNDh5RXFvTmJDRUlaL2xxOHNoVzRMd2g0RTdNT08KOVJJMDY2a3JCYllYakZuam1ETjdJV1NLOVVwZjIrOUpLTi9PM3ZWTktLMGZhOERxRkppL3h3VUsyOGRNc05tZAo2NnkreW52TzRFRU51Wm9IRUFieWdrOTQ2cm9yNnNmUkxHZ3ZVYXg5cmd4dEh5TkZqcGkrbjhCUDRlQkRZeGI4CkVsQy93Q0Rza2NBNFF3TXphU3NFbDBwL3gwQm9nTS9nbWJWelNVemhBL2NGdXpMRVJmV0tuanJrbmpoenNFWncKRWlzUmZ6K3MyVnUvcm5YK3pabTBoWTFvSDZYY29mVkhOUUlEQVFBQm80SGxNSUhpTUE0R0ExVWREd0VCL3dRRQpBd0lDcERBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJTeUplK1lnUWZQbWFFOEZKSHowbzZ0CjQzeGh4VENCbndZRFZSMFJCSUdYTUlHVWdqOWxlSFJsY201aGJDMXpaV055WlhSekxXSnBkSGRoY21SbGJpMXoKWkdzdGMyVnlkbVZ5TG1SbFptRjFiSFF1YzNaakxtTnNkWE4wWlhJdWJHOWpZV3lDTG1KcGRIZGhjbVJsYmkxegpaR3N0YzJWeWRtVnlMbVJsWm1GMWJIUXVjM1pqTG1Oc2RYTjBaWEl1Ykc5allXeUNDV3h2WTJGc2FHOXpkSWNFCmZ3QUFBWWNRQUFBQUFBQUFBQUFBQUFBQUFBQUFBVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBdllYUW5ETEgKczc3N3NJN3cwN2NWMVIrTmZvbGRYblp5ejVtQVpDZkc4T2djZDRGdjRYV3lrRG94MzlkUWo0dTJnOWlVcUNwawp2QzJsbUR1UjNrS2kzbjgySTYyQ1BDN1JmZFd3M2hqaFJOV1NKbVBGeGF6NHkrbnMvMDZ3RFBlMmZwRXpPMXIzCmwxTFdZMHBySVlMME1EYTI1c3BUdlZPdWxyeWlnUnJRRGNEbS9hZ3krSEs4RHB3dWlTTEpsdFM0Q1JVa25mb3kKS00rL213VTd4RzNrSnN5ekR0T2dOZDhZeG1lRU44Q05WSk9JalltRk9OWTJrYU51S2ZnMU1aaXArcllPTEFqUgpJdUNxOFhSSTVST2gxOFJKdVlXcVZ6MUkwbXE4aVgwYlo2WG5WRjliZ0ViQ2d3bXZOWkZha3Z4RVhkWmR2N3VmCkYvRm9PTUFlNTY3L0RBPT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQ== + organizationID: 7c0d21ec-10d9-4972-bdf8-ec52df99cc86 + projectID: 9c713cd6-728c-437a-a783-252b0773a0bb diff --git a/go.mod b/go.mod index a42883ece50..5052f7e0517 100644 --- a/go.mod +++ b/go.mod @@ -90,6 +90,7 @@ require ( github.com/sethvargo/go-password v0.3.0 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 + k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) @@ -195,7 +196,6 @@ require ( google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect - k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b // indirect lukechampine.com/frand v1.4.2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index 0dbb8015a0f..700701001fe 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -93,6 +93,7 @@ nav: - AWS Secrets Manager: provider/aws-secrets-manager.md - AWS Parameter Store: provider/aws-parameter-store.md - Azure Key Vault: provider/azure-key-vault.md + - Bitwarden Secrets Manager: provider/bitwarden-secrets-manager.md - Chef: provider/chef.md - CyberArk Conjur: provider/conjur.md - Device42: provider/device42.md diff --git a/pkg/provider/bitwarden/bitwarden_sdk.go b/pkg/provider/bitwarden/bitwarden_sdk.go new file mode 100644 index 00000000000..12dd0bda311 --- /dev/null +++ b/pkg/provider/bitwarden/bitwarden_sdk.go @@ -0,0 +1,254 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package bitwarden + +import ( + "bytes" + "context" + "encoding/json" + "fmt" + "io" + "net/http" +) + +// Defined Header Keys. +const ( + WardenHeaderAccessToken = "Warden-Access-Token" + WardenHeaderAPIURL = "Warden-Api-Url" + WardenHeaderIdentityURL = "Warden-Identity-Url" +) + +type SecretResponse struct { + CreationDate string `json:"creationDate"` + ID string `json:"id"` + Key string `json:"key"` + Note string `json:"note"` + OrganizationID string `json:"organizationId"` + ProjectID *string `json:"projectId,omitempty"` + RevisionDate string `json:"revisionDate"` + Value string `json:"value"` +} + +type SecretsDeleteResponse struct { + Data []SecretDeleteResponse `json:"data"` +} + +type SecretDeleteResponse struct { + Error *string `json:"error,omitempty"` + ID string `json:"id"` +} + +type SecretIdentifiersResponse struct { + Data []SecretIdentifierResponse `json:"data"` +} + +type SecretIdentifierResponse struct { + ID string `json:"id"` + Key string `json:"key"` + OrganizationID string `json:"organizationId"` +} + +type SecretCreateRequest struct { + Key string `json:"key"` + Note string `json:"note"` + // Organization where the secret will be created + OrganizationID string `json:"organizationId"` + // IDs of the projects that this secret will belong to + ProjectIDS []string `json:"projectIds,omitempty"` + Value string `json:"value"` +} + +type SecretPutRequest struct { + ID string `json:"id"` + Key string `json:"key"` + Note string `json:"note"` + // Organization where the secret will be created + OrganizationID string `json:"organizationId"` + // IDs of the projects that this secret will belong to + ProjectIDS []string `json:"projectIds,omitempty"` + Value string `json:"value"` +} + +// Client for the bitwarden SDK. +type Client interface { + GetSecret(ctx context.Context, id string) (*SecretResponse, error) + DeleteSecret(ctx context.Context, ids []string) (*SecretsDeleteResponse, error) + CreateSecret(ctx context.Context, secret SecretCreateRequest) (*SecretResponse, error) + UpdateSecret(ctx context.Context, secret SecretPutRequest) (*SecretResponse, error) + ListSecrets(ctx context.Context, organizationID string) (*SecretIdentifiersResponse, error) +} + +// SdkClient creates a client to talk to the bitwarden SDK server. +type SdkClient struct { + apiURL string + identityURL string + token string + bitwardenSdkServerURL string + + client *http.Client +} + +func NewSdkClient(apiURL, identityURL, bitwardenURL, token string, caBundle []byte) (*SdkClient, error) { + client, err := newHTTPSClient(caBundle) + if err != nil { + return nil, fmt.Errorf("error creating https client: %w", err) + } + + return &SdkClient{ + apiURL: apiURL, + identityURL: identityURL, + token: token, + client: client, + bitwardenSdkServerURL: bitwardenURL, + }, nil +} + +func (s *SdkClient) GetSecret(ctx context.Context, id string) (*SecretResponse, error) { + body := struct { + ID string `json:"id"` + }{ + ID: id, + } + secretResp := &SecretResponse{} + + if err := s.performHTTPRequestOperation(ctx, params{ + method: http.MethodGet, + url: s.bitwardenSdkServerURL + "/rest/api/1/secret", + body: body, + result: &secretResp, + }); err != nil { + return nil, fmt.Errorf("failed to get secret: %w", err) + } + + return secretResp, nil +} + +func (s *SdkClient) DeleteSecret(ctx context.Context, ids []string) (*SecretsDeleteResponse, error) { + body := struct { + IDs []string `json:"ids"` + }{ + IDs: ids, + } + + secretResp := &SecretsDeleteResponse{} + if err := s.performHTTPRequestOperation(ctx, params{ + method: http.MethodDelete, + url: s.bitwardenSdkServerURL + "/rest/api/1/secret", + body: body, + result: &secretResp, + }); err != nil { + return nil, fmt.Errorf("failed to delete secret: %w", err) + } + + return secretResp, nil +} + +func (s *SdkClient) CreateSecret(ctx context.Context, createReq SecretCreateRequest) (*SecretResponse, error) { + secretResp := &SecretResponse{} + if err := s.performHTTPRequestOperation(ctx, params{ + method: http.MethodPost, + url: s.bitwardenSdkServerURL + "/rest/api/1/secret", + body: createReq, + result: &secretResp, + }); err != nil { + return nil, fmt.Errorf("failed to create secret: %w", err) + } + + return secretResp, nil +} + +func (s *SdkClient) UpdateSecret(ctx context.Context, putReq SecretPutRequest) (*SecretResponse, error) { + secretResp := &SecretResponse{} + if err := s.performHTTPRequestOperation(ctx, params{ + method: http.MethodPut, + url: s.bitwardenSdkServerURL + "/rest/api/1/secret", + body: putReq, + result: &secretResp, + }); err != nil { + return nil, fmt.Errorf("failed to update secret: %w", err) + } + + return secretResp, nil +} + +func (s *SdkClient) ListSecrets(ctx context.Context, organizationID string) (*SecretIdentifiersResponse, error) { + body := struct { + ID string `json:"organizationID"` + }{ + ID: organizationID, + } + secretResp := &SecretIdentifiersResponse{} + if err := s.performHTTPRequestOperation(ctx, params{ + method: http.MethodGet, + url: s.bitwardenSdkServerURL + "/rest/api/1/secrets", + body: body, + result: &secretResp, + }); err != nil { + return nil, fmt.Errorf("failed to list secrets: %w", err) + } + + return secretResp, nil +} + +func (s *SdkClient) constructSdkRequest(ctx context.Context, method, url string, body []byte) (*http.Request, error) { + req, err := http.NewRequestWithContext(ctx, method, url, bytes.NewBuffer(body)) + if err != nil { + return nil, fmt.Errorf("failed to construct request: %w", err) + } + + req.Header.Set(WardenHeaderAccessToken, s.token) + req.Header.Set(WardenHeaderAPIURL, s.apiURL) + req.Header.Set(WardenHeaderIdentityURL, s.identityURL) + + return req, nil +} + +type params struct { + method string + url string + body any + result any +} + +func (s *SdkClient) performHTTPRequestOperation(ctx context.Context, params params) error { + data, err := json.Marshal(params.body) + if err != nil { + return fmt.Errorf("failed to marshal body: %w", err) + } + + req, err := s.constructSdkRequest(ctx, params.method, params.url, data) + if err != nil { + return fmt.Errorf("failed to construct request: %w", err) + } + + resp, err := s.client.Do(req) + if err != nil { + return fmt.Errorf("failed to do request: %w", err) + } + defer resp.Body.Close() + + if resp.StatusCode != http.StatusOK { + content, _ := io.ReadAll(resp.Body) + + return fmt.Errorf("failed to perform http request, got response: %s with status code %d", string(content), resp.StatusCode) + } + + decoder := json.NewDecoder(resp.Body) + if err := decoder.Decode(¶ms.result); err != nil { + return fmt.Errorf("failed to decode response: %w", err) + } + + return nil +} diff --git a/pkg/provider/bitwarden/bitwarden_sdk_test.go b/pkg/provider/bitwarden/bitwarden_sdk_test.go new file mode 100644 index 00000000000..0a6a268e07f --- /dev/null +++ b/pkg/provider/bitwarden/bitwarden_sdk_test.go @@ -0,0 +1,167 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package bitwarden + +import ( + "context" + "encoding/json" + "net/http" + "net/http/httptest" + "reflect" + "testing" +) + +// The rest of the tests much look the same, it would be nice if I could find a way +// to nicely unify the tests for all of them. + +func TestSdkClient_CreateSecret(t *testing.T) { + type fields struct { + apiURL func(c *httptest.Server) string + identityURL func(c *httptest.Server) string + bitwardenSdkServerURL func(c *httptest.Server) string + token string + testServer func(response any) *httptest.Server + response any + } + type args struct { + ctx context.Context + createReq SecretCreateRequest + } + tests := []struct { + name string + fields fields + args args + want *SecretResponse + wantErr bool + }{ + { + name: "create secret is successful", + fields: fields{ + testServer: func(response any) *httptest.Server { + testServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + data, err := json.Marshal(response) + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + + return + } + + w.Write(data) + })) + + return testServer + }, + apiURL: func(c *httptest.Server) string { + return c.URL + }, + identityURL: func(c *httptest.Server) string { + return c.URL + }, + bitwardenSdkServerURL: func(c *httptest.Server) string { + return c.URL + }, + token: "token", + response: &SecretResponse{ + ID: "id", + Key: "key", + Note: "note", + OrganizationID: "orgID", + RevisionDate: "2024-04-04", + Value: "value", + }, + }, + args: args{ + ctx: context.Background(), + createReq: SecretCreateRequest{ + Key: "key", + Note: "note", + OrganizationID: "orgID", + ProjectIDS: []string{projectID}, + Value: "value", + }, + }, + want: &SecretResponse{ + ID: "id", + Key: "key", + Note: "note", + OrganizationID: "orgID", + RevisionDate: "2024-04-04", + Value: "value", + }, + }, + { + name: "create secret fails", + fields: fields{ + testServer: func(response any) *httptest.Server { + testServer := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + http.Error(w, "nope", http.StatusInternalServerError) + })) + + return testServer + }, + apiURL: func(c *httptest.Server) string { + return c.URL + }, + identityURL: func(c *httptest.Server) string { + return c.URL + }, + bitwardenSdkServerURL: func(c *httptest.Server) string { + return c.URL + }, + token: "token", + response: &SecretResponse{ + ID: "id", + Key: "key", + Note: "note", + OrganizationID: "orgID", + RevisionDate: "2024-04-04", + Value: "value", + }, + }, + args: args{ + ctx: context.Background(), + createReq: SecretCreateRequest{ + Key: "key", + Note: "note", + OrganizationID: "orgID", + ProjectIDS: []string{projectID}, + Value: "value", + }, + }, + wantErr: true, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + server := tt.fields.testServer(tt.fields.response) + defer server.Close() + s := &SdkClient{ + apiURL: tt.fields.apiURL(server), + identityURL: tt.fields.identityURL(server), + bitwardenSdkServerURL: tt.fields.bitwardenSdkServerURL(server), + token: tt.fields.token, + client: server.Client(), + } + got, err := s.CreateSecret(tt.args.ctx, tt.args.createReq) + if (err != nil) != tt.wantErr { + t.Errorf("CreateSecret() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("CreateSecret() got = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/pkg/provider/bitwarden/client.go b/pkg/provider/bitwarden/client.go new file mode 100644 index 00000000000..80d58fc44c1 --- /dev/null +++ b/pkg/provider/bitwarden/client.go @@ -0,0 +1,301 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package bitwarden + +import ( + "context" + "errors" + "fmt" + + corev1 "k8s.io/api/core/v1" + "k8s.io/kube-openapi/pkg/validation/strfmt" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + "github.com/external-secrets/external-secrets/pkg/utils" +) + +var ( + errBadCertBundle = "caBundle failed to base64 decode: %w" +) + +const ( + // NoteMetadataKey defines the note for the pushed secret. + NoteMetadataKey = "note" +) + +// PushSecret will write a single secret into the provider. +// Note: We will refuse to overwrite ANY secrets, because we can never be completely +// sure if it's the same secret we are trying to push. We only have the Name and the value +// could be different. Therefore, we will always create a new secret. Except if, the value +// the key, the note, and organization ID all match. +// We only allow to push to a single project, because GET returns a single project ID +// the secret belongs to even though technically Create allows multiple projects. This is +// to ensure that we push to the same project always, and so we can determine reliably that +// we don't need to push again. +func (p *Provider) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { + spec := p.store.GetSpec() + if spec == nil || spec.Provider == nil { + return fmt.Errorf("store does not have a provider") + } + + if data.GetSecretKey() == "" { + return fmt.Errorf("pushing the whole secret is not yet implemented") + } + + if data.GetRemoteKey() == "" { + return fmt.Errorf("remote key must be defined") + } + + value, ok := secret.Data[data.GetSecretKey()] + if !ok { + return fmt.Errorf("failed to find secret key in secret with key: %s", data.GetSecretKey()) + } + + note, err := utils.FetchValueFromMetadata(NoteMetadataKey, data.GetMetadata(), "") + if err != nil { + return fmt.Errorf("failed to fetch note from metadata: %w", err) + } + + // ListAll Secrets for an organization. If the key matches our key, we GetSecret that and do a compare. + remoteSecrets, err := p.bitwardenSdkClient.ListSecrets(ctx, spec.Provider.BitwardenSecretsManager.OrganizationID) + if err != nil { + return fmt.Errorf("failed to get all secrets: %w", err) + } + + for _, d := range remoteSecrets.Data { + if d.Key != data.GetRemoteKey() { + continue + } + + sec, err := p.bitwardenSdkClient.GetSecret(ctx, d.ID) + if err != nil { + return fmt.Errorf("failed to get secret: %w", err) + } + + // If all pushed data matches, we won't push this secret. + if sec.Key == data.GetRemoteKey() && + sec.Value == string(value) && + sec.Note == note && + sec.ProjectID != nil && + *sec.ProjectID == spec.Provider.BitwardenSecretsManager.ProjectID { + // we have a complete match, skip pushing. + return nil + } else if sec.Key == data.GetRemoteKey() && + sec.Value != string(value) && + sec.Note == note && + sec.ProjectID != nil && + *sec.ProjectID == spec.Provider.BitwardenSecretsManager.ProjectID { + // only the value is different, update the existing secret. + _, err = p.bitwardenSdkClient.UpdateSecret(ctx, SecretPutRequest{ + ID: sec.ID, + Key: data.GetRemoteKey(), + Note: note, + OrganizationID: spec.Provider.BitwardenSecretsManager.OrganizationID, + ProjectIDS: []string{spec.Provider.BitwardenSecretsManager.ProjectID}, + Value: string(value), + }) + + return err + } + } + + // no matching secret found, let's create it + _, err = p.bitwardenSdkClient.CreateSecret(ctx, SecretCreateRequest{ + Key: data.GetRemoteKey(), + Note: note, + OrganizationID: spec.Provider.BitwardenSecretsManager.OrganizationID, + ProjectIDS: []string{spec.Provider.BitwardenSecretsManager.ProjectID}, + Value: string(value), + }) + + return err +} + +// GetSecret returns a single secret from the provider. +func (p *Provider) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { + if strfmt.IsUUID(ref.Key) { + resp, err := p.bitwardenSdkClient.GetSecret(ctx, ref.Key) + if err != nil { + return nil, fmt.Errorf("error getting secret: %w", err) + } + + return []byte(resp.Value), nil + } + + spec := p.store.GetSpec() + if spec == nil || spec.Provider == nil { + return nil, fmt.Errorf("store does not have a provider") + } + + secret, err := p.findSecretByRef(ctx, ref.Key, spec.Provider.BitwardenSecretsManager.ProjectID) + if err != nil { + return nil, fmt.Errorf("error getting secret: %w", err) + } + + // we found our secret, return the value for it + return []byte(secret.Value), nil +} + +func (p *Provider) DeleteSecret(ctx context.Context, ref esv1beta1.PushSecretRemoteRef) error { + if strfmt.IsUUID(ref.GetRemoteKey()) { + return p.deleteSecret(ctx, ref.GetRemoteKey()) + } + + spec := p.store.GetSpec() + if spec == nil || spec.Provider == nil { + return fmt.Errorf("store does not have a provider") + } + + secret, err := p.findSecretByRef(ctx, ref.GetRemoteKey(), spec.Provider.BitwardenSecretsManager.ProjectID) + if err != nil { + return fmt.Errorf("error getting secret: %w", err) + } + + return p.deleteSecret(ctx, secret.ID) +} + +func (p *Provider) deleteSecret(ctx context.Context, id string) error { + resp, err := p.bitwardenSdkClient.DeleteSecret(ctx, []string{id}) + if err != nil { + return fmt.Errorf("error deleting secret: %w", err) + } + + var errs error + for _, data := range resp.Data { + if data.Error != nil { + errs = errors.Join(errs, fmt.Errorf("error deleting secret with id %s: %s", data.ID, *data.Error)) + } + } + + if errs != nil { + return fmt.Errorf("there were one or more errors deleting secrets: %w", errs) + } + return nil +} + +func (p *Provider) SecretExists(ctx context.Context, ref esv1beta1.PushSecretRemoteRef) (bool, error) { + if strfmt.IsUUID(ref.GetRemoteKey()) { + _, err := p.bitwardenSdkClient.GetSecret(ctx, ref.GetRemoteKey()) + if err != nil { + return false, fmt.Errorf("error getting secret: %w", err) + } + + return true, nil + } + + spec := p.store.GetSpec() + if spec == nil || spec.Provider == nil { + return false, fmt.Errorf("store does not have a provider") + } + + if _, err := p.findSecretByRef(ctx, ref.GetRemoteKey(), spec.Provider.BitwardenSecretsManager.ProjectID); err != nil { + return false, fmt.Errorf("error getting secret: %w", err) + } + + return true, nil +} + +// GetSecretMap returns multiple k/v pairs from the provider. +func (p *Provider) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { + return nil, fmt.Errorf("GetSecretMap() not implemented") +} + +// GetAllSecrets gets multiple secrets from the provider and loads into a kubernetes secret. +// First load all secrets from secretStore path configuration +// Then, gets secrets from a matching name or matching custom_metadata. +func (p *Provider) GetAllSecrets(ctx context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { + spec := p.store.GetSpec() + if spec == nil { + return nil, fmt.Errorf("store does not have a provider") + } + + secrets, err := p.bitwardenSdkClient.ListSecrets(ctx, spec.Provider.BitwardenSecretsManager.OrganizationID) + if err != nil { + return nil, fmt.Errorf("failed to get all secrets: %w", err) + } + + result := map[string][]byte{} + for _, d := range secrets.Data { + sec, err := p.bitwardenSdkClient.GetSecret(ctx, d.ID) + if err != nil { + return nil, fmt.Errorf("failed to get secret: %w", err) + } + + result[d.ID] = []byte(sec.Value) + } + + return result, nil +} + +// Validate validates the provider. +func (p *Provider) Validate() (esv1beta1.ValidationResult, error) { + return esv1beta1.ValidationResultReady, nil +} + +// Close closes the provider. +func (p *Provider) Close(_ context.Context) error { + return nil +} + +// getCABundle try retrieve the CA bundle from the provider CABundle. +func (p *Provider) getCABundle(provider *esv1beta1.BitwardenSecretsManagerProvider) ([]byte, error) { + certBytes, decodeErr := utils.Decode(esv1beta1.ExternalSecretDecodeBase64, []byte(provider.CABundle)) + if decodeErr != nil { + return nil, fmt.Errorf(errBadCertBundle, decodeErr) + } + + return certBytes, nil +} + +func (p *Provider) findSecretByRef(ctx context.Context, key, projectID string) (*SecretResponse, error) { + spec := p.store.GetSpec() + if spec == nil || spec.Provider == nil { + return nil, fmt.Errorf("store does not have a provider") + } + + // ListAll Secrets for an organization. If the key matches our key, we GetSecret that and do a compare. + secrets, err := p.bitwardenSdkClient.ListSecrets(ctx, spec.Provider.BitwardenSecretsManager.OrganizationID) + if err != nil { + return nil, fmt.Errorf("failed to get all secrets: %w", err) + } + + var remoteSecret *SecretResponse + for _, d := range secrets.Data { + if d.Key != key { + continue + } + + sec, err := p.bitwardenSdkClient.GetSecret(ctx, d.ID) + if err != nil { + return nil, fmt.Errorf("failed to get secret: %w", err) + } + + if sec.ProjectID != nil && *sec.ProjectID == projectID { + if remoteSecret != nil { + return nil, fmt.Errorf("more than one secret found for project %s with key %s", projectID, key) + } + + // We don't break here because we WANT TO MAKE SURE that there is ONLY ONE + // such secret. + remoteSecret = sec + } + } + + if remoteSecret == nil { + return nil, fmt.Errorf("no secret found for project id %s and name %s", projectID, key) + } + + return remoteSecret, nil +} diff --git a/pkg/provider/bitwarden/client_test.go b/pkg/provider/bitwarden/client_test.go new file mode 100644 index 00000000000..1630ddeb38a --- /dev/null +++ b/pkg/provider/bitwarden/client_test.go @@ -0,0 +1,825 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package bitwarden + +import ( + "context" + "reflect" + "testing" + + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/client/fake" + + "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1" + "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" +) + +var projectID = "e8fc8f9c-2208-446e-9e89-9bc358f39b47" + +func TestProviderDeleteSecret(t *testing.T) { + type fields struct { + kube client.Client + namespace string + store v1beta1.GenericStore + mock func(c *FakeClient) + assertMock func(t *testing.T, c *FakeClient) + } + type args struct { + ctx context.Context + ref v1beta1.PushSecretRemoteRef + } + tests := []struct { + name string + fields fields + args args + wantErr bool + }{ + { + name: "delete secret is successfully with UUID", + fields: fields{ + namespace: "default", + store: &v1beta1.SecretStore{ + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + BitwardenSecretsManager: &v1beta1.BitwardenSecretsManagerProvider{ + OrganizationID: "orgid", + ProjectID: projectID, + }, + }, + }, + }, + mock: func(c *FakeClient) { + c.DeleteSecretReturnsOnCallN(0, &SecretsDeleteResponse{}) + }, + assertMock: func(t *testing.T, c *FakeClient) { + assert.Equal(t, 1, c.deleteSecretCalledN) + }, + }, + args: args{ + ctx: context.TODO(), + ref: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "d8f29773-3019-4973-9bbc-66327d077fe2", + }, + }, + }, + { + name: "delete secret by name", + fields: fields{ + namespace: "default", + store: &v1beta1.SecretStore{ + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + BitwardenSecretsManager: &v1beta1.BitwardenSecretsManagerProvider{ + OrganizationID: "orgid", + ProjectID: projectID, + }, + }, + }, + }, + mock: func(c *FakeClient) { + c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ + Data: []SecretIdentifierResponse{ + { + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "this-is-a-name", + OrganizationID: "orgid", + }, + }, + }) + + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "key", + Note: "note", + OrganizationID: "org", + Value: "value", + ProjectID: &projectID, + }) + c.DeleteSecretReturnsOnCallN(0, &SecretsDeleteResponse{}) + }, + assertMock: func(t *testing.T, c *FakeClient) { + assert.Equal(t, 1, c.deleteSecretCalledN) + }, + }, + args: args{ + ctx: context.TODO(), + ref: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "d8f29773-3019-4973-9bbc-66327d077fe2", + }, + }, + }, + { + name: "delete secret by name will not delete if something doesn't match", + fields: fields{ + namespace: "default", + store: &v1beta1.SecretStore{ + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + BitwardenSecretsManager: &v1beta1.BitwardenSecretsManagerProvider{ + OrganizationID: "orgid", + ProjectID: projectID, + }, + }, + }, + }, + mock: func(c *FakeClient) { + c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ + Data: []SecretIdentifierResponse{ + { + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "this-is-a-name", + OrganizationID: "orgid", + }, + }, + }) + + projectID := "another-project" + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "this-is-a-name", + Note: "note", + OrganizationID: "orgid", + Value: "value", + ProjectID: &projectID, + }) + }, + assertMock: func(t *testing.T, c *FakeClient) { + assert.Equal(t, 0, c.deleteSecretCalledN) + }, + }, + wantErr: true, // no secret found + args: args{ + ctx: context.TODO(), + ref: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "this-is-a-name", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fakeClient := &FakeClient{} + tt.fields.mock(fakeClient) + + p := &Provider{ + kube: tt.fields.kube, + namespace: tt.fields.namespace, + store: tt.fields.store, + bitwardenSdkClient: fakeClient, + } + if err := p.DeleteSecret(tt.args.ctx, tt.args.ref); (err != nil) != tt.wantErr { + t.Errorf("DeleteSecret() error = %v, wantErr %v", err, tt.wantErr) + } + + tt.fields.assertMock(t, fakeClient) + }) + } +} + +func TestProviderGetAllSecrets(t *testing.T) { + type fields struct { + kube client.Client + namespace string + store v1beta1.GenericStore + mock func(c *FakeClient) + } + type args struct { + ctx context.Context + ref v1beta1.ExternalSecretFind + } + tests := []struct { + name string + fields fields + args args + want map[string][]byte + wantErr bool + }{ + { + name: "get all secrets", + fields: fields{ + namespace: "default", + store: &v1beta1.SecretStore{ + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + BitwardenSecretsManager: &v1beta1.BitwardenSecretsManagerProvider{ + OrganizationID: "orgid", + ProjectID: projectID, + }, + }, + }, + }, + mock: func(c *FakeClient) { + c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ + Data: []SecretIdentifierResponse{ + { + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "key1", + OrganizationID: "orgid", + }, + { + ID: "7c0d21ec-10d9-4972-bdf8-ec52df99cc86", + Key: "key2", + OrganizationID: "orgid", + }, + }, + }) + + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "key1", + Value: "value1", + }) + c.GetSecretReturnsOnCallN(1, &SecretResponse{ + ID: "7c0d21ec-10d9-4972-bdf8-ec52df99cc86", + Key: "key2", + Value: "value2", + }) + }, + }, + args: args{ + ctx: context.TODO(), + ref: v1beta1.ExternalSecretFind{}, + }, + want: map[string][]byte{ + "d8f29773-3019-4973-9bbc-66327d077fe2": []byte("value1"), + "7c0d21ec-10d9-4972-bdf8-ec52df99cc86": []byte("value2"), + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fakeClient := &FakeClient{} + tt.fields.mock(fakeClient) + + p := &Provider{ + kube: tt.fields.kube, + namespace: tt.fields.namespace, + store: tt.fields.store, + bitwardenSdkClient: fakeClient, + } + got, err := p.GetAllSecrets(tt.args.ctx, tt.args.ref) + if (err != nil) != tt.wantErr { + t.Errorf("GetAllSecrets() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("GetAllSecrets() got = %v, want %v", got, tt.want) + } + }) + } +} + +func TestProviderGetSecret(t *testing.T) { + type fields struct { + kube func() client.Client + namespace string + store v1beta1.GenericStore + mock func(c *FakeClient) + } + type args struct { + ctx context.Context + ref v1beta1.ExternalSecretDataRemoteRef + } + tests := []struct { + name string + fields fields + args args + want []byte + wantErr bool + }{ + { + name: "get secret with UUID", + fields: fields{ + kube: func() client.Client { + return fake.NewFakeClient() + }, + namespace: "default", + store: &v1beta1.SecretStore{}, + mock: func(c *FakeClient) { + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "id", + Key: "key", + Note: "note", + OrganizationID: "org", + Value: "value", + }) + }, + }, + args: args{ + ctx: context.Background(), + ref: v1beta1.ExternalSecretDataRemoteRef{ + Key: "d8f29773-3019-4973-9bbc-66327d077fe2", + }, + }, + want: []byte("value"), + }, + { + name: "get secret by name", + fields: fields{ + kube: func() client.Client { + return fake.NewFakeClient() + }, + namespace: "default", + store: &v1beta1.SecretStore{ + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + BitwardenSecretsManager: &v1beta1.BitwardenSecretsManagerProvider{ + OrganizationID: "orgid", + ProjectID: projectID, + }, + }, + }, + }, + mock: func(c *FakeClient) { + c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ + Data: []SecretIdentifierResponse{ + { + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "this-is-a-name", + OrganizationID: "orgid", + }, + }, + }) + + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "key", + Note: "note", + OrganizationID: "org", + Value: "value", + ProjectID: &projectID, + }) + }, + }, + args: args{ + ctx: context.Background(), + ref: v1beta1.ExternalSecretDataRemoteRef{ + Key: "this-is-a-name", + }, + }, + want: []byte("value"), + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fakeClient := &FakeClient{} + tt.fields.mock(fakeClient) + + p := &Provider{ + kube: tt.fields.kube(), + namespace: tt.fields.namespace, + store: tt.fields.store, + bitwardenSdkClient: fakeClient, + } + got, err := p.GetSecret(tt.args.ctx, tt.args.ref) + if (err != nil) != tt.wantErr { + t.Errorf("GetSecret() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("GetSecret() got = %v, want %v", got, tt.want) + } + }) + } +} + +func TestProviderPushSecret(t *testing.T) { + type fields struct { + kube func() client.Client + namespace string + store v1beta1.GenericStore + mock func(c *FakeClient) + assertMock func(t *testing.T, c *FakeClient) + } + type args struct { + ctx context.Context + secret *corev1.Secret + data v1beta1.PushSecretData + } + tests := []struct { + name string + fields fields + args args + wantErr bool + }{ + { + name: "push secret is successful for a none existent remote secret", + args: args{ + ctx: context.Background(), + secret: &corev1.Secret{ + Data: map[string][]byte{ + "key": []byte("value"), + }, + }, + data: v1alpha1.PushSecretData{ + Match: v1alpha1.PushSecretMatch{ + SecretKey: "key", + RemoteRef: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "this-is-a-name", + }, + }, + }, + }, + fields: fields{ + kube: func() client.Client { + return fake.NewFakeClient() + }, + namespace: "default", + store: &v1beta1.SecretStore{ + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + BitwardenSecretsManager: &v1beta1.BitwardenSecretsManagerProvider{ + OrganizationID: "orgid", + ProjectID: projectID, + }, + }, + }, + }, + mock: func(c *FakeClient) { + c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ + Data: []SecretIdentifierResponse{ + { + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "this-is-a-name", + OrganizationID: "orgid", + }, + }, + }) + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "no-match", // if this is this-is-a-name it would match + Note: "", + OrganizationID: "orgid", + Value: "value", + ProjectID: &projectID, + }) + c.CreateSecretReturnsOnCallN(0, &SecretResponse{}) + }, + assertMock: func(t *testing.T, c *FakeClient) { + cargs := c.createSecretCallArguments[0] + assert.Equal(t, cargs, SecretCreateRequest{ + Key: "this-is-a-name", + Note: "", + OrganizationID: "orgid", + ProjectIDS: []string{projectID}, + Value: "value", + }) + }, + }, + }, + { + name: "push secret is successful for a existing remote secret but only the value differs will call update", + args: args{ + ctx: context.Background(), + secret: &corev1.Secret{ + Data: map[string][]byte{ + "key": []byte("new-value"), + }, + }, + data: v1alpha1.PushSecretData{ + Match: v1alpha1.PushSecretMatch{ + SecretKey: "key", + RemoteRef: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "this-is-a-name", + }, + }, + }, + }, + fields: fields{ + kube: func() client.Client { + return fake.NewFakeClient() + }, + namespace: "default", + store: &v1beta1.SecretStore{ + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + BitwardenSecretsManager: &v1beta1.BitwardenSecretsManagerProvider{ + OrganizationID: "orgid", + ProjectID: projectID, + }, + }, + }, + }, + mock: func(c *FakeClient) { + c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ + Data: []SecretIdentifierResponse{ + { + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "this-is-a-name", + OrganizationID: "orgid", + }, + }, + }) + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "this-is-a-name", + Note: "", + OrganizationID: "orgid", + Value: "value", + ProjectID: &projectID, + }) + c.UpdateSecretReturnsOnCallN(0, &SecretResponse{}) + }, + assertMock: func(t *testing.T, c *FakeClient) { + pargs := c.updateSecretCallArguments[0] + assert.Equal(t, pargs, SecretPutRequest{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "this-is-a-name", + Note: "", + OrganizationID: "orgid", + ProjectIDS: []string{projectID}, + Value: "new-value", + }) + }, + }, + }, + { + name: "push secret will not push if the same secret already exists", + args: args{ + ctx: context.Background(), + secret: &corev1.Secret{ + Data: map[string][]byte{ + "key": []byte("value"), + }, + }, + data: v1alpha1.PushSecretData{ + Match: v1alpha1.PushSecretMatch{ + SecretKey: "key", + RemoteRef: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "this-is-a-name", + }, + }, + }, + }, + fields: fields{ + kube: func() client.Client { + return fake.NewFakeClient() + }, + namespace: "default", + store: &v1beta1.SecretStore{ + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + BitwardenSecretsManager: &v1beta1.BitwardenSecretsManagerProvider{ + OrganizationID: "orgid", + ProjectID: projectID, + }, + }, + }, + }, + mock: func(c *FakeClient) { + c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ + Data: []SecretIdentifierResponse{ + { + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "this-is-a-name", + OrganizationID: "orgid", + }, + }, + }) + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "this-is-a-name", + OrganizationID: "orgid", + Value: "value", + ProjectID: &projectID, + }) + c.UpdateSecretReturnsOnCallN(0, &SecretResponse{}) + }, + assertMock: func(t *testing.T, c *FakeClient) { + assert.Equal(t, 0, c.createSecretCalledN) + assert.Equal(t, 0, c.updateSecretCalledN) + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fakeClient := &FakeClient{} + tt.fields.mock(fakeClient) + + p := &Provider{ + kube: tt.fields.kube(), + namespace: tt.fields.namespace, + store: tt.fields.store, + bitwardenSdkClient: fakeClient, + } + + if err := p.PushSecret(tt.args.ctx, tt.args.secret, tt.args.data); (err != nil) != tt.wantErr { + t.Errorf("PushSecret() error = %v, wantErr %v", err, tt.wantErr) + } + + tt.fields.assertMock(t, fakeClient) + }) + } +} + +func TestProviderSecretExists(t *testing.T) { + type fields struct { + kube client.Client + namespace string + store v1beta1.GenericStore + mock func(c *FakeClient) + assertMock func(t *testing.T, c *FakeClient) + } + type args struct { + ctx context.Context + ref v1alpha1.PushSecretData + } + tests := []struct { + name string + fields fields + args args + want bool + wantErr bool + }{ + { + name: "secret exists", + fields: fields{ + store: &v1beta1.SecretStore{ + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + BitwardenSecretsManager: &v1beta1.BitwardenSecretsManagerProvider{ + OrganizationID: "orgid", + ProjectID: projectID, + }, + }, + }, + }, + mock: func(c *FakeClient) { + c.GetSecretReturnsOnCallN(0, &SecretResponse{}) + }, + assertMock: func(t *testing.T, c *FakeClient) { + assert.Equal(t, 0, c.listSecretsCalledN) + }, + }, + args: args{ + ctx: nil, + ref: v1alpha1.PushSecretData{ + Match: v1alpha1.PushSecretMatch{ + RemoteRef: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "d8f29773-3019-4973-9bbc-66327d077fe2", + }, + }, + }, + }, + want: true, + }, + { + name: "secret exists by name", + fields: fields{ + store: &v1beta1.SecretStore{ + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + BitwardenSecretsManager: &v1beta1.BitwardenSecretsManagerProvider{ + OrganizationID: "orgid", + ProjectID: projectID, + }, + }, + }, + }, + mock: func(c *FakeClient) { + c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ + Data: []SecretIdentifierResponse{ + { + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "name", + OrganizationID: "orgid", + }, + }, + }) + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "name", + OrganizationID: "orgid", + Value: "value", + ProjectID: &projectID, + }) + }, + }, + args: args{ + ctx: nil, + ref: v1alpha1.PushSecretData{ + Match: v1alpha1.PushSecretMatch{ + RemoteRef: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "name", + }, + }, + }, + }, + want: true, + }, + { + name: "secret not found by name", + fields: fields{ + store: &v1beta1.SecretStore{ + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + BitwardenSecretsManager: &v1beta1.BitwardenSecretsManagerProvider{ + OrganizationID: "orgid", + ProjectID: projectID, + }, + }, + }, + }, + mock: func(c *FakeClient) { + c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ + Data: []SecretIdentifierResponse{ + { + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "name", + OrganizationID: "orgid", + }, + }, + }) + projectIDDifferent := "different-project" + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "name", + OrganizationID: "orgid", + Value: "value", + ProjectID: &projectIDDifferent, + }) + }, + }, + args: args{ + ctx: nil, + ref: v1alpha1.PushSecretData{ + Match: v1alpha1.PushSecretMatch{ + RemoteRef: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "name", + }, + }, + }, + }, + want: false, + wantErr: true, // secret not found + }, + { + name: "invalid name format should error", + fields: fields{ + store: &v1beta1.SecretStore{ + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + BitwardenSecretsManager: &v1beta1.BitwardenSecretsManagerProvider{ + OrganizationID: "orgid", + ProjectID: projectID, + }, + }, + }, + }, + mock: func(c *FakeClient) { + }, + assertMock: func(t *testing.T, c *FakeClient) { + assert.Equal(t, 0, c.listSecretsCalledN) + }, + }, + args: args{ + ctx: nil, + ref: v1alpha1.PushSecretData{ + Match: v1alpha1.PushSecretMatch{ + RemoteRef: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "name", + }, + }, + }, + }, + want: false, + wantErr: true, // invalid remote key format + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fakeClient := &FakeClient{} + tt.fields.mock(fakeClient) + + p := &Provider{ + kube: tt.fields.kube, + namespace: tt.fields.namespace, + store: tt.fields.store, + bitwardenSdkClient: fakeClient, + } + got, err := p.SecretExists(tt.args.ctx, tt.args.ref) + if (err != nil) != tt.wantErr { + t.Errorf("SecretExists() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != tt.want { + t.Errorf("SecretExists() got = %v, want %v", got, tt.want) + } + }) + } +} diff --git a/pkg/provider/bitwarden/fake_client.go b/pkg/provider/bitwarden/fake_client.go new file mode 100644 index 00000000000..7c8bec2e1e1 --- /dev/null +++ b/pkg/provider/bitwarden/fake_client.go @@ -0,0 +1,137 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package bitwarden + +import ( + "context" + "fmt" +) + +type FakeClient struct { + getSecretCallArguments []string + getSecretReturnsOnCall map[int]*SecretResponse + getSecretCalledN int + + deleteSecretCallArguments [][]string + deleteSecretReturnsOnCall map[int]*SecretsDeleteResponse + deleteSecretCalledN int + + createSecretCallArguments []SecretCreateRequest + createSecretReturnsOnCall map[int]*SecretResponse + createSecretCalledN int + + updateSecretCallArguments []SecretPutRequest + updateSecretReturnsOnCall map[int]*SecretResponse + updateSecretCalledN int + + listSecretsCallArguments []string + listSecretsReturnsOnCall map[int]*SecretIdentifiersResponse + listSecretsCalledN int +} + +func (c *FakeClient) GetSecretReturnsOnCallN(call int, ret *SecretResponse) { + if c.getSecretReturnsOnCall == nil { + c.getSecretReturnsOnCall = make(map[int]*SecretResponse) + } + + c.getSecretReturnsOnCall[call] = ret +} + +func (c *FakeClient) GetSecret(ctx context.Context, id string) (*SecretResponse, error) { + ret, ok := c.getSecretReturnsOnCall[c.getSecretCalledN] + if !ok { + return nil, fmt.Errorf("get secret no canned responses set for call %d", c.getSecretCalledN) + } + + c.getSecretCallArguments = append(c.getSecretCallArguments, id) + c.getSecretCalledN++ + return ret, nil +} + +func (c *FakeClient) DeleteSecretReturnsOnCallN(call int, ret *SecretsDeleteResponse) { + if c.deleteSecretReturnsOnCall == nil { + c.deleteSecretReturnsOnCall = make(map[int]*SecretsDeleteResponse) + } + + c.deleteSecretReturnsOnCall[call] = ret +} + +func (c *FakeClient) DeleteSecret(ctx context.Context, ids []string) (*SecretsDeleteResponse, error) { + ret, ok := c.deleteSecretReturnsOnCall[c.deleteSecretCalledN] + if !ok { + return nil, fmt.Errorf("delete secret no canned responses set for call %d", c.deleteSecretCalledN) + } + + c.deleteSecretCalledN++ + c.deleteSecretCallArguments = append(c.deleteSecretCallArguments, ids) + return ret, nil +} + +func (c *FakeClient) CreateSecretReturnsOnCallN(call int, ret *SecretResponse) { + if c.createSecretReturnsOnCall == nil { + c.createSecretReturnsOnCall = make(map[int]*SecretResponse) + } + + c.createSecretReturnsOnCall[call] = ret +} + +func (c *FakeClient) CreateSecret(ctx context.Context, secret SecretCreateRequest) (*SecretResponse, error) { + ret, ok := c.createSecretReturnsOnCall[c.createSecretCalledN] + if !ok { + return nil, fmt.Errorf("create secret no canned responses set for call %d", c.createSecretCalledN) + } + + c.createSecretCalledN++ + c.createSecretCallArguments = append(c.createSecretCallArguments, secret) + return ret, nil +} + +func (c *FakeClient) UpdateSecretReturnsOnCallN(call int, ret *SecretResponse) { + if c.updateSecretReturnsOnCall == nil { + c.updateSecretReturnsOnCall = make(map[int]*SecretResponse) + } + + c.updateSecretReturnsOnCall[call] = ret +} + +func (c *FakeClient) UpdateSecret(ctx context.Context, secret SecretPutRequest) (*SecretResponse, error) { + ret, ok := c.updateSecretReturnsOnCall[c.updateSecretCalledN] + if !ok { + return nil, fmt.Errorf("secret update no canned responses set for call %d", c.updateSecretCalledN) + } + + c.updateSecretCalledN++ + c.updateSecretCallArguments = append(c.updateSecretCallArguments, secret) + return ret, nil +} + +func (c *FakeClient) ListSecretReturnsOnCallN(call int, ret *SecretIdentifiersResponse) { + if c.listSecretsReturnsOnCall == nil { + c.listSecretsReturnsOnCall = make(map[int]*SecretIdentifiersResponse) + } + + c.listSecretsReturnsOnCall[call] = ret +} + +func (c *FakeClient) ListSecrets(ctx context.Context, organizationID string) (*SecretIdentifiersResponse, error) { + ret, ok := c.listSecretsReturnsOnCall[c.listSecretsCalledN] + if !ok { + return nil, fmt.Errorf("secret list no canned responses set for call %d", c.listSecretsCalledN) + } + + c.listSecretsCalledN++ + c.listSecretsCallArguments = append(c.listSecretsCallArguments, organizationID) + return ret, nil +} diff --git a/pkg/provider/bitwarden/provider.go b/pkg/provider/bitwarden/provider.go new file mode 100644 index 00000000000..cdc8d0d5fcb --- /dev/null +++ b/pkg/provider/bitwarden/provider.go @@ -0,0 +1,107 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package bitwarden + +import ( + "context" + "crypto/tls" + "crypto/x509" + "fmt" + "net/http" + "time" + + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + "github.com/external-secrets/external-secrets/pkg/utils/resolvers" +) + +type Provider struct { + kube client.Client + namespace string + store esv1beta1.GenericStore + bitwardenSdkClient Client +} + +func init() { + esv1beta1.Register(&Provider{}, &esv1beta1.SecretStoreProvider{BitwardenSecretsManager: &esv1beta1.BitwardenSecretsManagerProvider{}}) +} + +// NewClient creates a new Bitwarden Secret Manager client. +func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Client, namespace string) (esv1beta1.SecretsClient, error) { + storeSpec := store.GetSpec() + if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.BitwardenSecretsManager == nil { + return nil, fmt.Errorf("no store type or wrong store type") + } + + token, err := resolvers.SecretKeyRef( + ctx, + kube, + store.GetKind(), + namespace, + &storeSpec.Provider.BitwardenSecretsManager.Auth.SecretRef.Credentials, + ) + if err != nil { + return nil, fmt.Errorf("could not resolve auth credentials: %w", err) + } + + bundle, err := p.getCABundle(storeSpec.Provider.BitwardenSecretsManager) + if err != nil { + return nil, fmt.Errorf("could not resolve caBundle: %w", err) + } + + sdkClient, err := NewSdkClient( + storeSpec.Provider.BitwardenSecretsManager.APIURL, + storeSpec.Provider.BitwardenSecretsManager.IdentityURL, + storeSpec.Provider.BitwardenSecretsManager.BitwardenServerSDKURL, + token, + bundle, + ) + if err != nil { + return nil, fmt.Errorf("could not create SdkClient: %w", err) + } + + return &Provider{ + kube: kube, + namespace: namespace, + store: store, + bitwardenSdkClient: sdkClient, + }, nil +} + +// Capabilities returns the provider Capabilities (Read, Write, ReadWrite). +func (p *Provider) Capabilities() esv1beta1.SecretStoreCapabilities { + return esv1beta1.SecretStoreReadWrite +} + +// ValidateStore validates the store. +func (p *Provider) ValidateStore(_ esv1beta1.GenericStore) (admission.Warnings, error) { + return nil, nil +} + +// newHTTPSClient creates a new HTTPS client with the given cert. +func newHTTPSClient(cert []byte) (*http.Client, error) { + pool := x509.NewCertPool() + ok := pool.AppendCertsFromPEM(cert) + if !ok { + return nil, fmt.Errorf("can't append Conjur SSL cert") + } + tr := &http.Transport{ + TLSClientConfig: &tls.Config{RootCAs: pool, MinVersion: tls.VersionTLS12}, + } + + return &http.Client{Transport: tr, Timeout: time.Second * 10}, nil +} diff --git a/pkg/provider/register/register.go b/pkg/provider/register/register.go index 87ce099cea1..976a825cb22 100644 --- a/pkg/provider/register/register.go +++ b/pkg/provider/register/register.go @@ -21,6 +21,7 @@ import ( _ "github.com/external-secrets/external-secrets/pkg/provider/alibaba" _ "github.com/external-secrets/external-secrets/pkg/provider/aws" _ "github.com/external-secrets/external-secrets/pkg/provider/azure/keyvault" + _ "github.com/external-secrets/external-secrets/pkg/provider/bitwarden" _ "github.com/external-secrets/external-secrets/pkg/provider/chef" _ "github.com/external-secrets/external-secrets/pkg/provider/conjur" _ "github.com/external-secrets/external-secrets/pkg/provider/delinea" From 87c09c604696cecf953bcfb121600fb08049c5b2 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Fri, 28 Jun 2024 14:42:17 +0200 Subject: [PATCH 136/517] fix: e2e installation of ESO needs to update dependencies first (#3635) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/framework/addon/chart.go | 1 + 1 file changed, 1 insertion(+) diff --git a/e2e/framework/addon/chart.go b/e2e/framework/addon/chart.go index c692b31d24d..07d7e86eb5d 100644 --- a/e2e/framework/addon/chart.go +++ b/e2e/framework/addon/chart.go @@ -66,6 +66,7 @@ func (c *HelmChart) Install() error { } args := []string{"install", c.ReleaseName, c.Chart, + "--dependency-update", "--debug", "--wait", "--timeout", "600s", From a14386b520721638388b04646078c044e3606484 Mon Sep 17 00:00:00 2001 From: Bill Hamilton Date: Fri, 28 Jun 2024 07:03:22 -0700 Subject: [PATCH 137/517] added secretserver env vars to e2e.yml (#3636) --- .github/workflows/e2e.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 9accb21c98b..cf7825bda70 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -35,7 +35,7 @@ env: TFC_AZURE_TENANT_ID: ${{ secrets.TFC_AZURE_TENANT_ID}} TFC_AZURE_SUBSCRIPTION_ID: ${{ secrets.TFC_AZURE_SUBSCRIPTION_ID }} TFC_VAULT_URL: ${{ secrets.TFC_VAULT_URL}} - + SCALEWAY_API_URL: ${{ secrets.SCALEWAY_API_URL }} SCALEWAY_REGION: ${{ secrets.SCALEWAY_REGION }} SCALEWAY_PROJECT_ID: ${{ secrets.SCALEWAY_PROJECT_ID }} @@ -46,6 +46,10 @@ env: DELINEA_TENANT: ${{ secrets.DELINEA_TENANT }} DELINEA_CLIENT_ID: ${{ secrets.DELINEA_CLIENT_ID }} DELINEA_CLIENT_SECRET: ${{ secrets.DELINEA_CLIENT_SECRET }} + + SECRETSERVER_USERNAME: ${{ secrets.SECRETSERVER_USERNAME }} + SECRETSERVER_PASSWORD: ${{ secrets.SECRETSERVER_PASSWORD }} + SECRETSERVER_URL: ${{ secrets.SECRETSERVER_URL }} jobs: integration-trusted: From 00cf3515484834e0b7f4c97a03fe666b486330ee Mon Sep 17 00:00:00 2001 From: Sverre Boschman <1142569+sboschman@users.noreply.github.com> Date: Sat, 29 Jun 2024 19:21:16 +0200 Subject: [PATCH 138/517] docs: fix dataFrom.find in ExternalSecret api example (#3633) Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com> --- docs/snippets/full-external-secret.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/docs/snippets/full-external-secret.yaml b/docs/snippets/full-external-secret.yaml index cd43d2f52c6..6c7247f5ea8 100644 --- a/docs/snippets/full-external-secret.yaml +++ b/docs/snippets/full-external-secret.yaml @@ -108,8 +108,6 @@ spec: target: "rewriting-${1}-with-groups" - find: path: path-to-filter - source: "exp-(.*?)-ression" - target: "rewriting-${1}-with-groups" name: regexp: ".*foobar.*" tags: From cd1ce790f77e1db38625f8a0aacda8ba7f9be5bb Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 17:02:33 +0300 Subject: [PATCH 139/517] update dependencies (#3641) --- e2e/go.mod | 26 +++++++++---------- e2e/go.sum | 51 +++++++++++++++++++------------------- go.mod | 38 ++++++++++++++-------------- go.sum | 73 ++++++++++++++++++++++++++++-------------------------- 4 files changed, 96 insertions(+), 92 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index cfae1161e7a..267318f4d68 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -39,7 +39,7 @@ replace ( ) require ( - cloud.google.com/go/secretmanager v1.13.1 + cloud.google.com/go/secretmanager v1.13.2 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 @@ -47,7 +47,7 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.54.6 + github.com/aws/aws-sdk-go v1.54.11 github.com/cyberark/conjur-api-go v0.12.0 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 @@ -57,11 +57,11 @@ require ( github.com/hashicorp/vault/api v1.14.0 github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.67.2 + github.com/oracle/oci-go-sdk/v65 v65.68.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 - github.com/xanzy/go-gitlab v0.105.0 + github.com/xanzy/go-gitlab v0.106.0 golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.185.0 + google.golang.org/api v0.186.0 k8s.io/api v0.30.2 k8s.io/apiextensions-apiserver v0.30.2 k8s.io/apimachinery v0.30.2 @@ -73,10 +73,10 @@ require ( ) require ( - cloud.google.com/go/auth v0.5.1 // indirect + cloud.google.com/go/auth v0.6.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect - cloud.google.com/go/iam v1.1.8 // indirect + cloud.google.com/go/iam v1.1.9 // indirect dario.cat/mergo v1.0.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect @@ -117,7 +117,7 @@ require ( github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/goccy/go-json v0.10.3 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect - github.com/gofrs/flock v0.8.1 // indirect + github.com/gofrs/flock v0.11.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -126,7 +126,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240622144329-c177fd99eaa9 // indirect + github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect @@ -168,7 +168,7 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_golang v1.19.1 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.54.0 // indirect + github.com/prometheus/common v0.55.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/segmentio/asm v1.2.0 // indirect @@ -198,9 +198,9 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.22.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect + google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d // indirect google.golang.org/grpc v1.64.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 67ea4d0de73..d6f8adca049 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw= -cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s= +cloud.google.com/go/auth v0.6.0 h1:5x+d6b5zdezZ7gmLWD1m/xNjnaQ2YDhmIz/HH3doy1g= +cloud.google.com/go/auth v0.6.0/go.mod h1:b4acV+jLQDyjwm4OXHYjNvRi4jvGBzHWJRtJcy+2P4g= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -35,14 +35,14 @@ cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2Qx cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0= -cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= +cloud.google.com/go/iam v1.1.9 h1:oSkYLVtVme29uGYrOcKcvJRht7cHJpYD09GM9JaR0TE= +cloud.google.com/go/iam v1.1.9/go.mod h1:Nt1eDWNYH9nGQg3d/mY7U1hvfGmsaG9o/kLGoLoLXjQ= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.1 h1:TTGo2Vz7ZxYn2QbmuFP7Zo4lDm5VsbzBjDReo3SA5h4= -cloud.google.com/go/secretmanager v1.13.1/go.mod h1:y9Ioh7EHp1aqEKGYXk3BOC+vkhlHm9ujL7bURT4oI/4= +cloud.google.com/go/secretmanager v1.13.2 h1:WnyajcyWf5MLq9lPyVxEyOBAhQdPcpckG3lMw8LqAHw= +cloud.google.com/go/secretmanager v1.13.2/go.mod h1:rB3lORY7QZrjACov35PX0KXMM0bKlbkL0/eFlS312wk= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -113,8 +113,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.54.6 h1:HEYUib3yTt8E6vxjMWM3yAq5b+qjj/6aKA62mkgux9g= -github.com/aws/aws-sdk-go v1.54.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.54.11 h1:Zxuv/R+IVS0B66yz4uezhxH9FN9/G2nbxejYqAMFjxk= +github.com/aws/aws-sdk-go v1.54.11/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -203,8 +203,9 @@ github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gofrs/flock v0.11.0 h1:AGFQxrpWd8ezw60AvLWIPbxMydNfF8564pwH3FCty0g= +github.com/gofrs/flock v0.11.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A= @@ -286,8 +287,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240622144329-c177fd99eaa9 h1:ouFdLLCOyCfnxGpQTMZKHLyHr/D1GFbQzEsJxumO16E= -github.com/google/pprof v0.0.0-20240622144329-c177fd99eaa9/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0 h1:e+8XbKB6IMn8A4OAyZccO4pYfB3s7bt6azNIPE7AnPg= +github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -409,8 +410,8 @@ github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.67.2 h1:ieNt3Gm9MSGNuPXEBUg6MoSRE3ByWlxj0GBKlvD/Cls= -github.com/oracle/oci-go-sdk/v65 v65.67.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.68.0 h1:4ONv3ahPcBEwTwERxjSY0xX68u7lDAEw/+xmo612uaQ= +github.com/oracle/oci-go-sdk/v65 v65.68.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -423,8 +424,8 @@ github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJL github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.54.0 h1:ZlZy0BgJhTwVZUn7dLOkwCZHUkrAqd3WYtcFCWnM1D8= -github.com/prometheus/common v0.54.0/go.mod h1:/TQgMJP5CuVYveyT7n/0Ix8yLNNXy9yRSkhnLTHPDIQ= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -480,8 +481,8 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= -github.com/xanzy/go-gitlab v0.105.0 h1:3nyLq0ESez0crcaM19o5S//SvezOQguuIHZ3wgX64hM= -github.com/xanzy/go-gitlab v0.105.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.106.0 h1:EDfD03K74cIlQo2EducfiupVrip+Oj02bq9ofw5F8sA= +github.com/xanzy/go-gitlab v0.106.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -808,8 +809,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.185.0 h1:ENEKk1k4jW8SmmaT6RE+ZasxmxezCrD5Vw4npvr+pAU= -google.golang.org/api v0.185.0/go.mod h1:HNfvIkJGlgrIlrbYkAm9W9IdkmKZjOTVh33YltygGbg= +google.golang.org/api v0.186.0 h1:n2OPp+PPXX0Axh4GuSsL5QL8xQCTb2oDwyzPnQvqUug= +google.golang.org/api v0.186.0/go.mod h1:hvRbBmgoje49RV3xqVXrmP6w93n6ehGgIVPYrGtBFFc= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -857,12 +858,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 h1:CUiCqkPw1nNrNQzCCG4WA65m0nAmQiwXHpub3dNyruU= -google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4/go.mod h1:EvuUDCulqGgV80RvP1BHuom+smhX4qtlhnNatHuroGQ= -google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 h1:MuYw1wJzT+ZkybKfaOXKp5hJiZDn2iHaXRw0mRYdHSc= -google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d h1:PksQg4dV6Sem3/HkBX+Ltq8T0ke0PKIRBNBatoDTVls= +google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:s7iA721uChleev562UJO2OYB0PPT9CMFjV+Ce7VJH5M= +google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d h1:Aqf0fiIdUQEj0Gn9mKFFXoQfTTEaNopWpfVyYADxiSg= +google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Od4k8V1LQSizPRUK4OzZ7TBE/20k+jPczUDAEyvn69Y= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d h1:k3zyW3BYYR30e8v3x0bTDdE9vpYFjZHK+HcyqkrppWk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= diff --git a/go.mod b/go.mod index 5052f7e0517..badbeaae8f5 100644 --- a/go.mod +++ b/go.mod @@ -5,21 +5,21 @@ go 1.22.4 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 require ( - cloud.google.com/go/iam v1.1.8 - cloud.google.com/go/secretmanager v1.13.1 + cloud.google.com/go/iam v1.1.9 + cloud.google.com/go/secretmanager v1.13.2 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 - github.com/IBM/go-sdk-core/v5 v5.17.3 + github.com/IBM/go-sdk-core/v5 v5.17.4 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/sprig/v3 v3.2.3 github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.54.6 + github.com/aws/aws-sdk-go v1.54.11 github.com/go-logr/logr v1.4.2 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 @@ -32,21 +32,21 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.67.2 + github.com/oracle/oci-go-sdk/v65 v65.68.0 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.1 - github.com/xanzy/go-gitlab v0.105.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240618172339-aafa8543bd63 + github.com/xanzy/go-gitlab v0.106.0 + github.com/yandex-cloud/go-genproto v0.0.0-20240624142804-98cf3d8eefe1 github.com/yandex-cloud/go-sdk v0.0.0-20240621081111-1018f7c96dc7 github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.24.0 golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.185.0 - google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 + google.golang.org/api v0.186.0 + google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d google.golang.org/grpc v1.64.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -67,7 +67,7 @@ require ( github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d github.com/akeylesslabs/akeyless-go/v3 v3.6.3 - github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7 + github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8 github.com/alibabacloud-go/kms-20160120/v3 v3.2.1 github.com/alibabacloud-go/openapi-util v0.1.0 github.com/alibabacloud-go/tea v1.2.2 @@ -87,7 +87,7 @@ require ( github.com/passbolt/go-passbolt v0.7.0 github.com/pulumi/esc v0.9.1 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 - github.com/sethvargo/go-password v0.3.0 + github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b @@ -96,7 +96,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.5.1 // indirect + cloud.google.com/go/auth v0.6.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect cloud.google.com/go/compute/metadata v0.3.0 // indirect dario.cat/mergo v1.0.0 // indirect @@ -125,7 +125,7 @@ require ( github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/blang/semver v3.5.1+incompatible // indirect github.com/charmbracelet/bubbles v0.18.0 // indirect - github.com/charmbracelet/bubbletea v0.26.5 // indirect + github.com/charmbracelet/bubbletea v0.26.6 // indirect github.com/charmbracelet/lipgloss v0.11.0 // indirect github.com/charmbracelet/x/ansi v0.1.2 // indirect github.com/charmbracelet/x/input v0.1.2 // indirect @@ -149,7 +149,7 @@ require ( github.com/go-playground/validator/v10 v10.22.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect - github.com/gofrs/flock v0.8.1 // indirect + github.com/gofrs/flock v0.11.0 // indirect github.com/golang/glog v1.2.1 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/s2a-go v0.1.7 // indirect @@ -193,8 +193,8 @@ require ( go.opentelemetry.io/otel/metric v1.27.0 // indirect go.opentelemetry.io/otel/trace v1.27.0 // indirect golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d // indirect gopkg.in/warnings.v0 v0.1.2 // indirect lukechampine.com/frand v1.4.2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect @@ -240,7 +240,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240622144329-c177fd99eaa9 // indirect + github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -278,7 +278,7 @@ require ( github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - github.com/prometheus/common v0.54.0 // indirect + github.com/prometheus/common v0.55.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect @@ -289,7 +289,7 @@ require ( github.com/tidwall/pretty v1.2.1 // indirect github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect github.com/uber/jaeger-lib v2.4.1+incompatible // indirect - go.mongodb.org/mongo-driver v1.15.1 // indirect + go.mongodb.org/mongo-driver v1.16.0 // indirect go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect diff --git a/go.sum b/go.sum index b2912b0a1b7..a91962d3be2 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw= -cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s= +cloud.google.com/go/auth v0.6.0 h1:5x+d6b5zdezZ7gmLWD1m/xNjnaQ2YDhmIz/HH3doy1g= +cloud.google.com/go/auth v0.6.0/go.mod h1:b4acV+jLQDyjwm4OXHYjNvRi4jvGBzHWJRtJcy+2P4g= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -35,14 +35,14 @@ cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2Qx cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0= -cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= +cloud.google.com/go/iam v1.1.9 h1:oSkYLVtVme29uGYrOcKcvJRht7cHJpYD09GM9JaR0TE= +cloud.google.com/go/iam v1.1.9/go.mod h1:Nt1eDWNYH9nGQg3d/mY7U1hvfGmsaG9o/kLGoLoLXjQ= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.1 h1:TTGo2Vz7ZxYn2QbmuFP7Zo4lDm5VsbzBjDReo3SA5h4= -cloud.google.com/go/secretmanager v1.13.1/go.mod h1:y9Ioh7EHp1aqEKGYXk3BOC+vkhlHm9ujL7bURT4oI/4= +cloud.google.com/go/secretmanager v1.13.2 h1:WnyajcyWf5MLq9lPyVxEyOBAhQdPcpckG3lMw8LqAHw= +cloud.google.com/go/secretmanager v1.13.2/go.mod h1:rB3lORY7QZrjACov35PX0KXMM0bKlbkL0/eFlS312wk= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -103,8 +103,8 @@ github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59Bp github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2/go.mod h1:tNlpIXJlIwQlRbobXDPme4qv/Rc8+a1GbuUhE3m4JhQ= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= -github.com/IBM/go-sdk-core/v5 v5.17.3 h1:CZSVCKzhQc/hRQZOtuEmi9dlNtWMnxJvOsPtQKP7cZ4= -github.com/IBM/go-sdk-core/v5 v5.17.3/go.mod h1:GatGZpxlo1KaxiRN6E10/rNgWtUtx1hN/GoHSCaSPKA= +github.com/IBM/go-sdk-core/v5 v5.17.4 h1:VGb9+mRrnS2HpHZFM5hy4J6ppIWnwNrw0G+tLSgcJLc= +github.com/IBM/go-sdk-core/v5 v5.17.4/go.mod h1:KsAAI7eStAWwQa4F96MLy+whYSh39JzNjklZRbN/8ns= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 h1:xa9e+POVqaXxXHXkSMCOVAbKdUNEu86jQmo5hcpd+L4= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4/go.mod h1:5gq8D8uWOIbqOm1uztay6lpOysgJaxxEsaVZLWGWb40= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -153,8 +153,9 @@ github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F4PKuMgEUETNZasrDM6vqVr/Can7H8= github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc= github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc= -github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7 h1:20vl9plHhHuy9A72oAZSAB4ooov+yY9xfu+cCNcrLh8= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8 h1:benoD0QHDrylMzEQVpX/6uKtrN8LohT66ZlKXVJh7pM= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg= github.com/alibabacloud-go/darabonba-signature-util v0.0.7/go.mod h1:oUzCYV2fcCH797xKdL6BDH8ADIHlzrtKVjeRtunBNTQ= github.com/alibabacloud-go/darabonba-string v1.0.2 h1:E714wms5ibdzCqGeYJ9JCFywE5nDyvIXIIQbZVFkkqo= @@ -204,8 +205,8 @@ github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinR github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.54.6 h1:HEYUib3yTt8E6vxjMWM3yAq5b+qjj/6aKA62mkgux9g= -github.com/aws/aws-sdk-go v1.54.6/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.54.11 h1:Zxuv/R+IVS0B66yz4uezhxH9FN9/G2nbxejYqAMFjxk= +github.com/aws/aws-sdk-go v1.54.11/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -225,8 +226,8 @@ github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UF github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/charmbracelet/bubbles v0.18.0 h1:PYv1A036luoBGroX6VWjQIE9Syf2Wby2oOl/39KLfy0= github.com/charmbracelet/bubbles v0.18.0/go.mod h1:08qhZhtIwzgrtBjAcJnij1t1H0ZRjwHyGsy6AL11PSw= -github.com/charmbracelet/bubbletea v0.26.5 h1:90pqTPElAReb/qQUgSMUresTkfwVr0Wx+zczeHHOgxk= -github.com/charmbracelet/bubbletea v0.26.5/go.mod h1:dz8CWPlfCCGLFbBlTY4N7bjLiyOGDJEnd2Muu7pOWhk= +github.com/charmbracelet/bubbletea v0.26.6 h1:zTCWSuST+3yZYZnVSvbXwKOPRSNZceVeqpzOLN2zq1s= +github.com/charmbracelet/bubbletea v0.26.6/go.mod h1:dz8CWPlfCCGLFbBlTY4N7bjLiyOGDJEnd2Muu7pOWhk= github.com/charmbracelet/lipgloss v0.11.0 h1:UoAcbQ6Qml8hDwSWs0Y1cB5TEQuZkDPH/ZqwWWYTG4g= github.com/charmbracelet/lipgloss v0.11.0/go.mod h1:1UdRTH9gYgpcdNN5oBtjbu/IzNKtzVtb7sqN1t9LNn8= github.com/charmbracelet/x/ansi v0.1.2 h1:6+LR39uG8DE6zAmbu023YlqjJHkYXDF1z36ZwzO4xZY= @@ -369,8 +370,9 @@ github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= -github.com/gofrs/flock v0.8.1 h1:+gYjHKf32LDeiEEFhQaotPbLuUXjY5ZqxKgXy7n59aw= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= +github.com/gofrs/flock v0.11.0 h1:AGFQxrpWd8ezw60AvLWIPbxMydNfF8564pwH3FCty0g= +github.com/gofrs/flock v0.11.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -456,8 +458,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240622144329-c177fd99eaa9 h1:ouFdLLCOyCfnxGpQTMZKHLyHr/D1GFbQzEsJxumO16E= -github.com/google/pprof v0.0.0-20240622144329-c177fd99eaa9/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0 h1:e+8XbKB6IMn8A4OAyZccO4pYfB3s7bt6azNIPE7AnPg= +github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -650,8 +652,8 @@ github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS6 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.67.2 h1:ieNt3Gm9MSGNuPXEBUg6MoSRE3ByWlxj0GBKlvD/Cls= -github.com/oracle/oci-go-sdk/v65 v65.67.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.68.0 h1:4ONv3ahPcBEwTwERxjSY0xX68u7lDAEw/+xmo612uaQ= +github.com/oracle/oci-go-sdk/v65 v65.68.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= @@ -671,8 +673,8 @@ github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJL github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.54.0 h1:ZlZy0BgJhTwVZUn7dLOkwCZHUkrAqd3WYtcFCWnM1D8= -github.com/prometheus/common v0.54.0/go.mod h1:/TQgMJP5CuVYveyT7n/0Ix8yLNNXy9yRSkhnLTHPDIQ= +github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= +github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0= @@ -708,8 +710,8 @@ github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= -github.com/sethvargo/go-password v0.3.0 h1:OLFHZ91Z7NiNP3dnaPxLxCDXlb6TBuxFzMvv6bu+Ptw= -github.com/sethvargo/go-password v0.3.0/go.mod h1:p6we8DZ0eyYXof9pon7Cqrw98N4KTaYiadDml1dUEEw= +github.com/sethvargo/go-password v0.3.1 h1:WqrLTjo7X6AcVYfC6R7GtSyuUQR9hGyAj/f1PYQZCJU= +github.com/sethvargo/go-password v0.3.1/go.mod h1:rXofC1zT54N7R8K/h1WDUdkf9BOx5OptoxrMBcrXzvs= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= @@ -775,14 +777,15 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= -github.com/xanzy/go-gitlab v0.105.0 h1:3nyLq0ESez0crcaM19o5S//SvezOQguuIHZ3wgX64hM= -github.com/xanzy/go-gitlab v0.105.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.106.0 h1:EDfD03K74cIlQo2EducfiupVrip+Oj02bq9ofw5F8sA= +github.com/xanzy/go-gitlab v0.106.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= -github.com/yandex-cloud/go-genproto v0.0.0-20240618172339-aafa8543bd63 h1:mHrm9qMyi5zkH1J7wG8RtWZPtbW+0YEiHlrbse6Jqos= github.com/yandex-cloud/go-genproto v0.0.0-20240618172339-aafa8543bd63/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-genproto v0.0.0-20240624142804-98cf3d8eefe1 h1:qWchcS+/cu1QB3UboNM6SnlwjxtLX85bEqSkP3MUnBw= +github.com/yandex-cloud/go-genproto v0.0.0-20240624142804-98cf3d8eefe1/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= github.com/yandex-cloud/go-sdk v0.0.0-20240621081111-1018f7c96dc7 h1:/8yjsR2CXDI78EYoZNjKWWI1zl80mehvXHWJNDXV0Wg= github.com/yandex-cloud/go-sdk v0.0.0-20240621081111-1018f7c96dc7/go.mod h1:urEKFBFYulcun3e4CbZY33Czfy7XeI1y4ctASTB/MUQ= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 h1:tBiBTKHnIjovYoLX/TPkcf+OjqqKGQrPtGT3Foz+Pgo= @@ -797,8 +800,8 @@ github.com/zalando/go-keyring v0.2.5 h1:Bc2HHpjALryKD62ppdEzaFG6VxL6Bc+5v0LYpN8L github.com/zalando/go-keyring v0.2.5/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= -go.mongodb.org/mongo-driver v1.15.1 h1:l+RvoUOoMXFmADTLfYDm7On9dRm7p4T80/lEQM+r7HU= -go.mongodb.org/mongo-driver v1.15.1/go.mod h1:Vzb0Mk/pa7e6cWw85R4F/endUC3u0U9jGcNU603k65c= +go.mongodb.org/mongo-driver v1.16.0 h1:tpRsfBJMROVHKpdGyc1BBEzzjDUWjItxbVSZ8Ls4BQ4= +go.mongodb.org/mongo-driver v1.16.0/go.mod h1:oB6AhJQvFQL4LEHyXi6aJzQJtBiTQHiAd83l0GdFaiw= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -1169,8 +1172,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.185.0 h1:ENEKk1k4jW8SmmaT6RE+ZasxmxezCrD5Vw4npvr+pAU= -google.golang.org/api v0.185.0/go.mod h1:HNfvIkJGlgrIlrbYkAm9W9IdkmKZjOTVh33YltygGbg= +google.golang.org/api v0.186.0 h1:n2OPp+PPXX0Axh4GuSsL5QL8xQCTb2oDwyzPnQvqUug= +google.golang.org/api v0.186.0/go.mod h1:hvRbBmgoje49RV3xqVXrmP6w93n6ehGgIVPYrGtBFFc= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1220,12 +1223,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4 h1:CUiCqkPw1nNrNQzCCG4WA65m0nAmQiwXHpub3dNyruU= -google.golang.org/genproto v0.0.0-20240617180043-68d350f18fd4/go.mod h1:EvuUDCulqGgV80RvP1BHuom+smhX4qtlhnNatHuroGQ= -google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4 h1:MuYw1wJzT+ZkybKfaOXKp5hJiZDn2iHaXRw0mRYdHSc= -google.golang.org/genproto/googleapis/api v0.0.0-20240617180043-68d350f18fd4/go.mod h1:px9SlOOZBg1wM1zdnr8jEL4CNGUBZ+ZKYtNPApNQc4c= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4 h1:Di6ANFilr+S60a4S61ZM00vLdw0IrQOSMS2/6mrnOU0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240617180043-68d350f18fd4/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d h1:PksQg4dV6Sem3/HkBX+Ltq8T0ke0PKIRBNBatoDTVls= +google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:s7iA721uChleev562UJO2OYB0PPT9CMFjV+Ce7VJH5M= +google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d h1:Aqf0fiIdUQEj0Gn9mKFFXoQfTTEaNopWpfVyYADxiSg= +google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Od4k8V1LQSizPRUK4OzZ7TBE/20k+jPczUDAEyvn69Y= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d h1:k3zyW3BYYR30e8v3x0bTDdE9vpYFjZHK+HcyqkrppWk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= From 3eb960052db21831cbc308130d901eb6142f9152 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 17:03:21 +0300 Subject: [PATCH 140/517] chore(deps): bump github/codeql-action from 3.25.10 to 3.25.11 (#3640) --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 9ef77bc9d76..0ad2d323fed 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@23acc5c183826b7a8a97bce3cecc52db901f8251 # v3.25.10 + uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 with: sarif_file: results.sarif From c6bafe8c61abcc682cc7dab22792f5a8f58f0c59 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 1 Jul 2024 18:06:05 +0200 Subject: [PATCH 141/517] chore(deps): bump importlib-metadata in /hack/api-docs (#3639) Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 7.2.1 to 8.0.0. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](https://github.com/python/importlib_metadata/compare/v7.2.1...v8.0.0) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 979d3028eae..d576e478e6b 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -7,7 +7,7 @@ csscompressor==0.9.5 ghp-import==2.1.0 htmlmin==0.1.12 idna==3.7 -importlib-metadata==7.2.1 +importlib-metadata==8.0.0 importlib-resources==6.4.0 Jinja2==3.1.4 jsmin==3.0.1 From 48cccaeded6efcb1780a8c48c6de35ca99b0ae82 Mon Sep 17 00:00:00 2001 From: kaedwen Date: Mon, 1 Jul 2024 23:31:10 +0200 Subject: [PATCH 142/517] add AuthRef to kubernetes provider fixes #3627 (#3628) * add AuthRef to kubernetes provider fixes #3627 Signed-off-by: kaedwen * run make reviewable Signed-off-by: kaedwen * fix validation for given authRef Signed-off-by: kaedwen * refactor kubernetes provider auth Signed-off-by: kaedwen * satisfy linter Signed-off-by: kaedwen * add URL for kubernetes provider tests Signed-off-by: kaedwen --------- Signed-off-by: kaedwen --- .../v1beta1/secretstore_kubernetes_types.go | 6 + .../v1beta1/zz_generated.deepcopy.go | 5 + ...ternal-secrets.io_clustersecretstores.yaml | 21 +- .../external-secrets.io_secretstores.yaml | 21 +- deploy/crds/bundle.yaml | 38 ++- docs/api/spec.md | 16 ++ pkg/provider/kubernetes/auth.go | 83 ++++--- pkg/provider/kubernetes/auth_test.go | 223 +++++++++++++++--- pkg/provider/kubernetes/provider.go | 25 +- pkg/provider/kubernetes/provider_test.go | 55 +++++ pkg/provider/kubernetes/validate.go | 2 +- 11 files changed, 401 insertions(+), 94 deletions(-) diff --git a/apis/externalsecrets/v1beta1/secretstore_kubernetes_types.go b/apis/externalsecrets/v1beta1/secretstore_kubernetes_types.go index fefd6d07b50..2dc83cabc70 100644 --- a/apis/externalsecrets/v1beta1/secretstore_kubernetes_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_kubernetes_types.go @@ -37,11 +37,17 @@ type KubernetesServer struct { // Configures a store to sync secrets with a Kubernetes instance. type KubernetesProvider struct { // configures the Kubernetes server Address. + // +optional Server KubernetesServer `json:"server,omitempty"` // Auth configures how secret-manager authenticates with a Kubernetes instance. + // +optional Auth KubernetesAuth `json:"auth"` + // A reference to a secret that contains the auth information. + // +optional + AuthRef *esmeta.SecretKeySelector `json:"authRef,omitempty"` + // Remote namespace to fetch the secrets from // +kubebuilder:default= default // +optional diff --git a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go index 31c591118bf..2fc04558c61 100644 --- a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go @@ -1858,6 +1858,11 @@ func (in *KubernetesProvider) DeepCopyInto(out *KubernetesProvider) { *out = *in in.Server.DeepCopyInto(&out.Server) in.Auth.DeepCopyInto(&out.Auth) + if in.AuthRef != nil { + in, out := &in.AuthRef, &out.AuthRef + *out = new(metav1.SecretKeySelector) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KubernetesProvider. diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 5463ecaff67..cba6e4b8d3f 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -3199,6 +3199,25 @@ spec: type: object type: object type: object + authRef: + description: A reference to a secret that contains the auth + information. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred + to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object remoteNamespace: default: default description: Remote namespace to fetch the secrets from @@ -3242,8 +3261,6 @@ spec: description: configures the Kubernetes server Address. type: string type: object - required: - - auth type: object onboardbase: description: Onboardbase configures this store to sync secrets diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index eaba10eff7f..e9ff3e8159f 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -3199,6 +3199,25 @@ spec: type: object type: object type: object + authRef: + description: A reference to a secret that contains the auth + information. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred + to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object remoteNamespace: default: default description: Remote namespace to fetch the secrets from @@ -3242,8 +3261,6 @@ spec: description: configures the Kubernetes server Address. type: string type: object - required: - - auth type: object onboardbase: description: Onboardbase configures this store to sync secrets diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 7b9073e72c2..c4c9a04b5b6 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -3634,6 +3634,23 @@ spec: type: object type: object type: object + authRef: + description: A reference to a secret that contains the auth information. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object remoteNamespace: default: default description: Remote namespace to fetch the secrets from @@ -3674,8 +3691,6 @@ spec: description: configures the Kubernetes server Address. type: string type: object - required: - - auth type: object onboardbase: description: Onboardbase configures this store to sync secrets using the Onboardbase provider @@ -9182,6 +9197,23 @@ spec: type: object type: object type: object + authRef: + description: A reference to a secret that contains the auth information. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object remoteNamespace: default: default description: Remote namespace to fetch the secrets from @@ -9222,8 +9254,6 @@ spec: description: configures the Kubernetes server Address. type: string type: object - required: - - auth type: object onboardbase: description: Onboardbase configures this store to sync secrets using the Onboardbase provider diff --git a/docs/api/spec.md b/docs/api/spec.md index 163e43741f8..2613780dcdc 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -4864,6 +4864,7 @@ KubernetesServer +(Optional)

configures the Kubernetes server Address.

@@ -4877,11 +4878,26 @@ KubernetesAuth +(Optional)

Auth configures how secret-manager authenticates with a Kubernetes instance.

+authRef
+ + +External Secrets meta/v1.SecretKeySelector + + + + +(Optional) +

A reference to a secret that contains the auth information.

+ + + + remoteNamespace
string diff --git a/pkg/provider/kubernetes/auth.go b/pkg/provider/kubernetes/auth.go index a4118de67bb..547283e2e92 100644 --- a/pkg/provider/kubernetes/auth.go +++ b/pkg/provider/kubernetes/auth.go @@ -22,6 +22,8 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/clientcmd" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" @@ -36,35 +38,63 @@ const ( errUnableCreateToken = "cannot create service account token: %q" ) -func (c *Client) setAuth(ctx context.Context) error { - err := c.setCA(ctx) +func (c *Client) getAuth(ctx context.Context) (*rest.Config, error) { + if c.store.AuthRef != nil { + cfg, err := c.fetchSecretKey(ctx, *c.store.AuthRef) + if err != nil { + return nil, err + } + + return clientcmd.RESTConfigFromKubeConfig(cfg) + } + + ca, err := c.getCA(ctx) if err != nil { - return err + return nil, err } + + var token []byte if c.store.Auth.Token != nil { - c.BearerToken, err = c.fetchSecretKey(ctx, c.store.Auth.Token.BearerToken) + token, err = c.fetchSecretKey(ctx, c.store.Auth.Token.BearerToken) if err != nil { - return fmt.Errorf("could not fetch Auth.Token.BearerToken: %w", err) + return nil, fmt.Errorf("could not fetch Auth.Token.BearerToken: %w", err) } - return nil - } - if c.store.Auth.ServiceAccount != nil { - c.BearerToken, err = c.serviceAccountToken(ctx, c.store.Auth.ServiceAccount) + } else if c.store.Auth.ServiceAccount != nil { + token, err = c.serviceAccountToken(ctx, c.store.Auth.ServiceAccount) if err != nil { - return fmt.Errorf("could not fetch Auth.ServiceAccount: %w", err) + return nil, fmt.Errorf("could not fetch Auth.ServiceAccount: %w", err) } - return nil + } else { + return nil, fmt.Errorf("no auth provider given") } + + var key, cert []byte if c.store.Auth.Cert != nil { - return c.setClientCert(ctx) + key, cert, err = c.getClientKeyAndCert(ctx) + if err != nil { + return nil, fmt.Errorf("could not fetch client key and cert: %w", err) + } } - return fmt.Errorf("no credentials provided") + + if c.store.Server.URL == "" { + return nil, fmt.Errorf("no server URL provided") + } + + return &rest.Config{ + Host: c.store.Server.URL, + BearerToken: string(token), + TLSClientConfig: rest.TLSClientConfig{ + Insecure: false, + CertData: cert, + KeyData: key, + CAData: ca, + }, + }, nil } -func (c *Client) setCA(ctx context.Context) error { +func (c *Client) getCA(ctx context.Context) ([]byte, error) { if c.store.Server.CABundle != nil { - c.CA = c.store.Server.CABundle - return nil + return c.store.Server.CABundle, nil } if c.store.Server.CAProvider != nil { var ca []byte @@ -78,7 +108,7 @@ func (c *Client) setCA(ctx context.Context) error { } ca, err = c.fetchConfigMapKey(ctx, keySelector) if err != nil { - return fmt.Errorf("unable to fetch Server.CAProvider ConfigMap: %w", err) + return nil, fmt.Errorf("unable to fetch Server.CAProvider ConfigMap: %w", err) } case esv1beta1.CAProviderTypeSecret: keySelector := esmeta.SecretKeySelector{ @@ -88,26 +118,25 @@ func (c *Client) setCA(ctx context.Context) error { } ca, err = c.fetchSecretKey(ctx, keySelector) if err != nil { - return fmt.Errorf("unable to fetch Server.CAProvider Secret: %w", err) + return nil, fmt.Errorf("unable to fetch Server.CAProvider Secret: %w", err) } } - c.CA = ca - return nil + return ca, nil } - return fmt.Errorf("no Certificate Authority provided") + return nil, fmt.Errorf("no Certificate Authority provided") } -func (c *Client) setClientCert(ctx context.Context) error { +func (c *Client) getClientKeyAndCert(ctx context.Context) ([]byte, []byte, error) { var err error - c.Certificate, err = c.fetchSecretKey(ctx, c.store.Auth.Cert.ClientCert) + cert, err := c.fetchSecretKey(ctx, c.store.Auth.Cert.ClientCert) if err != nil { - return fmt.Errorf("unable to fetch client certificate: %w", err) + return nil, nil, fmt.Errorf("unable to fetch client certificate: %w", err) } - c.Key, err = c.fetchSecretKey(ctx, c.store.Auth.Cert.ClientKey) + key, err := c.fetchSecretKey(ctx, c.store.Auth.Cert.ClientKey) if err != nil { - return fmt.Errorf("unable to fetch client key: %w", err) + return nil, nil, fmt.Errorf("unable to fetch client key: %w", err) } - return nil + return key, cert, nil } func (c *Client) serviceAccountToken(ctx context.Context, serviceAccountRef *esmeta.ServiceAccountSelector) ([]byte, error) { diff --git a/pkg/provider/kubernetes/auth_test.go b/pkg/provider/kubernetes/auth_test.go index 9784c1372a0..5d23de3c7b5 100644 --- a/pkg/provider/kubernetes/auth_test.go +++ b/pkg/provider/kubernetes/auth_test.go @@ -22,6 +22,7 @@ import ( corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1" + "k8s.io/client-go/rest" pointer "k8s.io/utils/ptr" kclient "sigs.k8s.io/controller-runtime/pkg/client" fclient "sigs.k8s.io/controller-runtime/pkg/client/fake" @@ -31,6 +32,43 @@ import ( utilfake "github.com/external-secrets/external-secrets/pkg/provider/util/fake" ) +const ( + caCert = `-----BEGIN CERTIFICATE----- +MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURp +Z2lDZXJ0IFRMUyBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2 +MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ +bmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQgUm9vdCBHNTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1TzvdlHJS +7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp +0zVozptjn4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICIS +B4CIfBFqMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49 +BAMDA2gAMGUCMQCJao1H5+z8blUD2WdsJk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQ +LgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIxAJSdYsiJvRmEFOml+wG4 +DXZDjC5Ty3zfDBeWUA== +-----END CERTIFICATE----- +` + authTestKubeConfig = `apiVersion: v1 +clusters: +- cluster: + server: https://api.my-domain.tld + certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNHVENDQVorZ0F3SUJBZ0lRQ2VDVFphejMyY2k1UGh3TEJDb3U4ekFLQmdncWhrak9QUVFEQXpCT01Rc3cKQ1FZRFZRUUdFd0pWVXpFWE1CVUdBMVVFQ2hNT1JHbG5hVU5sY25Rc0lFbHVZeTR4SmpBa0JnTlZCQU1USFVScApaMmxEWlhKMElGUk1VeUJGUTBNZ1VETTROQ0JTYjI5MElFYzFNQjRYRFRJeE1ERXhOVEF3TURBd01Gb1hEVFEyCk1ERXhOREl6TlRrMU9Wb3dUakVMTUFrR0ExVUVCaE1DVlZNeEZ6QVZCZ05WQkFvVERrUnBaMmxEWlhKMExDQkoKYm1NdU1TWXdKQVlEVlFRREV4MUVhV2RwUTJWeWRDQlVURk1nUlVORElGQXpPRFFnVW05dmRDQkhOVEIyTUJBRwpCeXFHU000OUFnRUdCU3VCQkFBaUEySUFCTUZFb2M4UmwxQ2EzaU9DTlFmTjBNc1luZEx4ZjNjMVR6dmRsSEpTCjdjSTcrT3o2ZTJ0WUlPeVpyc244YUxOMXVkc0o3TWdUOVU3R0NoMW1NRXk3SDBjS1BHRVFRaWw4cFFnTzRDTHAKMHpWb3pwdGpuNFMxbVUxWW9JNzFWT2VWeWFOQ01FQXdIUVlEVlIwT0JCWUVGTUZSUlZCWnF6N25MRnI2SUNJUwpCNENJZkJGcU1BNEdBMVVkRHdFQi93UUVBd0lCaGpBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUFvR0NDcUdTTTQ5CkJBTURBMmdBTUdVQ01RQ0phbzFINSt6OGJsVUQyV2RzSms2RHh2M0oreXNUdkxkNmpMUmwwbWxwWXhOak95WlEKTGdHaGVRYVJuVWkvd3I0Q01FZkRGWHV4b0pHWlNaT29QSHpvUmdhTExQSXhBSlNkWXNpSnZSbUVGT21sK3dHNApEWFpEakM1VHkzemZEQmVXVUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + name: mycluster +contexts: +- context: + cluster: mycluster + user: myuser + name: mycontext +current-context: mycontext +kind: Config +preferences: {} +users: +- name: myuser + user: + token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE3MTkzOTY4OTksImV4cCI6MTc1MDkzMjg4NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJFbWFpbCI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJSb2xlIjpbIk1hbmFnZXIiLCJQcm9qZWN0IEFkbWluaXN0cmF0b3IiXX0.xXrfIl0akhfjWU_BDl7Ad54SXje0YlJdnugzwh96VmM +` +) + func TestSetAuth(t *testing.T) { type fields struct { kube kclient.Client @@ -39,16 +77,11 @@ func TestSetAuth(t *testing.T) { namespace string storeKind string } - type want struct { - Certificate []byte - Key []byte - CA []byte - BearerToken []byte - } + type want = rest.Config tests := []struct { name string fields fields - want want + want *want wantErr bool }{ { @@ -58,7 +91,7 @@ func TestSetAuth(t *testing.T) { Server: esv1beta1.KubernetesServer{}, }, }, - want: want{}, + want: nil, wantErr: true, }, { @@ -70,9 +103,7 @@ func TestSetAuth(t *testing.T) { }, }, }, - want: want{ - CA: []byte("1234"), - }, + want: nil, wantErr: true, }, { @@ -85,29 +116,52 @@ func TestSetAuth(t *testing.T) { Namespace: "default", }, Data: map[string][]byte{ - "cert": []byte("1234"), + "cert": []byte("1234"), + "token": []byte("mytoken"), }, }).Build(), store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ + URL: "https://my.test.tld", CAProvider: &esv1beta1.CAProvider{ Type: esv1beta1.CAProviderTypeSecret, Name: "foobar", Key: "cert", }, }, + Auth: esv1beta1.KubernetesAuth{ + Token: &esv1beta1.TokenAuth{ + BearerToken: v1.SecretKeySelector{ + Name: "foobar", + Namespace: pointer.To("shouldnotberelevant"), + Key: "token", + }, + }, + }, }, }, - want: want{ - CA: []byte("1234"), + want: &want{ + Host: "https://my.test.tld", + BearerToken: "mytoken", + TLSClientConfig: rest.TLSClientConfig{ + CAData: []byte("1234"), + }, }, - wantErr: true, + wantErr: false, }, { name: "should fetch ca from ConfigMap", fields: fields{ namespace: "default", - kube: fclient.NewClientBuilder().WithObjects(&corev1.ConfigMap{ + kube: fclient.NewClientBuilder().WithObjects(&corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "foobar", + Namespace: "default", + }, + Data: map[string][]byte{ + "token": []byte("mytoken"), + }, + }, &corev1.ConfigMap{ ObjectMeta: metav1.ObjectMeta{ Name: "foobar", Namespace: "default", @@ -118,18 +172,32 @@ func TestSetAuth(t *testing.T) { }).Build(), store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ + URL: "https://my.test.tld", CAProvider: &esv1beta1.CAProvider{ Type: esv1beta1.CAProviderTypeConfigMap, Name: "foobar", Key: "cert", }, }, + Auth: esv1beta1.KubernetesAuth{ + Token: &esv1beta1.TokenAuth{ + BearerToken: v1.SecretKeySelector{ + Name: "foobar", + Namespace: pointer.To("shouldnotberelevant"), + Key: "token", + }, + }, + }, }, }, - want: want{ - CA: []byte("1234"), + want: &want{ + Host: "https://my.test.tld", + BearerToken: "mytoken", + TLSClientConfig: rest.TLSClientConfig{ + CAData: []byte("1234"), + }, }, - wantErr: true, + wantErr: false, }, { name: "should set token from secret", @@ -146,6 +214,7 @@ func TestSetAuth(t *testing.T) { }).Build(), store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ + URL: "https://my.test.tld", CABundle: []byte("1234"), }, Auth: esv1beta1.KubernetesAuth{ @@ -159,9 +228,12 @@ func TestSetAuth(t *testing.T) { }, }, }, - want: want{ - CA: []byte("1234"), - BearerToken: []byte("mytoken"), + want: &want{ + Host: "https://my.test.tld", + BearerToken: "mytoken", + TLSClientConfig: rest.TLSClientConfig{ + CAData: []byte("1234"), + }, }, wantErr: false, }, @@ -178,12 +250,28 @@ func TestSetAuth(t *testing.T) { "cert": []byte("my-cert"), "key": []byte("my-key"), }, + }, &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "foobar", + Namespace: "default", + }, + Data: map[string][]byte{ + "token": []byte("mytoken"), + }, }).Build(), store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ + URL: "https://my.test.tld", CABundle: []byte("1234"), }, Auth: esv1beta1.KubernetesAuth{ + Token: &esv1beta1.TokenAuth{ + BearerToken: v1.SecretKeySelector{ + Name: "foobar", + Namespace: pointer.To("shouldnotberelevant"), + Key: "token", + }, + }, Cert: &esv1beta1.CertAuth{ ClientCert: v1.SecretKeySelector{ Name: "mycert", @@ -197,10 +285,14 @@ func TestSetAuth(t *testing.T) { }, }, }, - want: want{ - CA: []byte("1234"), - Certificate: []byte("my-cert"), - Key: []byte("my-key"), + want: &want{ + Host: "https://my.test.tld", + BearerToken: "mytoken", + TLSClientConfig: rest.TLSClientConfig{ + CAData: []byte("1234"), + CertData: []byte("my-cert"), + KeyData: []byte("my-key"), + }, }, wantErr: false, }, @@ -217,6 +309,7 @@ func TestSetAuth(t *testing.T) { kubeclientset: utilfake.NewCreateTokenMock().WithToken("my-sa-token"), store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ + URL: "https://my.test.tld", CABundle: []byte("1234"), }, Auth: esv1beta1.KubernetesAuth{ @@ -227,9 +320,68 @@ func TestSetAuth(t *testing.T) { }, }, }, - want: want{ - CA: []byte("1234"), - BearerToken: []byte("my-sa-token"), + want: &want{ + Host: "https://my.test.tld", + BearerToken: "my-sa-token", + TLSClientConfig: rest.TLSClientConfig{ + CAData: []byte("1234"), + }, + }, + wantErr: false, + }, + { + name: "should fail with missing URL", + fields: fields{ + namespace: "default", + kube: fclient.NewClientBuilder().WithObjects(&corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-sa", + Namespace: "default", + }, + }).Build(), + kubeclientset: utilfake.NewCreateTokenMock().WithToken("my-sa-token"), + store: &esv1beta1.KubernetesProvider{ + Server: esv1beta1.KubernetesServer{ + CABundle: []byte("1234"), + }, + Auth: esv1beta1.KubernetesAuth{ + ServiceAccount: &v1.ServiceAccountSelector{ + Name: "my-sa", + Namespace: pointer.To("shouldnotberelevant"), + }, + }, + }, + }, + want: nil, + wantErr: true, + }, + { + name: "should read config from secret", + fields: fields{ + namespace: "default", + kube: fclient.NewClientBuilder().WithObjects(&corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "foobar", + Namespace: "default", + }, + Data: map[string][]byte{ + "config": []byte(authTestKubeConfig), + }, + }).Build(), + store: &esv1beta1.KubernetesProvider{ + AuthRef: &v1.SecretKeySelector{ + Name: "foobar", + Namespace: pointer.To("default"), + Key: "config", + }, + }, + }, + want: &want{ + Host: "https://api.my-domain.tld", + BearerToken: "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE3MTkzOTY4OTksImV4cCI6MTc1MDkzMjg4NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJFbWFpbCI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJSb2xlIjpbIk1hbmFnZXIiLCJQcm9qZWN0IEFkbWluaXN0cmF0b3IiXX0.xXrfIl0akhfjWU_BDl7Ad54SXje0YlJdnugzwh96VmM", + TLSClientConfig: rest.TLSClientConfig{ + CAData: []byte(caCert), + }, }, wantErr: false, }, @@ -243,17 +395,12 @@ func TestSetAuth(t *testing.T) { namespace: tt.fields.namespace, storeKind: tt.fields.storeKind, } - if err := k.setAuth(context.Background()); (err != nil) != tt.wantErr { + cfg, err := k.getAuth(context.Background()) + if (err != nil) != tt.wantErr { t.Errorf("BaseClient.setAuth() error = %v, wantErr %v", err, tt.wantErr) } - w := want{ - Certificate: k.Certificate, - Key: k.Key, - CA: k.CA, - BearerToken: k.BearerToken, - } - if !cmp.Equal(w, tt.want) { - t.Errorf("unexpected value: expected %#v, got %#v", tt.want, w) + if !cmp.Equal(cfg, tt.want) { + t.Errorf("unexpected value: expected %#v, got %#v", tt.want, cfg) } }) } diff --git a/pkg/provider/kubernetes/provider.go b/pkg/provider/kubernetes/provider.go index c24df39adae..82fcecaac78 100644 --- a/pkg/provider/kubernetes/provider.go +++ b/pkg/provider/kubernetes/provider.go @@ -23,7 +23,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/client-go/kubernetes" typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1" - "k8s.io/client-go/rest" kclient "sigs.k8s.io/controller-runtime/pkg/client" ctrlcfg "sigs.k8s.io/controller-runtime/pkg/client/config" @@ -73,11 +72,7 @@ type Client struct { // namespace is the namespace of the // ExternalSecret referencing this provider. - namespace string - Certificate []byte - Key []byte - CA []byte - BearerToken []byte + namespace string } func init() { @@ -123,22 +118,12 @@ func (p *Provider) newClient(ctx context.Context, store esv1beta1.GenericStore, return client, nil } - if err := client.setAuth(ctx); err != nil { - return nil, err - } - - config := &rest.Config{ - Host: client.store.Server.URL, - BearerToken: string(client.BearerToken), - TLSClientConfig: rest.TLSClientConfig{ - Insecure: false, - CertData: client.Certificate, - KeyData: client.Key, - CAData: client.CA, - }, + cfg, err := client.getAuth(ctx) + if err != nil { + return nil, fmt.Errorf("failed to prepare auth: %w", err) } - userClientset, err := kubernetes.NewForConfig(config) + userClientset, err := kubernetes.NewForConfig(cfg) if err != nil { return nil, fmt.Errorf("error configuring clientset: %w", err) } diff --git a/pkg/provider/kubernetes/provider_test.go b/pkg/provider/kubernetes/provider_test.go index 26e3b083799..6a7e48c0f0e 100644 --- a/pkg/provider/kubernetes/provider_test.go +++ b/pkg/provider/kubernetes/provider_test.go @@ -51,6 +51,24 @@ mv+AggtK0aRFb9o47z/BypLdk5mhbf3Mmr88C8XBzEnfdYyf4JpTlZrYLBmDCu5d 9RLLsjXxhag8xqMtd1uLUM8XOTGzVWacw8iGY+CTtBKqyA+AE6/bDwZvEwVtsKtC QJ85ioEpy00NioqcF0WyMZH80uMsPycfpnl5uF7RkW8u -----END CERTIFICATE-----` + testKubeConfig = `apiVersion: v1 +clusters: +- cluster: + server: https://api.my-domain.tld + name: mycluster +contexts: +- context: + cluster: mycluster + user: myuser + name: mycontext +current-context: mycontext +kind: Config +preferences: {} +users: +- name: myuser + user: + token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE3MTkzOTY4OTksImV4cCI6MTc1MDkzMjg4NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJFbWFpbCI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJSb2xlIjpbIk1hbmFnZXIiLCJQcm9qZWN0IEFkbWluaXN0cmF0b3IiXX0.xXrfIl0akhfjWU_BDl7Ad54SXje0YlJdnugzwh96VmM +` ) func TestNewClient(t *testing.T) { @@ -88,6 +106,40 @@ func TestNewClient(t *testing.T) { }, wantErr: true, }, + { + name: "test auth ref", + fields: fields{}, + args: args{ + store: &esv1beta1.ClusterSecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.ClusterSecretStoreKind, + }, + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + Kubernetes: &esv1beta1.KubernetesProvider{ + AuthRef: &v1.SecretKeySelector{ + Name: "foo", + Namespace: pointer.To("default"), + Key: "config", + }, + }, + }, + }, + }, + namespace: "", + kube: fclient.NewClientBuilder().WithObjects(&corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "foo", + Namespace: "default", + }, + Data: map[string][]byte{ + "config": []byte(testKubeConfig), + }, + }).Build(), + clientset: clientgofake.NewSimpleClientset(), + }, + want: true, + }, { name: "test referent auth return", fields: fields{}, @@ -100,6 +152,7 @@ func TestNewClient(t *testing.T) { Provider: &esv1beta1.SecretStoreProvider{ Kubernetes: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ + URL: "https://my.test.tld", CABundle: []byte(testCertificate), }, Auth: esv1beta1.KubernetesAuth{ @@ -132,6 +185,7 @@ func TestNewClient(t *testing.T) { Provider: &esv1beta1.SecretStoreProvider{ Kubernetes: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ + URL: "https://my.test.tld", CABundle: []byte(testCertificate), }, RemoteNamespace: "remote", @@ -166,6 +220,7 @@ func TestNewClient(t *testing.T) { Provider: &esv1beta1.SecretStoreProvider{ Kubernetes: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ + URL: "https://my.test.tld", CABundle: []byte(testCertificate), }, RemoteNamespace: "remote", diff --git a/pkg/provider/kubernetes/validate.go b/pkg/provider/kubernetes/validate.go index 8f264d0ccb3..11d1a6ef135 100644 --- a/pkg/provider/kubernetes/validate.go +++ b/pkg/provider/kubernetes/validate.go @@ -31,7 +31,7 @@ import ( func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error) { storeSpec := store.GetSpec() k8sSpec := storeSpec.Provider.Kubernetes - if k8sSpec.Server.CABundle == nil && k8sSpec.Server.CAProvider == nil { + if k8sSpec.AuthRef == nil && k8sSpec.Server.CABundle == nil && k8sSpec.Server.CAProvider == nil { return nil, fmt.Errorf("a CABundle or CAProvider is required") } if store.GetObjectKind().GroupVersionKind().Kind == esv1beta1.ClusterSecretStoreKind && From f51689216481284fc00466ef28c330dc5ffea377 Mon Sep 17 00:00:00 2001 From: Joe Stevens Date: Mon, 1 Jul 2024 23:08:55 -0700 Subject: [PATCH 143/517] implement handling for pushing whole k8s secret to gcsm (#3644) Signed-off-by: Joseph Stevens --- pkg/provider/gcp/secretmanager/client.go | 18 ++++++++++--- pkg/provider/gcp/secretmanager/client_test.go | 25 ++++++++++++++++--- 2 files changed, 36 insertions(+), 7 deletions(-) diff --git a/pkg/provider/gcp/secretmanager/client.go b/pkg/provider/gcp/secretmanager/client.go index 8daa6294047..8fcb1fee192 100644 --- a/pkg/provider/gcp/secretmanager/client.go +++ b/pkg/provider/gcp/secretmanager/client.go @@ -136,11 +136,23 @@ func (c *Client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef // PushSecret pushes a kubernetes secret key into gcp provider Secret. func (c *Client) PushSecret(ctx context.Context, secret *corev1.Secret, pushSecretData esv1beta1.PushSecretData) error { + var ( + payload []byte + err error + ) if pushSecretData.GetSecretKey() == "" { - return fmt.Errorf("pushing the whole secret is not yet implemented") + // Must convert secret values to string, otherwise data will be sent as base64 to Vault + secretStringVal := make(map[string]string) + for k, v := range secret.Data { + secretStringVal[k] = string(v) + } + payload, err = utils.JSONMarshal(secretStringVal) + if err != nil { + return fmt.Errorf("failed to serialize secret content as JSON: %w", err) + } + } else { + payload = secret.Data[pushSecretData.GetSecretKey()] } - - payload := secret.Data[pushSecretData.GetSecretKey()] secretName := fmt.Sprintf("projects/%s/secrets/%s", c.store.ProjectID, pushSecretData.GetRemoteKey()) gcpSecret, err := c.smClient.GetSecret(ctx, &secretmanagerpb.GetSecretRequest{ Name: secretName, diff --git a/pkg/provider/gcp/secretmanager/client_test.go b/pkg/provider/gcp/secretmanager/client_test.go index e6215ec281e..f9267870d61 100644 --- a/pkg/provider/gcp/secretmanager/client_test.go +++ b/pkg/provider/gcp/secretmanager/client_test.go @@ -591,9 +591,10 @@ func TestPushSecret(t *testing.T) { req func(*fakesm.MockSMClient) error } tests := []struct { - desc string - args args - want want + desc string + args args + want want + secret *corev1.Secret }{ { desc: "SetSecret successfully pushes a secret", @@ -801,6 +802,19 @@ func TestPushSecret(t *testing.T) { err: canceledError, }, }, + { + desc: "Whole secret is set with no existing GCPSM secret", + args: args{ + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, + mock: smtc.mockClient, + GetSecretMockReturn: fakesm.SecretMockReturn{Secret: &secret, Err: nil}, + AccessSecretVersionMockReturn: fakesm.AccessSecretVersionMockReturn{Res: &res, Err: nil}, + AddSecretVersionMockReturn: fakesm.AddSecretVersionMockReturn{SecretVersion: &secretVersion, Err: nil}}, + want: want{ + err: nil, + }, + secret: &corev1.Secret{Data: map[string][]byte{"key1": []byte(`value1`), "key2": []byte(`value2`)}}, + }, } for _, tc := range tests { t.Run(tc.desc, func(t *testing.T) { @@ -814,7 +828,10 @@ func TestPushSecret(t *testing.T) { smClient: tc.args.mock, store: tc.args.store, } - s := &corev1.Secret{Data: map[string][]byte{secretKey: []byte("fake-value")}} + s := tc.secret + if s == nil { + s = &corev1.Secret{Data: map[string][]byte{secretKey: []byte("fake-value")}} + } data := testingfake.PushSecretData{ SecretKey: secretKey, Metadata: tc.args.Metadata, From 943a51d8d56e78b6d36bd72555c02fc95acecc1d Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Tue, 2 Jul 2024 05:34:54 -0300 Subject: [PATCH 144/517] bump e2e pipeline (#3646) Signed-off-by: Gustavo Carvalho --- .github/workflows/e2e.yml | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index cf7825bda70..f3777a31c82 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -20,6 +20,7 @@ env: # Common users. We can't run a step 'if secrets.GHCR_USERNAME != ""' but we can run # a step 'if env.GHCR_USERNAME' != ""', so we copy these to succinctly test whether # credentials have been provided before trying to run steps that need them. + TARGET_SHA: ${{ github.event.client_payload.slash_command.args.named.sha }} GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }} GCP_SM_SA_JSON: ${{ secrets.GCP_SM_SA_JSON}} GCP_GKE_ZONE: ${{ secrets.GCP_GKE_ZONE}} @@ -83,12 +84,13 @@ jobs: - name: Fork based /ok-to-test checkout uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 with: - ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge' + ref: '${{ env.TARGET_SHA }}' - name: Fetch History run: git fetch --prune --unshallow - - uses: ./.github/actions/e2e + - id: e2e + uses: ./.github/actions/e2e # Update check run called "integration-fork" - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 @@ -123,3 +125,28 @@ jobs: conclusion: process.env.conclusion }); return result; + - name: Find Comment + if: always() + uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 + id: fc + with: + issue-number: ${{ github.event.client_payload.pull_request.number }} + body-includes: /ok-to-test sha=${{ env.TARGET_SHA }} + - name: Update on Succeess + if: always() && steps.fc.outputs.comment-id != '' && steps.e2e.conclusion == 'success' + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + with: + issue-number: ${{ github.event.client_payload.pull_request.number }} + body: | + [Bot] - :white_check_mark: [e2e tests pass](https://github.com/external-secrets/external-secrets/actions/runs/${{ steps.update-check-run.outputs.result.id }}) + reactions: +1 + edit-mode: append + - name: Update on Failure + if: always() && steps.fc.outputs.comment-id != '' && steps.e2e.conclusion != 'success' + uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 + with: + issue-number: ${{ github.event.client_payload.pull_request.number }} + body: | + [Bot] - :x: [e2e tests failed](https://github.com/external-secrets/external-secrets/actions/runs/${{ steps.update-check-run.outputs.result.id }}) + reactions: -1 + edit-mode: append \ No newline at end of file From 3909efa367195c518468890e9c5ab7565c970ed8 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Tue, 2 Jul 2024 05:48:36 -0300 Subject: [PATCH 145/517] fix e2e permissions (#3647) Signed-off-by: Gustavo Carvalho --- .github/workflows/e2e.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index f3777a31c82..965a5fb6d3e 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -6,7 +6,7 @@ on: permissions: contents: read - + issues: write name: e2e tests env: From 4aeba81f07bf1808cea67c2eb2b5632efaaccda0 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Tue, 2 Jul 2024 07:09:35 -0300 Subject: [PATCH 146/517] bump docs with e2e commands (#3648) --- docs/contributing/process.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/contributing/process.md b/docs/contributing/process.md index 5f0a84c3190..983d1acc83d 100644 --- a/docs/contributing/process.md +++ b/docs/contributing/process.md @@ -38,7 +38,11 @@ We have an extensive set of e2e tests that test the integration with *real* clou Maintainers must trigger these kind of tests manually for PRs that come from forked repositories. These tests run inside a `kind` cluster in the GitHub Actions runner: ``` -/ok-to-test sha=xxxxxx +/ok-to-test sha= +``` +Examples: +``` +/ok-to-test sha=b8ca0040200a7a05d57048d86a972fdf833b8c9b ``` #### Executing e2e tests locally From 6c8e9aa6d0b728dc0c27fd24d1503d502d494384 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Tue, 2 Jul 2024 07:13:54 -0300 Subject: [PATCH 147/517] also needs pull-requests (#3649) Signed-off-by: Gustavo Carvalho --- .github/workflows/e2e.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 965a5fb6d3e..8c2fec63756 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -7,6 +7,7 @@ on: permissions: contents: read issues: write + pull-requests: write name: e2e tests env: From 4d9e0c37fff176960b921b4dc3f9c74624833301 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Tue, 2 Jul 2024 11:18:32 -0300 Subject: [PATCH 148/517] use github token to allow comment (#3651) Signed-off-by: Gustavo Carvalho --- .github/workflows/e2e.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 8c2fec63756..f7369e85972 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -131,12 +131,14 @@ jobs: uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 id: fc with: + token: ${{ secrets.GITHUB_TOKEN }} issue-number: ${{ github.event.client_payload.pull_request.number }} body-includes: /ok-to-test sha=${{ env.TARGET_SHA }} - name: Update on Succeess if: always() && steps.fc.outputs.comment-id != '' && steps.e2e.conclusion == 'success' uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: + token: ${{ secrets.GITHUB_TOKEN }} issue-number: ${{ github.event.client_payload.pull_request.number }} body: | [Bot] - :white_check_mark: [e2e tests pass](https://github.com/external-secrets/external-secrets/actions/runs/${{ steps.update-check-run.outputs.result.id }}) @@ -146,6 +148,7 @@ jobs: if: always() && steps.fc.outputs.comment-id != '' && steps.e2e.conclusion != 'success' uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: + token: ${{ secrets.GITHUB_TOKEN }} issue-number: ${{ github.event.client_payload.pull_request.number }} body: | [Bot] - :x: [e2e tests failed](https://github.com/external-secrets/external-secrets/actions/runs/${{ steps.update-check-run.outputs.result.id }}) From 93e9b4cef7fe26c20c11a27b0b5028582eea967f Mon Sep 17 00:00:00 2001 From: Doug Goldstein Date: Wed, 3 Jul 2024 00:42:34 -0500 Subject: [PATCH 149/517] fix(webhook): perform conversion of data (#3638) Instead of assuming that the data fields are strings that can be converted to byte array, convert the actual type to a byte array. fixes #3239 Signed-off-by: Doug Goldstein --- pkg/common/webhook/webhook.go | 10 +++++----- pkg/provider/webhook/webhook_test.go | 28 ++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+), 5 deletions(-) diff --git a/pkg/common/webhook/webhook.go b/pkg/common/webhook/webhook.go index 34989bc8933..f8d13435e57 100644 --- a/pkg/common/webhook/webhook.go +++ b/pkg/common/webhook/webhook.go @@ -35,6 +35,7 @@ import ( "github.com/external-secrets/external-secrets/pkg/constants" "github.com/external-secrets/external-secrets/pkg/metrics" "github.com/external-secrets/external-secrets/pkg/template/v2" + "github.com/external-secrets/external-secrets/pkg/utils" "github.com/external-secrets/external-secrets/pkg/utils/resolvers" ) @@ -106,12 +107,11 @@ func (w *Webhook) GetSecretMap(ctx context.Context, provider *Spec, ref *esv1bet } // Change the map of generic objects to a map of byte arrays values := make(map[string][]byte) - for rKey, rValue := range jsonvalue { - jVal, ok := rValue.(string) - if !ok { - return nil, fmt.Errorf("failed to get response (wrong type in key '%s': %T)", rKey, rValue) + for rKey := range jsonvalue { + values[rKey], err = utils.GetByteValueFromMap(jsonvalue, rKey) + if err != nil { + return nil, fmt.Errorf("failed to get response for key '%s': %w", rKey, err) } - values[rKey] = []byte(jVal) } return values, nil } diff --git a/pkg/provider/webhook/webhook_test.go b/pkg/provider/webhook/webhook_test.go index d6a5cd678fd..a7fbe476fea 100644 --- a/pkg/provider/webhook/webhook_test.go +++ b/pkg/provider/webhook/webhook_test.go @@ -299,6 +299,34 @@ want: path: /api/getsecret?id=testkey&version=1 err: '' result: "RE/DACTED==" +--- +case: good json with mixed fields and jsonpath filter +args: + url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }} + key: testkey + version: 1 + jsonpath: $.result.thesecret + response: '{"result":{"thesecret":"secret-value","alsosecret":"another-value", "id": 1234, "weight": 1.5}}' +want: + path: /api/getsecret?id=testkey&version=1 + err: '' + result: secret-value +--- +case: good json with mixed fields to map +args: + url: /api/getsecret?id={{ .remoteRef.key }}&version={{ .remoteRef.version }} + key: testkey + version: 1 + jsonpath: $.result + response: '{"result":{"thesecret":"secret-value","alsosecret":"another-value", "id": 1234, "weight": 1.5}}' +want: + path: /api/getsecret?id=testkey&version=1 + err: '' + resultmap: + thesecret: secret-value + alsosecret: another-value + id: 1234 + weight: 1.5 ` func TestWebhookGetSecret(t *testing.T) { From 504b5506f414b0f24268d6ff48ae5546eec1b907 Mon Sep 17 00:00:00 2001 From: Christophe Collot <52134228+CCOLLOT@users.noreply.github.com> Date: Wed, 3 Jul 2024 08:38:01 +0200 Subject: [PATCH 150/517] feat: implement pushing whole k8s secret to Azure Keyvault (#3650) * feat: implement pushing whole secrets to azure keyvault Signed-off-by: Christophe Collot * bump e2e pipeline (#3646) Signed-off-by: Gustavo Carvalho Signed-off-by: Christophe Collot * fix e2e permissions (#3647) Signed-off-by: Gustavo Carvalho Signed-off-by: Christophe Collot * bump docs with e2e commands (#3648) Signed-off-by: Christophe Collot * also needs pull-requests (#3649) Signed-off-by: Gustavo Carvalho Signed-off-by: Christophe Collot * style: remove unnecessary line Signed-off-by: Christophe Collot * style: remove trailing line Signed-off-by: Christophe Collot --------- Signed-off-by: Christophe Collot Signed-off-by: Gustavo Carvalho Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> --- pkg/provider/azure/keyvault/keyvault.go | 17 +++++++- pkg/provider/azure/keyvault/keyvault_test.go | 46 +++++++++++++++++--- 2 files changed, 54 insertions(+), 9 deletions(-) diff --git a/pkg/provider/azure/keyvault/keyvault.go b/pkg/provider/azure/keyvault/keyvault.go index 9e87d7ac93c..e629bb900ad 100644 --- a/pkg/provider/azure/keyvault/keyvault.go +++ b/pkg/provider/azure/keyvault/keyvault.go @@ -531,12 +531,25 @@ func (a *Azure) setKeyVaultKey(ctx context.Context, secretName string, value []b // PushSecret stores secrets into a Key vault instance. func (a *Azure) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { + var ( + value []byte + err error + ) if data.GetSecretKey() == "" { - return fmt.Errorf("pushing the whole secret is not yet implemented") + // Must convert secret values to string, otherwise data will be sent as base64 to Vault + secretStringVal := make(map[string]string) + for k, v := range secret.Data { + secretStringVal[k] = string(v) + } + value, err = utils.JSONMarshal(secretStringVal) + if err != nil { + return fmt.Errorf("failed to serialize secret content as JSON: %w", err) + } + } else { + value = secret.Data[data.GetSecretKey()] } objectType, secretName := getObjType(esv1beta1.ExternalSecretDataRemoteRef{Key: data.GetRemoteKey()}) - value := secret.Data[data.GetSecretKey()] switch objectType { case defaultObjType: return a.setKeyVaultSecret(ctx, secretName, value) diff --git a/pkg/provider/azure/keyvault/keyvault_test.go b/pkg/provider/azure/keyvault/keyvault_test.go index 02bb11e31fc..febffa8ace3 100644 --- a/pkg/provider/azure/keyvault/keyvault_test.go +++ b/pkg/provider/azure/keyvault/keyvault_test.go @@ -61,9 +61,10 @@ type secretManagerTestCase struct { setValue []byte expectedSecret string // for testing secretmap - expectedData map[string][]byte - + expectedData map[string][]byte expectedExistence bool + // for testing pushing multi-key k8s secrets + secret *corev1.Secret } func makeValidSecretManagerTestCase() *secretManagerTestCase { @@ -427,6 +428,24 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } smtc.expectError = errNotManaged } + wholeSecretNoKey := func(smtc *secretManagerTestCase) { + wholeSecretMap := map[string][]byte{"key1": []byte(`value1`), "key2": []byte(`value2`)} + wholeSecretString := `{"key1": "value1", "key2": "value2" }` + wholeSecret := &corev1.Secret{Data: wholeSecretMap} + smtc.secret = wholeSecret + smtc.pushData = testingfake.PushSecretData{ + RemoteKey: secretName, + } + smtc.secretOutput = keyvault.SecretBundle{ + Tags: map[string]*string{ + "managed-by": pointer.To("external-secrets"), + }, + Value: &wholeSecretString, + } + + smtc.expectedData = wholeSecretMap + } + secretNoTags := func(smtc *secretManagerTestCase) { smtc.setValue = []byte(goodSecret) smtc.pushData = testingfake.PushSecretData{ @@ -772,6 +791,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { makeValidSecretManagerTestCaseCustom(failedNotParseableError), makeValidSecretManagerTestCaseCustom(failedSetSecret), makeValidSecretManagerTestCaseCustom(typeNotSupported), + makeValidSecretManagerTestCaseCustom(wholeSecretNoKey), } sm := Azure{ @@ -779,12 +799,14 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } for k, v := range successCases { sm.baseClient = v.mockClient - secret := &corev1.Secret{ - Data: map[string][]byte{ - secretKey: v.setValue, - }, + if v.secret == nil { + v.secret = &corev1.Secret{ + Data: map[string][]byte{ + secretKey: v.setValue, + }, + } } - err := sm.PushSecret(context.Background(), secret, v.pushData) + err := sm.PushSecret(context.Background(), v.secret, v.pushData) if !utils.ErrorContains(err, v.expectError) { if err == nil { t.Errorf("[%d] unexpected error: , expected: '%s'", k, v.expectError) @@ -792,6 +814,16 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { t.Errorf("[%d] unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError) } } + if len(v.expectedData) > 0 { + sm.baseClient = v.mockClient + out, err := sm.GetSecretMap(context.Background(), *v.ref) + if !utils.ErrorContains(err, v.expectError) { + t.Errorf("[%d] unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError) + } + if err == nil && !reflect.DeepEqual(out, v.expectedData) { + t.Errorf("[%d] unexpected secret data: expected %#v, got %#v", k, v.expectedData, out) + } + } } } From 2053df7b7c40ee40f52f31731a1370d5783acae7 Mon Sep 17 00:00:00 2001 From: Andrew Gunnerson <151555334+agunnerson-elastic@users.noreply.github.com> Date: Wed, 3 Jul 2024 19:56:38 -0400 Subject: [PATCH 151/517] fix(vault): Treat tokens expiring in <60s as expired (#3637) * fix(vault): Treat tokens expiring in <60s as expired Without this, it's possible to hit a TOCTOU issue where checkToken() sees a valid token, but it expires before the actual operation is performed. This condition is only reachable when the experimental caching feature is enabled. 60 seconds was chosen as a sane (but arbitrary) value. It should be more than enough to cover the amount of time between checkToken() and the actual operation. Signed-off-by: Andrew Gunnerson * ADOPTERS.md: Add Elastic Signed-off-by: Andrew Gunnerson --------- Signed-off-by: Andrew Gunnerson --- ADOPTERS.md | 1 + pkg/provider/vault/auth.go | 19 +++++++++ pkg/provider/vault/auth_test.go | 69 +++++++++++++++++++++++++++++++++ 3 files changed, 89 insertions(+) diff --git a/ADOPTERS.md b/ADOPTERS.md index 46ce154bbd1..3d43bbbb72a 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -7,6 +7,7 @@ - [Container Solutions](http://container-solutions.com/) - [DaangnPay](https://www.daangnpay.com/) - [Epidemic Sound](https://www.epidemicsound.com/) +- [Elastic](https://www.elastic.co/) - [Fivetran](https://www.fivetran.com) - [Form3](https://www.form3.tech/) - [GoTo](https://www.goto.com/) diff --git a/pkg/provider/vault/auth.go b/pkg/provider/vault/auth.go index ffced508503..c924b1a3dca 100644 --- a/pkg/provider/vault/auth.go +++ b/pkg/provider/vault/auth.go @@ -16,6 +16,7 @@ package vault import ( "context" + "encoding/json" "errors" "fmt" @@ -160,6 +161,24 @@ func checkToken(ctx context.Context, token util.Token) (bool, error) { if tokenType == "batch" { return false, nil } + ttl, ok := resp.Data["ttl"] + if !ok { + return false, fmt.Errorf("no TTL found in response") + } + ttlInt, err := ttl.(json.Number).Int64() + if err != nil { + return false, fmt.Errorf("invalid token TTL: %v: %w", ttl, err) + } + expireTime, ok := resp.Data["expire_time"] + if !ok { + return false, fmt.Errorf("no expiration time found in response") + } + if ttlInt < 60 && expireTime != nil { + // Treat expirable tokens that are about to expire as already expired. + // This ensures that the token won't expire in between this check and + // performing the actual operation. + return false, nil + } return true, nil } diff --git a/pkg/provider/vault/auth_test.go b/pkg/provider/vault/auth_test.go index 5431332daf8..af5dcc23dd1 100644 --- a/pkg/provider/vault/auth_test.go +++ b/pkg/provider/vault/auth_test.go @@ -16,6 +16,7 @@ package vault import ( "context" + "encoding/json" "errors" "testing" @@ -208,3 +209,71 @@ func TestCheckTokenErrors(t *testing.T) { }) } } + +func TestCheckTokenTtl(t *testing.T) { + cases := map[string]struct { + message string + secret *vault.Secret + cache bool + }{ + "LongTTLExpirable": { + message: "should cache if expirable token expires far into the future", + secret: &vault.Secret{ + Data: map[string]interface{}{ + "expire_time": "2024-01-01T00:00:00.000000000Z", + "ttl": json.Number("3600"), + "type": "service", + }, + }, + cache: true, + }, + "ShortTTLExpirable": { + message: "should not cache if expirable token is about to expire", + secret: &vault.Secret{ + Data: map[string]interface{}{ + "expire_time": "2024-01-01T00:00:00.000000000Z", + "ttl": json.Number("5"), + "type": "service", + }, + }, + cache: false, + }, + "ZeroTTLExpirable": { + message: "should not cache if expirable token has TTL of 0", + secret: &vault.Secret{ + Data: map[string]interface{}{ + "expire_time": "2024-01-01T00:00:00.000000000Z", + "ttl": json.Number("0"), + "type": "service", + }, + }, + cache: false, + }, + "NonExpirable": { + message: "should cache if token is non-expirable", + secret: &vault.Secret{ + Data: map[string]interface{}{ + "expire_time": nil, + "ttl": json.Number("0"), + "type": "service", + }, + }, + cache: true, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + token := fake.Token{ + LookupSelfWithContextFn: func(ctx context.Context) (*vault.Secret, error) { + return tc.secret, nil + }, + } + + cached, err := checkToken(context.Background(), token) + if cached != tc.cache || err != nil { + t.Errorf("%v: err = %v", tc.message, err) + } + }) + } +} From 67fccd4fcaab7cb34a10a27e18ca877c961d4585 Mon Sep 17 00:00:00 2001 From: Shuhei Kitagawa Date: Thu, 4 Jul 2024 08:56:55 +0900 Subject: [PATCH 152/517] Allow specifying the same namespace for SecretStores (#3555) * Allow specifying the same namespace for SecretStores Signed-off-by: shuheiktgw * Fix unit tests Signed-off-by: shuheiktgw --------- Signed-off-by: shuheiktgw --- pkg/provider/chef/chef_test.go | 2 +- pkg/provider/doppler/doppler_test.go | 2 +- pkg/provider/fortanix/provider_test.go | 2 +- pkg/provider/gitlab/gitlab_test.go | 2 +- pkg/provider/ibm/provider_test.go | 2 +- pkg/provider/onboardbase/onboardbase_test.go | 2 +- pkg/provider/onepassword/onepassword_test.go | 2 +- pkg/provider/oracle/oracle_test.go | 4 +- pkg/utils/utils.go | 10 +- pkg/utils/utils_test.go | 311 +++++++++++++++++++ 10 files changed, 325 insertions(+), 14 deletions(-) diff --git a/pkg/provider/chef/chef_test.go b/pkg/provider/chef/chef_test.go index 107e2471d98..d5f16e9e277 100644 --- a/pkg/provider/chef/chef_test.go +++ b/pkg/provider/chef/chef_test.go @@ -302,7 +302,7 @@ func TestValidateStore(t *testing.T) { }, { store: makeSecretStore(name, baseURL, makeAuth(authName, authNamespace, authKey)), - err: fmt.Errorf("received invalid Chef SecretStore resource: namespace not allowed with namespaced SecretStore"), + err: fmt.Errorf("received invalid Chef SecretStore resource: namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), }, { store: &esv1beta1.SecretStore{ diff --git a/pkg/provider/doppler/doppler_test.go b/pkg/provider/doppler/doppler_test.go index 23f96048a94..01c87ebe7e2 100644 --- a/pkg/provider/doppler/doppler_test.go +++ b/pkg/provider/doppler/doppler_test.go @@ -423,7 +423,7 @@ func TestValidateStore(t *testing.T) { { label: "invalid store namespace not allowed", store: makeSecretStore(withAuth(secretName, "", &namespace)), - err: fmt.Errorf("invalid store: namespace not allowed with namespaced SecretStore"), + err: fmt.Errorf("invalid store: namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), }, { label: "valid provide optional dopplerToken.key", diff --git a/pkg/provider/fortanix/provider_test.go b/pkg/provider/fortanix/provider_test.go index 963279babe7..9476012ee95 100644 --- a/pkg/provider/fortanix/provider_test.go +++ b/pkg/provider/fortanix/provider_test.go @@ -199,7 +199,7 @@ func TestValidateStore(t *testing.T) { }, }, }, - want: errors.New("namespace not allowed with namespaced SecretStore"), + want: errors.New("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), }, } for name, tc := range tests { diff --git a/pkg/provider/gitlab/gitlab_test.go b/pkg/provider/gitlab/gitlab_test.go index 2848078880d..8930a93b59e 100644 --- a/pkg/provider/gitlab/gitlab_test.go +++ b/pkg/provider/gitlab/gitlab_test.go @@ -861,7 +861,7 @@ func TestValidateStore(t *testing.T) { }, { store: makeSecretStore(project, environment, withAccessToken("userName", "userKey", &namespace)), - err: fmt.Errorf("namespace not allowed with namespaced SecretStore"), + err: fmt.Errorf("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), }, { store: makeSecretStore(project, environment, withAccessToken("userName", "userKey", nil)), diff --git a/pkg/provider/ibm/provider_test.go b/pkg/provider/ibm/provider_test.go index 7e72ebda8f0..b9268ac5c83 100644 --- a/pkg/provider/ibm/provider_test.go +++ b/pkg/provider/ibm/provider_test.go @@ -188,7 +188,7 @@ func TestValidateStore(t *testing.T) { _, err = p.ValidateStore(store) if err == nil { t.Errorf(errExpectedErr) - } else if err.Error() != "namespace not allowed with namespaced SecretStore" { + } else if err.Error() != "namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore" { t.Errorf("KeySelector test failed: expected namespace not allowed, got %v", err) } diff --git a/pkg/provider/onboardbase/onboardbase_test.go b/pkg/provider/onboardbase/onboardbase_test.go index 8494afbab5c..9c373d5deaa 100644 --- a/pkg/provider/onboardbase/onboardbase_test.go +++ b/pkg/provider/onboardbase/onboardbase_test.go @@ -329,7 +329,7 @@ func TestValidateStore(t *testing.T) { { label: "invalid store namespace not allowed", store: makeSecretStore(withAuth(secretName, "", &namespace, "passcode")), - err: fmt.Errorf("invalid store: namespace not allowed with namespaced SecretStore"), + err: fmt.Errorf("invalid store: namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), }, { label: "valid provide optional onboardbaseAPIKey.key", diff --git a/pkg/provider/onepassword/onepassword_test.go b/pkg/provider/onepassword/onepassword_test.go index 27b7a96ea2d..c0124cc90c8 100644 --- a/pkg/provider/onepassword/onepassword_test.go +++ b/pkg/provider/onepassword/onepassword_test.go @@ -441,7 +441,7 @@ func TestValidateStore(t *testing.T) { }, }, }, - expectedErr: fmt.Errorf(errOnePasswordStore, fmt.Errorf("namespace not allowed with namespaced SecretStore")), + expectedErr: fmt.Errorf(errOnePasswordStore, fmt.Errorf("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore")), }, { checkNote: "invalid: more than one vault with the same number", diff --git a/pkg/provider/oracle/oracle_test.go b/pkg/provider/oracle/oracle_test.go index a472bb17a90..54284ab55f2 100644 --- a/pkg/provider/oracle/oracle_test.go +++ b/pkg/provider/oracle/oracle_test.go @@ -284,7 +284,7 @@ func TestValidateStore(t *testing.T) { }, { store: makeSecretStore(vaultOCID, region, withSecretAuth(userOCID, tenant), withPrivateKey(secretName, secretKey, &namespace)), - err: fmt.Errorf("namespace not allowed with namespaced SecretStore"), + err: fmt.Errorf("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), }, { store: makeSecretStore(vaultOCID, region, withSecretAuth(userOCID, tenant), withPrivateKey(secretName, "", nil)), @@ -296,7 +296,7 @@ func TestValidateStore(t *testing.T) { }, { store: makeSecretStore(vaultOCID, region, withSecretAuth(userOCID, tenant), withPrivateKey(secretName, secretKey, nil), withFingerprint(secretName, secretKey, &namespace)), - err: fmt.Errorf("namespace not allowed with namespaced SecretStore"), + err: fmt.Errorf("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), }, { store: makeSecretStore(vaultOCID, region, withSecretAuth(userOCID, tenant), withPrivateKey(secretName, secretKey, nil), withFingerprint(secretName, "", nil)), diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 50218b4b54c..e4961870cba 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -359,7 +359,7 @@ func ErrorContains(out error, want string) bool { } var ( - errNamespaceNotAllowed = errors.New("namespace not allowed with namespaced SecretStore") + errNamespaceNotAllowed = errors.New("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore") errRequireNamespace = errors.New("cluster scope requires namespace") ) @@ -371,7 +371,7 @@ func ValidateSecretSelector(store esv1beta1.GenericStore, ref esmeta.SecretKeySe if clusterScope && ref.Namespace == nil { return errRequireNamespace } - if !clusterScope && ref.Namespace != nil { + if !clusterScope && ref.Namespace != nil && *ref.Namespace != store.GetNamespace() { return errNamespaceNotAllowed } return nil @@ -383,7 +383,7 @@ func ValidateSecretSelector(store esv1beta1.GenericStore, ref esmeta.SecretKeySe // support referent auth. func ValidateReferentSecretSelector(store esv1beta1.GenericStore, ref esmeta.SecretKeySelector) error { clusterScope := store.GetObjectKind().GroupVersionKind().Kind == esv1beta1.ClusterSecretStoreKind - if !clusterScope && ref.Namespace != nil { + if !clusterScope && ref.Namespace != nil && *ref.Namespace != store.GetNamespace() { return errNamespaceNotAllowed } return nil @@ -397,7 +397,7 @@ func ValidateServiceAccountSelector(store esv1beta1.GenericStore, ref esmeta.Ser if clusterScope && ref.Namespace == nil { return errRequireNamespace } - if !clusterScope && ref.Namespace != nil { + if !clusterScope && ref.Namespace != nil && *ref.Namespace != store.GetNamespace() { return errNamespaceNotAllowed } return nil @@ -409,7 +409,7 @@ func ValidateServiceAccountSelector(store esv1beta1.GenericStore, ref esmeta.Ser // support referent auth. func ValidateReferentServiceAccountSelector(store esv1beta1.GenericStore, ref esmeta.ServiceAccountSelector) error { clusterScope := store.GetObjectKind().GroupVersionKind().Kind == esv1beta1.ClusterSecretStoreKind - if !clusterScope && ref.Namespace != nil { + if !clusterScope && ref.Namespace != nil && *ref.Namespace != store.GetNamespace() { return errNamespaceNotAllowed } return nil diff --git a/pkg/utils/utils_test.go b/pkg/utils/utils_test.go index 4ecdc85a18c..9fae1fde5f3 100644 --- a/pkg/utils/utils_test.go +++ b/pkg/utils/utils_test.go @@ -16,6 +16,7 @@ package utils import ( "encoding/json" + "errors" "reflect" "testing" "time" @@ -24,9 +25,11 @@ import ( "github.com/oracle/oci-go-sdk/v65/vault" v1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + esmetav1 "github.com/external-secrets/external-secrets/apis/meta/v1" ) const ( @@ -904,3 +907,311 @@ func TestCompareStringAndByteSlices(t *testing.T) { }) } } + +func TestValidateSecretSelector(t *testing.T) { + tests := []struct { + desc string + store esv1beta1.GenericStore + ref esmetav1.SecretKeySelector + expected error + }{ + { + desc: "cluster secret store with namespace reference", + store: &esv1beta1.ClusterSecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.ClusterSecretStoreKind, + }, + }, + ref: esmetav1.SecretKeySelector{ + Namespace: Ptr("test"), + }, + expected: nil, + }, + { + desc: "secret store without namespace reference", + store: &esv1beta1.SecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.SecretStoreKind, + }, + }, + ref: esmetav1.SecretKeySelector{}, + expected: nil, + }, + { + desc: "secret store with the same namespace reference", + store: &esv1beta1.SecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.SecretStoreKind, + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + }, + }, + ref: esmetav1.SecretKeySelector{ + Namespace: Ptr("test"), + }, + expected: nil, + }, + { + desc: "cluster secret store without namespace reference", + store: &esv1beta1.ClusterSecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.ClusterSecretStoreKind, + }, + }, + ref: esmetav1.SecretKeySelector{}, + expected: errRequireNamespace, + }, + { + desc: "secret store with the different namespace reference", + store: &esv1beta1.SecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.SecretStoreKind, + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + }, + }, + ref: esmetav1.SecretKeySelector{ + Namespace: Ptr("different"), + }, + expected: errNamespaceNotAllowed, + }, + } + + for _, tt := range tests { + t.Run(tt.desc, func(t *testing.T) { + got := ValidateSecretSelector(tt.store, tt.ref) + if !errors.Is(got, tt.expected) { + t.Errorf("ValidateSecretSelector() got = %v, want = %v", got, tt.expected) + return + } + }) + } +} + +func TestValidateReferentSecretSelector(t *testing.T) { + tests := []struct { + desc string + store esv1beta1.GenericStore + ref esmetav1.SecretKeySelector + expected error + }{ + { + desc: "cluster secret store with namespace reference", + store: &esv1beta1.ClusterSecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.ClusterSecretStoreKind, + }, + }, + ref: esmetav1.SecretKeySelector{ + Namespace: Ptr("test"), + }, + expected: nil, + }, + { + desc: "secret store without namespace reference", + store: &esv1beta1.SecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.SecretStoreKind, + }, + }, + ref: esmetav1.SecretKeySelector{}, + expected: nil, + }, + { + desc: "secret store with the same namespace reference", + store: &esv1beta1.SecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.SecretStoreKind, + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + }, + }, + ref: esmetav1.SecretKeySelector{ + Namespace: Ptr("test"), + }, + expected: nil, + }, + { + desc: "secret store with the different namespace reference", + store: &esv1beta1.SecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.SecretStoreKind, + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + }, + }, + ref: esmetav1.SecretKeySelector{ + Namespace: Ptr("different"), + }, + expected: errNamespaceNotAllowed, + }, + } + + for _, tt := range tests { + t.Run(tt.desc, func(t *testing.T) { + got := ValidateReferentSecretSelector(tt.store, tt.ref) + if !errors.Is(got, tt.expected) { + t.Errorf("ValidateReferentSecretSelector() got = %v, want = %v", got, tt.expected) + return + } + }) + } +} + +func TestValidateServiceAccountSelector(t *testing.T) { + tests := []struct { + desc string + store esv1beta1.GenericStore + ref esmetav1.ServiceAccountSelector + expected error + }{ + { + desc: "cluster secret store with namespace reference", + store: &esv1beta1.ClusterSecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.ClusterSecretStoreKind, + }, + }, + ref: esmetav1.ServiceAccountSelector{ + Namespace: Ptr("test"), + }, + expected: nil, + }, + { + desc: "secret store without namespace reference", + store: &esv1beta1.SecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.SecretStoreKind, + }, + }, + ref: esmetav1.ServiceAccountSelector{}, + expected: nil, + }, + { + desc: "secret store with the same namespace reference", + store: &esv1beta1.SecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.SecretStoreKind, + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + }, + }, + ref: esmetav1.ServiceAccountSelector{ + Namespace: Ptr("test"), + }, + expected: nil, + }, + { + desc: "cluster secret store without namespace reference", + store: &esv1beta1.ClusterSecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.ClusterSecretStoreKind, + }, + }, + ref: esmetav1.ServiceAccountSelector{}, + expected: errRequireNamespace, + }, + { + desc: "secret store with the different namespace reference", + store: &esv1beta1.SecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.SecretStoreKind, + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + }, + }, + ref: esmetav1.ServiceAccountSelector{ + Namespace: Ptr("different"), + }, + expected: errNamespaceNotAllowed, + }, + } + + for _, tt := range tests { + t.Run(tt.desc, func(t *testing.T) { + got := ValidateServiceAccountSelector(tt.store, tt.ref) + if !errors.Is(got, tt.expected) { + t.Errorf("ValidateServiceAccountSelector() got = %v, want = %v", got, tt.expected) + return + } + }) + } +} + +func TestValidateReferentServiceAccountSelector(t *testing.T) { + tests := []struct { + desc string + store esv1beta1.GenericStore + ref esmetav1.ServiceAccountSelector + expected error + }{ + { + desc: "cluster secret store with namespace reference", + store: &esv1beta1.ClusterSecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.ClusterSecretStoreKind, + }, + }, + ref: esmetav1.ServiceAccountSelector{ + Namespace: Ptr("test"), + }, + expected: nil, + }, + { + desc: "secret store without namespace reference", + store: &esv1beta1.SecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.SecretStoreKind, + }, + }, + ref: esmetav1.ServiceAccountSelector{}, + expected: nil, + }, + { + desc: "secret store with the same namespace reference", + store: &esv1beta1.SecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.SecretStoreKind, + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + }, + }, + ref: esmetav1.ServiceAccountSelector{ + Namespace: Ptr("test"), + }, + expected: nil, + }, + { + desc: "secret store with the different namespace reference", + store: &esv1beta1.SecretStore{ + TypeMeta: metav1.TypeMeta{ + Kind: esv1beta1.SecretStoreKind, + }, + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + }, + }, + ref: esmetav1.ServiceAccountSelector{ + Namespace: Ptr("different"), + }, + expected: errNamespaceNotAllowed, + }, + } + + for _, tt := range tests { + t.Run(tt.desc, func(t *testing.T) { + got := ValidateReferentServiceAccountSelector(tt.store, tt.ref) + if !errors.Is(got, tt.expected) { + t.Errorf("ValidateReferentServiceAccountSelector() got = %v, want = %v", got, tt.expected) + return + } + }) + } +} From d7657e6feb40740b234d8f25f77b7c79f07506b4 Mon Sep 17 00:00:00 2001 From: Moritz Johner Date: Thu, 4 Jul 2024 01:57:53 +0200 Subject: [PATCH 153/517] docs: add proposal for PushSecret metadata (#3612) * docs: add proposal for PushSecret metadata Signed-off-by: Moritz Johner * docs: add examples for aws sm/ps Signed-off-by: Moritz Johner * docs: add note regarding old format Signed-off-by: Moritz Johner --------- Signed-off-by: Moritz Johner --- design/010-pushsecret-metadata.md | 198 ++++++++++++++++++++++++++++++ 1 file changed, 198 insertions(+) create mode 100644 design/010-pushsecret-metadata.md diff --git a/design/010-pushsecret-metadata.md b/design/010-pushsecret-metadata.md new file mode 100644 index 00000000000..84b822aacd9 --- /dev/null +++ b/design/010-pushsecret-metadata.md @@ -0,0 +1,198 @@ +```yaml +--- +title: PushSecret metadata +version: v1alpha1 +authors: Moritz Johner +creation-date: 2023-08-25 +status: draft +--- +``` + +# PushSecret Metadata + +[#2600](https://github.com/external-secrets/external-secrets/pull/2600) introduced a new feature that allows users to pass arbitrary `metadata` to the provider. + +The data is arbitrary json/yaml and can be anything. + +```yaml +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: pushsecret-example +spec: + # ... + data: + - match: + secretKey: key1 + remoteRef: + remoteKey: test1 + metadata: + annotations: + key1: value1 + labels: + key1: value1 + +``` + +Here is a overview of current implementations of PushSecret metadata: + +```yaml +# AWS Parameter Store +# more to come in https://github.com/external-secrets/external-secrets/pull/3581 +parameterStoreType: "..." +parameterStoreKeyID: "..." +``` + +```yaml +# GCP Secrets Manager +labels: {} +annotations: {} +``` + +```yaml +# AWS Secrets Manager +secretPushFormat: "..." +``` + +## Problem Description + +We will never be able to make disruptive changes, we can only append to the existing structure. + +**Why is that a problem?** + +It limits our ability to fix mistakes that have been merged and released. Having an `apiVersion` field would allow us decode the metadata differently and apply the appropriate logic in a code branch. + +This would simplify fixing simple mis-nomers or doing large-scale refactorings in the future. + +ESO is a community based project and relies on contributions from different backgrounds and experience levels. As a result, the approach and perspective to a solution highly depends +on the contributor and the reviewer. We will eventually have to align the structure or naming of metadata across providers once we see patterns emerge. + +## Proposed Solution + +I would propose to wrap the unstructured metadata in a Kubernetes *alike* resource containing an `apiVersion`, `kind` and `spec`. + +#### 1. Kubernetes Provider Example + +```yaml +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: pushsecret-example +spec: + # ... + data: + - match: + secretKey: key1 + remoteRef: + remoteKey: test1 + metadata: + apiVersion: kubernetes.external-secrets.io/v1alpha1 + kind: PushSecretMetadata + spec: + sourceMergePolicy: Merge + targetMergePolicy: Merge + labels: + color: red + annotations: + yes: please +``` + +#### 2. AWS Secrets Manager Example + +```yaml +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: pushsecret-example +spec: + # ... + data: + - match: + secretKey: key1 + remoteRef: + remoteKey: test1 + metadata: + apiVersion: secretsmanager.aws.external-secrets.io/v1alpha1 + kind: PushSecretMetadata + spec: + secretFormat: binary # string +``` + +#### 3. AWS Parameter Store Example + +```yaml +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: pushsecret-example +spec: + # ... + data: + - match: + secretKey: key1 + remoteRef: + remoteKey: test1 + metadata: + apiVersion: parameterstore.aws.external-secrets.io/v1alpha1 + kind: PushSecretMetadata + spec: + tier: "Advanced" + type: "StringList" + keyID: "arn:..." + policies: + - type: "ExpirationNotification" + version: "1.0" + attributes: + before: "15" + unit: "Days" +``` + +**PROS** +- familiar structure for Kubernetes users, other projectes use that pattern already +- we may be able to re-use existing tooling, e.g. for validating the structure and generating documentation + +**CONS** +- may confuse users if they encounter a nested custom resource +- a little bit of boilerplate to chew through + + +### What would we do with the existing implementations? + +We should keep them as a backward compatible measure for the `v1alpha1` stage and remove them with the `v1beta1` release. We can remove them from the documentation right away and only document the "new" scheme. The old scheme is still accessible through the version switch in the docs. This allows us to slowly direct users to the new scheme. + +With a PushSecret `v1beta1` we can consider removing those APIs. + + +## Alternatives + +The minimum would be to have a `version` field which provides a hint for decoding the structure in `spec`. That is technically enough to meet the requirements outlined above. + + +```yaml +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: pushsecret-example +spec: + # ... + data: + - match: + secretKey: key1 + remoteRef: + remoteKey: test1 + metadata: + version: kubernetes/v1alpha1 + spec: + sourceMergePolicy: Merge + targetMergePolicy: Merge + labels: + color: red + annotations: + yes: please +``` + +**PROS** +- more concise, less boilerplate + +**CONS** +- no ability to directly re-use existing tooling From 2be716aff45df384fed8e209fb7fa4b7ed65c445 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Thu, 4 Jul 2024 07:37:14 -0300 Subject: [PATCH 154/517] fix github credentials (#3656) Signed-off-by: Gustavo Carvalho --- .github/workflows/e2e.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index f7369e85972..0750a8817df 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -103,7 +103,7 @@ jobs: # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run conclusion: ${{ job.status }} with: - github-token: ${{ secrets.GITHUB_TOKEN }} + github-token: ${{ secrets.TEST_GITHUB_TOKEN }} script: | const { data: pull } = await github.rest.pulls.get({ ...context.repo, @@ -131,14 +131,14 @@ jobs: uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 id: fc with: - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.TEST_GITHUB_TOKEN }} issue-number: ${{ github.event.client_payload.pull_request.number }} body-includes: /ok-to-test sha=${{ env.TARGET_SHA }} - name: Update on Succeess if: always() && steps.fc.outputs.comment-id != '' && steps.e2e.conclusion == 'success' uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.TEST_GITHUB_TOKEN }} issue-number: ${{ github.event.client_payload.pull_request.number }} body: | [Bot] - :white_check_mark: [e2e tests pass](https://github.com/external-secrets/external-secrets/actions/runs/${{ steps.update-check-run.outputs.result.id }}) @@ -148,7 +148,7 @@ jobs: if: always() && steps.fc.outputs.comment-id != '' && steps.e2e.conclusion != 'success' uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: - token: ${{ secrets.GITHUB_TOKEN }} + token: ${{ secrets.TEST_GITHUB_TOKEN }} issue-number: ${{ github.event.client_payload.pull_request.number }} body: | [Bot] - :x: [e2e tests failed](https://github.com/external-secrets/external-secrets/actions/runs/${{ steps.update-check-run.outputs.result.id }}) From 4e444ce150303a190594ba21ad1991d60c62ed46 Mon Sep 17 00:00:00 2001 From: shazib Date: Sat, 6 Jul 2024 09:30:42 +0500 Subject: [PATCH 155/517] docs: updated k8s support for ESO v0.9 (#3659) --- docs/introduction/stability-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/introduction/stability-support.md b/docs/introduction/stability-support.md index fce59a6085a..189dbfa00ce 100644 --- a/docs/introduction/stability-support.md +++ b/docs/introduction/stability-support.md @@ -19,7 +19,7 @@ We want to cover the following cases: | ESO Version | Kubernetes Version | Release Date | End of Life | | ----------- | ------------------ | ------------ | -------------- | -| 0.9.x | 1.19 → 1.29 | Jun 22, 2023 | Release of 1.1 | +| 0.9.x | 1.19 → 1.30 | Jun 22, 2023 | Release of 1.1 | | 0.8.x | 1.19 → 1.28 | Mar 16, 2023 | Release of 1.0 | | 0.7.x | 1.19 → 1.26 | Dec 11, 2022 | Jun 22, 2023 | | 0.6.x | 1.19 → 1.24 | Oct 9, 2022 | Mar 16, 2023 | From 374c7bf019be9678c99b90103cc17141dce3d1eb Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Sat, 6 Jul 2024 15:59:44 -0300 Subject: [PATCH 156/517] chore: bump to 0.9.20 (#3660) * chore: bump to 0.9.20 Signed-off-by: Gustavo Carvalho * bump docs Signed-off-by: Gustavo Carvalho --------- Signed-off-by: Gustavo Carvalho --- deploy/charts/external-secrets/Chart.yaml | 4 ++-- deploy/charts/external-secrets/README.md | 2 +- .../cert_controller_test.yaml.snap | 10 +++++----- .../__snapshot__/controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/crds_test.yaml.snap | 19 +++++++++++++++++-- .../tests/__snapshot__/webhook_test.yaml.snap | 14 +++++++------- 6 files changed, 37 insertions(+), 22 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index 17b32c53b70..b3026bc2046 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.9.19" -appVersion: "v0.9.19" +version: "0.9.20" +appVersion: "v0.9.20" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index 74334201250..1ce3bb8ac66 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.19](https://img.shields.io/badge/Version-0.9.19-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.20](https://img.shields.io/badge/Version-0.9.20-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 3700d6b7e5e..b46f74d55a2 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.19 - helm.sh/chart: external-secrets-0.9.19 + app.kubernetes.io/version: v0.9.20 + helm.sh/chart: external-secrets-0.9.20 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.19 - helm.sh/chart: external-secrets-0.9.19 + app.kubernetes.io/version: v0.9.20 + helm.sh/chart: external-secrets-0.9.20 spec: automountServiceAccountToken: true containers: @@ -41,7 +41,7 @@ should match snapshot of default values: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: ghcr.io/external-secrets/external-secrets:v0.9.19 + image: ghcr.io/external-secrets/external-secrets:v0.9.20 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 172a76a00cf..cd326b6615c 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.19 - helm.sh/chart: external-secrets-0.9.19 + app.kubernetes.io/version: v0.9.20 + helm.sh/chart: external-secrets-0.9.20 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.19 - helm.sh/chart: external-secrets-0.9.19 + app.kubernetes.io/version: v0.9.20 + helm.sh/chart: external-secrets-0.9.20 spec: automountServiceAccountToken: true containers: @@ -34,7 +34,7 @@ should match snapshot of default values: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: ghcr.io/external-secrets/external-secrets:v0.9.19 + image: ghcr.io/external-secrets/external-secrets:v0.9.20 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 6327f42a0f9..76d60adbbeb 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -2988,6 +2988,23 @@ should match snapshot of default values: type: object type: object type: object + authRef: + description: A reference to a secret that contains the auth information. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object remoteNamespace: default: default description: Remote namespace to fetch the secrets from @@ -3028,8 +3045,6 @@ should match snapshot of default values: description: configures the Kubernetes server Address. type: string type: object - required: - - auth type: object onboardbase: description: Onboardbase configures this store to sync secrets using the Onboardbase provider diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index dc72a269fba..58c619fbfb2 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.19 - helm.sh/chart: external-secrets-0.9.19 + app.kubernetes.io/version: v0.9.20 + helm.sh/chart: external-secrets-0.9.20 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.19 - helm.sh/chart: external-secrets-0.9.19 + app.kubernetes.io/version: v0.9.20 + helm.sh/chart: external-secrets-0.9.20 spec: automountServiceAccountToken: true containers: @@ -39,7 +39,7 @@ should match snapshot of default values: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: ghcr.io/external-secrets/external-secrets:v0.9.19 + image: ghcr.io/external-secrets/external-secrets:v0.9.20 imagePullPolicy: IfNotPresent name: webhook ports: @@ -83,8 +83,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.19 + app.kubernetes.io/version: v0.9.20 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.9.19 + helm.sh/chart: external-secrets-0.9.20 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From e6e96a1e4589ff29b97ae9db6e6a2498f67bf58d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 11:57:21 +0300 Subject: [PATCH 157/517] chore(deps): bump golang from 1.22.4 to 1.22.5 (#3662) Bumps golang from 1.22.4 to 1.22.5. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.standalone | 2 +- tilt.debug.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index a8caec3c6ab..fac4f0afe41 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.22.4-alpine@sha256:ace6cc3fe58d0c7b12303c57afe6d6724851152df55e08057b43990b927ad5e8 AS builder +FROM golang:1.22.5-alpine@sha256:8c9183f715b0b4eca05b8b3dbf59766aaedb41ec07477b132ee2891ac0110a07 AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index bdbd4a888bc..cbfabb3fa71 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.4@sha256:a66eda637829ce891e9cf61ff1ee0edf544e1f6c5b0e666c7310dce231a66f28 +FROM golang:1.22.5@sha256:fcae9e0e7313c6467a7c6632ebb5e5fab99bd39bd5eb6ee34a211353e647827a WORKDIR / COPY ./bin/external-secrets /external-secrets From 4045fe9ae6da1468f57ad9b4fc37585dbe180a9e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 11:57:46 +0300 Subject: [PATCH 158/517] chore(deps): bump distroless/static from `4197211` to `ce46866` (#3663) Bumps distroless/static from `4197211` to `ce46866`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile | 2 +- Dockerfile.standalone | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index eac528e8f89..4d474a551e5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM gcr.io/distroless/static@sha256:41972110a1c1a5c0b6adb283e8aa092c43c31f7c5d79b8656fbffff2c3e61f05 +FROM gcr.io/distroless/static@sha256:ce46866b3a5170db3b49364900fb3168dc0833dfb46c26da5c77f22abb01d8c3 ARG TARGETOS ARG TARGETARCH COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets diff --git a/Dockerfile.standalone b/Dockerfile.standalone index fac4f0afe41..846318df8a0 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -12,7 +12,7 @@ COPY . /app/ RUN go build -o external-secrets main.go -FROM gcr.io/distroless/static@sha256:41972110a1c1a5c0b6adb283e8aa092c43c31f7c5d79b8656fbffff2c3e61f05 AS app +FROM gcr.io/distroless/static@sha256:ce46866b3a5170db3b49364900fb3168dc0833dfb46c26da5c77f22abb01d8c3 AS app COPY --from=builder /app/external-secrets /bin/external-secrets # Run as UID for nobody From eea2e8092e7f5494bac28469fca3731142e8ca14 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 06:16:47 -0300 Subject: [PATCH 159/517] chore(deps): bump docker/setup-buildx-action from 3.3.0 to 3.4.0 (#3665) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.3.0 to 3.4.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/d70bba72b1f3fd22344832f00baa16ece964efeb...4fd812986e6c8c2a69e18311145f9371337f27d4) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4edf88978d5..a924da14bf6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -60,7 +60,7 @@ jobs: platforms: all - name: Setup Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 + uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 with: version: 'v0.4.2' install: true From cec59321d9aae1a6ad3fdce53014c101a73fc94e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 06:17:07 -0300 Subject: [PATCH 160/517] chore(deps): bump docker/setup-qemu-action from 3.0.0 to 3.1.0 (#3666) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/68827325e0b33c7199eb31dd4e31fbe9023e06e3...5927c834f5b4fdf503fca6f4c7eccda82949e1ee) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a924da14bf6..e96330be68a 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -55,7 +55,7 @@ jobs: ref: ${{ inputs.ref }} - name: Setup QEMU - uses: docker/setup-qemu-action@68827325e0b33c7199eb31dd4e31fbe9023e06e3 # v3.0.0 + uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0 with: platforms: all From 4e3ff324e60ee51a570e86abf89ab6c747793af7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 06:17:25 -0300 Subject: [PATCH 161/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3667) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.27 to 9.5.28. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.27...9.5.28) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index d576e478e6b..5e1c7bcd590 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.0 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.27 +mkdocs-material==9.5.28 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 From fae2aecbb791cb46aa26bc06c9dbefb329060c0c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 06:17:42 -0300 Subject: [PATCH 162/517] chore(deps): bump certifi from 2024.6.2 to 2024.7.4 in /hack/api-docs (#3668) Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.6.2 to 2024.7.4. - [Commits](https://github.com/certifi/python-certifi/compare/2024.06.02...2024.07.04) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 5e1c7bcd590..b2c849bfb02 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -1,5 +1,5 @@ Babel==2.15.0 -certifi==2024.6.2 +certifi==2024.7.4 charset-normalizer==3.3.2 click==8.1.7 colorama==0.4.6 From 01a96d6fa4ee9a10d960a38082391a151054b06f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 06:17:58 -0300 Subject: [PATCH 163/517] chore(deps): bump golang from 1.22.4-bookworm to 1.22.5-bookworm in /e2e (#3669) Bumps golang from 1.22.4-bookworm to 1.22.5-bookworm. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index e4378cd7c69..1b6c3c2eec8 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.4-bookworm@sha256:96788441ff71144c93fc67577f2ea99fd4474f8e45c084e9445fe3454387de5b as builder +FROM golang:1.22.5-bookworm@sha256:6c2780255bb7b881e904e303be0d7a079054160b2ce1efde446693c0850a39ad as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From 1ed97d7e7810a782ee591e19b580c87bb4f2d530 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 8 Jul 2024 15:42:38 +0300 Subject: [PATCH 164/517] update dependencies (#3670) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator --- e2e/go.mod | 50 +++++++++++------------ e2e/go.sum | 100 ++++++++++++++++++++++----------------------- go.mod | 58 +++++++++++++------------- go.sum | 117 ++++++++++++++++++++++++++--------------------------- 4 files changed, 162 insertions(+), 163 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 267318f4d68..5ba11984582 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -39,7 +39,7 @@ replace ( ) require ( - cloud.google.com/go/secretmanager v1.13.2 + cloud.google.com/go/secretmanager v1.13.3 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 @@ -47,7 +47,7 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.54.11 + github.com/aws/aws-sdk-go v1.54.15 github.com/cyberark/conjur-api-go v0.12.0 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 @@ -57,11 +57,11 @@ require ( github.com/hashicorp/vault/api v1.14.0 github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.68.0 + github.com/oracle/oci-go-sdk/v65 v65.69.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 github.com/xanzy/go-gitlab v0.106.0 golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.186.0 + google.golang.org/api v0.187.0 k8s.io/api v0.30.2 k8s.io/apiextensions-apiserver v0.30.2 k8s.io/apimachinery v0.30.2 @@ -73,14 +73,14 @@ require ( ) require ( - cloud.google.com/go/auth v0.6.0 // indirect + cloud.google.com/go/auth v0.6.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect - cloud.google.com/go/compute/metadata v0.3.0 // indirect - cloud.google.com/go/iam v1.1.9 // indirect + cloud.google.com/go/compute/metadata v0.4.0 // indirect + cloud.google.com/go/iam v1.1.10 // indirect dario.cat/mergo v1.0.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/adal v0.9.24 // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect @@ -117,7 +117,7 @@ require ( github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/goccy/go-json v0.10.3 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect - github.com/gofrs/flock v0.11.0 // indirect + github.com/gofrs/flock v0.12.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -183,25 +183,25 @@ require ( github.com/tidwall/sjson v1.2.5 // indirect github.com/zalando/go-keyring v0.2.5 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect - go.opentelemetry.io/otel v1.27.0 // indirect - go.opentelemetry.io/otel/metric v1.27.0 // indirect - go.opentelemetry.io/otel/trace v1.27.0 // indirect - golang.org/x/crypto v0.24.0 // indirect - golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 // indirect - golang.org/x/net v0.26.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect + go.opentelemetry.io/otel v1.28.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.28.0 // indirect + golang.org/x/crypto v0.25.0 // indirect + golang.org/x/exp v0.0.0-20240707233637-46b078467d37 // indirect + golang.org/x/net v0.27.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/term v0.21.0 // indirect + golang.org/x/sys v0.22.0 // indirect + golang.org/x/term v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.22.0 // indirect + golang.org/x/tools v0.23.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d // indirect - google.golang.org/grpc v1.64.0 // indirect + google.golang.org/genproto v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/grpc v1.65.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect @@ -209,7 +209,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b // indirect + k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index d6f8adca049..ef1a963098c 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.6.0 h1:5x+d6b5zdezZ7gmLWD1m/xNjnaQ2YDhmIz/HH3doy1g= -cloud.google.com/go/auth v0.6.0/go.mod h1:b4acV+jLQDyjwm4OXHYjNvRi4jvGBzHWJRtJcy+2P4g= +cloud.google.com/go/auth v0.6.1 h1:T0Zw1XM5c1GlpN2HYr2s+m3vr1p2wy+8VN+Z1FKxW38= +cloud.google.com/go/auth v0.6.1/go.mod h1:eFHG7zDzbXHKmjJddFG/rBlcGp6t25SwRUiEQSlO4x4= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -31,18 +31,18 @@ cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUM cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= -cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/compute/metadata v0.4.0 h1:vHzJCWaM4g8XIcm8kopr3XmDA4Gy/lblD3EhhSux05c= +cloud.google.com/go/compute/metadata v0.4.0/go.mod h1:SIQh1Kkb4ZJ8zJ874fqVkslA29PRXuleyj6vOzlbK7M= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.9 h1:oSkYLVtVme29uGYrOcKcvJRht7cHJpYD09GM9JaR0TE= -cloud.google.com/go/iam v1.1.9/go.mod h1:Nt1eDWNYH9nGQg3d/mY7U1hvfGmsaG9o/kLGoLoLXjQ= +cloud.google.com/go/iam v1.1.10 h1:ZSAr64oEhQSClwBL670MsJAW5/RLiC6kfw3Bqmd5ZDI= +cloud.google.com/go/iam v1.1.10/go.mod h1:iEgMq62sg8zx446GCaijmA2Miwg5o3UbO+nI47WHJps= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.2 h1:WnyajcyWf5MLq9lPyVxEyOBAhQdPcpckG3lMw8LqAHw= -cloud.google.com/go/secretmanager v1.13.2/go.mod h1:rB3lORY7QZrjACov35PX0KXMM0bKlbkL0/eFlS312wk= +cloud.google.com/go/secretmanager v1.13.3 h1:VqUVYY3U6uFXOhPdZgAoZH9m8E6p7eK02TsDRj2SBf4= +cloud.google.com/go/secretmanager v1.13.3/go.mod h1:e45+CxK0w6GaL4hS+KabgQskl4RdSS30b+HRf0TH0kk= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -62,8 +62,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.1 h1:Xy/qV1DyOhhqsU/z0PyFMJfYCxnzna+vBEUtFW0ksQo= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.1/go.mod h1:oib6iWdC+sILvNUoJbbBn3xv7TXow7mEp/WRcsYvmow= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA= @@ -113,8 +113,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.54.11 h1:Zxuv/R+IVS0B66yz4uezhxH9FN9/G2nbxejYqAMFjxk= -github.com/aws/aws-sdk-go v1.54.11/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.54.15 h1:ErgCEVbzuSfuZl9nR+g8FFnzjgeJ/AqAGOEWn6tgAHo= +github.com/aws/aws-sdk-go v1.54.15/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -204,8 +204,8 @@ github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PU github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= -github.com/gofrs/flock v0.11.0 h1:AGFQxrpWd8ezw60AvLWIPbxMydNfF8564pwH3FCty0g= -github.com/gofrs/flock v0.11.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= +github.com/gofrs/flock v0.12.0 h1:xHW8t8GPAiGtqz7KxiSqfOEXwpOaqhpYZrTE2MQBgXY= +github.com/gofrs/flock v0.12.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A= @@ -410,8 +410,8 @@ github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.68.0 h1:4ONv3ahPcBEwTwERxjSY0xX68u7lDAEw/+xmo612uaQ= -github.com/oracle/oci-go-sdk/v65 v65.68.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.69.0 h1:DbrRf5qcpwl7V3ixk6dxDYfHtOs3aMmlsHFld3oBjMk= +github.com/oracle/oci-go-sdk/v65 v65.69.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -499,18 +499,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 h1:9l89oX4ba9kHbBol3Xin3leYJ+252h0zszDtBwyKe2A= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0/go.mod h1:XLZfZboOJWHNKUv7eH0inh0E9VV6eWDFB/9yJyTLPp0= -go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= -go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= -go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= -go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= -go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= -go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= @@ -533,8 +533,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -545,8 +545,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY= -golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w= +golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -615,8 +615,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -696,8 +696,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -706,8 +706,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -779,8 +779,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -809,8 +809,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.186.0 h1:n2OPp+PPXX0Axh4GuSsL5QL8xQCTb2oDwyzPnQvqUug= -google.golang.org/api v0.186.0/go.mod h1:hvRbBmgoje49RV3xqVXrmP6w93n6ehGgIVPYrGtBFFc= +google.golang.org/api v0.187.0 h1:Mxs7VATVC2v7CY+7Xwm4ndkX71hpElcvx0D1Ji/p1eo= +google.golang.org/api v0.187.0/go.mod h1:KIHlTc4x7N7gKKuVsdmfBXN13yEEWXWFURWY6SBp2gk= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -858,12 +858,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d h1:PksQg4dV6Sem3/HkBX+Ltq8T0ke0PKIRBNBatoDTVls= -google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:s7iA721uChleev562UJO2OYB0PPT9CMFjV+Ce7VJH5M= -google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d h1:Aqf0fiIdUQEj0Gn9mKFFXoQfTTEaNopWpfVyYADxiSg= -google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Od4k8V1LQSizPRUK4OzZ7TBE/20k+jPczUDAEyvn69Y= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d h1:k3zyW3BYYR30e8v3x0bTDdE9vpYFjZHK+HcyqkrppWk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240701130421-f6361c86f094 h1:6whtk83KtD3FkGrVb2hFXuQ+ZMbCNdakARIn/aHMmG8= +google.golang.org/genproto v0.0.0-20240701130421-f6361c86f094/go.mod h1:Zs4wYw8z1zr6RNF4cwYb31mvN/EGaKAdQjNCF3DW6K4= +google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0= +google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -883,8 +883,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= +google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -938,8 +938,8 @@ k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b h1:Q9xmGWBvOGd8UJyccgpYlLosk/JlfP3xQLNkQlHJeXw= -k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= +k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2 h1:T5TEV4a+pEjc+j9Xui3MGGeoDLIN6uzZrx8NYotFMgQ= +k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/go.mod b/go.mod index badbeaae8f5..3e42fa63bef 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,8 @@ go 1.22.4 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 require ( - cloud.google.com/go/iam v1.1.9 - cloud.google.com/go/secretmanager v1.13.2 + cloud.google.com/go/iam v1.1.10 + cloud.google.com/go/secretmanager v1.13.3 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 @@ -19,7 +19,7 @@ require ( github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.54.11 + github.com/aws/aws-sdk-go v1.54.15 github.com/go-logr/logr v1.4.2 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 @@ -32,22 +32,22 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.68.0 + github.com/oracle/oci-go-sdk/v65 v65.69.0 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.1 github.com/xanzy/go-gitlab v0.106.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240624142804-98cf3d8eefe1 - github.com/yandex-cloud/go-sdk v0.0.0-20240621081111-1018f7c96dc7 + github.com/yandex-cloud/go-genproto v0.0.0-20240701142715-6a03f33f8ec8 + github.com/yandex-cloud/go-sdk v0.0.0-20240701143239-7326d2d09169 github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.24.0 + golang.org/x/crypto v0.25.0 golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.186.0 - google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d - google.golang.org/grpc v1.64.0 + google.golang.org/api v0.187.0 + google.golang.org/genproto v0.0.0-20240701130421-f6361c86f094 + google.golang.org/grpc v1.65.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 k8s.io/api v0.30.2 @@ -90,15 +90,15 @@ require ( github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b + k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/auth v0.6.0 // indirect + cloud.google.com/go/auth v0.6.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect - cloud.google.com/go/compute/metadata v0.3.0 // indirect + cloud.google.com/go/compute/metadata v0.4.0 // indirect dario.cat/mergo v1.0.0 // indirect github.com/BurntSushi/toml v1.4.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect @@ -149,7 +149,7 @@ require ( github.com/go-playground/validator/v10 v10.22.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect - github.com/gofrs/flock v0.11.0 // indirect + github.com/gofrs/flock v0.12.0 // indirect github.com/golang/glog v1.2.1 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/s2a-go v0.1.7 // indirect @@ -171,7 +171,7 @@ require ( github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.121.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.122.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect @@ -187,21 +187,21 @@ require ( github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect github.com/zalando/go-keyring v0.2.5 // indirect github.com/zclconf/go-cty v1.14.4 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect - go.opentelemetry.io/otel v1.27.0 // indirect - go.opentelemetry.io/otel/metric v1.27.0 // indirect - go.opentelemetry.io/otel/trace v1.27.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect + go.opentelemetry.io/otel v1.28.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.28.0 // indirect golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect gopkg.in/warnings.v0 v0.1.2 // indirect lukechampine.com/frand v1.4.2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) require ( - github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.1 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect @@ -293,14 +293,14 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 - golang.org/x/mod v0.18.0 // indirect - golang.org/x/net v0.26.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/term v0.21.0 // indirect + golang.org/x/exp v0.0.0-20240707233637-46b078467d37 + golang.org/x/mod v0.19.0 // indirect + golang.org/x/net v0.27.0 // indirect + golang.org/x/sys v0.22.0 // indirect + golang.org/x/term v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.22.0 // indirect + golang.org/x/tools v0.23.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index a91962d3be2..6197090c121 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.6.0 h1:5x+d6b5zdezZ7gmLWD1m/xNjnaQ2YDhmIz/HH3doy1g= -cloud.google.com/go/auth v0.6.0/go.mod h1:b4acV+jLQDyjwm4OXHYjNvRi4jvGBzHWJRtJcy+2P4g= +cloud.google.com/go/auth v0.6.1 h1:T0Zw1XM5c1GlpN2HYr2s+m3vr1p2wy+8VN+Z1FKxW38= +cloud.google.com/go/auth v0.6.1/go.mod h1:eFHG7zDzbXHKmjJddFG/rBlcGp6t25SwRUiEQSlO4x4= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -31,18 +31,18 @@ cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUM cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= -cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/compute/metadata v0.4.0 h1:vHzJCWaM4g8XIcm8kopr3XmDA4Gy/lblD3EhhSux05c= +cloud.google.com/go/compute/metadata v0.4.0/go.mod h1:SIQh1Kkb4ZJ8zJ874fqVkslA29PRXuleyj6vOzlbK7M= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.9 h1:oSkYLVtVme29uGYrOcKcvJRht7cHJpYD09GM9JaR0TE= -cloud.google.com/go/iam v1.1.9/go.mod h1:Nt1eDWNYH9nGQg3d/mY7U1hvfGmsaG9o/kLGoLoLXjQ= +cloud.google.com/go/iam v1.1.10 h1:ZSAr64oEhQSClwBL670MsJAW5/RLiC6kfw3Bqmd5ZDI= +cloud.google.com/go/iam v1.1.10/go.mod h1:iEgMq62sg8zx446GCaijmA2Miwg5o3UbO+nI47WHJps= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.2 h1:WnyajcyWf5MLq9lPyVxEyOBAhQdPcpckG3lMw8LqAHw= -cloud.google.com/go/secretmanager v1.13.2/go.mod h1:rB3lORY7QZrjACov35PX0KXMM0bKlbkL0/eFlS312wk= +cloud.google.com/go/secretmanager v1.13.3 h1:VqUVYY3U6uFXOhPdZgAoZH9m8E6p7eK02TsDRj2SBf4= +cloud.google.com/go/secretmanager v1.13.3/go.mod h1:e45+CxK0w6GaL4hS+KabgQskl4RdSS30b+HRf0TH0kk= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -64,8 +64,8 @@ github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0 h1:H+U3Gk9zY56G3u872L82bk4thcsy2Gghb9ExT4Zvm1o= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.0/go.mod h1:mgrmMSgaLp9hmax62XQTd0N4aAqSE5E0DulSpVYK7vc= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.1 h1:Xy/qV1DyOhhqsU/z0PyFMJfYCxnzna+vBEUtFW0ksQo= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.1/go.mod h1:oib6iWdC+sILvNUoJbbBn3xv7TXow7mEp/WRcsYvmow= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA= @@ -205,8 +205,8 @@ github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinR github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.54.11 h1:Zxuv/R+IVS0B66yz4uezhxH9FN9/G2nbxejYqAMFjxk= -github.com/aws/aws-sdk-go v1.54.11/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.54.15 h1:ErgCEVbzuSfuZl9nR+g8FFnzjgeJ/AqAGOEWn6tgAHo= +github.com/aws/aws-sdk-go v1.54.15/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -371,8 +371,8 @@ github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PU github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= -github.com/gofrs/flock v0.11.0 h1:AGFQxrpWd8ezw60AvLWIPbxMydNfF8564pwH3FCty0g= -github.com/gofrs/flock v0.11.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= +github.com/gofrs/flock v0.12.0 h1:xHW8t8GPAiGtqz7KxiSqfOEXwpOaqhpYZrTE2MQBgXY= +github.com/gofrs/flock v0.12.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= @@ -652,8 +652,8 @@ github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS6 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.68.0 h1:4ONv3ahPcBEwTwERxjSY0xX68u7lDAEw/+xmo612uaQ= -github.com/oracle/oci-go-sdk/v65 v65.68.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.69.0 h1:DbrRf5qcpwl7V3ixk6dxDYfHtOs3aMmlsHFld3oBjMk= +github.com/oracle/oci-go-sdk/v65 v65.69.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= @@ -681,8 +681,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs= github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c= -github.com/pulumi/pulumi/sdk/v3 v3.121.0 h1:UsnFKIVOtJN/hQKPkWHL9cZktewPVQRbNUXbXQY/qrk= -github.com/pulumi/pulumi/sdk/v3 v3.121.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY= +github.com/pulumi/pulumi/sdk/v3 v3.122.0 h1:rW/RJ1GRelCi/5VY1+7ppqeF0AblWyjyjgNffqw4dc4= +github.com/pulumi/pulumi/sdk/v3 v3.122.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -783,11 +783,10 @@ github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= -github.com/yandex-cloud/go-genproto v0.0.0-20240618172339-aafa8543bd63/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-genproto v0.0.0-20240624142804-98cf3d8eefe1 h1:qWchcS+/cu1QB3UboNM6SnlwjxtLX85bEqSkP3MUnBw= -github.com/yandex-cloud/go-genproto v0.0.0-20240624142804-98cf3d8eefe1/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240621081111-1018f7c96dc7 h1:/8yjsR2CXDI78EYoZNjKWWI1zl80mehvXHWJNDXV0Wg= -github.com/yandex-cloud/go-sdk v0.0.0-20240621081111-1018f7c96dc7/go.mod h1:urEKFBFYulcun3e4CbZY33Czfy7XeI1y4ctASTB/MUQ= +github.com/yandex-cloud/go-genproto v0.0.0-20240701142715-6a03f33f8ec8 h1:oNL9y0fq5OUenqBFkfEYuFoRvaEosF39dSgOZhsxFtQ= +github.com/yandex-cloud/go-genproto v0.0.0-20240701142715-6a03f33f8ec8/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240701143239-7326d2d09169 h1:5LGYQ/0h1uUo3HH8MsG6R40gvSVPj/7r4D1sKVMa370= +github.com/yandex-cloud/go-sdk v0.0.0-20240701143239-7326d2d09169/go.mod h1:kRqpmRyPs8rzXuYEJe57AH546a3VcSjEIzdFa1V66hY= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 h1:tBiBTKHnIjovYoLX/TPkcf+OjqqKGQrPtGT3Foz+Pgo= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76/go.mod h1:SQliXeA7Dhkt//vS29v3zpbEwoa+zb2Cn5xj5uO4K5U= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -811,18 +810,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 h1:9l89oX4ba9kHbBol3Xin3leYJ+252h0zszDtBwyKe2A= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0/go.mod h1:XLZfZboOJWHNKUv7eH0inh0E9VV6eWDFB/9yJyTLPp0= -go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= -go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= -go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= -go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= -go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= -go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= @@ -855,8 +854,8 @@ golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= -golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -867,8 +866,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8 h1:yixxcjnhBmY0nkL253HFVIm0JsFHwrHdT3Yh6szTnfY= -golang.org/x/exp v0.0.0-20240613232115-7f521ea00fb8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w= +golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -894,8 +893,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= -golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= +golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -947,8 +946,8 @@ golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= -golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -1048,8 +1047,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= -golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -1063,8 +1062,8 @@ golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= -golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -1142,8 +1141,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= -golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1172,8 +1171,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.186.0 h1:n2OPp+PPXX0Axh4GuSsL5QL8xQCTb2oDwyzPnQvqUug= -google.golang.org/api v0.186.0/go.mod h1:hvRbBmgoje49RV3xqVXrmP6w93n6ehGgIVPYrGtBFFc= +google.golang.org/api v0.187.0 h1:Mxs7VATVC2v7CY+7Xwm4ndkX71hpElcvx0D1Ji/p1eo= +google.golang.org/api v0.187.0/go.mod h1:KIHlTc4x7N7gKKuVsdmfBXN13yEEWXWFURWY6SBp2gk= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1223,12 +1222,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d h1:PksQg4dV6Sem3/HkBX+Ltq8T0ke0PKIRBNBatoDTVls= -google.golang.org/genproto v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:s7iA721uChleev562UJO2OYB0PPT9CMFjV+Ce7VJH5M= -google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d h1:Aqf0fiIdUQEj0Gn9mKFFXoQfTTEaNopWpfVyYADxiSg= -google.golang.org/genproto/googleapis/api v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Od4k8V1LQSizPRUK4OzZ7TBE/20k+jPczUDAEyvn69Y= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d h1:k3zyW3BYYR30e8v3x0bTDdE9vpYFjZHK+HcyqkrppWk= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240624140628-dc46fd24d27d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240701130421-f6361c86f094 h1:6whtk83KtD3FkGrVb2hFXuQ+ZMbCNdakARIn/aHMmG8= +google.golang.org/genproto v0.0.0-20240701130421-f6361c86f094/go.mod h1:Zs4wYw8z1zr6RNF4cwYb31mvN/EGaKAdQjNCF3DW6K4= +google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0= +google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1251,8 +1250,8 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= -google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= -google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= +google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1320,8 +1319,8 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b h1:Q9xmGWBvOGd8UJyccgpYlLosk/JlfP3xQLNkQlHJeXw= -k8s.io/kube-openapi v0.0.0-20240620174524-b456828f718b/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= +k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2 h1:T5TEV4a+pEjc+j9Xui3MGGeoDLIN6uzZrx8NYotFMgQ= +k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= lukechampine.com/frand v1.4.2 h1:RzFIpOvkMXuPMBb9maa4ND4wjBn71E1Jpf8BzJHMaVw= From c9162b6179d2fbc124625a63964b9302ceb9ab2d Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Wed, 10 Jul 2024 06:45:12 -0300 Subject: [PATCH 165/517] sets eso-service-account for creating e2e comments (#3678) Signed-off-by: Gustavo Carvalho --- .github/workflows/e2e.yml | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 0750a8817df..235e690cdac 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -8,6 +8,8 @@ permissions: contents: read issues: write pull-requests: write + checks: write + statuses: read name: e2e tests env: @@ -92,7 +94,11 @@ jobs: - id: e2e uses: ./.github/actions/e2e - + - id: create_token + uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0 + with: + app_id: ${{ secrets.APP_ID }} + private_key: ${{ secrets.PRIVATE_KEY }} # Update check run called "integration-fork" - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1 id: update-check-run @@ -103,7 +109,7 @@ jobs: # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run conclusion: ${{ job.status }} with: - github-token: ${{ secrets.TEST_GITHUB_TOKEN }} + github-token: ${{ steps.create_token.outputs.token }} script: | const { data: pull } = await github.rest.pulls.get({ ...context.repo, @@ -126,31 +132,19 @@ jobs: conclusion: process.env.conclusion }); return result; - - name: Find Comment - if: always() - uses: peter-evans/find-comment@3eae4d37986fb5a8592848f6a574fdf654e61f9e # v3.1.0 - id: fc - with: - token: ${{ secrets.TEST_GITHUB_TOKEN }} - issue-number: ${{ github.event.client_payload.pull_request.number }} - body-includes: /ok-to-test sha=${{ env.TARGET_SHA }} - name: Update on Succeess - if: always() && steps.fc.outputs.comment-id != '' && steps.e2e.conclusion == 'success' + if: always() && steps.e2e.conclusion == 'success' uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: - token: ${{ secrets.TEST_GITHUB_TOKEN }} + token: ${{ steps.create_token.outputs.token }} issue-number: ${{ github.event.client_payload.pull_request.number }} body: | - [Bot] - :white_check_mark: [e2e tests pass](https://github.com/external-secrets/external-secrets/actions/runs/${{ steps.update-check-run.outputs.result.id }}) - reactions: +1 - edit-mode: append + [Bot] - :white_check_mark: [e2e for $TARGET_SHA passed](https://github.com/external-secrets/external-secrets/actions/runs/${{ github.run_id }}) - name: Update on Failure - if: always() && steps.fc.outputs.comment-id != '' && steps.e2e.conclusion != 'success' + if: always() && steps.e2e.conclusion != 'success' uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 with: - token: ${{ secrets.TEST_GITHUB_TOKEN }} + token: ${{ steps.create_token.outputs.token }} issue-number: ${{ github.event.client_payload.pull_request.number }} body: | - [Bot] - :x: [e2e tests failed](https://github.com/external-secrets/external-secrets/actions/runs/${{ steps.update-check-run.outputs.result.id }}) - reactions: -1 - edit-mode: append \ No newline at end of file + [Bot] - :x: [e2e for $TARGET_SHA failed](https://github.com/external-secrets/external-secrets/actions/runs/${{ github.run_id }}) From 9512254a04f7e5cb1fa8fdecf76d08aab3e8d99c Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Wed, 10 Jul 2024 10:32:50 -0300 Subject: [PATCH 166/517] use github token for the actions check (#3679) * use github token for the actions check Signed-off-by: Gustavo Carvalho * fix msg Signed-off-by: Gustavo Carvalho --------- Signed-off-by: Gustavo Carvalho --- .github/workflows/e2e.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 235e690cdac..2a280431ea7 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -109,7 +109,7 @@ jobs: # Conveniently, job.status maps to https://developer.github.com/v3/checks/runs/#update-a-check-run conclusion: ${{ job.status }} with: - github-token: ${{ steps.create_token.outputs.token }} + github-token: ${{ secrets.GITHUB_TOKEN }} script: | const { data: pull } = await github.rest.pulls.get({ ...context.repo, @@ -139,7 +139,7 @@ jobs: token: ${{ steps.create_token.outputs.token }} issue-number: ${{ github.event.client_payload.pull_request.number }} body: | - [Bot] - :white_check_mark: [e2e for $TARGET_SHA passed](https://github.com/external-secrets/external-secrets/actions/runs/${{ github.run_id }}) + [Bot] - :white_check_mark: [e2e for ${{ env.TARGET_SHA }} passed](https://github.com/external-secrets/external-secrets/actions/runs/${{ github.run_id }}) - name: Update on Failure if: always() && steps.e2e.conclusion != 'success' uses: peter-evans/create-or-update-comment@71345be0265236311c031f5c7866368bd1eff043 # v4.0.0 @@ -147,4 +147,4 @@ jobs: token: ${{ steps.create_token.outputs.token }} issue-number: ${{ github.event.client_payload.pull_request.number }} body: | - [Bot] - :x: [e2e for $TARGET_SHA failed](https://github.com/external-secrets/external-secrets/actions/runs/${{ github.run_id }}) + [Bot] - :x: [e2e for ${{ env.TARGET_SHA }} failed](https://github.com/external-secrets/external-secrets/actions/runs/${{ github.run_id }}) From 1876ff88d7a350c11f3efa99a66f668f4acd7920 Mon Sep 17 00:00:00 2001 From: Bill Hamilton Date: Wed, 10 Jul 2024 10:32:17 -0700 Subject: [PATCH 167/517] Add support for Delinea Secret Server (#3468) * implements secretserver Signed-off-by: Bill Hamilton * bump to align e2e Signed-off-by: Gustavo Carvalho * bump Signed-off-by: Gustavo Carvalho --------- Signed-off-by: Bill Hamilton Signed-off-by: Gustavo Carvalho Co-authored-by: Gustavo Carvalho --- .../secretsstore_secretserver_types.go | 45 +++ .../v1beta1/secretstore_types.go | 5 + .../v1beta1/zz_generated.deepcopy.go | 50 +++ ...ternal-secrets.io_clustersecretstores.yaml | 69 ++++ .../external-secrets.io_secretstores.yaml | 69 ++++ deploy/crds/bundle.yaml | 126 +++++++ docs/api/spec.md | 116 ++++++ docs/introduction/stability-support.md | 2 + docs/provider/secretserver.md | 133 +++++++ e2e/go.mod | 1 + e2e/go.sum | 2 + e2e/run.sh | 3 + e2e/suites/provider/cases/import.go | 1 + .../provider/cases/secretserver/config.go | 41 ++ .../provider/cases/secretserver/provider.go | 58 +++ .../cases/secretserver/secretserver.go | 92 +++++ go.mod | 1 + go.sum | 2 + hack/api-docs/mkdocs.yml | 1 + pkg/provider/register/register.go | 1 + pkg/provider/secretserver/client.go | 147 ++++++++ pkg/provider/secretserver/client_test.go | 162 ++++++++ pkg/provider/secretserver/provider.go | 179 +++++++++ pkg/provider/secretserver/provider_test.go | 351 ++++++++++++++++++ pkg/provider/secretserver/secret_api.go | 26 ++ pkg/provider/secretserver/test_data.json | 38 ++ 26 files changed, 1721 insertions(+) create mode 100644 apis/externalsecrets/v1beta1/secretsstore_secretserver_types.go create mode 100644 docs/provider/secretserver.md create mode 100644 e2e/suites/provider/cases/secretserver/config.go create mode 100644 e2e/suites/provider/cases/secretserver/provider.go create mode 100644 e2e/suites/provider/cases/secretserver/secretserver.go create mode 100644 pkg/provider/secretserver/client.go create mode 100644 pkg/provider/secretserver/client_test.go create mode 100644 pkg/provider/secretserver/provider.go create mode 100644 pkg/provider/secretserver/provider_test.go create mode 100644 pkg/provider/secretserver/secret_api.go create mode 100644 pkg/provider/secretserver/test_data.json diff --git a/apis/externalsecrets/v1beta1/secretsstore_secretserver_types.go b/apis/externalsecrets/v1beta1/secretsstore_secretserver_types.go new file mode 100644 index 00000000000..41d75dade08 --- /dev/null +++ b/apis/externalsecrets/v1beta1/secretsstore_secretserver_types.go @@ -0,0 +1,45 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" + +type SecretServerProviderRef struct { + + // Value can be specified directly to set a value without using a secret. + // +optional + Value string `json:"value,omitempty"` + + // SecretRef references a key in a secret that will be used as value. + // +optional + SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` +} + +// See https://github.com/DelineaXPM/tss-sdk-go/blob/main/server/server.go. +type SecretServerProvider struct { + + // Username is the secret server account username. + // +required + Username *SecretServerProviderRef `json:"username"` + + // Password is the secret server account password. + // +required + Password *SecretServerProviderRef `json:"password"` + + // ServerURL + // URL to your secret server installation + // +required + ServerURL string `json:"serverURL"` +} diff --git a/apis/externalsecrets/v1beta1/secretstore_types.go b/apis/externalsecrets/v1beta1/secretstore_types.go index 112e5886029..d482c078c64 100644 --- a/apis/externalsecrets/v1beta1/secretstore_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_types.go @@ -155,6 +155,11 @@ type SecretStoreProvider struct { // +optional Delinea *DelineaProvider `json:"delinea,omitempty"` + // SecretServer configures this store to sync secrets using SecretServer provider + // https://docs.delinea.com/online-help/secret-server/start.htm + // +optional + SecretServer *SecretServerProvider `json:"secretserver,omitempty"` + // Chef configures this store to sync secrets with chef server // +optional Chef *ChefProvider `json:"chef,omitempty"` diff --git a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go index 2fc04558c61..05a706316f4 100644 --- a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go @@ -2266,6 +2266,51 @@ func (in *ScalewayProviderSecretRef) DeepCopy() *ScalewayProviderSecretRef { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretServerProvider) DeepCopyInto(out *SecretServerProvider) { + *out = *in + if in.Username != nil { + in, out := &in.Username, &out.Username + *out = new(SecretServerProviderRef) + (*in).DeepCopyInto(*out) + } + if in.Password != nil { + in, out := &in.Password, &out.Password + *out = new(SecretServerProviderRef) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretServerProvider. +func (in *SecretServerProvider) DeepCopy() *SecretServerProvider { + if in == nil { + return nil + } + out := new(SecretServerProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *SecretServerProviderRef) DeepCopyInto(out *SecretServerProviderRef) { + *out = *in + if in.SecretRef != nil { + in, out := &in.SecretRef, &out.SecretRef + *out = new(metav1.SecretKeySelector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretServerProviderRef. +func (in *SecretServerProviderRef) DeepCopy() *SecretServerProviderRef { + if in == nil { + return nil + } + out := new(SecretServerProviderRef) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecretStore) DeepCopyInto(out *SecretStore) { *out = *in @@ -2443,6 +2488,11 @@ func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider) { *out = new(DelineaProvider) (*in).DeepCopyInto(*out) } + if in.SecretServer != nil { + in, out := &in.SecretServer, &out.SecretServer + *out = new(SecretServerProvider) + (*in).DeepCopyInto(*out) + } if in.Chef != nil { in, out := &in.Chef, &out.Chef *out = new(ChefProvider) diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index cba6e4b8d3f..310c1aa79f6 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -3732,6 +3732,75 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that + will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a + value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that + will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a + value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index e9ff3e8159f..b6a25e66e98 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -3732,6 +3732,75 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that + will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a + value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that + will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a + value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index c4c9a04b5b6..d15190a0852 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -4121,6 +4121,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -9684,6 +9747,69 @@ spec: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: diff --git a/docs/api/spec.md b/docs/api/spec.md index 2613780dcdc..554706bbafa 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -5924,6 +5924,107 @@ External Secrets meta/v1.SecretKeySelector +

SecretServerProvider +

+

+(Appears on: +SecretStoreProvider) +

+

+

See https://github.com/DelineaXPM/tss-sdk-go/blob/main/server/server.go.

+

+ + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+username
+ + +SecretServerProviderRef + + +		 +

Username is the secret server account username.

+
+password
+ + +SecretServerProviderRef + + +		 +

Password is the secret server account password.

+
+serverURL
+ +string + +		 +

ServerURL +URL to your secret server installation

+
+

SecretServerProviderRef +

+

+(Appears on: +SecretServerProvider) +

+

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+value
+ +string + +		 +(Optional) +

Value can be specified directly to set a value without using a secret.

+
+secretRef
+ + +External Secrets meta/v1.SecretKeySelector + + +		 +(Optional) +

SecretRef references a key in a secret that will be used as value.

+

SecretStore

@@ -6432,6 +6533,21 @@ DelineaProvider +secretserver
+ + +SecretServerProvider + + + + +(Optional) +

SecretServer configures this store to sync secrets using SecretServer provider +https://docs.delinea.com/online-help/secret-server/start.htm

+ + + + chef
diff --git a/docs/introduction/stability-support.md b/docs/introduction/stability-support.md index 189dbfa00ce..f617a92557a 100644 --- a/docs/introduction/stability-support.md +++ b/docs/introduction/stability-support.md @@ -53,6 +53,7 @@ The following table describes the stability level of each provider and who's res | [Scaleway](https://external-secrets.io/latest/provider/scaleway) | alpha | [@azert9](https://github.com/azert9/) | | [Conjur](https://external-secrets.io/latest/provider/conjur) | stable | [@davidh-cyberark](https://github.com/davidh-cyberark/) [@szh](https://github.com/szh) | | [Delinea](https://external-secrets.io/latest/provider/delinea) | alpha | [@michaelsauter](https://github.com/michaelsauter/) | +| [SecretServer](https://external-secrets.io/latest/provider/secretserver) | alpha | [@billhamilton](https://github.com/pacificcode/) | | [Pulumi ESC](https://external-secrets.io/latest/provider/pulumi) | alpha | [@dirien](https://github.com/dirien) | | [Passbolt](https://external-secrets.io/latest/provider/passbolt) | alpha | | | [Infisical](https://external-secrets.io/latest/provider/infisical) | alpha | [@akhilmhdh](https://github.com/akhilmhdh) | @@ -85,6 +86,7 @@ The following table show the support for features across different providers. | Scaleway | x | x | | | x | x | x | | Conjur | x | x | | | x | | | | Delinea | x | | | | x | | | +| SecretServer | x | | | | x | | | | Pulumi ESC | x | | | | x | | | | Passbolt | x | | | | x | | | | Infisical | x | | | x | x | | | diff --git a/docs/provider/secretserver.md b/docs/provider/secretserver.md new file mode 100644 index 00000000000..e7eeafcf9be --- /dev/null +++ b/docs/provider/secretserver.md @@ -0,0 +1,133 @@ +# Delinea Secret Server + +External Secrets Operator integration with [Delinea Secret Server](https://docs.delinea.com/online-help/secret-server/start.htm). + +### Creating a SecretStore + +You need a username, password and a fully qualified Secret Server tenant URL to authenticate +i.e. `https://yourTenantName.secretservercloud.com`. + +Both username and password can be specified either directly in your `SecretStore` yaml config, or by referencing a kubernetes secret. + +To acquire a username and password, refer to the Secret Server [user management](https://docs.delinea.com/online-help/secret-server/users/creating-users/index.htm) documentation. + +Both `username` and `password` can either be specified directly via the `value` field (example below) +>spec.provider.secretserver.username.value: "yourusername"
+spec.provider.secretserver.password.value: "yourpassword"
+ +Or you can reference a kubernetes secret (password example below). + +```yaml +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: secret-server-store +spec: + provider: + secretserver: + serverURL: "https://yourtenantname.secretservercloud.com" + username: + value: "yourusername" + password: + secretRef: + name: + key: +``` + +### Referencing Secrets + +Secrets may be referenced by secret ID or secret name. +>Please note if using the secret name +the name field must not contain spaces or control characters.
+If multiple secrets are found, *`only the first found secret will be returned`*. + +Please note: `Retrieving a specific version of a secret is not yet supported.` + +Note that because all Secret Server secrets are JSON objects, you must specify the `remoteRef.property` +in your ExternalSecret configuration.
+You can access nested values or arrays using [gjson syntax](https://github.com/tidwall/gjson/blob/master/SYNTAX.md). + +```yaml +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: secret-server-external-secret +spec: + refreshInterval: 15s + secretStoreRef: + kind: SecretStore + name: secret-server-store + data: + - secretKey: SecretServerValue # + remoteRef: + key: "52622" # + property: "array.0.value" # * an empty property will return the entire secret +``` + +### Preparing your secret +You can either retrieve your entire secret or you can use a JSON formatted string +stored in your secret located at Items[0].ItemValue to retrieve a specific value.
+See example JSON secret below. + +### Examples +Using the json formatted secret below: + +- Lookup a single top level property using secret ID. + +>spec.data.remoteRef.key = 52622 (id of the secret)
+spec.data.remoteRef.property = "user" (Items.0.ItemValue user attribute)
+returns: marktwain@hannibal.com + +- Lookup a nested property using secret name. + +>spec.data.remoteRef.key = "external-secret-testing" (name of the secret)
+spec.data.remoteRef.property = "books.1" (Items.0.ItemValue books.1 attribute)
+returns: huckleberryFinn + +- Lookup by secret ID (*secret name will work as well*) and return the entire secret. + +>spec.data.remoteRef.key = "52622" (id of the secret)
+spec.data.remoteRef.property = ""
+returns: The entire secret in JSON format as displayed below + + +```JSON +{ + "Name": "external-secret-testing", + "FolderID": 73, + "ID": 52622, + "SiteID": 1, + "SecretTemplateID": 6098, + "SecretPolicyID": -1, + "PasswordTypeWebScriptID": -1, + "LauncherConnectAsSecretID": -1, + "CheckOutIntervalMinutes": -1, + "Active": true, + "CheckedOut": false, + "CheckOutEnabled": false, + "AutoChangeEnabled": false, + "CheckOutChangePasswordEnabled": false, + "DelayIndexing": false, + "EnableInheritPermissions": true, + "EnableInheritSecretPolicy": true, + "ProxyEnabled": false, + "RequiresComment": false, + "SessionRecordingEnabled": false, + "WebLauncherRequiresIncognitoMode": false, + "Items": [ + { + "ItemID": 280265, + "FieldID": 439, + "FileAttachmentID": 0, + "FieldName": "Data", + "Slug": "data", + "FieldDescription": "json text field", + "Filename": "", + "ItemValue": "{ \"user\": \"marktwain@hannibal.com\", \"occupation\": \"author\",\"books\":[ \"tomSawyer\",\"huckleberryFinn\",\"Pudd'nhead Wilson\"] }", + "IsFile": false, + "IsNotes": false, + "IsPassword": false + } + ] +} +``` diff --git a/e2e/go.mod b/e2e/go.mod index 5ba11984582..9cc0cc00b48 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -44,6 +44,7 @@ require ( github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 + github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 diff --git a/e2e/go.sum b/e2e/go.sum index ef1a963098c..39c13628120 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -97,6 +97,8 @@ github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2/go.mod h1:tNlpIXJlIwQlRbobXDPme4qv/Rc8+a1GbuUhE3m4JhQ= +github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 h1:/rzzzaBuj/FYTcbt8sYZ9IzlnENqcgh5zKqBhHiBBm4= +github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1/go.mod h1:xz6FXP2Do88Vc5Hx7OamZgZC1W45yfmLy4+iDKxlGXo= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= diff --git a/e2e/run.sh b/e2e/run.sh index f71c134a1c2..52cebd976ec 100755 --- a/e2e/run.sh +++ b/e2e/run.sh @@ -84,6 +84,9 @@ kubectl run --rm \ --env="DELINEA_TENANT=${DELINEA_TENANT:-}" \ --env="DELINEA_CLIENT_ID=${DELINEA_CLIENT_ID:-}" \ --env="DELINEA_CLIENT_SECRET=${DELINEA_CLIENT_SECRET:-}" \ + --env="SECRETSERVER_USERNAME=${SECRETSERVER_USERNAME:-}" \ + --env="SECRETSERVER_PASSWORD=${SECRETSERVER_PASSWORD:-}" \ + --env="SECRETSERVER_URL=${SECRETSERVER_URL:-}" \ --env="VERSION=${VERSION}" \ --env="TEST_SUITES=${TEST_SUITES}" \ --overrides='{ "apiVersion": "v1", "spec":{"serviceAccountName": "external-secrets-e2e"}}' \ diff --git a/e2e/suites/provider/cases/import.go b/e2e/suites/provider/cases/import.go index e8561c56161..5a20e529f55 100644 --- a/e2e/suites/provider/cases/import.go +++ b/e2e/suites/provider/cases/import.go @@ -27,4 +27,5 @@ import ( _ "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/template" _ "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/vault" _ "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/conjur" + _ "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/secretserver" ) diff --git a/e2e/suites/provider/cases/secretserver/config.go b/e2e/suites/provider/cases/secretserver/config.go new file mode 100644 index 00000000000..bb7bc865157 --- /dev/null +++ b/e2e/suites/provider/cases/secretserver/config.go @@ -0,0 +1,41 @@ +package secretserver + +import ( + "fmt" + "os" +) + +type config struct { + username string + password string + serverURL string +} + +func loadConfigFromEnv() (*config, error) { + var cfg config + var err error + + // Required settings + cfg.username, err = getEnv("SECRETSERVER_USERNAME") + if err != nil { + return nil, err + } + cfg.password, err = getEnv("SECRETSERVER_PASSWORD") + if err != nil { + return nil, err + } + cfg.serverURL, err = getEnv("SECRETSERVER_URL") + if err != nil { + return nil, err + } + + return &cfg, nil +} + +func getEnv(name string) (string, error) { + value, ok := os.LookupEnv(name) + if !ok { + return "", fmt.Errorf("environment variable %q is not set", name) + } + return value, nil +} diff --git a/e2e/suites/provider/cases/secretserver/provider.go b/e2e/suites/provider/cases/secretserver/provider.go new file mode 100644 index 00000000000..9b1b7cf33af --- /dev/null +++ b/e2e/suites/provider/cases/secretserver/provider.go @@ -0,0 +1,58 @@ +package secretserver + +import ( + "encoding/json" + + "github.com/DelineaXPM/tss-sdk-go/v2/server" + "github.com/external-secrets/external-secrets-e2e/framework" + "github.com/onsi/gomega" +) + + +type secretStoreProvider struct { + api *server.Server + cfg *config + framework *framework.Framework + secretID map[string]int +} + +func (p *secretStoreProvider) init(cfg *config, f *framework.Framework) { + p.cfg = cfg + p.secretID = make(map[string]int) + p.framework = f + secretserverClient, err := server.New(server.Configuration{ + Credentials: server.UserCredential{ + Username: cfg.username, + Password: cfg.password, + }, + ServerURL: cfg.serverURL, + }) + gomega.Expect(err).ToNot(gomega.HaveOccurred()) + + p.api = secretserverClient +} + +func (p *secretStoreProvider) CreateSecret(key string, val framework.SecretEntry) { + var data map[string]interface{} + err := json.Unmarshal([]byte(val.Value), &data) + gomega.Expect(err).ToNot(gomega.HaveOccurred()) + + fields := make([]server.SecretField, 1) + fields[0].FieldID = 329 // Data + fields[0].ItemValue = val.Value + + s, err := p.api.CreateSecret(server.Secret{ + SecretTemplateID: 6051, // custom template + SiteID: 1, + FolderID: 10, + Name: key, + Fields: fields, + }) + gomega.Expect(err).ToNot(gomega.HaveOccurred()) + p.secretID[key] = s.ID +} + +func (p *secretStoreProvider) DeleteSecret(key string) { + err := p.api.DeleteSecret(p.secretID[key]) + gomega.Expect(err).ToNot(gomega.HaveOccurred()) +} diff --git a/e2e/suites/provider/cases/secretserver/secretserver.go b/e2e/suites/provider/cases/secretserver/secretserver.go new file mode 100644 index 00000000000..f0ba2bfeed0 --- /dev/null +++ b/e2e/suites/provider/cases/secretserver/secretserver.go @@ -0,0 +1,92 @@ +package secretserver + +import ( + "context" + _"fmt" + "github.com/external-secrets/external-secrets-e2e/framework" + "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common" + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" + "github.com/onsi/ginkgo/v2" + "github.com/onsi/gomega" + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +var _ = ginkgo.Describe("[secretserver]", ginkgo.Label("secretserver"), func() { + + f := framework.New("eso-secretserver") + + // Initialization is deferred so that assertions work. + provider := &secretStoreProvider{} + + ginkgo.BeforeEach(func() { + + cfg, err := loadConfigFromEnv() + gomega.Expect(err).ToNot(gomega.HaveOccurred()) + + provider.init(cfg, f) + createResources(context.Background(), f, cfg) + }) + + ginkgo.DescribeTable("sync secrets", framework.TableFuncWithExternalSecret(f, provider), + ginkgo.Entry(common.JSONDataWithTemplate(f)), + ginkgo.Entry(common.JSONDataWithProperty(f)), + ginkgo.Entry(common.JSONDataWithoutTargetName(f)), + ginkgo.Entry(common.JSONDataWithTemplateFromLiteral(f)), + ginkgo.Entry(common.TemplateFromConfigmaps(f)), + ginkgo.Entry(common.JSONDataFromSync(f)), // <-- + ginkgo.Entry(common.JSONDataFromRewrite(f)), // <-- + ginkgo.Entry(common.NestedJSONWithGJSON(f)), + ginkgo.Entry(common.DockerJSONConfig(f)), + ginkgo.Entry(common.DataPropertyDockerconfigJSON(f)), + ginkgo.Entry(common.SSHKeySyncDataProperty(f)), + ginkgo.Entry(common.DecodingPolicySync(f)), // <-- + ) +}) + +func createResources(ctx context.Context, f *framework.Framework, cfg *config) { + + secretName := "secretserver-credential" + secretKey := "password" + // Creating a secret to hold the Delinea client secret. + secretSpec := v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secretName, + Namespace: f.Namespace.Name, + }, + StringData: map[string]string{ + secretKey: cfg.password, + }, + } + + err := f.CRClient.Create(ctx, &secretSpec) + gomega.Expect(err).ToNot(gomega.HaveOccurred()) + + // Creating SecretStore. + secretStoreSpec := esv1beta1.SecretStore{ + ObjectMeta: metav1.ObjectMeta{ + Name: f.Namespace.Name, + Namespace: f.Namespace.Name, + }, + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + SecretServer: &esv1beta1.SecretServerProvider{ + ServerURL: cfg.serverURL, + Username: &esv1beta1.SecretServerProviderRef{ + Value: cfg.username, + }, + Password: &esv1beta1.SecretServerProviderRef{ + SecretRef: &esmeta.SecretKeySelector{ + Name: secretName, + Key: secretKey, + }, + }, + }, + }, + }, + } + + err = f.CRClient.Create(ctx, &secretStoreSpec) + gomega.Expect(err).ToNot(gomega.HaveOccurred()) +} diff --git a/go.mod b/go.mod index 3e42fa63bef..9fc3771e0a6 100644 --- a/go.mod +++ b/go.mod @@ -65,6 +65,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 + github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8 diff --git a/go.sum b/go.sum index 6197090c121..964d60d3c14 100644 --- a/go.sum +++ b/go.sum @@ -101,6 +101,8 @@ github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2 github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2/go.mod h1:tNlpIXJlIwQlRbobXDPme4qv/Rc8+a1GbuUhE3m4JhQ= +github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 h1:/rzzzaBuj/FYTcbt8sYZ9IzlnENqcgh5zKqBhHiBBm4= +github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1/go.mod h1:xz6FXP2Do88Vc5Hx7OamZgZC1W45yfmLy4+iDKxlGXo= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/IBM/go-sdk-core/v5 v5.17.4 h1:VGb9+mRrnS2HpHZFM5hy4J6ppIWnwNrw0G+tLSgcJLc= diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index 700701001fe..2d5d8bffac8 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -116,6 +116,7 @@ nav: - Cloak End 2 End Encrypted Secrets: provider/cloak.md - Scaleway: provider/scaleway.md - Delinea: provider/delinea.md + - Secret Server: provider/delinea.md - Passbolt: provider/passbolt.md - Pulumi ESC: provider/pulumi.md - Onboardbase: provider/onboardbase.md diff --git a/pkg/provider/register/register.go b/pkg/provider/register/register.go index 976a825cb22..ab0e5407f45 100644 --- a/pkg/provider/register/register.go +++ b/pkg/provider/register/register.go @@ -42,6 +42,7 @@ import ( _ "github.com/external-secrets/external-secrets/pkg/provider/passworddepot" _ "github.com/external-secrets/external-secrets/pkg/provider/pulumi" _ "github.com/external-secrets/external-secrets/pkg/provider/scaleway" + _ "github.com/external-secrets/external-secrets/pkg/provider/secretserver" _ "github.com/external-secrets/external-secrets/pkg/provider/senhasegura" _ "github.com/external-secrets/external-secrets/pkg/provider/vault" _ "github.com/external-secrets/external-secrets/pkg/provider/webhook" diff --git a/pkg/provider/secretserver/client.go b/pkg/provider/secretserver/client.go new file mode 100644 index 00000000000..c3f19db3b3f --- /dev/null +++ b/pkg/provider/secretserver/client.go @@ -0,0 +1,147 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package secretserver + +import ( + "context" + "encoding/json" + "errors" + "strconv" + + "github.com/DelineaXPM/tss-sdk-go/v2/server" + "github.com/tidwall/gjson" + corev1 "k8s.io/api/core/v1" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + "github.com/external-secrets/external-secrets/pkg/utils" +) + +type client struct { + api secretAPI +} + +var _ esv1beta1.SecretsClient = &client{} + +// GetSecret supports two types: +// 1. Get the secrets using the secret ID in ref.key i.e. key: 53974 +// 2. Get the secret using the secret "name" i.e. key: "secretNameHere" +// - Secret names must not contain spaces. +// - If using the secret "name" and multiple secrets are found ... +// the first secret in the array will be the secret returned. +// 3. get the full secret as json-encoded value +// by leaving the ref.Property empty. +// 4. get a specific value by using a key from the json formatted secret in Items.0.ItemValue. +// Nested values are supported by specifying a gjson expression +func (c *client) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { + secret, err := c.getSecret(ctx, ref) + if err != nil { + return nil, err + } + // Return nil if secret contains no fields + if secret.Fields == nil { + return nil, nil + } + jsonStr, err := json.Marshal(secret) + if err != nil { + return nil, err + } + // If no property is defined return the full secret as raw json + if ref.Property == "" { + return jsonStr, nil + } + // extract first "field" i.e. Items.0.ItemValue, data from secret using gjson + val := gjson.Get(string(jsonStr), "Items.0.ItemValue") + if !val.Exists() { + return nil, esv1beta1.NoSecretError{} + } + // extract specific value from data directly above using gjson + out := gjson.Get(val.String(), ref.Property) + if !out.Exists() { + return nil, esv1beta1.NoSecretError{} + } + + return []byte(out.String()), nil +} + +// Not supported at this time. +func (c *client) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { + return errors.New("pushing secrets is not supported by Secret Server at this time") +} + +// Not supported at this time. +func (c *client) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { + return errors.New("deleting secrets is not supported by Secret Server at this time") +} + +// Not supported at this time. +func (c *client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { + return false, errors.New("not implemented") +} + +// Not supported at this time. +func (c *client) Validate() (esv1beta1.ValidationResult, error) { + return esv1beta1.ValidationResultReady, nil +} + +func (c *client) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { + secret, err := c.getSecret(ctx, ref) + if err != nil { + return nil, err + } + secretData := make(map[string]any) + + err = json.Unmarshal([]byte(secret.Fields[0].ItemValue), &secretData) + if err != nil { + return nil, err + } + + data := make(map[string][]byte) + for k, v := range secretData { + data[k], err = utils.GetByteValue(v) + if err != nil { + return nil, err + } + } + return data, nil +} + +// Not supported at this time. +func (c *client) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { + return nil, errors.New("getting all secrets is not supported by Delinea Secret Server at this time") +} + +func (c *client) Close(context.Context) error { + return nil +} + +// getSecret retrieves the secret referenced by ref from the Vault API. +func (c *client) getSecret(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (*server.Secret, error) { + if ref.Version != "" { + return nil, errors.New("specifying a version is not supported") + } + id, err := strconv.Atoi(ref.Key) + if err != nil { + s, err := c.api.Secrets(ref.Key, "Name") + if err != nil { + return nil, err + } + if len(s) == 0 { + return nil, errors.New("unable to retrieve secret at this time") + } + + return &s[0], nil + } + return c.api.Secret(id) +} diff --git a/pkg/provider/secretserver/client_test.go b/pkg/provider/secretserver/client_test.go new file mode 100644 index 00000000000..c338de70ee1 --- /dev/null +++ b/pkg/provider/secretserver/client_test.go @@ -0,0 +1,162 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package secretserver + +import ( + "context" + "encoding/json" + "errors" + "io" + "os" + "testing" + + "github.com/DelineaXPM/tss-sdk-go/v2/server" + "github.com/stretchr/testify/assert" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" +) + +var ( + errNotFound = errors.New("not found") +) + +type fakeAPI struct { + secrets []*server.Secret +} + +func (f *fakeAPI) Secret(id int) (*server.Secret, error) { + for _, s := range f.secrets { + if s.ID == id { + return s, nil + } + } + return nil, errNotFound +} + +func (f *fakeAPI) Secrets(searchText, _ string) ([]server.Secret, error) { + secret := make([]server.Secret, 1) + for _, s := range f.secrets { + if s.Name == searchText { + secret[0] = *s + return secret, nil + } + } + return nil, errNotFound +} + +// createSecret assembles a server.Secret from file test_data.json. +func createSecret(id int, itemValue string) *server.Secret { + s, _ := getJSONData() + s.ID = id + s.Fields[0].ItemValue = itemValue + return s +} + +func getJSONData() (*server.Secret, error) { + var s = &server.Secret{} + jsonFile, err := os.Open("test_data.json") + if err != nil { + return nil, err + } + defer jsonFile.Close() + + byteValue, _ := io.ReadAll(jsonFile) + err = json.Unmarshal(byteValue, &s) + if err != nil { + return nil, err + } + return s, nil +} + +func newTestClient() esv1beta1.SecretsClient { + return &client{ + api: &fakeAPI{ + secrets: []*server.Secret{ + createSecret(1000, "{ \"user\": \"robertOppenheimer\", \"password\": \"badPassword\",\"server\":\"192.168.1.50\"}"), + createSecret(2000, "{ \"user\": \"helloWorld\", \"password\": \"badPassword\",\"server\":[ \"192.168.1.50\",\"192.168.1.51\"] }"), + createSecret(3000, "{ \"user\": \"chuckTesta\", \"password\": \"badPassword\",\"server\":\"192.168.1.50\"}"), + }, + }, + } +} + +func TestGetSecret(t *testing.T) { + ctx := context.Background() + c := newTestClient() + s, _ := getJSONData() + jsonStr, _ := json.Marshal(s) + + testCases := map[string]struct { + ref esv1beta1.ExternalSecretDataRemoteRef + want []byte + err error + }{ + "incorrect key returns nil and error": { + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: "0", + }, + want: []byte(nil), + err: errNotFound, + }, + "key = 'secret name' and user property returns a single value": { + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: "ESO-test-secret", + Property: "user", + }, + want: []byte(`robertOppenheimer`), + }, + "key and password property returns a single value": { + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: "1000", + Property: "password", + }, + want: []byte(`badPassword`), + }, + "key and nested property returns a single value": { + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: "2000", + Property: "server.1", + }, + want: []byte(`192.168.1.51`), + }, + "existent key with non-existing propery": { + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: "3000", + Property: "foo.bar", + }, + err: esv1beta1.NoSecretError{}, + }, + "existent 'name' key with no propery": { + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: "1000", + }, + want: jsonStr, + }, + } + + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + got, err := c.GetSecret(ctx, tc.ref) + + if tc.err == nil { + assert.NoError(t, err) + assert.Equal(t, tc.want, got) + } else { + assert.Nil(t, got) + assert.ErrorIs(t, err, tc.err) + assert.Equal(t, tc.err, err) + } + }) + } +} diff --git a/pkg/provider/secretserver/provider.go b/pkg/provider/secretserver/provider.go new file mode 100644 index 00000000000..e4470131606 --- /dev/null +++ b/pkg/provider/secretserver/provider.go @@ -0,0 +1,179 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package secretserver + +import ( + "context" + "errors" + + "github.com/DelineaXPM/tss-sdk-go/v2/server" + kubeClient "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + "github.com/external-secrets/external-secrets/pkg/utils" + "github.com/external-secrets/external-secrets/pkg/utils/resolvers" +) + +var ( + errEmptyUserName = errors.New("username must not be empty") + errEmptyPassword = errors.New("password must be set") + errEmptyServerURL = errors.New("serverURL must be set") + errSecretRefAndValueConflict = errors.New("cannot specify both secret reference and value") + errSecretRefAndValueMissing = errors.New("must specify either secret reference or direct value") + errMissingStore = errors.New("missing store specification") + errInvalidSpec = errors.New("invalid specification for secret server provider") + errClusterStoreRequiresNamespace = errors.New("when using a ClusterSecretStore, namespaces must be explicitly set") + errMissingSecretName = errors.New("must specify a secret name") + + errMissingSecretKey = errors.New("must specify a secret key") +) + +type Provider struct{} + +var _ esv1beta1.Provider = &Provider{} + +// Capabilities return the provider supported capabilities (ReadOnly, WriteOnly, ReadWrite). +func (p *Provider) Capabilities() esv1beta1.SecretStoreCapabilities { + return esv1beta1.SecretStoreReadOnly +} + +func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube kubeClient.Client, namespace string) (esv1beta1.SecretsClient, error) { + cfg, err := getConfig(store) + if err != nil { + return nil, err + } + if store.GetKind() == esv1beta1.ClusterSecretStoreKind && doesConfigDependOnNamespace(cfg) { + // we are not attached to a specific namespace, but some config values are dependent on it + return nil, errClusterStoreRequiresNamespace + } + username, err := loadConfigSecret(ctx, store.GetKind(), cfg.Username, kube, namespace) + if err != nil { + return nil, err + } + password, err := loadConfigSecret(ctx, store.GetKind(), cfg.Password, kube, namespace) + if err != nil { + return nil, err + } + + secretServer, err := server.New(server.Configuration{ + Credentials: server.UserCredential{ + Username: username, + Password: password, + }, + ServerURL: cfg.ServerURL, + }) + if err != nil { + return nil, err + } + + return &client{ + api: secretServer, + }, nil +} + +func loadConfigSecret( + ctx context.Context, + storeKind string, + ref *esv1beta1.SecretServerProviderRef, + kube kubeClient.Client, + namespace string) (string, error) { + if ref.SecretRef == nil { + return ref.Value, nil + } + if err := validateSecretRef(ref); err != nil { + return "", err + } + return resolvers.SecretKeyRef(ctx, kube, storeKind, namespace, ref.SecretRef) +} + +func validateStoreSecretRef(store esv1beta1.GenericStore, ref *esv1beta1.SecretServerProviderRef) error { + if ref.SecretRef != nil { + if err := utils.ValidateReferentSecretSelector(store, *ref.SecretRef); err != nil { + return err + } + } + return validateSecretRef(ref) +} + +func validateSecretRef(ref *esv1beta1.SecretServerProviderRef) error { + if ref.SecretRef != nil { + if ref.Value != "" { + return errSecretRefAndValueConflict + } + if ref.SecretRef.Name == "" { + return errMissingSecretName + } + if ref.SecretRef.Key == "" { + return errMissingSecretKey + } + } else if ref.Value == "" { + return errSecretRefAndValueMissing + } + return nil +} + +func doesConfigDependOnNamespace(cfg *esv1beta1.SecretServerProvider) bool { + if cfg.Username.SecretRef != nil && cfg.Username.SecretRef.Namespace == nil { + return true + } + if cfg.Password.SecretRef != nil && cfg.Password.SecretRef.Namespace == nil { + return true + } + return false +} + +func getConfig(store esv1beta1.GenericStore) (*esv1beta1.SecretServerProvider, error) { + if store == nil { + return nil, errMissingStore + } + storeSpec := store.GetSpec() + + if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.SecretServer == nil { + return nil, errInvalidSpec + } + cfg := storeSpec.Provider.SecretServer + + if cfg.Username == nil { + return nil, errEmptyUserName + } + if cfg.Password == nil { + return nil, errEmptyPassword + } + if cfg.ServerURL == "" { + return nil, errEmptyServerURL + } + + err := validateStoreSecretRef(store, cfg.Username) + if err != nil { + return nil, err + } + err = validateStoreSecretRef(store, cfg.Password) + if err != nil { + return nil, err + } + return cfg, nil +} + +func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error) { + _, err := getConfig(store) + return nil, err +} + +func init() { + esv1beta1.Register(&Provider{}, &esv1beta1.SecretStoreProvider{ + SecretServer: &esv1beta1.SecretServerProvider{}, + }) +} diff --git a/pkg/provider/secretserver/provider_test.go b/pkg/provider/secretserver/provider_test.go new file mode 100644 index 00000000000..53a14fc4f4d --- /dev/null +++ b/pkg/provider/secretserver/provider_test.go @@ -0,0 +1,351 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package secretserver + +import ( + "context" + "math/rand" + "testing" + + "github.com/DelineaXPM/tss-sdk-go/v2/server" + "github.com/stretchr/testify/assert" + corev1 "k8s.io/api/core/v1" + kubeErrors "k8s.io/apimachinery/pkg/api/errors" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + kubeClient "sigs.k8s.io/controller-runtime/pkg/client" + clientfake "sigs.k8s.io/controller-runtime/pkg/client/fake" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + v1 "github.com/external-secrets/external-secrets/apis/meta/v1" + "github.com/external-secrets/external-secrets/pkg/utils" +) + +func TestDoesConfigDependOnNamespace(t *testing.T) { + tests := map[string]struct { + cfg esv1beta1.SecretServerProvider + want bool + }{ + "true when Username references a secret without explicit namespace": { + cfg: esv1beta1.SecretServerProvider{ + Username: &esv1beta1.SecretServerProviderRef{ + SecretRef: &v1.SecretKeySelector{Name: "foo"}, + }, + Password: &esv1beta1.SecretServerProviderRef{SecretRef: nil}, + }, + want: true, + }, + "true when password references a secret without explicit namespace": { + cfg: esv1beta1.SecretServerProvider{ + Username: &esv1beta1.SecretServerProviderRef{SecretRef: nil}, + Password: &esv1beta1.SecretServerProviderRef{ + SecretRef: &v1.SecretKeySelector{Name: "foo"}, + }, + }, + want: true, + }, + "false when neither Username or Password reference a secret": { + cfg: esv1beta1.SecretServerProvider{ + Username: &esv1beta1.SecretServerProviderRef{SecretRef: nil}, + Password: &esv1beta1.SecretServerProviderRef{SecretRef: nil}, + }, + want: false, + }, + } + for name, tc := range tests { + t.Run(name, func(t *testing.T) { + got := doesConfigDependOnNamespace(&tc.cfg) + assert.Equal(t, tc.want, got) + }) + } +} + +func TestValidateStore(t *testing.T) { + validSecretRefUsingValue := makeSecretRefUsingValue("foo") + ambiguousSecretRef := &esv1beta1.SecretServerProviderRef{ + SecretRef: &v1.SecretKeySelector{Name: "foo"}, Value: "foo", + } + testURL := "https://example.com" + + tests := map[string]struct { + cfg esv1beta1.SecretServerProvider + want error + }{ + "invalid without username": { + cfg: esv1beta1.SecretServerProvider{ + Username: nil, + Password: validSecretRefUsingValue, + ServerURL: testURL, + }, + want: errEmptyUserName, + }, + "invalid without password": { + cfg: esv1beta1.SecretServerProvider{ + Username: validSecretRefUsingValue, + Password: nil, + ServerURL: testURL, + }, + want: errEmptyPassword, + }, + "invalid without serverURL": { + cfg: esv1beta1.SecretServerProvider{ + Username: validSecretRefUsingValue, + Password: validSecretRefUsingValue, + /*ServerURL: testURL,*/ + }, + want: errEmptyServerURL, + }, + "invalid with ambiguous Username": { + cfg: esv1beta1.SecretServerProvider{ + Username: ambiguousSecretRef, + Password: validSecretRefUsingValue, + ServerURL: testURL, + }, + want: errSecretRefAndValueConflict, + }, + "invalid with ambiguous Password": { + cfg: esv1beta1.SecretServerProvider{ + Username: validSecretRefUsingValue, + Password: ambiguousSecretRef, + ServerURL: testURL, + }, + want: errSecretRefAndValueConflict, + }, + "invalid with invalid Username": { + cfg: esv1beta1.SecretServerProvider{ + Username: makeSecretRefUsingValue(""), + Password: validSecretRefUsingValue, + ServerURL: testURL, + }, + want: errSecretRefAndValueMissing, + }, + "invalid with invalid Password": { + cfg: esv1beta1.SecretServerProvider{ + Username: validSecretRefUsingValue, + Password: makeSecretRefUsingValue(""), + ServerURL: testURL, + }, + want: errSecretRefAndValueMissing, + }, + "valid with tenant/clientID/clientSecret": { + cfg: esv1beta1.SecretServerProvider{ + Username: validSecretRefUsingValue, + Password: validSecretRefUsingValue, + ServerURL: testURL, + }, + want: nil, + }, + } + for name, tc := range tests { + t.Run(name, func(t *testing.T) { + s := esv1beta1.SecretStore{ + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + SecretServer: &tc.cfg, + }, + }, + } + p := &Provider{} + _, got := p.ValidateStore(&s) + assert.Equal(t, tc.want, got) + }) + } +} + +func TestNewClient(t *testing.T) { + userNameKey := "username" + userNameValue := "foo" + passwordKey := "password" + passwordValue := generateRandomString() + + clientSecret := &corev1.Secret{ + ObjectMeta: metav1.ObjectMeta{Name: "foo", Namespace: "default"}, + Data: map[string][]byte{ + userNameKey: []byte(userNameValue), + passwordKey: []byte(passwordValue), + }, + } + + validProvider := &esv1beta1.SecretServerProvider{ + Username: makeSecretRefUsingRef(clientSecret.Name, userNameKey), + Password: makeSecretRefUsingRef(clientSecret.Name, passwordKey), + ServerURL: "https://example.com", + } + + tests := map[string]struct { + store esv1beta1.GenericStore // leave nil for namespaced store + provider *esv1beta1.SecretServerProvider // discarded when store is set + kube kubeClient.Client + errCheck func(t *testing.T, err error) + }{ + "missing provider config": { + provider: nil, + errCheck: func(t *testing.T, err error) { + assert.ErrorIs(t, err, errInvalidSpec) + }, + }, + "namespace-dependent cluster secret store": { + store: &esv1beta1.ClusterSecretStore{ + TypeMeta: metav1.TypeMeta{Kind: esv1beta1.ClusterSecretStoreKind}, + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + SecretServer: validProvider, + }, + }, + }, + errCheck: func(t *testing.T, err error) { + assert.ErrorIs(t, err, errClusterStoreRequiresNamespace) + }, + }, + "dangling password ref": { + provider: &esv1beta1.SecretServerProvider{ + Username: validProvider.Username, + Password: makeSecretRefUsingRef("typo", passwordKey), + ServerURL: validProvider.ServerURL, + }, + kube: clientfake.NewClientBuilder().WithObjects(clientSecret).Build(), + errCheck: func(t *testing.T, err error) { + assert.True(t, kubeErrors.IsNotFound(err)) + }, + }, + "dangling username ref": { + provider: &esv1beta1.SecretServerProvider{ + Username: makeSecretRefUsingRef("typo", userNameKey), + Password: validProvider.Password, + ServerURL: validProvider.ServerURL, + }, + kube: clientfake.NewClientBuilder().WithObjects(clientSecret).Build(), + errCheck: func(t *testing.T, err error) { + assert.True(t, kubeErrors.IsNotFound(err)) + }, + }, + "secret ref without name": { + provider: &esv1beta1.SecretServerProvider{ + Username: makeSecretRefUsingRef("", userNameKey), + Password: validProvider.Password, + ServerURL: validProvider.ServerURL, + }, + kube: clientfake.NewClientBuilder().WithObjects(clientSecret).Build(), + errCheck: func(t *testing.T, err error) { + assert.ErrorIs(t, err, errMissingSecretName) + }, + }, + "secret ref without key": { + provider: &esv1beta1.SecretServerProvider{ + Username: validProvider.Password, + Password: makeSecretRefUsingRef(clientSecret.Name, ""), + ServerURL: validProvider.ServerURL, + }, + kube: clientfake.NewClientBuilder().WithObjects(clientSecret).Build(), + errCheck: func(t *testing.T, err error) { + assert.ErrorIs(t, err, errMissingSecretKey) + }, + }, + "secret ref with non-existent keys": { + provider: &esv1beta1.SecretServerProvider{ + Username: makeSecretRefUsingRef(clientSecret.Name, "typo"), + Password: makeSecretRefUsingRef(clientSecret.Name, passwordKey), + ServerURL: validProvider.ServerURL, + }, + kube: clientfake.NewClientBuilder().WithObjects(clientSecret).Build(), + errCheck: func(t *testing.T, err error) { + assert.EqualError(t, err, "cannot find secret data for key: \"typo\"") + }, + }, + "valid secret refs": { + provider: validProvider, + kube: clientfake.NewClientBuilder().WithObjects(clientSecret).Build(), + }, + "secret values": { + provider: &esv1beta1.SecretServerProvider{ + Username: makeSecretRefUsingValue(userNameValue), + Password: makeSecretRefUsingValue(passwordValue), + ServerURL: validProvider.ServerURL, + }, + kube: clientfake.NewClientBuilder().WithObjects(clientSecret).Build(), + }, + "cluster secret store": { + store: &esv1beta1.ClusterSecretStore{ + TypeMeta: metav1.TypeMeta{Kind: esv1beta1.ClusterSecretStoreKind}, + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + SecretServer: &esv1beta1.SecretServerProvider{ + Username: makeSecretRefUsingNamespacedRef(clientSecret.Namespace, clientSecret.Name, userNameKey), + Password: makeSecretRefUsingNamespacedRef(clientSecret.Namespace, clientSecret.Name, passwordKey), + ServerURL: validProvider.ServerURL, + }, + }, + }, + }, + kube: clientfake.NewClientBuilder().WithObjects(clientSecret).Build(), + }, + } + for name, tc := range tests { + t.Run(name, func(t *testing.T) { + p := &Provider{} + store := tc.store + if store == nil { + store = &esv1beta1.SecretStore{ + TypeMeta: metav1.TypeMeta{Kind: esv1beta1.SecretStoreKind}, + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + SecretServer: tc.provider, + }, + }, + } + } + sc, err := p.NewClient(context.Background(), store, tc.kube, clientSecret.Namespace) + if tc.errCheck == nil { + assert.NoError(t, err) + delineaClient, ok := sc.(*client) + assert.True(t, ok) + secretServerClient, ok := delineaClient.api.(*server.Server) + assert.True(t, ok) + assert.Equal(t, server.UserCredential{ + Username: userNameValue, + Password: passwordValue, + }, secretServerClient.Configuration.Credentials) + } else { + assert.Nil(t, sc) + tc.errCheck(t, err) + } + }) + } +} + +func makeSecretRefUsingNamespacedRef(namespace, name, key string) *esv1beta1.SecretServerProviderRef { + return &esv1beta1.SecretServerProviderRef{ + SecretRef: &v1.SecretKeySelector{Namespace: utils.Ptr(namespace), Name: name, Key: key}, + } +} + +func makeSecretRefUsingValue(val string) *esv1beta1.SecretServerProviderRef { + return &esv1beta1.SecretServerProviderRef{Value: val} +} + +func makeSecretRefUsingRef(name, key string) *esv1beta1.SecretServerProviderRef { + return &esv1beta1.SecretServerProviderRef{ + SecretRef: &v1.SecretKeySelector{Name: name, Key: key}, + } +} + +func generateRandomString() string { + var letters = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789") + b := make([]rune, 10) + for i := range b { + b[i] = letters[rand.Intn(len(letters))] + } + + return string(b) +} diff --git a/pkg/provider/secretserver/secret_api.go b/pkg/provider/secretserver/secret_api.go new file mode 100644 index 00000000000..f8beacff6a3 --- /dev/null +++ b/pkg/provider/secretserver/secret_api.go @@ -0,0 +1,26 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package secretserver + +import ( + "github.com/DelineaXPM/tss-sdk-go/v2/server" +) + +// secretAPI represents the subset of the Secret Server API +// which is supported by tss-sdk-go/v2. +type secretAPI interface { + Secret(id int) (*server.Secret, error) + Secrets(searchText, field string) ([]server.Secret, error) +} diff --git a/pkg/provider/secretserver/test_data.json b/pkg/provider/secretserver/test_data.json new file mode 100644 index 00000000000..611e5906d48 --- /dev/null +++ b/pkg/provider/secretserver/test_data.json @@ -0,0 +1,38 @@ +{ +"Name": "ESO-test-secret", +"FolderID": 73, +"ID": 1000, +"SiteID": 1, +"SecretTemplateID": 6098, +"SecretPolicyID": -1, +"PasswordTypeWebScriptID": -1, +"LauncherConnectAsSecretID": -1, +"CheckOutIntervalMinutes": -1, +"Active": true, +"CheckedOut": false, +"CheckOutEnabled": false, +"AutoChangeEnabled": false, +"CheckOutChangePasswordEnabled": false, +"DelayIndexing": false, +"EnableInheritPermissions": false, +"EnableInheritSecretPolicy": false, +"ProxyEnabled": false, +"RequiresComment": false, +"SessionRecordingEnabled": false, +"WebLauncherRequiresIncognitoMode": false, +"Items": [ + { + "ItemID": 286259, + "FieldID": 439, + "FileAttachmentID": 0, + "FieldName": "Data", + "Slug": "data", + "FieldDescription": "json text field", + "Filename": "", + "ItemValue": "{ \"user\": \"robertOppenheimer\", \"password\": \"badPassword\",\"server\":\"192.168.1.50\"}", + "IsFile": false, + "IsNotes": false, + "IsPassword": false + } +] +} From 43ee65f957cb12dcef8096be2781c0e2cdd006fc Mon Sep 17 00:00:00 2001 From: RMeans Date: Wed, 10 Jul 2024 12:29:42 -0700 Subject: [PATCH 168/517] Only URL encode data being passed to URLs (#3652) (#3674) Signed-off-by: Ryan Means Co-authored-by: Ryan Means --- pkg/common/webhook/webhook.go | 32 ++++++++++++++++++++-------- pkg/provider/webhook/webhook.go | 2 +- pkg/provider/webhook/webhook_test.go | 16 ++++++++++++++ 3 files changed, 40 insertions(+), 10 deletions(-) diff --git a/pkg/common/webhook/webhook.go b/pkg/common/webhook/webhook.go index f8d13435e57..03c758913de 100644 --- a/pkg/common/webhook/webhook.go +++ b/pkg/common/webhook/webhook.go @@ -116,13 +116,21 @@ func (w *Webhook) GetSecretMap(ctx context.Context, provider *Spec, ref *esv1bet return values, nil } -func (w *Webhook) GetTemplateData(ctx context.Context, ref *esv1beta1.ExternalSecretDataRemoteRef, secrets []Secret) (map[string]map[string]string, error) { +func (w *Webhook) GetTemplateData(ctx context.Context, ref *esv1beta1.ExternalSecretDataRemoteRef, secrets []Secret, urlEncode bool) (map[string]map[string]string, error) { data := map[string]map[string]string{} if ref != nil { - data["remoteRef"] = map[string]string{ - "key": url.QueryEscape(ref.Key), - "version": url.QueryEscape(ref.Version), - "property": url.QueryEscape(ref.Property), + if urlEncode { + data["remoteRef"] = map[string]string{ + "key": url.QueryEscape(ref.Key), + "version": url.QueryEscape(ref.Version), + "property": url.QueryEscape(ref.Property), + } + } else { + data["remoteRef"] = map[string]string{ + "key": ref.Key, + "version": ref.Version, + "property": ref.Property, + } } } for _, secref := range secrets { @@ -144,19 +152,25 @@ func (w *Webhook) GetWebhookData(ctx context.Context, provider *Spec, ref *esv1b if w.HTTP == nil { return nil, fmt.Errorf("http client not initialized") } - data, err := w.GetTemplateData(ctx, ref, provider.Secrets) + + escapedData, err := w.GetTemplateData(ctx, ref, provider.Secrets, true) if err != nil { return nil, err } + rawData, err := w.GetTemplateData(ctx, ref, provider.Secrets, false) + if err != nil { + return nil, err + } + method := provider.Method if method == "" { method = http.MethodGet } - url, err := ExecuteTemplateString(provider.URL, data) + url, err := ExecuteTemplateString(provider.URL, escapedData) if err != nil { return nil, fmt.Errorf("failed to parse url: %w", err) } - body, err := ExecuteTemplate(provider.Body, data) + body, err := ExecuteTemplate(provider.Body, rawData) if err != nil { return nil, fmt.Errorf("failed to parse body: %w", err) } @@ -166,7 +180,7 @@ func (w *Webhook) GetWebhookData(ctx context.Context, provider *Spec, ref *esv1b return nil, fmt.Errorf("failed to create request: %w", err) } for hKey, hValueTpl := range provider.Headers { - hValue, err := ExecuteTemplateString(hValueTpl, data) + hValue, err := ExecuteTemplateString(hValueTpl, rawData) if err != nil { return nil, fmt.Errorf("failed to parse header %s: %w", hKey, err) } diff --git a/pkg/provider/webhook/webhook.go b/pkg/provider/webhook/webhook.go index 510f229b06b..852c2e1464d 100644 --- a/pkg/provider/webhook/webhook.go +++ b/pkg/provider/webhook/webhook.go @@ -133,7 +133,7 @@ func (w *WebHook) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDat return nil, err } // Only parse as json if we have a jsonpath set - data, err := w.wh.GetTemplateData(ctx, &ref, provider.Secrets) + data, err := w.wh.GetTemplateData(ctx, &ref, provider.Secrets, false) if err != nil { return nil, err } diff --git a/pkg/provider/webhook/webhook_test.go b/pkg/provider/webhook/webhook_test.go index a7fbe476fea..2cd8c5be4a0 100644 --- a/pkg/provider/webhook/webhook_test.go +++ b/pkg/provider/webhook/webhook_test.go @@ -51,6 +51,7 @@ type args struct { type want struct { Path string `json:"path,omitempty"` + Body string `json:"body,omitempty"` Err string `json:"err,omitempty"` Result string `json:"result,omitempty"` ResultMap map[string]string `json:"resultmap,omitempty"` @@ -327,6 +328,15 @@ want: alsosecret: another-value id: 1234 weight: 1.5 +--- +case: only url encoding for url templates +args: + url: /api/getsecrets?folder={{ .remoteRef.key }} + body: '{"folder": "{{ .remoteRef.key }}"}' + key: /myapp/secrets +want: + path: /api/getsecrets?folder=%2Fmyapp%2Fsecrets + body: '{"folder": "/myapp/secrets"}' ` func TestWebhookGetSecret(t *testing.T) { @@ -349,6 +359,12 @@ func testCaseServer(tc testCase, t *testing.T) *httptest.Server { if tc.Want.Path != "" && req.URL.String() != tc.Want.Path { t.Errorf("%s: unexpected api path: %s, expected %s", tc.Case, req.URL.String(), tc.Want.Path) } + if tc.Want.Body != "" { + b, _ := io.ReadAll(req.Body) + if string(b) != tc.Want.Body { + t.Errorf("%s: unexpected body: %s, expected %s", tc.Case, string(b), tc.Want.Body) + } + } if tc.Args.StatusCode != 0 { rw.WriteHeader(tc.Args.StatusCode) } From 03a2ee6ce0ffc3f412e64e111045a09cc3d6af9b Mon Sep 17 00:00:00 2001 From: Jefferson Machado <35748721+jeffmachado@users.noreply.github.com> Date: Thu, 11 Jul 2024 07:08:33 -0300 Subject: [PATCH 169/517] Commenting secrets manifest from hashicorp vault integration (#3680) Signed-off-by: Jefferson Machado <35748721+jeffmachado@users.noreply.github.com> --- docs/provider/hashicorp-vault.md | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/docs/provider/hashicorp-vault.md b/docs/provider/hashicorp-vault.md index ceeaa32d26d..612f1cbe891 100644 --- a/docs/provider/hashicorp-vault.md +++ b/docs/provider/hashicorp-vault.md @@ -89,12 +89,13 @@ spec: property: dev --- -# will create a secret with: -kind: Secret -metadata: - name: example-sync -data: - foobar: czNjcjN0 +# That will automatically create a Kubernetes Secret with: +# apiVersion: v1 +# kind: Secret +# metadata: +# name: example-sync +# data: +# foobar: czNjcjN0 ``` Keep in mind that fetching the labels with `metadataPolicy: Fetch` only works with KV sercrets engine version v2. From 14e6d78d255f8e6568d867252e8795d010c01cc3 Mon Sep 17 00:00:00 2001 From: Arthur Kepler <610274+excalq@users.noreply.github.com> Date: Thu, 11 Jul 2024 03:09:30 -0700 Subject: [PATCH 170/517] namespacesRegexdocs: Fix `namespaceRegexes` in full-cluster-secret-store.yaml (#3681) This fixes a typo on https://external-secrets.io/v0.9.20/api/clustersecretstore/, in which the property is incorrectly called `namespacesRegex` Signed-off-by: Arthur Kepler <610274+excalq@users.noreply.github.com> --- docs/snippets/full-cluster-secret-store.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/snippets/full-cluster-secret-store.yaml b/docs/snippets/full-cluster-secret-store.yaml index bcf82ae4fc0..6e46a3e44f0 100644 --- a/docs/snippets/full-cluster-secret-store.yaml +++ b/docs/snippets/full-cluster-secret-store.yaml @@ -151,8 +151,8 @@ spec: - "namespace-a" - "namespace-b" - # Namespace regex is helpful for namespace naming convention or when an external tool auto generate namespaces with prefix - - namespacesRegex: + # Namespace regexes are useful for policy management or when external tools auto-generate namespaces with prefixes/suffixes + - namespaceRegexes: - "namespace-a-.*" # All namespaces prefixed by namespace-a- will work - "namespace-b-.*" # All namespaces prefixed by namespace-b- will work From 475812167615a090334c584669f78f040f88854b Mon Sep 17 00:00:00 2001 From: Malik Date: Sat, 13 Jul 2024 14:34:35 -0400 Subject: [PATCH 171/517] Support for Oracle PushSecret.property #2911 (#3577) * feat: push entire secret (oracle) Signed-off-by: Malik Kennedy * feat: push entire secret (oracle) Signed-off-by: Malik Kennedy --------- Signed-off-by: Malik Kennedy --- pkg/provider/oracle/oracle.go | 15 +++++++++++++-- pkg/provider/oracle/oracle_test.go | 23 +++++++++++++++++++++++ 2 files changed, 36 insertions(+), 2 deletions(-) diff --git a/pkg/provider/oracle/oracle.go b/pkg/provider/oracle/oracle.go index 41a01ecfb74..2f4dfccbd7f 100644 --- a/pkg/provider/oracle/oracle.go +++ b/pkg/provider/oracle/oracle.go @@ -96,11 +96,22 @@ const ( ) func (vms *VaultManagementService) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { + if vms.encryptionKey == "" { + return fmt.Errorf("SecretStore must reference encryption key") + } + value := secret.Data[data.GetSecretKey()] if data.GetSecretKey() == "" { - return fmt.Errorf("pushing the whole secret is not yet implemented") + secretData := map[string]string{} + for k, v := range secret.Data { + secretData[k] = string(v) + } + jsonSecret, err := json.Marshal(secretData) + if err != nil { + return fmt.Errorf("unable to create json %v from value: %v", value, secretData) + } + value = jsonSecret } - value := secret.Data[data.GetSecretKey()] secretName := data.GetRemoteKey() encodedValue := base64.StdEncoding.EncodeToString(value) sec, action, err := vms.getSecretBundleWithCode(ctx, secretName) diff --git a/pkg/provider/oracle/oracle_test.go b/pkg/provider/oracle/oracle_test.go index 54284ab55f2..9885b551fc6 100644 --- a/pkg/provider/oracle/oracle_test.go +++ b/pkg/provider/oracle/oracle_test.go @@ -581,6 +581,7 @@ func TestOracleVaultGetAllSecrets(t *testing.T) { func TestOracleVaultPushSecret(t *testing.T) { testSecretKey := "test-secret-key" + encryptionKey := "must-not-be-blank-for-push" var testCases = map[string]struct { vms *VaultManagementService data testingfake.PushSecretData @@ -589,6 +590,7 @@ func TestOracleVaultPushSecret(t *testing.T) { }{ "create a secret if not exists": { &VaultManagementService{ + encryptionKey: encryptionKey, Client: &fakeoracle.OracleMockClient{ SecretBundles: map[string]secrets.SecretBundle{ s2id: s2bundle, @@ -605,8 +607,28 @@ func TestOracleVaultPushSecret(t *testing.T) { }, "created", }, + "create a json secret if not exists": { + &VaultManagementService{ + encryptionKey: encryptionKey, + Client: &fakeoracle.OracleMockClient{ + SecretBundles: map[string]secrets.SecretBundle{ + s2id: s2bundle, + }, + }, + VaultClient: &fakeoracle.OracleMockVaultClient{}, + }, + testingfake.PushSecretData{ + SecretKey: testSecretKey, + RemoteKey: s1id, + }, + func(vms *VaultManagementService) bool { + return vms.VaultClient.(*fakeoracle.OracleMockVaultClient).CreatedCount == 1 + }, + "{'key-a':'secret-a', 'key-b': 'secret-b'}", + }, "update a secret if exists": { &VaultManagementService{ + encryptionKey: encryptionKey, Client: &fakeoracle.OracleMockClient{ SecretBundles: map[string]secrets.SecretBundle{ s1id: s1bundle, @@ -626,6 +648,7 @@ func TestOracleVaultPushSecret(t *testing.T) { }, "neither create nor update if secret content is unchanged": { &VaultManagementService{ + encryptionKey: encryptionKey, Client: &fakeoracle.OracleMockClient{ SecretBundles: map[string]secrets.SecretBundle{ s1id: s1bundle, From bdd0c7ec9aad57813c992409702e9b361e31eac8 Mon Sep 17 00:00:00 2001 From: abhinav1708 Date: Mon, 15 Jul 2024 14:57:06 +0530 Subject: [PATCH 172/517] support for adding headers in vault provider (#3677) * support for vault headers Signed-off-by: Abhinav Garg 10033523 * changes in crds bases for headers support Signed-off-by: Abhinav Garg 10033523 * adding autogenerated files Signed-off-by: Abhinav Garg 10033523 * removing extra--- Signed-off-by: Abhinav Garg 10033523 * adding headers before x-vault-Inconsistent Signed-off-by: Abhinav Garg 10033523 * changing for lint pass Signed-off-by: Abhinav Garg 10033523 --------- Signed-off-by: Abhinav Garg 10033523 --- .../v1beta1/secretstore_vault_types.go | 4 ++++ .../v1beta1/zz_generated.deepcopy.go | 7 +++++++ .../external-secrets.io_clustersecretstores.yaml | 5 +++++ .../bases/external-secrets.io_secretstores.yaml | 5 +++++ ...s.external-secrets.io_vaultdynamicsecrets.yaml | 5 +++++ deploy/crds/bundle.yaml | 15 +++++++++++++++ docs/api/spec.md | 12 ++++++++++++ pkg/provider/vault/provider.go | 7 +++++++ 8 files changed, 60 insertions(+) diff --git a/apis/externalsecrets/v1beta1/secretstore_vault_types.go b/apis/externalsecrets/v1beta1/secretstore_vault_types.go index d221001d063..73f9b28fa01 100644 --- a/apis/externalsecrets/v1beta1/secretstore_vault_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_vault_types.go @@ -86,6 +86,10 @@ type VaultProvider struct { // https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header // +optional ForwardInconsistent bool `json:"forwardInconsistent,omitempty"` + + // Headers to be added in Vault request + // +optional + Headers map[string]string `json:"headers,omitempty"` } // VaultClientTLS is the configuration used for client side related TLS communication, diff --git a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go index 05a706316f4..d312b655b5e 100644 --- a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go @@ -3192,6 +3192,13 @@ func (in *VaultProvider) DeepCopyInto(out *VaultProvider) { *out = new(CAProvider) (*in).DeepCopyInto(*out) } + if in.Headers != nil { + in, out := &in.Headers, &out.Headers + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new VaultProvider. diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 310c1aa79f6..5703c216f1e 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -4401,6 +4401,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index b6a25e66e98..7bef1c62bbd 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -4401,6 +4401,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows diff --git a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml index acf23bdc957..b7b4dc8e838 100644 --- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml +++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml @@ -604,6 +604,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index d15190a0852..c9845a103e8 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -4748,6 +4748,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -10374,6 +10379,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows @@ -12064,6 +12074,11 @@ spec: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows diff --git a/docs/api/spec.md b/docs/api/spec.md index 554706bbafa..7ff62480a17 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -8627,6 +8627,18 @@ the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header

+ + +headers
+ +map[string]string + + + +(Optional) +

Headers to be added in Vault request

+ +

VaultUserPassAuth diff --git a/pkg/provider/vault/provider.go b/pkg/provider/vault/provider.go index df97f6e0636..597839c0a5a 100644 --- a/pkg/provider/vault/provider.go +++ b/pkg/provider/vault/provider.go @@ -149,9 +149,16 @@ func (p *Provider) initClient(ctx context.Context, c *client, client util.Client client.SetNamespace(*vaultSpec.Namespace) } + if vaultSpec.Headers != nil { + for hKey, hValue := range vaultSpec.Headers { + client.AddHeader(hKey, hValue) + } + } + if vaultSpec.ReadYourWrites && vaultSpec.ForwardInconsistent { client.AddHeader("X-Vault-Inconsistent", "forward-active-node") } + c.client = client c.auth = client.Auth() c.logical = client.Logical() From a8e25c0d608bcd1a68945e6df4a68796914b57ec Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 12:42:45 +0200 Subject: [PATCH 173/517] chore(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#3688) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.11 to 3.25.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/b611370bb5703a7efb587f9d136a52ea24c5c38c...4fa2a7953630fd2f3fb380f21be14ede0169dd4f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 0ad2d323fed..11e8f873b09 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@b611370bb5703a7efb587f9d136a52ea24c5c38c # v3.25.11 + uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 with: sarif_file: results.sarif From 31d78971ebc482f6585829c6a2013d085ad788f7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 12:43:35 +0200 Subject: [PATCH 174/517] chore(deps): bump actions/setup-go from 5.0.1 to 5.0.2 (#3691) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.1 to 5.0.2. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/cdcb36043654635271a94b9a6d1392de5bb323a7...0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- .github/workflows/docs.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/update-deps.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9a2dcb5cad4..4c30307e1e6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,7 +49,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 id: setup-go with: go-version-file: "go.mod" @@ -75,7 +75,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 id: setup-go with: go-version-file: "go.mod" @@ -106,7 +106,7 @@ jobs: run: git fetch --prune --unshallow - name: Setup Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 id: setup-go with: go-version-file: "go.mod" diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 37126bbb8c7..d675f59f9bc 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -20,7 +20,7 @@ jobs: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version-file: "go.mod" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e96330be68a..10329e48abb 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -66,7 +66,7 @@ jobs: install: true - name: Setup Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 id: setup-go with: go-version-file: "go.mod" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 9b7099a048a..697a55d48e8 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -76,7 +76,7 @@ jobs: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 id: setup-go with: go-version-file: "go.mod" diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index 2a2a7ab076a..154da7f2c0b 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -40,7 +40,7 @@ jobs: branch: ${{ fromJson(needs.branches.outputs.branches) }} steps: - name: Setup Go - uses: actions/setup-go@cdcb36043654635271a94b9a6d1392de5bb323a7 # v5.0.1 + uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 with: go-version: "1.21" From 0a71041531689f065299068668553203a58dc438 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 12:43:47 +0200 Subject: [PATCH 175/517] chore(deps): bump actions/setup-python from 5.1.0 to 5.1.1 (#3690) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.0 to 5.1.1. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/82c7e631bb3cdc910f68e0081d67478d79c6982d...39cd14951b08e74b54015e9e001cdefcf80e669f) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/helm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 469e8c30590..183db79d89d 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -34,7 +34,7 @@ jobs: with: version: v3.14.2 # remember to also update for the second job (release) - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 + - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 with: python-version: 3.7 From d888b6efd805c169f3b9120d55b14619b6f14eeb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 12:44:04 +0200 Subject: [PATCH 176/517] chore(deps): bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 (#3689) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.23.0 to 0.24.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/7c2007bcb556501da015201bcba5aa14069b74e2...6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 10329e48abb..1e030e045cc 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -126,7 +126,7 @@ jobs: run: make docker.build - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@7c2007bcb556501da015201bcba5aa14069b74e2 # master + uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # master with: image-ref: ${{ inputs.image-name }}:${{ steps.container_info.outputs.image-tag }} format: 'table' From 0688ad6e93cf895464bd40cab9c1b7ed75598b2e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 12:44:22 +0200 Subject: [PATCH 177/517] chore(deps): bump golang from `8c9183f` to `8c9183f` (#3687) Bumps golang from `8c9183f` to `8c9183f`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tilt.debug.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index cbfabb3fa71..5622fcefee1 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.5@sha256:fcae9e0e7313c6467a7c6632ebb5e5fab99bd39bd5eb6ee34a211353e647827a +FROM golang:1.22.5@sha256:829eff99a4b2abffe68f6a3847337bf6455d69d17e49ec1a97dac78834754bd6 WORKDIR / COPY ./bin/external-secrets /external-secrets From 393189209c49b000ec919b509cd8881c1337f166 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Jul 2024 12:44:41 +0200 Subject: [PATCH 178/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3692) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.28 to 9.5.29. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.28...9.5.29) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index b2c849bfb02..7f71114443e 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.0 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.28 +mkdocs-material==9.5.29 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 From 0fcf972a70a385763e2e82f67967fb37aecec165 Mon Sep 17 00:00:00 2001 From: Alok N Date: Tue, 16 Jul 2024 11:08:57 +0530 Subject: [PATCH 179/517] fix: aws secretexists returns true ifnotexists (#3684) Signed-off-by: Alok N --- pkg/provider/aws/secretsmanager/secretsmanager.go | 2 +- pkg/provider/aws/secretsmanager/secretsmanager_test.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/provider/aws/secretsmanager/secretsmanager.go b/pkg/provider/aws/secretsmanager/secretsmanager.go index 8c6b958ee64..24452e1f5ed 100644 --- a/pkg/provider/aws/secretsmanager/secretsmanager.go +++ b/pkg/provider/aws/secretsmanager/secretsmanager.go @@ -230,7 +230,7 @@ func (sm *SecretsManager) handleSecretError(err error) (bool, error) { return false, err } if aerr.Code() == awssm.ErrCodeResourceNotFoundException { - return true, nil + return false, nil } return false, err } diff --git a/pkg/provider/aws/secretsmanager/secretsmanager_test.go b/pkg/provider/aws/secretsmanager/secretsmanager_test.go index d0f514f367c..d10c450313d 100644 --- a/pkg/provider/aws/secretsmanager/secretsmanager_test.go +++ b/pkg/provider/aws/secretsmanager/secretsmanager_test.go @@ -1359,7 +1359,7 @@ func TestSecretExists(t *testing.T) { wantError: true, }, }, - "SecretExistsReturnsTrueForNonExistingSecret": { + "SecretExistsReturnsFalseForNonExistingSecret": { args: args{ store: makeValidSecretStore().Spec.Provider.AWS, client: fakesm.Client{ @@ -1369,7 +1369,7 @@ func TestSecretExists(t *testing.T) { }, want: want{ err: nil, - wantError: true, + wantError: false, }, }, "SecretExistsReturnsFalseForErroredSecret": { From 6c4bbdfb5123efd500e6efcde547e9888bbadc45 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Thu, 18 Jul 2024 09:22:11 +0200 Subject: [PATCH 180/517] update dependencies (#3693) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/go.mod | 36 ++++++++++---------- e2e/go.sum | 75 +++++++++++++++++++++--------------------- go.mod | 48 +++++++++++++-------------- go.sum | 96 +++++++++++++++++++++++++++--------------------------- 4 files changed, 128 insertions(+), 127 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 9cc0cc00b48..89b80432810 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -39,7 +39,7 @@ replace ( ) require ( - cloud.google.com/go/secretmanager v1.13.3 + cloud.google.com/go/secretmanager v1.13.4 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 @@ -48,7 +48,7 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.54.15 + github.com/aws/aws-sdk-go v1.54.19 github.com/cyberark/conjur-api-go v0.12.0 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 @@ -58,26 +58,26 @@ require ( github.com/hashicorp/vault/api v1.14.0 github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.69.0 - github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 + github.com/oracle/oci-go-sdk/v65 v65.69.1 + github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 github.com/xanzy/go-gitlab v0.106.0 golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.187.0 + google.golang.org/api v0.188.0 k8s.io/api v0.30.2 k8s.io/apiextensions-apiserver v0.30.2 k8s.io/apimachinery v0.30.2 k8s.io/client-go v1.5.2 - k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 + k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 sigs.k8s.io/controller-runtime v0.18.4 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/auth v0.6.1 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect - cloud.google.com/go/compute/metadata v0.4.0 // indirect - cloud.google.com/go/iam v1.1.10 // indirect + cloud.google.com/go/auth v0.7.1 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect + cloud.google.com/go/compute/metadata v0.5.0 // indirect + cloud.google.com/go/iam v1.1.11 // indirect dario.cat/mergo v1.0.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect @@ -99,7 +99,7 @@ require ( github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/cenkalti/backoff/v3 v3.2.2 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/danieljoos/wincred v1.2.1 // indirect + github.com/danieljoos/wincred v1.2.2 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect @@ -109,7 +109,7 @@ require ( github.com/fluxcd/pkg/apis/acl v0.1.0 // indirect github.com/fluxcd/pkg/apis/kustomize v1.2.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/go-jose/go-jose/v4 v4.0.2 // indirect + github.com/go-jose/go-jose/v4 v4.0.3 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect @@ -127,7 +127,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0 // indirect + github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect @@ -150,7 +150,7 @@ require ( github.com/kylelemons/godebug v1.1.0 // indirect github.com/lestrrat-go/blackmagic v1.0.2 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect - github.com/lestrrat-go/httprc v1.0.5 // indirect + github.com/lestrrat-go/httprc v1.0.6 // indirect github.com/lestrrat-go/iter v1.0.2 // indirect github.com/lestrrat-go/jwx/v2 v2.1.0 // indirect github.com/lestrrat-go/option v1.0.1 // indirect @@ -199,9 +199,9 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.23.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240701130421-f6361c86f094 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d // indirect google.golang.org/grpc v1.65.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -210,7 +210,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2 // indirect + k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index 39c13628120..c29c21e6dce 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,10 +20,10 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.6.1 h1:T0Zw1XM5c1GlpN2HYr2s+m3vr1p2wy+8VN+Z1FKxW38= -cloud.google.com/go/auth v0.6.1/go.mod h1:eFHG7zDzbXHKmjJddFG/rBlcGp6t25SwRUiEQSlO4x4= -cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= -cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= +cloud.google.com/go/auth v0.7.1 h1:Iv1bbpzJ2OIg16m94XI9/tlzZZl3cdeR3nGVGj78N7s= +cloud.google.com/go/auth v0.7.1/go.mod h1:VEc4p5NNxycWQTMQEDQF0bd6aTMb6VgYDXEwiJJQAbs= +cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= +cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -31,18 +31,18 @@ cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUM cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.4.0 h1:vHzJCWaM4g8XIcm8kopr3XmDA4Gy/lblD3EhhSux05c= -cloud.google.com/go/compute/metadata v0.4.0/go.mod h1:SIQh1Kkb4ZJ8zJ874fqVkslA29PRXuleyj6vOzlbK7M= +cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= +cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.10 h1:ZSAr64oEhQSClwBL670MsJAW5/RLiC6kfw3Bqmd5ZDI= -cloud.google.com/go/iam v1.1.10/go.mod h1:iEgMq62sg8zx446GCaijmA2Miwg5o3UbO+nI47WHJps= +cloud.google.com/go/iam v1.1.11 h1:0mQ8UKSfdHLut6pH9FM3bI55KWR46ketn0PuXleDyxw= +cloud.google.com/go/iam v1.1.11/go.mod h1:biXoiLWYIKntto2joP+62sd9uW5EpkZmKIvfNcTWlnQ= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.3 h1:VqUVYY3U6uFXOhPdZgAoZH9m8E6p7eK02TsDRj2SBf4= -cloud.google.com/go/secretmanager v1.13.3/go.mod h1:e45+CxK0w6GaL4hS+KabgQskl4RdSS30b+HRf0TH0kk= +cloud.google.com/go/secretmanager v1.13.4 h1:pizLSVUkZ8RdeQL5Vswj/3ujVC4kSY5eTxAWyMwQ1uc= +cloud.google.com/go/secretmanager v1.13.4/go.mod h1:SjKHs6rx0ELUqfbRWrWq4e7SiNKV7QMWZtvZsQm3k5w= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -115,8 +115,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.54.15 h1:ErgCEVbzuSfuZl9nR+g8FFnzjgeJ/AqAGOEWn6tgAHo= -github.com/aws/aws-sdk-go v1.54.15/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.54.19 h1:tyWV+07jagrNiCcGRzRhdtVjQs7Vy41NwsuOcl0IbVI= +github.com/aws/aws-sdk-go v1.54.19/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -135,8 +135,8 @@ github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnht github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cyberark/conjur-api-go v0.12.0 h1:84h/IcphuuyWW1R4VX/Syuyw4lfR89sKvxloexJYmn8= github.com/cyberark/conjur-api-go v0.12.0/go.mod h1:WjXCREpdXyU69k5ZwYQMA3k+VkPwMznr22fKSMD5OUE= -github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= -github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps= +github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= +github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -182,8 +182,8 @@ github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyT github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= -github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= +github.com/go-jose/go-jose/v4 v4.0.3 h1:o8aphO8Hv6RPmH+GfzVuyf7YXSBibp+8YyHdOoDESGo= +github.com/go-jose/go-jose/v4 v4.0.3/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -289,8 +289,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0 h1:e+8XbKB6IMn8A4OAyZccO4pYfB3s7bt6azNIPE7AnPg= -github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da h1:xRmpO92tb8y+Z85iUOMOicpCfaYcv7o3Cg3wKrIpg8g= +github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -368,8 +368,8 @@ github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE= github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= -github.com/lestrrat-go/httprc v1.0.5 h1:bsTfiH8xaKOJPrg1R+E3iE/AWZr/x0Phj9PBTG/OLUk= -github.com/lestrrat-go/httprc v1.0.5/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= +github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCGW8k= +github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= github.com/lestrrat-go/jwx/v2 v2.1.0 h1:0zs7Ya6+39qoit7gwAf+cYm1zzgS3fceIdo7RmQ5lkw= @@ -412,8 +412,8 @@ github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.69.0 h1:DbrRf5qcpwl7V3ixk6dxDYfHtOs3aMmlsHFld3oBjMk= -github.com/oracle/oci-go-sdk/v65 v65.69.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.69.1 h1:X3vNSw9tXOxML96L3wBxrK7cwESgP/H1IgR8rTH5Ab4= +github.com/oracle/oci-go-sdk/v65 v65.69.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -435,8 +435,8 @@ github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 h1:2vT+ryIQGfF21HN/W5yn/CBPpsTJULuuepWfUq/geV4= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 h1:BkTk4gynLjguayxrYxZoMZjBnAOh7ntQvUkOFmkMqPU= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= @@ -454,8 +454,9 @@ github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= -github.com/stretchr/objx v0.5.0 h1:1zr/of2m5FGMsad5YfcqgdqdWrIhu+EBEJRhR1U7z/c= github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo= +github.com/stretchr/objx v0.5.2 h1:xuMeJ0Sdp5ZMRXx/aWO6RZxdr3beISkG5/G/aIRr3pY= +github.com/stretchr/objx v0.5.2/go.mod h1:FRsXN1f5AsAjCGJKqEizvkpNtU+EGNCLh3NxZ/8L+MA= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= @@ -811,8 +812,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.187.0 h1:Mxs7VATVC2v7CY+7Xwm4ndkX71hpElcvx0D1Ji/p1eo= -google.golang.org/api v0.187.0/go.mod h1:KIHlTc4x7N7gKKuVsdmfBXN13yEEWXWFURWY6SBp2gk= +google.golang.org/api v0.188.0 h1:51y8fJ/b1AaaBRJr4yWm96fPcuxSo0JcegXE3DaHQHw= +google.golang.org/api v0.188.0/go.mod h1:VR0d+2SIiWOYG3r/jdm7adPW9hI2aRv9ETOSCQ9Beag= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -860,12 +861,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240701130421-f6361c86f094 h1:6whtk83KtD3FkGrVb2hFXuQ+ZMbCNdakARIn/aHMmG8= -google.golang.org/genproto v0.0.0-20240701130421-f6361c86f094/go.mod h1:Zs4wYw8z1zr6RNF4cwYb31mvN/EGaKAdQjNCF3DW6K4= -google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0= -google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d h1:/hmn0Ku5kWij/kjGsrcJeC1T/MrJi2iNWwgAqrihFwc= +google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d/go.mod h1:FfBgJBJg9GcpPvKIuHSZ/aE1g2ecGL74upMzGZjiGEY= +google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d h1:kHjw/5UfflP/L5EbledDrcG4C2597RtymmGRZvHiCuY= +google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d h1:JU0iKnSg02Gmb5ZdV8nYsKEKsP6o/FGVWTrw4i1DA9A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -940,10 +941,10 @@ k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2 h1:T5TEV4a+pEjc+j9Xui3MGGeoDLIN6uzZrx8NYotFMgQ= -k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f h1:2sXuKesAYbRHxL3aE2PN6zX/gcJr22cjrsej+W784Tc= +k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/go.mod b/go.mod index 9fc3771e0a6..a79e1a60232 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,8 @@ go 1.22.4 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 require ( - cloud.google.com/go/iam v1.1.10 - cloud.google.com/go/secretmanager v1.13.3 + cloud.google.com/go/iam v1.1.11 + cloud.google.com/go/secretmanager v1.13.4 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 @@ -19,7 +19,7 @@ require ( github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.54.15 + github.com/aws/aws-sdk-go v1.54.19 github.com/go-logr/logr v1.4.2 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 @@ -32,7 +32,7 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.69.0 + github.com/oracle/oci-go-sdk/v65 v65.69.1 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 @@ -45,8 +45,8 @@ require ( go.uber.org/zap v1.27.0 golang.org/x/crypto v0.25.0 golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.187.0 - google.golang.org/genproto v0.0.0-20240701130421-f6361c86f094 + google.golang.org/api v0.188.0 + google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d google.golang.org/grpc v1.65.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -54,7 +54,7 @@ require ( k8s.io/apiextensions-apiserver v0.30.2 k8s.io/apimachinery v0.30.2 k8s.io/client-go v0.30.2 - k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 + k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 sigs.k8s.io/controller-runtime v0.18.4 sigs.k8s.io/controller-tools v0.15.0 ) @@ -73,7 +73,7 @@ require ( github.com/alibabacloud-go/openapi-util v0.1.0 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.5 - github.com/aliyun/credentials-go v1.3.4 + github.com/aliyun/credentials-go v1.3.5 github.com/avast/retry-go/v4 v4.6.0 github.com/cyberark/conjur-api-go v0.12.0 github.com/fortanix/sdkms-client-go v0.4.0 @@ -87,19 +87,19 @@ require ( github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 github.com/passbolt/go-passbolt v0.7.0 github.com/pulumi/esc v0.9.1 - github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 + github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2 + k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/auth v0.6.1 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect - cloud.google.com/go/compute/metadata v0.4.0 // indirect + cloud.google.com/go/auth v0.7.1 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect + cloud.google.com/go/compute/metadata v0.5.0 // indirect dario.cat/mergo v1.0.0 // indirect github.com/BurntSushi/toml v1.4.0 // indirect github.com/Microsoft/go-winio v0.6.2 // indirect @@ -127,16 +127,16 @@ require ( github.com/blang/semver v3.5.1+incompatible // indirect github.com/charmbracelet/bubbles v0.18.0 // indirect github.com/charmbracelet/bubbletea v0.26.6 // indirect - github.com/charmbracelet/lipgloss v0.11.0 // indirect - github.com/charmbracelet/x/ansi v0.1.2 // indirect + github.com/charmbracelet/lipgloss v0.12.1 // indirect + github.com/charmbracelet/x/ansi v0.1.4 // indirect github.com/charmbracelet/x/input v0.1.2 // indirect github.com/charmbracelet/x/term v0.1.1 // indirect github.com/charmbracelet/x/windows v0.1.2 // indirect github.com/cheggaaa/pb v1.0.29 // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect github.com/cloudflare/circl v1.3.9 // indirect - github.com/cyphar/filepath-securejoin v0.2.5 // indirect - github.com/danieljoos/wincred v1.2.1 // indirect + github.com/cyphar/filepath-securejoin v0.3.0 // indirect + github.com/danieljoos/wincred v1.2.2 // indirect github.com/djherbis/times v1.6.0 // indirect github.com/emirpasic/gods v1.18.1 // indirect github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect @@ -145,13 +145,13 @@ require ( github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect github.com/go-git/go-billy/v5 v5.5.0 // indirect github.com/go-git/go-git/v5 v5.12.0 // indirect - github.com/go-jose/go-jose/v4 v4.0.2 // indirect + github.com/go-jose/go-jose/v4 v4.0.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-playground/validator/v10 v10.22.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.12.0 // indirect - github.com/golang/glog v1.2.1 // indirect + github.com/golang/glog v1.2.2 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 // indirect @@ -159,7 +159,7 @@ require ( github.com/hashicorp/hcl/v2 v2.21.0 // indirect github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect github.com/kevinburke/ssh_config v1.2.0 // indirect - github.com/lestrrat-go/httprc v1.0.5 // indirect + github.com/lestrrat-go/httprc v1.0.6 // indirect github.com/lucasb-eyer/go-colorful v1.2.0 // indirect github.com/mattn/go-localereader v0.0.1 // indirect github.com/mattn/go-runewidth v0.0.15 // indirect @@ -172,7 +172,7 @@ require ( github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.122.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.124.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect @@ -194,8 +194,8 @@ require ( go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/otel/trace v1.28.0 // indirect golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d // indirect gopkg.in/warnings.v0 v0.1.2 // indirect lukechampine.com/frand v1.4.2 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect @@ -241,7 +241,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0 // indirect + github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect diff --git a/go.sum b/go.sum index 964d60d3c14..dbe63bae585 100644 --- a/go.sum +++ b/go.sum @@ -20,10 +20,10 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.6.1 h1:T0Zw1XM5c1GlpN2HYr2s+m3vr1p2wy+8VN+Z1FKxW38= -cloud.google.com/go/auth v0.6.1/go.mod h1:eFHG7zDzbXHKmjJddFG/rBlcGp6t25SwRUiEQSlO4x4= -cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= -cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= +cloud.google.com/go/auth v0.7.1 h1:Iv1bbpzJ2OIg16m94XI9/tlzZZl3cdeR3nGVGj78N7s= +cloud.google.com/go/auth v0.7.1/go.mod h1:VEc4p5NNxycWQTMQEDQF0bd6aTMb6VgYDXEwiJJQAbs= +cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= +cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -31,18 +31,18 @@ cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUM cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.4.0 h1:vHzJCWaM4g8XIcm8kopr3XmDA4Gy/lblD3EhhSux05c= -cloud.google.com/go/compute/metadata v0.4.0/go.mod h1:SIQh1Kkb4ZJ8zJ874fqVkslA29PRXuleyj6vOzlbK7M= +cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= +cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.10 h1:ZSAr64oEhQSClwBL670MsJAW5/RLiC6kfw3Bqmd5ZDI= -cloud.google.com/go/iam v1.1.10/go.mod h1:iEgMq62sg8zx446GCaijmA2Miwg5o3UbO+nI47WHJps= +cloud.google.com/go/iam v1.1.11 h1:0mQ8UKSfdHLut6pH9FM3bI55KWR46ketn0PuXleDyxw= +cloud.google.com/go/iam v1.1.11/go.mod h1:biXoiLWYIKntto2joP+62sd9uW5EpkZmKIvfNcTWlnQ= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.3 h1:VqUVYY3U6uFXOhPdZgAoZH9m8E6p7eK02TsDRj2SBf4= -cloud.google.com/go/secretmanager v1.13.3/go.mod h1:e45+CxK0w6GaL4hS+KabgQskl4RdSS30b+HRf0TH0kk= +cloud.google.com/go/secretmanager v1.13.4 h1:pizLSVUkZ8RdeQL5Vswj/3ujVC4kSY5eTxAWyMwQ1uc= +cloud.google.com/go/secretmanager v1.13.4/go.mod h1:SjKHs6rx0ELUqfbRWrWq4e7SiNKV7QMWZtvZsQm3k5w= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -190,8 +190,8 @@ github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzY github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8= github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= -github.com/aliyun/credentials-go v1.3.4 h1:X5nse+8s7ft00ANpoG3+bFJIqZVpjHbOg7G9gWQshVY= -github.com/aliyun/credentials-go v1.3.4/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= +github.com/aliyun/credentials-go v1.3.5 h1:KhB5hRibvCugCIcpQxLZjjkb9EuAcu+MZi3GBc+/mv0= +github.com/aliyun/credentials-go v1.3.5/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= @@ -207,8 +207,8 @@ github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinR github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.54.15 h1:ErgCEVbzuSfuZl9nR+g8FFnzjgeJ/AqAGOEWn6tgAHo= -github.com/aws/aws-sdk-go v1.54.15/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.54.19 h1:tyWV+07jagrNiCcGRzRhdtVjQs7Vy41NwsuOcl0IbVI= +github.com/aws/aws-sdk-go v1.54.19/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -230,10 +230,10 @@ github.com/charmbracelet/bubbles v0.18.0 h1:PYv1A036luoBGroX6VWjQIE9Syf2Wby2oOl/ github.com/charmbracelet/bubbles v0.18.0/go.mod h1:08qhZhtIwzgrtBjAcJnij1t1H0ZRjwHyGsy6AL11PSw= github.com/charmbracelet/bubbletea v0.26.6 h1:zTCWSuST+3yZYZnVSvbXwKOPRSNZceVeqpzOLN2zq1s= github.com/charmbracelet/bubbletea v0.26.6/go.mod h1:dz8CWPlfCCGLFbBlTY4N7bjLiyOGDJEnd2Muu7pOWhk= -github.com/charmbracelet/lipgloss v0.11.0 h1:UoAcbQ6Qml8hDwSWs0Y1cB5TEQuZkDPH/ZqwWWYTG4g= -github.com/charmbracelet/lipgloss v0.11.0/go.mod h1:1UdRTH9gYgpcdNN5oBtjbu/IzNKtzVtb7sqN1t9LNn8= -github.com/charmbracelet/x/ansi v0.1.2 h1:6+LR39uG8DE6zAmbu023YlqjJHkYXDF1z36ZwzO4xZY= -github.com/charmbracelet/x/ansi v0.1.2/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= +github.com/charmbracelet/lipgloss v0.12.1 h1:/gmzszl+pedQpjCOH+wFkZr/N90Snz40J/NR7A0zQcs= +github.com/charmbracelet/lipgloss v0.12.1/go.mod h1:V2CiwIuhx9S1S1ZlADfOj9HmxeMAORuz5izHb0zGbB8= +github.com/charmbracelet/x/ansi v0.1.4 h1:IEU3D6+dWwPSgZ6HBH+v6oUuZ/nVawMiWj5831KfiLM= +github.com/charmbracelet/x/ansi v0.1.4/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= github.com/charmbracelet/x/input v0.1.2 h1:QJAZr33eOhDowkkEQ24rsJy4Llxlm+fRDf/cQrmqJa0= github.com/charmbracelet/x/input v0.1.2/go.mod h1:LGBim0maUY4Pitjn/4fHnuXb4KirU3DODsyuHuXdOyA= github.com/charmbracelet/x/term v0.1.1 h1:3cosVAiPOig+EV4X9U+3LDgtwwAoEzJjNdwbXDjF6yI= @@ -263,10 +263,10 @@ github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= github.com/ctdk/goiardi v0.11.10/go.mod h1:Pr6Cj6Wsahw45myttaOEZeZ0LE7p1qzWmzgsBISkrNI= github.com/cyberark/conjur-api-go v0.12.0 h1:84h/IcphuuyWW1R4VX/Syuyw4lfR89sKvxloexJYmn8= github.com/cyberark/conjur-api-go v0.12.0/go.mod h1:WjXCREpdXyU69k5ZwYQMA3k+VkPwMznr22fKSMD5OUE= -github.com/cyphar/filepath-securejoin v0.2.5 h1:6iR5tXJ/e6tJZzzdMc1km3Sa7RRIVBKAK32O2s7AYfo= -github.com/cyphar/filepath-securejoin v0.2.5/go.mod h1:aPGpWjXOXUn2NCNjFvBE6aRxGGx79pTxQpKOJNYHHl4= -github.com/danieljoos/wincred v1.2.1 h1:dl9cBrupW8+r5250DYkYxocLeZ1Y4vB1kxgtjxw8GQs= -github.com/danieljoos/wincred v1.2.1/go.mod h1:uGaFL9fDn3OLTvzCGulzE+SzjEe5NGlh5FdCcyfPwps= +github.com/cyphar/filepath-securejoin v0.3.0 h1:tXpmbiaeBrS/K2US8nhgwdKYnfAOnVfkcLPKFgFHeA0= +github.com/cyphar/filepath-securejoin v0.3.0/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= +github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= +github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -332,8 +332,8 @@ github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXY github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v4 v4.0.2 h1:R3l3kkBds16bO7ZFAEEcofK0MkrAJt3jlJznWZG0nvk= -github.com/go-jose/go-jose/v4 v4.0.2/go.mod h1:WVf9LFMHh/QVrmqrOfqun0C45tMe3RoiKJMPvgWwLfY= +github.com/go-jose/go-jose/v4 v4.0.3 h1:o8aphO8Hv6RPmH+GfzVuyf7YXSBibp+8YyHdOoDESGo= +github.com/go-jose/go-jose/v4 v4.0.3/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -387,8 +387,8 @@ github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVI github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.2.1 h1:OptwRhECazUx5ix5TTWC3EZhsZEHWcYWY4FQHTIubm4= -github.com/golang/glog v1.2.1/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/glog v1.2.2 h1:1+mZ9upx1Dh6FmUTFR1naJ77miKiXgALjWOZ3NVFPmY= +github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -460,8 +460,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0 h1:e+8XbKB6IMn8A4OAyZccO4pYfB3s7bt6azNIPE7AnPg= -github.com/google/pprof v0.0.0-20240625030939-27f56978b8b0/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da h1:xRmpO92tb8y+Z85iUOMOicpCfaYcv7o3Cg3wKrIpg8g= +github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -573,8 +573,8 @@ github.com/lestrrat-go/blackmagic v1.0.2 h1:Cg2gVSc9h7sz9NOByczrbUvLopQmXrfFx//N github.com/lestrrat-go/blackmagic v1.0.2/go.mod h1:UrEqBzIR2U6CnzVyUtfM6oZNMt/7O7Vohk2J0OGSAtU= github.com/lestrrat-go/httpcc v1.0.1 h1:ydWCStUeJLkpYyjLDHihupbn2tYmZ7m22BGkcvZZrIE= github.com/lestrrat-go/httpcc v1.0.1/go.mod h1:qiltp3Mt56+55GPVCbTdM9MlqhvzyuL6W/NMDA8vA5E= -github.com/lestrrat-go/httprc v1.0.5 h1:bsTfiH8xaKOJPrg1R+E3iE/AWZr/x0Phj9PBTG/OLUk= -github.com/lestrrat-go/httprc v1.0.5/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= +github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCGW8k= +github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= github.com/lestrrat-go/jwx/v2 v2.1.0 h1:0zs7Ya6+39qoit7gwAf+cYm1zzgS3fceIdo7RmQ5lkw= @@ -654,8 +654,8 @@ github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS6 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.69.0 h1:DbrRf5qcpwl7V3ixk6dxDYfHtOs3aMmlsHFld3oBjMk= -github.com/oracle/oci-go-sdk/v65 v65.69.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.69.1 h1:X3vNSw9tXOxML96L3wBxrK7cwESgP/H1IgR8rTH5Ab4= +github.com/oracle/oci-go-sdk/v65 v65.69.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= @@ -683,8 +683,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs= github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c= -github.com/pulumi/pulumi/sdk/v3 v3.122.0 h1:rW/RJ1GRelCi/5VY1+7ppqeF0AblWyjyjgNffqw4dc4= -github.com/pulumi/pulumi/sdk/v3 v3.122.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY= +github.com/pulumi/pulumi/sdk/v3 v3.124.0 h1:f9Rb2AhLSaacKTaBPbKXPCfviHxTuhEXafhT4E095Y0= +github.com/pulumi/pulumi/sdk/v3 v3.124.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -704,8 +704,8 @@ github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDj github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 h1:2vT+ryIQGfF21HN/W5yn/CBPpsTJULuuepWfUq/geV4= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 h1:BkTk4gynLjguayxrYxZoMZjBnAOh7ntQvUkOFmkMqPU= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8= github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM= github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= @@ -1173,8 +1173,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.187.0 h1:Mxs7VATVC2v7CY+7Xwm4ndkX71hpElcvx0D1Ji/p1eo= -google.golang.org/api v0.187.0/go.mod h1:KIHlTc4x7N7gKKuVsdmfBXN13yEEWXWFURWY6SBp2gk= +google.golang.org/api v0.188.0 h1:51y8fJ/b1AaaBRJr4yWm96fPcuxSo0JcegXE3DaHQHw= +google.golang.org/api v0.188.0/go.mod h1:VR0d+2SIiWOYG3r/jdm7adPW9hI2aRv9ETOSCQ9Beag= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1224,12 +1224,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240701130421-f6361c86f094 h1:6whtk83KtD3FkGrVb2hFXuQ+ZMbCNdakARIn/aHMmG8= -google.golang.org/genproto v0.0.0-20240701130421-f6361c86f094/go.mod h1:Zs4wYw8z1zr6RNF4cwYb31mvN/EGaKAdQjNCF3DW6K4= -google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0= -google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d h1:/hmn0Ku5kWij/kjGsrcJeC1T/MrJi2iNWwgAqrihFwc= +google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d/go.mod h1:FfBgJBJg9GcpPvKIuHSZ/aE1g2ecGL74upMzGZjiGEY= +google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d h1:kHjw/5UfflP/L5EbledDrcG4C2597RtymmGRZvHiCuY= +google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d h1:JU0iKnSg02Gmb5ZdV8nYsKEKsP6o/FGVWTrw4i1DA9A= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1321,10 +1321,10 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2 h1:T5TEV4a+pEjc+j9Xui3MGGeoDLIN6uzZrx8NYotFMgQ= -k8s.io/kube-openapi v0.0.0-20240703190633-0aa61b46e8c2/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= -k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f h1:2sXuKesAYbRHxL3aE2PN6zX/gcJr22cjrsej+W784Tc= +k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= +k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= lukechampine.com/frand v1.4.2 h1:RzFIpOvkMXuPMBb9maa4ND4wjBn71E1Jpf8BzJHMaVw= lukechampine.com/frand v1.4.2/go.mod h1:4S/TM2ZgrKejMcKMbeLjISpJMO+/eZ1zu3vYX9dtj3s= pgregory.net/rapid v0.5.5 h1:jkgx1TjbQPD/feRoK+S/mXw9e1uj6WilpHrXJowi6oA= From fb020db6de6446eeb81d1a2c08a37a3323bd4313 Mon Sep 17 00:00:00 2001 From: Ali Nadir <56518209+alinadir44@users.noreply.github.com> Date: Mon, 22 Jul 2024 00:36:56 +0500 Subject: [PATCH 181/517] Added 2 articles I wrote on AWS secrets injection and ESO templating (#3707) Signed-off-by: Ali Nadir <56518209+alinadir44@users.noreply.github.com> --- docs/eso-blogs.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/eso-blogs.md b/docs/eso-blogs.md index ff6475c3579..2c99407b563 100644 --- a/docs/eso-blogs.md +++ b/docs/eso-blogs.md @@ -59,3 +59,11 @@ Emin writes about the Push Secret feature of ESO and how this new feature revers ## [GCP Secret Manager with self-hosted Kubernetes](https://medium.com/@jjlakis/gcp-secret-manager-with-self-hosted-kubernetes-db35d01d65f0) Jacek writes about bringing GCP secrets to on-premises cluster through External Secrets Operator intergration with workload identity. + +## [Injecting AWS Secrets in a Kubernetes Cluster with External Secrets Operator](https://blog.devops.dev/injecting-external-secrets-in-a-kubernetes-cluster-1e9bbe0f0d5b) + +Ali writes about integrating AWS Secrets Manager and Parameter Store secrets within an EKS Cluster using ESO. He shows a quick setup of the operator, and how to fetch secrets in a repeatable fashion. The guide is bundled with cool illustrations and code snippets that describe the ESO architecture and injection process + +## [Encoding & Decoding Kubernetes Secrets — ESO Advanced Templating](https://blog.devops.dev/encoding-decoding-kubernetes-secrets-externalsecrets-operator-826b9680df63) + +Here, Ali briefly introduces templates within ESO and describes some use cases where templating can be crucial. Code snippets are included where needed too. \ No newline at end of file From 7f71b4717a32259cccaadc0a4d0986963604e2ce Mon Sep 17 00:00:00 2001 From: Mike Tougeron Date: Sun, 21 Jul 2024 12:37:48 -0700 Subject: [PATCH 182/517] Update docs for namespaceSelectors usage and namespaceSelector deprecation (#3695) Signed-off-by: Mike Tougeron --- docs/api/clusterexternalsecret.md | 9 ++++++++- docs/snippets/full-cluster-external-secret.yaml | 13 +++++++++++-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/docs/api/clusterexternalsecret.md b/docs/api/clusterexternalsecret.md index 59ec8528f16..ea2e688901b 100644 --- a/docs/api/clusterexternalsecret.md +++ b/docs/api/clusterexternalsecret.md @@ -2,7 +2,7 @@ The `ClusterExternalSecret` is a cluster scoped resource that can be used to manage `ExternalSecret` resources in specific namespaces. -With `namespaceSelector` you can select namespaces in which the ExternalSecret should be created. +With `namespaceSelectors` you can select namespaces in which the ExternalSecret should be created. If there is a conflict with an existing resource the controller will error out. ## Example @@ -12,3 +12,10 @@ Below is an example of the `ClusterExternalSecret` in use. ```yaml {% include 'full-cluster-external-secret.yaml' %} ``` + +## Deprecations + +### namespaceSelector + +The field `namespaceSelector` has been deprecated in favor of `namespaceSelectors` and will be removed in a future +version. diff --git a/docs/snippets/full-cluster-external-secret.yaml b/docs/snippets/full-cluster-external-secret.yaml index 94a6ea1f2da..caef33679b5 100644 --- a/docs/snippets/full-cluster-external-secret.yaml +++ b/docs/snippets/full-cluster-external-secret.yaml @@ -9,8 +9,17 @@ spec: # This is a basic label selector to select the namespaces to deploy ExternalSecrets to. # you can read more about them here https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#resources-that-support-set-based-requirements - namespaceSelector: - matchLabels: + # Deprecated: Use namespaceSelectors instead. + # namespaceSelector: + # matchLabels: + # cool: label + + # This is a list of basic label selector to select the namespaces to deploy ExternalSecrets to. + # you can read more about them here https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#resources-that-support-set-based-requirements + # The list is OR'd together, so if any of the namespaceSelectors match the namespace, + # the ExternalSecret will be deployed to that namespace. + namespaceSelectors: + - matchLabels: cool: label # How often the ClusterExternalSecret should reconcile itself From c078a88d9b8e2af47c159b3d1e2a599af4fd65d8 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Sun, 21 Jul 2024 21:42:14 +0200 Subject: [PATCH 183/517] fix: add namespace to path and route construction (#3632) * fix: add namespace to path and route construction Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix: use the correct namespace while restoring from auth namespace Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * added fix suggestion from Gustavo Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/vault/auth.go | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/pkg/provider/vault/auth.go b/pkg/provider/vault/auth.go index c924b1a3dca..7935cb9a276 100644 --- a/pkg/provider/vault/auth.go +++ b/pkg/provider/vault/auth.go @@ -43,6 +43,10 @@ const ( // setAuth gets a new token using the configured mechanism. // If there's already a valid token, does nothing. func (c *client) setAuth(ctx context.Context, cfg *vault.Config) error { + if c.store.Namespace != nil { // set namespace before checking the need for AuthNamespace + c.client.SetNamespace(*c.store.Namespace) + } + // Switch to auth namespace if different from the provider namespace restoreNamespace := c.useAuthNamespace(ctx) defer restoreNamespace() @@ -200,7 +204,7 @@ func revokeTokenIfValid(ctx context.Context, client util.Client) error { func (c *client) useAuthNamespace(_ context.Context) func() { ns := "" - if c.store.Namespace != nil { + if c.store != nil && c.store.Namespace != nil { ns = *c.store.Namespace } From c5060fb1fe6b37d7bef0a572b0d54a722ac0bdac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 11:24:35 +0300 Subject: [PATCH 184/517] chore(deps): bump softprops/action-gh-release from 2.0.6 to 2.0.8 (#3708) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.6 to 2.0.8. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/a74c6b72af54cfa997e81df42d94703d6313a2d0...c062e08bd532815e2082a85e87e3ef29c3e6d191) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 697a55d48e8..cf74d34bfb9 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: ref: ${{ github.event.inputs.source_ref }} - name: Create Release - uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 with: tag_name: ${{ github.event.inputs.version }} target_commitish: ${{ github.event.inputs.source_ref }} @@ -113,7 +113,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Update Release - uses: softprops/action-gh-release@a74c6b72af54cfa997e81df42d94703d6313a2d0 # v2.0.6 + uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 with: tag_name: ${{ github.event.inputs.version }} files: | From 4c1598e6412fbe21449500d3ad158801e236697b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 11:24:43 +0300 Subject: [PATCH 185/517] chore(deps): bump github/codeql-action from 3.25.12 to 3.25.13 (#3709) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.13. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4fa2a7953630fd2f3fb380f21be14ede0169dd4f...2d790406f505036ef40ecba973cc774a50395aac) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 11e8f873b09..243853f53b3 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4fa2a7953630fd2f3fb380f21be14ede0169dd4f # v3.25.12 + uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 with: sarif_file: results.sarif From 972f2270024a8aebd1867d9d0c2f125864fc272b Mon Sep 17 00:00:00 2001 From: Zaza Date: Mon, 22 Jul 2024 10:33:00 +0100 Subject: [PATCH 186/517] Update bitwarden-secrets-manager.md (#3710) Fixed typos in the bitwarden provider docs Signed-off-by: Zaza --- docs/provider/bitwarden-secrets-manager.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/provider/bitwarden-secrets-manager.md b/docs/provider/bitwarden-secrets-manager.md index 44b481a74ca..b65cd051995 100644 --- a/docs/provider/bitwarden-secrets-manager.md +++ b/docs/provider/bitwarden-secrets-manager.md @@ -27,7 +27,7 @@ helm install external-secrets \ ##### Certificate -The Bitwarden SDK Server _NEEDS_ to run as an HTTPS service. That means that any installation that once to with Bitwarden +The Bitwarden SDK Server _NEEDS_ to run as an HTTPS service. That means that any installation that wants to communicate with the Bitwarden provider will need to generate a certificate. The best approach for that is to use cert-manager. It's easy to set up and can generate a certificate that the store can use to connect with the server. From 26153cc9bdd25c233945f6856f433614b10841d0 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 22 Jul 2024 15:12:13 +0200 Subject: [PATCH 187/517] update dependencies (#3711) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator --- e2e/go.mod | 22 ++++++++-------- e2e/go.sum | 32 +++++++++++------------ go.mod | 38 ++++++++++++++-------------- go.sum | 74 ++++++++++++++++++++++++++++-------------------------- 4 files changed, 84 insertions(+), 82 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 89b80432810..eb6592b2118 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -48,8 +48,8 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.54.19 - github.com/cyberark/conjur-api-go v0.12.0 + github.com/aws/aws-sdk-go v1.54.20 + github.com/cyberark/conjur-api-go v0.12.3 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 github.com/fluxcd/pkg/apis/meta v1.2.0 @@ -58,14 +58,14 @@ require ( github.com/hashicorp/vault/api v1.14.0 github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.69.1 + github.com/oracle/oci-go-sdk/v65 v65.69.2 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 - github.com/xanzy/go-gitlab v0.106.0 + github.com/xanzy/go-gitlab v0.107.0 golang.org/x/oauth2 v0.21.0 google.golang.org/api v0.188.0 - k8s.io/api v0.30.2 - k8s.io/apiextensions-apiserver v0.30.2 - k8s.io/apimachinery v0.30.2 + k8s.io/api v0.30.3 + k8s.io/apiextensions-apiserver v0.30.3 + k8s.io/apimachinery v0.30.3 k8s.io/client-go v1.5.2 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 sigs.k8s.io/controller-runtime v0.18.4 @@ -79,9 +79,9 @@ require ( cloud.google.com/go/compute/metadata v0.5.0 // indirect cloud.google.com/go/iam v1.1.11 // indirect dario.cat/mergo v1.0.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/adal v0.9.24 // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect @@ -127,7 +127,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da // indirect + github.com/google/pprof v0.0.0-20240721033354-7089f98c1d14 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect @@ -190,7 +190,7 @@ require ( go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/otel/trace v1.28.0 // indirect golang.org/x/crypto v0.25.0 // indirect - golang.org/x/exp v0.0.0-20240707233637-46b078467d37 // indirect + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/net v0.27.0 // indirect golang.org/x/sync v0.7.0 // indirect golang.org/x/sys v0.22.0 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index c29c21e6dce..f23f006cc30 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -55,15 +55,15 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.1 h1:Xy/qV1DyOhhqsU/z0PyFMJfYCxnzna+vBEUtFW0ksQo= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.1/go.mod h1:oib6iWdC+sILvNUoJbbBn3xv7TXow7mEp/WRcsYvmow= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA= @@ -115,8 +115,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.54.19 h1:tyWV+07jagrNiCcGRzRhdtVjQs7Vy41NwsuOcl0IbVI= -github.com/aws/aws-sdk-go v1.54.19/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.54.20 h1:FZ2UcXya7bUkvkpf7TaPmiL7EubK0go1nlXGLRwEsoo= +github.com/aws/aws-sdk-go v1.54.20/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -133,8 +133,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cyberark/conjur-api-go v0.12.0 h1:84h/IcphuuyWW1R4VX/Syuyw4lfR89sKvxloexJYmn8= -github.com/cyberark/conjur-api-go v0.12.0/go.mod h1:WjXCREpdXyU69k5ZwYQMA3k+VkPwMznr22fKSMD5OUE= +github.com/cyberark/conjur-api-go v0.12.3 h1:LzSXJBKO36WJEcFceXYyb3y9lxHwx5WMhx/YH+RW88M= +github.com/cyberark/conjur-api-go v0.12.3/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0sYHXTMehaqIV/GxY= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -289,8 +289,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da h1:xRmpO92tb8y+Z85iUOMOicpCfaYcv7o3Cg3wKrIpg8g= -github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240721033354-7089f98c1d14 h1:m2fdPWWX/0mdyA1X3XbVTag5NEwmWv0mieoVuRq14A4= +github.com/google/pprof v0.0.0-20240721033354-7089f98c1d14/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -412,8 +412,8 @@ github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.69.1 h1:X3vNSw9tXOxML96L3wBxrK7cwESgP/H1IgR8rTH5Ab4= -github.com/oracle/oci-go-sdk/v65 v65.69.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.69.2 h1:lROMJ8/VakGOGObAWUxTVY2AX1wQCUIzVqfL4Fb2Ay8= +github.com/oracle/oci-go-sdk/v65 v65.69.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -484,8 +484,8 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= -github.com/xanzy/go-gitlab v0.106.0 h1:EDfD03K74cIlQo2EducfiupVrip+Oj02bq9ofw5F8sA= -github.com/xanzy/go-gitlab v0.106.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= +github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -548,8 +548,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w= -golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= diff --git a/go.mod b/go.mod index a79e1a60232..62c82afce11 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.54.19 + github.com/aws/aws-sdk-go v1.54.20 github.com/go-logr/logr v1.4.2 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 @@ -32,14 +32,14 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.19.0 github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.69.1 + github.com/oracle/oci-go-sdk/v65 v65.69.2 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.1 - github.com/xanzy/go-gitlab v0.106.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240701142715-6a03f33f8ec8 + github.com/xanzy/go-gitlab v0.107.0 + github.com/yandex-cloud/go-genproto v0.0.0-20240715115219-0c1e192fbf5c github.com/yandex-cloud/go-sdk v0.0.0-20240701143239-7326d2d09169 github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 go.uber.org/zap v1.27.0 @@ -50,10 +50,10 @@ require ( google.golang.org/grpc v1.65.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 - k8s.io/api v0.30.2 - k8s.io/apiextensions-apiserver v0.30.2 - k8s.io/apimachinery v0.30.2 - k8s.io/client-go v0.30.2 + k8s.io/api v0.30.3 + k8s.io/apiextensions-apiserver v0.30.3 + k8s.io/apimachinery v0.30.3 + k8s.io/client-go v0.30.3 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 sigs.k8s.io/controller-runtime v0.18.4 sigs.k8s.io/controller-tools v0.15.0 @@ -62,7 +62,7 @@ require ( require github.com/1Password/connect-sdk-go v1.5.3 require ( - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 @@ -72,10 +72,10 @@ require ( github.com/alibabacloud-go/kms-20160120/v3 v3.2.1 github.com/alibabacloud-go/openapi-util v0.1.0 github.com/alibabacloud-go/tea v1.2.2 - github.com/alibabacloud-go/tea-utils/v2 v2.0.5 + github.com/alibabacloud-go/tea-utils/v2 v2.0.6 github.com/aliyun/credentials-go v1.3.5 github.com/avast/retry-go/v4 v4.6.0 - github.com/cyberark/conjur-api-go v0.12.0 + github.com/cyberark/conjur-api-go v0.12.3 github.com/fortanix/sdkms-client-go v0.4.0 github.com/go-openapi/strfmt v0.23.0 github.com/golang-jwt/jwt/v5 v5.2.1 @@ -129,7 +129,7 @@ require ( github.com/charmbracelet/bubbletea v0.26.6 // indirect github.com/charmbracelet/lipgloss v0.12.1 // indirect github.com/charmbracelet/x/ansi v0.1.4 // indirect - github.com/charmbracelet/x/input v0.1.2 // indirect + github.com/charmbracelet/x/input v0.1.3 // indirect github.com/charmbracelet/x/term v0.1.1 // indirect github.com/charmbracelet/x/windows v0.1.2 // indirect github.com/cheggaaa/pb v1.0.29 // indirect @@ -172,7 +172,7 @@ require ( github.com/pgavlin/fx v0.1.6 // indirect github.com/pjbgf/sha1cd v0.3.0 // indirect github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.124.0 // indirect + github.com/pulumi/pulumi/sdk/v3 v3.125.0 // indirect github.com/rivo/uniseg v0.4.7 // indirect github.com/rogpeppe/go-internal v1.12.0 // indirect github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect @@ -180,14 +180,14 @@ require ( github.com/segmentio/asm v1.2.0 // indirect github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect github.com/sirupsen/logrus v1.9.3 // indirect - github.com/skeema/knownhosts v1.2.2 // indirect + github.com/skeema/knownhosts v1.3.0 // indirect github.com/texttheater/golang-levenshtein v1.0.1 // indirect github.com/tjfoc/gmsm v1.4.1 // indirect github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7 // indirect github.com/xanzy/ssh-agent v0.3.3 // indirect github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect github.com/zalando/go-keyring v0.2.5 // indirect - github.com/zclconf/go-cty v1.14.4 // indirect + github.com/zclconf/go-cty v1.15.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect go.opentelemetry.io/otel v1.28.0 // indirect @@ -202,7 +202,7 @@ require ( ) require ( - github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.1 // indirect + github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect @@ -225,7 +225,7 @@ require ( github.com/fatih/color v1.17.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect - github.com/go-chef/chef v0.29.0 + github.com/go-chef/chef v0.30.1 github.com/go-logr/zapr v1.3.0 // indirect github.com/go-openapi/errors v0.22.0 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect @@ -241,7 +241,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da // indirect + github.com/google/pprof v0.0.0-20240721033354-7089f98c1d14 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -294,7 +294,7 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240707233637-46b078467d37 + golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 golang.org/x/mod v0.19.0 // indirect golang.org/x/net v0.27.0 // indirect golang.org/x/sys v0.22.0 // indirect diff --git a/go.sum b/go.sum index dbe63bae585..34e64a3c48d 100644 --- a/go.sum +++ b/go.sum @@ -57,15 +57,15 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0 h1:1nGuui+4POelzDwI7RG56yfQJHCnKvwfMoU7VsEp+Zg= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.12.0/go.mod h1:99EvauvlcJ1U06amZiksfYz/3aFGyIhWGHVyiZXtBAI= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.1 h1:Xy/qV1DyOhhqsU/z0PyFMJfYCxnzna+vBEUtFW0ksQo= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.9.1/go.mod h1:oib6iWdC+sILvNUoJbbBn3xv7TXow7mEp/WRcsYvmow= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0/go.mod h1:iZDifYGJTIgIIkYRNWPENUnqx6bJ2xnSDFI2tjwZNuY= github.com/Azure/go-autorest v14.2.0+incompatible h1:V5VMDjClD3GiElqLWO7mz2MxNAK/vTfRHdAubSIPRgs= github.com/Azure/go-autorest v14.2.0+incompatible/go.mod h1:r+4oMnoxhatjLLJ6zxSWATqVooLgysK6ZNox3g/xq24= github.com/Azure/go-autorest/autorest v0.11.28/go.mod h1:MrkzG3Y3AH668QyF9KRk5neJnGgmhQ6krbhR8Q5eMvA= @@ -184,8 +184,9 @@ github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZL github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE= github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOqY6Eq8f3zfA= github.com/alibabacloud-go/tea-utils v1.4.5/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw= -github.com/alibabacloud-go/tea-utils/v2 v2.0.5 h1:EUakYEUAwr6L3wLT0vejIw2rc0IA1RSXDwLnIb3f2vU= github.com/alibabacloud-go/tea-utils/v2 v2.0.5/go.mod h1:dL6vbUT35E4F4bFTHL845eUloqaerYBYPsdWR2/jhe4= +github.com/alibabacloud-go/tea-utils/v2 v2.0.6 h1:ZkmUlhlQbaDC+Eba/GARMPy6hKdCLiSke5RsN5LcyQ0= +github.com/alibabacloud-go/tea-utils/v2 v2.0.6/go.mod h1:qxn986l+q33J5VkialKMqT/TTs3E+U9MJpd001iWQ9I= github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0= github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8= github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= @@ -207,8 +208,8 @@ github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinR github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.54.19 h1:tyWV+07jagrNiCcGRzRhdtVjQs7Vy41NwsuOcl0IbVI= -github.com/aws/aws-sdk-go v1.54.19/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.54.20 h1:FZ2UcXya7bUkvkpf7TaPmiL7EubK0go1nlXGLRwEsoo= +github.com/aws/aws-sdk-go v1.54.20/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= @@ -234,8 +235,8 @@ github.com/charmbracelet/lipgloss v0.12.1 h1:/gmzszl+pedQpjCOH+wFkZr/N90Snz40J/N github.com/charmbracelet/lipgloss v0.12.1/go.mod h1:V2CiwIuhx9S1S1ZlADfOj9HmxeMAORuz5izHb0zGbB8= github.com/charmbracelet/x/ansi v0.1.4 h1:IEU3D6+dWwPSgZ6HBH+v6oUuZ/nVawMiWj5831KfiLM= github.com/charmbracelet/x/ansi v0.1.4/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= -github.com/charmbracelet/x/input v0.1.2 h1:QJAZr33eOhDowkkEQ24rsJy4Llxlm+fRDf/cQrmqJa0= -github.com/charmbracelet/x/input v0.1.2/go.mod h1:LGBim0maUY4Pitjn/4fHnuXb4KirU3DODsyuHuXdOyA= +github.com/charmbracelet/x/input v0.1.3 h1:oy4TMhyGQsYs/WWJwu1ELUMFnjiUAXwtDf048fHbCkg= +github.com/charmbracelet/x/input v0.1.3/go.mod h1:1gaCOyw1KI9e2j00j/BBZ4ErzRZqa05w0Ghn83yIhKU= github.com/charmbracelet/x/term v0.1.1 h1:3cosVAiPOig+EV4X9U+3LDgtwwAoEzJjNdwbXDjF6yI= github.com/charmbracelet/x/term v0.1.1/go.mod h1:wB1fHt5ECsu3mXYusyzcngVWWlu1KKUmmLhfgr/Flxw= github.com/charmbracelet/x/windows v0.1.2 h1:Iumiwq2G+BRmgoayww/qfcvof7W/3uLoelhxojXlRWg= @@ -261,8 +262,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= github.com/ctdk/goiardi v0.11.10/go.mod h1:Pr6Cj6Wsahw45myttaOEZeZ0LE7p1qzWmzgsBISkrNI= -github.com/cyberark/conjur-api-go v0.12.0 h1:84h/IcphuuyWW1R4VX/Syuyw4lfR89sKvxloexJYmn8= -github.com/cyberark/conjur-api-go v0.12.0/go.mod h1:WjXCREpdXyU69k5ZwYQMA3k+VkPwMznr22fKSMD5OUE= +github.com/cyberark/conjur-api-go v0.12.3 h1:LzSXJBKO36WJEcFceXYyb3y9lxHwx5WMhx/YH+RW88M= +github.com/cyberark/conjur-api-go v0.12.3/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0sYHXTMehaqIV/GxY= github.com/cyphar/filepath-securejoin v0.3.0 h1:tXpmbiaeBrS/K2US8nhgwdKYnfAOnVfkcLPKFgFHeA0= github.com/cyphar/filepath-securejoin v0.3.0/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= @@ -319,8 +320,8 @@ github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE= github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8= -github.com/go-chef/chef v0.29.0 h1:7U9P8op5jqaDXo6wANjopiirSENtemTVfoXFEgG8hso= -github.com/go-chef/chef v0.29.0/go.mod h1:7RU1oCrRErTrkmIszkhJ9vHw7Bv2hZ1Vv1C1qKj01fc= +github.com/go-chef/chef v0.30.1 h1:yvOSijEBWAQtRbBPj9hz1atEJUU6HckPc7AaEyZXnLg= +github.com/go-chef/chef v0.30.1/go.mod h1:7RU1oCrRErTrkmIszkhJ9vHw7Bv2hZ1Vv1C1qKj01fc= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= @@ -460,8 +461,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da h1:xRmpO92tb8y+Z85iUOMOicpCfaYcv7o3Cg3wKrIpg8g= -github.com/google/pprof v0.0.0-20240711041743-f6c9dda6c6da/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240721033354-7089f98c1d14 h1:m2fdPWWX/0mdyA1X3XbVTag5NEwmWv0mieoVuRq14A4= +github.com/google/pprof v0.0.0-20240721033354-7089f98c1d14/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= @@ -654,8 +655,8 @@ github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS6 github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.69.1 h1:X3vNSw9tXOxML96L3wBxrK7cwESgP/H1IgR8rTH5Ab4= -github.com/oracle/oci-go-sdk/v65 v65.69.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.69.2 h1:lROMJ8/VakGOGObAWUxTVY2AX1wQCUIzVqfL4Fb2Ay8= +github.com/oracle/oci-go-sdk/v65 v65.69.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= @@ -683,8 +684,8 @@ github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435 github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs= github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c= -github.com/pulumi/pulumi/sdk/v3 v3.124.0 h1:f9Rb2AhLSaacKTaBPbKXPCfviHxTuhEXafhT4E095Y0= -github.com/pulumi/pulumi/sdk/v3 v3.124.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY= +github.com/pulumi/pulumi/sdk/v3 v3.125.0 h1:hou7x/qf9G3878g4+DmBU+IEMJz66w+ZhwJONymjANE= +github.com/pulumi/pulumi/sdk/v3 v3.125.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= @@ -722,8 +723,8 @@ github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeV github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.2.2 h1:Iug2P4fLmDw9f41PB6thxUkNUkJzB5i+1/exaj40L3A= -github.com/skeema/knownhosts v1.2.2/go.mod h1:xYbVRSPxqBZFrdmDyMmsOs+uX1UZC3nTN3ThzgDxUwo= +github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY= +github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= @@ -779,14 +780,15 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= -github.com/xanzy/go-gitlab v0.106.0 h1:EDfD03K74cIlQo2EducfiupVrip+Oj02bq9ofw5F8sA= -github.com/xanzy/go-gitlab v0.106.0/go.mod h1:ETg8tcj4OhrB84UEgeE8dSuV/0h4BBL1uOV/qK0vlyI= +github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= +github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= -github.com/yandex-cloud/go-genproto v0.0.0-20240701142715-6a03f33f8ec8 h1:oNL9y0fq5OUenqBFkfEYuFoRvaEosF39dSgOZhsxFtQ= github.com/yandex-cloud/go-genproto v0.0.0-20240701142715-6a03f33f8ec8/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-genproto v0.0.0-20240715115219-0c1e192fbf5c h1:GzMfpQ/oAP93MOQb5/B+3daDzdcLRRqetZ8radtnJJ4= +github.com/yandex-cloud/go-genproto v0.0.0-20240715115219-0c1e192fbf5c/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= github.com/yandex-cloud/go-sdk v0.0.0-20240701143239-7326d2d09169 h1:5LGYQ/0h1uUo3HH8MsG6R40gvSVPj/7r4D1sKVMa370= github.com/yandex-cloud/go-sdk v0.0.0-20240701143239-7326d2d09169/go.mod h1:kRqpmRyPs8rzXuYEJe57AH546a3VcSjEIzdFa1V66hY= github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 h1:tBiBTKHnIjovYoLX/TPkcf+OjqqKGQrPtGT3Foz+Pgo= @@ -799,8 +801,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zalando/go-keyring v0.2.5 h1:Bc2HHpjALryKD62ppdEzaFG6VxL6Bc+5v0LYpN8Lba8= github.com/zalando/go-keyring v0.2.5/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= -github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8= -github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= +github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ= +github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= go.mongodb.org/mongo-driver v1.16.0 h1:tpRsfBJMROVHKpdGyc1BBEzzjDUWjItxbVSZ8Ls4BQ4= go.mongodb.org/mongo-driver v1.16.0/go.mod h1:oB6AhJQvFQL4LEHyXi6aJzQJtBiTQHiAd83l0GdFaiw= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -868,8 +870,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w= -golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= +golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1304,14 +1306,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= -k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= -k8s.io/apiextensions-apiserver v0.30.2 h1:l7Eue2t6QiLHErfn2vwK4KgF4NeDgjQkCXtEbOocKIE= -k8s.io/apiextensions-apiserver v0.30.2/go.mod h1:lsJFLYyK40iguuinsb3nt+Sj6CmodSI4ACDLep1rgjw= -k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= -k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= -k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= +k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ= +k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04= +k8s.io/apiextensions-apiserver v0.30.3 h1:oChu5li2vsZHx2IvnGP3ah8Nj3KyqG3kRSaKmijhB9U= +k8s.io/apiextensions-apiserver v0.30.3/go.mod h1:uhXxYDkMAvl6CJw4lrDN4CPbONkF3+XL9cacCT44kV4= +k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= +k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k= +k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 h1:wBIDZID8ju9pwOiLlV22YYKjFGtiNSWgHf5CnKLRUuM= k8s.io/gengo v0.0.0-20240404160639-a0386bf69313/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= From 4f62fb396397bc4973f54dce1744e8de39900a9c Mon Sep 17 00:00:00 2001 From: Engin Diri Date: Thu, 25 Jul 2024 09:00:17 +0200 Subject: [PATCH 188/517] feat: add PushSecret support for Pulumi ESC (#3597) Signed-off-by: Engin Diri --- .../v1beta1/secretstore_pulumi_types.go | 2 +- ...ternal-secrets.io_clustersecretstores.yaml | 2 +- .../external-secrets.io_secretstores.yaml | 2 +- deploy/crds/bundle.yaml | 4 +- docs/provider/pulumi.md | 60 +++- go.mod | 63 +--- go.sum | 155 +-------- pkg/provider/pulumi/provider.go | 17 +- pkg/provider/pulumi/pulumi.go | 119 +++++-- pkg/provider/pulumi/pulumi_test.go | 317 ++++++++++++++++-- 10 files changed, 480 insertions(+), 261 deletions(-) diff --git a/apis/externalsecrets/v1beta1/secretstore_pulumi_types.go b/apis/externalsecrets/v1beta1/secretstore_pulumi_types.go index 4e6d69092bd..a2cf6fdb3c5 100644 --- a/apis/externalsecrets/v1beta1/secretstore_pulumi_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_pulumi_types.go @@ -20,7 +20,7 @@ import ( type PulumiProvider struct { // APIURL is the URL of the Pulumi API. - // +kubebuilder:default="https://api.pulumi.com" + // +kubebuilder:default="https://api.pulumi.com/api/preview" APIURL string `json:"apiUrl,omitempty"` // AccessToken is the access tokens to sign in to the Pulumi Cloud Console. diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 5703c216f1e..cc6f887b71a 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -3638,7 +3638,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index 7bef1c62bbd..e03e4f2792f 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -3638,7 +3638,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index c9845a103e8..7014d317fde 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -4035,7 +4035,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -9666,7 +9666,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: diff --git a/docs/provider/pulumi.md b/docs/provider/pulumi.md index cf1162d6b02..22f0d976828 100644 --- a/docs/provider/pulumi.md +++ b/docs/provider/pulumi.md @@ -26,7 +26,7 @@ spec: key: ``` -If required, the API URL (`apiUrl`) can be customized as well. If not specified, the default value is `https://api.pulumi.com`. +If required, the API URL (`apiUrl`) can be customized as well. If not specified, the default value is `https://api.pulumi.com/api/preview`. ### Referencing Secrets @@ -71,3 +71,61 @@ spec: * root.array["*"].field See [Pulumi's documentation](https://www.pulumi.com/docs/concepts/options/ignorechanges/) for more information. + +### PushSecrets + +With the latest release of Pulumi ESC, secrets can be pushed to the Pulumi service. This can be done by creating a `PushSecrets` object. + +Here is a basic example of how to define a `PushSecret` object: + +```yaml +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: push-secret-example +spec: + refreshInterval: 10s + selector: + secret: + name: + secretStoreRefs: + - kind: ClusterSecretStore + name: secret-store + data: + - match: + secretKey: + remoteRef: + remoteKey: +``` + +This will then push the secret to the Pulumi service. If the secret already exists, it will be updated. + +### Limitations + +Currently, the Pulumi provider only supports nested objects up to a depth of 1. Any nested objects beyond this depth will be stored as a string with the JSON representation. + +This Pulumi ESC example: + +```yaml +values: + backstage: + my: test + test: hello + test22: + my: hello + test33: + world: true + x: true + num: 42 +``` + +Will result in the following Kubernetes secret: + +```yaml +my: test +num: "42" +test: hello +test22: '{"my":{"trace":{"def":{"begin":{"byte":72,"column":11,"line":6},"end":{"byte":77,"column":16,"line":6},"environment":"tgif-demo"}},"value":"hello"}}' +test33: '{"world":{"trace":{"def":{"begin":{"byte":103,"column":14,"line":8},"end":{"byte":107,"column":18,"line":8},"environment":"tgif-demo"}},"value":true}}' +x: "true" +``` diff --git a/go.mod b/go.mod index 62c82afce11..dcf002bf845 100644 --- a/go.mod +++ b/go.mod @@ -62,6 +62,7 @@ require ( require github.com/1Password/connect-sdk-go v1.5.3 require ( + dario.cat/mergo v1.0.0 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 @@ -86,9 +87,9 @@ require ( github.com/lestrrat-go/jwx/v2 v2.1.0 github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 github.com/passbolt/go-passbolt v0.7.0 - github.com/pulumi/esc v0.9.1 - github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 - github.com/sethvargo/go-password v0.3.1 + github.com/pulumi/esc-sdk/sdk v0.9.2 + github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 + github.com/sethvargo/go-password v0.3.0 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f @@ -100,14 +101,9 @@ require ( cloud.google.com/go/auth v0.7.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect - dario.cat/mergo v1.0.0 // indirect - github.com/BurntSushi/toml v1.4.0 // indirect - github.com/Microsoft/go-winio v0.6.2 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/ProtonMail/gopenpgp/v2 v2.7.5 // indirect - github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da // indirect - github.com/agext/levenshtein v1.2.3 // indirect github.com/alessio/shellescape v1.4.2 // indirect github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 // indirect github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect @@ -120,74 +116,28 @@ require ( github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect github.com/alibabacloud-go/tea-utils v1.4.5 // indirect github.com/alibabacloud-go/tea-xml v1.1.3 // indirect - github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect - github.com/atotto/clipboard v0.1.4 // indirect - github.com/aymanbagabas/go-osc52/v2 v2.0.1 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect - github.com/blang/semver v3.5.1+incompatible // indirect - github.com/charmbracelet/bubbles v0.18.0 // indirect - github.com/charmbracelet/bubbletea v0.26.6 // indirect - github.com/charmbracelet/lipgloss v0.12.1 // indirect - github.com/charmbracelet/x/ansi v0.1.4 // indirect - github.com/charmbracelet/x/input v0.1.3 // indirect - github.com/charmbracelet/x/term v0.1.1 // indirect - github.com/charmbracelet/x/windows v0.1.2 // indirect - github.com/cheggaaa/pb v1.0.29 // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect github.com/cloudflare/circl v1.3.9 // indirect - github.com/cyphar/filepath-securejoin v0.3.0 // indirect github.com/danieljoos/wincred v1.2.2 // indirect - github.com/djherbis/times v1.6.0 // indirect - github.com/emirpasic/gods v1.18.1 // indirect - github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/gabriel-vasile/mimetype v1.4.4 // indirect - github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 // indirect - github.com/go-git/go-billy/v5 v5.5.0 // indirect - github.com/go-git/go-git/v5 v5.12.0 // indirect github.com/go-jose/go-jose/v4 v4.0.3 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-playground/validator/v10 v10.22.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.12.0 // indirect - github.com/golang/glog v1.2.2 // indirect github.com/google/gnostic-models v0.6.8 // indirect github.com/google/s2a-go v0.1.7 // indirect github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect - github.com/hashicorp/hcl/v2 v2.21.0 // indirect - github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect - github.com/kevinburke/ssh_config v1.2.0 // indirect github.com/lestrrat-go/httprc v1.0.6 // indirect - github.com/lucasb-eyer/go-colorful v1.2.0 // indirect - github.com/mattn/go-localereader v0.0.1 // indirect - github.com/mattn/go-runewidth v0.0.15 // indirect - github.com/mitchellh/go-ps v1.0.0 // indirect - github.com/mitchellh/go-wordwrap v1.0.1 // indirect - github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 // indirect - github.com/muesli/cancelreader v0.2.2 // indirect - github.com/muesli/termenv v0.15.2 // indirect - github.com/opentracing/basictracer-go v1.1.0 // indirect - github.com/pgavlin/fx v0.1.6 // indirect - github.com/pjbgf/sha1cd v0.3.0 // indirect - github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 // indirect - github.com/pulumi/pulumi/sdk/v3 v3.125.0 // indirect - github.com/rivo/uniseg v0.4.7 // indirect - github.com/rogpeppe/go-internal v1.12.0 // indirect - github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 // indirect - github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 // indirect + github.com/nxadm/tail v1.4.11 // indirect github.com/segmentio/asm v1.2.0 // indirect - github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 // indirect github.com/sirupsen/logrus v1.9.3 // indirect - github.com/skeema/knownhosts v1.3.0 // indirect - github.com/texttheater/golang-levenshtein v1.0.1 // indirect github.com/tjfoc/gmsm v1.4.1 // indirect - github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7 // indirect - github.com/xanzy/ssh-agent v0.3.3 // indirect - github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect github.com/zalando/go-keyring v0.2.5 // indirect - github.com/zclconf/go-cty v1.15.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect go.opentelemetry.io/otel v1.28.0 // indirect @@ -196,8 +146,7 @@ require ( golang.org/x/sync v0.7.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d // indirect - gopkg.in/warnings.v0 v0.1.2 // indirect - lukechampine.com/frand v1.4.2 // indirect + gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/go.sum b/go.sum index 34e64a3c48d..d00babb9644 100644 --- a/go.sum +++ b/go.sum @@ -96,8 +96,6 @@ github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= -github.com/BurntSushi/toml v1.4.0 h1:kuoIxZQy2WRRk1pttg9asf+WVv6tWQuBNVmK8+nqPr0= -github.com/BurntSushi/toml v1.4.0/go.mod h1:ukJfTF/6rtPPRCnwkur4qwRxa8vTRFBF0uk2lLoLwho= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2/go.mod h1:tNlpIXJlIwQlRbobXDPme4qv/Rc8+a1GbuUhE3m4JhQ= @@ -114,9 +112,6 @@ github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy86 github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY= -github.com/Microsoft/go-winio v0.6.2 h1:F2VQgta7ecxGYO8k3ZZz3RS8fVIXVxONVUPlNERoyfY= -github.com/Microsoft/go-winio v0.6.2/go.mod h1:yd8OoFMLzJbo9gZq8j5qaps8bJ9aShtEA8Ipt1oGCvU= github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d h1:V7xPdg5XgCcUJgL57zfZSNOIvrDPWA4SpWuRJ0UVwKs= github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d/go.mod h1:WI6HYqD62DSW+C0gMS0zHe/vXhZVCUg2ecVosnglPNc= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -133,10 +128,6 @@ github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ek github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw= github.com/ProtonMail/gopenpgp/v2 v2.7.5 h1:STOY3vgES59gNgoOt2w0nyHBjKViB/qSg7NjbQWPJkA= github.com/ProtonMail/gopenpgp/v2 v2.7.5/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g= -github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da h1:KjTM2ks9d14ZYCvmHS9iAKVt9AyzRSqNU1qabPih5BY= -github.com/aead/chacha20 v0.0.0-20180709150244-8b13a72661da/go.mod h1:eHEWzANqSiWQsof+nXEI9bUVUyV6F53Fp89EuCh2EAA= -github.com/agext/levenshtein v1.2.3 h1:YB2fHEn0UJagG8T1rrWknE3ZQzWM06O8AMAatNn7lmo= -github.com/agext/levenshtein v1.2.3/go.mod h1:JEDfjyjHDjOF/1e4FlBE/PkbqA9OfWu2ki2W0IB5558= github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 h1:+XfOU14S4bGuwyvCijJwhhBIjYN+YXS18jrCY2EzJaY= github.com/ahmetb/gen-crd-api-reference-docs v0.3.0/go.mod h1:TdjdkYhlOifCQWPs1UdTma97kQQMozf5h26hTuG70u8= github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 h1:ly0WKARATneFzwBlTZ2lUyjtLqoOEYqt1vOlf89za/4= @@ -193,31 +184,19 @@ github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6q github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= github.com/aliyun/credentials-go v1.3.5 h1:KhB5hRibvCugCIcpQxLZjjkb9EuAcu+MZi3GBc+/mv0= github.com/aliyun/credentials-go v1.3.5/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be h1:9AeTilPcZAjCFIImctFaOjnTIavg87rW78vTPkQqLI8= -github.com/anmitsu/go-shlex v0.0.0-20200514113438-38f4b401e2be/go.mod h1:ySMOLuWl6zY27l47sB3qLNK6tF2fkHG55UZxx8oIVo4= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= -github.com/apparentlymart/go-textseg/v15 v15.0.0 h1:uYvfpb3DyLSCGWnctWKGj857c6ew1u1fNQOlOtuGxQY= -github.com/apparentlymart/go-textseg/v15 v15.0.0/go.mod h1:K8XmNZdhEBkdlyDdvbmmsvpAG721bKi0joRfFdHIWJ4= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= -github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/atotto/clipboard v0.1.4 h1:EH0zSVneZPSuFR11BlR9YppQTVDbh5+16AmcJi4g1z4= -github.com/atotto/clipboard v0.1.4/go.mod h1:ZY9tmq7sm5xIbd9bOK4onWV4S6X0u6GY7Vn0Yu86PYI= github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinRJA= github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= github.com/aws/aws-sdk-go v1.54.20 h1:FZ2UcXya7bUkvkpf7TaPmiL7EubK0go1nlXGLRwEsoo= github.com/aws/aws-sdk-go v1.54.20/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= -github.com/aymanbagabas/go-osc52/v2 v2.0.1 h1:HwpRHbFMcZLEVr42D4p7XBqjyuxQH5SMiErDT4WkJ2k= -github.com/aymanbagabas/go-osc52/v2 v2.0.1/go.mod h1:uYgXzlJ7ZpABp8OJ+exZzJJhRNQ2ASbcXHWsFqH8hp8= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= -github.com/blang/semver v3.5.1+incompatible h1:cQNTCjp13qL8KC3Nbxr/y2Bqb63oX6wdnnjpJbkM4JQ= -github.com/blang/semver v3.5.1+incompatible/go.mod h1:kRBLl5iJ+tD4TcOOxsy/0fnwebNt5EWlYSAyrTnjyyk= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M= github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= @@ -227,22 +206,6 @@ github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghf github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= -github.com/charmbracelet/bubbles v0.18.0 h1:PYv1A036luoBGroX6VWjQIE9Syf2Wby2oOl/39KLfy0= -github.com/charmbracelet/bubbles v0.18.0/go.mod h1:08qhZhtIwzgrtBjAcJnij1t1H0ZRjwHyGsy6AL11PSw= -github.com/charmbracelet/bubbletea v0.26.6 h1:zTCWSuST+3yZYZnVSvbXwKOPRSNZceVeqpzOLN2zq1s= -github.com/charmbracelet/bubbletea v0.26.6/go.mod h1:dz8CWPlfCCGLFbBlTY4N7bjLiyOGDJEnd2Muu7pOWhk= -github.com/charmbracelet/lipgloss v0.12.1 h1:/gmzszl+pedQpjCOH+wFkZr/N90Snz40J/NR7A0zQcs= -github.com/charmbracelet/lipgloss v0.12.1/go.mod h1:V2CiwIuhx9S1S1ZlADfOj9HmxeMAORuz5izHb0zGbB8= -github.com/charmbracelet/x/ansi v0.1.4 h1:IEU3D6+dWwPSgZ6HBH+v6oUuZ/nVawMiWj5831KfiLM= -github.com/charmbracelet/x/ansi v0.1.4/go.mod h1:dk73KoMTT5AX5BsX0KrqhsTqAnhZZoCBjs7dGWp4Ktw= -github.com/charmbracelet/x/input v0.1.3 h1:oy4TMhyGQsYs/WWJwu1ELUMFnjiUAXwtDf048fHbCkg= -github.com/charmbracelet/x/input v0.1.3/go.mod h1:1gaCOyw1KI9e2j00j/BBZ4ErzRZqa05w0Ghn83yIhKU= -github.com/charmbracelet/x/term v0.1.1 h1:3cosVAiPOig+EV4X9U+3LDgtwwAoEzJjNdwbXDjF6yI= -github.com/charmbracelet/x/term v0.1.1/go.mod h1:wB1fHt5ECsu3mXYusyzcngVWWlu1KKUmmLhfgr/Flxw= -github.com/charmbracelet/x/windows v0.1.2 h1:Iumiwq2G+BRmgoayww/qfcvof7W/3uLoelhxojXlRWg= -github.com/charmbracelet/x/windows v0.1.2/go.mod h1:GLEO/l+lizvFDBPLIOk+49gdX49L9YWMB5t+DZd0jkQ= -github.com/cheggaaa/pb v1.0.29 h1:FckUN5ngEk2LpvuG0fw1GEFx6LtyY2pWI/Z2QgCnEYo= -github.com/cheggaaa/pb v1.0.29/go.mod h1:W40334L7FMC5JKWldsTWbdGjLo0RxUKK73K+TuPxX30= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI= github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU= @@ -264,8 +227,6 @@ github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= github.com/ctdk/goiardi v0.11.10/go.mod h1:Pr6Cj6Wsahw45myttaOEZeZ0LE7p1qzWmzgsBISkrNI= github.com/cyberark/conjur-api-go v0.12.3 h1:LzSXJBKO36WJEcFceXYyb3y9lxHwx5WMhx/YH+RW88M= github.com/cyberark/conjur-api-go v0.12.3/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0sYHXTMehaqIV/GxY= -github.com/cyphar/filepath-securejoin v0.3.0 h1:tXpmbiaeBrS/K2US8nhgwdKYnfAOnVfkcLPKFgFHeA0= -github.com/cyphar/filepath-securejoin v0.3.0/go.mod h1:F7i41x/9cBF7lzCrVsYs9fuzwRZm4NQsGTBdpp6mETc= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -275,16 +236,10 @@ github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnN github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= -github.com/djherbis/times v1.6.0 h1:w2ctJ92J8fBvWPxugmXIv7Nz7Q3iDMKNx9v5ocVH20c= -github.com/djherbis/times v1.6.0/go.mod h1:gOHeRAz2h+VJNZ5Gmc/o7iD9k4wW7NMVqieYCY99oc0= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= -github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a h1:mATvB/9r/3gvcejNsXKSkQ6lcIaNec2nyfOdlTBR2lU= -github.com/elazarl/goproxy v0.0.0-20230808193330-2592e75ae04a/go.mod h1:Ro8st/ElPeALwNFlcTpWmkr6IoMFfkjXAvTHpevnDsM= github.com/emicklei/go-restful/v3 v3.12.1 h1:PJMDIM/ak7btuL8Ex0iYET9hxM3CI2sjZtzpL63nKAU= github.com/emicklei/go-restful/v3 v3.12.1/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= -github.com/emirpasic/gods v1.18.1 h1:FXtiHYKDGKCW2KzwZKx0iC0PQmdlorYgdFG9jPXJ1Bc= -github.com/emirpasic/gods v1.18.1/go.mod h1:8tpGGwCnJ5H4r6BWwaV6OrWmMoPhUl5jm/FMNAnJvWQ= github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= @@ -294,15 +249,12 @@ github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.m github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f h1:Y/CXytFA4m6baUTXGLOoWe4PQhGxaX0KpnayAqC48p4= -github.com/erikgeiser/coninput v0.0.0-20211004153227-1c3628e74d0f/go.mod h1:vw97MGsxSvLiUE2X8qFplwetxpGLQrlU1Q9AUEIzCaM= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0/FOJfg= github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/external-secrets/sprig/v3 v3.3.0 h1:uO5rmIKSjjONthpCIU8xKbBpAJd0zL/6XFEdC+JsSqU= github.com/external-secrets/sprig/v3 v3.3.0/go.mod h1:tvPBN33djer3sQffmfEfcQdL5VYKYmetb4Zbe6wtAq8= -github.com/fatih/color v1.9.0/go.mod h1:eQcE1qtQxscV5RaZvpXrrb8Drkc3/DdQ+uUYCNjL+zU= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= @@ -312,24 +264,15 @@ github.com/fortanix/sdkms-client-go v0.4.0 h1:5cKiFJ4rzc69mhsVVI5Ma5ynr/k5vhvws0 github.com/fortanix/sdkms-client-go v0.4.0/go.mod h1:gjylIGX+6poVSe+JkbNsLTvseLd+rLjvcGFgXpW56Lo= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= +github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy+R0LnH8I= github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= -github.com/gliderlabs/ssh v0.3.7 h1:iV3Bqi942d9huXnzEF2Mt+CY9gLu8DNM4Obd+8bODRE= -github.com/gliderlabs/ssh v0.3.7/go.mod h1:zpHEXBstFnQYtGnB8k8kQLol82umzn/2/snG7alWVD8= github.com/go-chef/chef v0.30.1 h1:yvOSijEBWAQtRbBPj9hz1atEJUU6HckPc7AaEyZXnLg= github.com/go-chef/chef v0.30.1/go.mod h1:7RU1oCrRErTrkmIszkhJ9vHw7Bv2hZ1Vv1C1qKj01fc= -github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376 h1:+zs/tPmkDkHx3U66DAb0lQFJrpS6731Oaa12ikc+DiI= -github.com/go-git/gcfg v1.5.1-0.20230307220236-3a3c6141e376/go.mod h1:an3vInlBmSxCcxctByoQdvwPiA7DTK7jaaFDBTtu0ic= -github.com/go-git/go-billy/v5 v5.5.0 h1:yEY4yhzCDuMGSv83oGxiBotRzhwhNr8VZyphhiu+mTU= -github.com/go-git/go-billy/v5 v5.5.0/go.mod h1:hmexnoNsr2SJU1Ju67OaNz5ASJY3+sHgFRpCtpDCKow= -github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399 h1:eMje31YglSBqCdIqdhKBW8lokaMrL3uTkpGYlE2OOT4= -github.com/go-git/go-git-fixtures/v4 v4.3.2-0.20231010084843-55a94097c399/go.mod h1:1OCfN199q1Jm3HZlxleg+Dw/mwps2Wbk9frAWm+4FII= -github.com/go-git/go-git/v5 v5.12.0 h1:7Md+ndsjrzZxbddRDZjF14qK+NN56sy6wkqaVrjZtys= -github.com/go-git/go-git/v5 v5.12.0/go.mod h1:FTM9VKtnI2m65hNI/TenDDDnUf2Q9FHnXYjuz9i5OEY= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -376,7 +319,6 @@ github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5x github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= github.com/gofrs/flock v0.12.0 h1:xHW8t8GPAiGtqz7KxiSqfOEXwpOaqhpYZrTE2MQBgXY= github.com/gofrs/flock v0.12.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= -github.com/gogo/protobuf v1.3.1/go.mod h1:SlYgWuQ5SjCEi6WLHjHCa1yvBfUnHcTbrrZtXPKa29o= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= @@ -388,8 +330,6 @@ github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVI github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= -github.com/golang/glog v1.2.2 h1:1+mZ9upx1Dh6FmUTFR1naJ77miKiXgALjWOZ3NVFPmY= -github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= @@ -512,8 +452,6 @@ github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iP github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= -github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14= -github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU= github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk= github.com/hashicorp/vault/api/auth/approle v0.7.0 h1:R5IRVuFA5JSdG3UdGVcGysi0StrL1lPmyJnrawiV0Ss= @@ -535,8 +473,6 @@ github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A= -github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg= github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo= @@ -552,9 +488,6 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/keeper-security/secrets-manager-go/core v1.6.3 h1:XEHZ8fQ2DFBISK80jWdHmzT56PFqEkXSkakqZxTD8zI= github.com/keeper-security/secrets-manager-go/core v1.6.3/go.mod h1:dtlaeeds9+SZsbDAZnQRsDSqEAK9a62SYtqhNql+VgQ= -github.com/kevinburke/ssh_config v1.2.0 h1:x584FjTGwHzMwvHx18PXxbBVzfnxogHaAReU4gf13a4= -github.com/kevinburke/ssh_config v1.2.0/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM= -github.com/kisielk/errcheck v1.2.0/go.mod h1:/BMXB+zMLi60iA8Vv6Ksmxu/1UDYcXs4uQLJ+jE2L00= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -582,27 +515,17 @@ github.com/lestrrat-go/jwx/v2 v2.1.0 h1:0zs7Ya6+39qoit7gwAf+cYm1zzgS3fceIdo7RmQ5 github.com/lestrrat-go/jwx/v2 v2.1.0/go.mod h1:Xpw9QIaUGiIUD1Wx0NcY1sIHwFf8lDuZn/cmxtXYRys= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= -github.com/lucasb-eyer/go-colorful v1.2.0 h1:1nnpGOrhyZZuNyfu1QjKiUICQ74+3FNCN69Aj6K7nkY= -github.com/lucasb-eyer/go-colorful v1.2.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-colorable v0.1.4/go.mod h1:U0ppj6V5qS13XJ6of8GYAs25YV2eR4EVcfRqFIhoBtE= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= -github.com/mattn/go-isatty v0.0.8/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s= -github.com/mattn/go-isatty v0.0.11/go.mod h1:PhnuNfih5lzO57/f3n+odYbM4JtupLOxQOAqxQCu2WE= github.com/mattn/go-isatty v0.0.12/go.mod h1:cbi8OIDigv2wuxKPP5vlRcQ1OAZbq2CE4Kysco4FUpU= github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/mattn/go-localereader v0.0.1 h1:ygSAOl7ZXTx4RdPYinUpg6W99U8jWvWi9Ye2JC/oIi4= -github.com/mattn/go-localereader v0.0.1/go.mod h1:8fBrzywKY7BI3czFoHkuzRoWE9C+EiG4R1k4Cjx5p88= -github.com/mattn/go-runewidth v0.0.4/go.mod h1:LwmH8dsx7+W8Uxz3IHJYH5QSwggIsqBzpuz5H//U1FU= -github.com/mattn/go-runewidth v0.0.15 h1:UNAjwbU9l54TA3KzvqLGxwWjHmMgBUVhBiTjelZgg3U= -github.com/mattn/go-runewidth v0.0.15/go.mod h1:Jdepj2loyihRzMpdS35Xk/zdY8IAYHsh153qUoGf23w= github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 h1:NicmruxkeqHjDv03SfSxqmaLuisddudfP3h5wdXFbhM= github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1/go.mod h1:eyp4DdUJAKkr9tvxR3jWhw2mDK7CWABMG5r9uyaKC7I= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= @@ -610,13 +533,8 @@ github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa1 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-ps v1.0.0 h1:i6ampVEEF4wQFF+bkYfwYgY+F/uYJDktmvLPf7qIgjc= -github.com/mitchellh/go-ps v1.0.0/go.mod h1:J4lOc8z8yJs6vUwklHw2XEIiT4z4C40KtWVN3nvg8Pg= +github.com/mitchellh/go-testing-interface v1.0.0 h1:fzU/JVNcaqHQEcVFAKeR41fkiLdIPrefOvVG1VZ96U0= github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= -github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= -github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= -github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQflz0v0= -github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= @@ -631,12 +549,6 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8= github.com/montanaflynn/stats v0.7.0/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= -github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6 h1:ZK8zHtRHOkbHy6Mmr5D264iyp3TiX5OmNcI5cIARiQI= -github.com/muesli/ansi v0.0.0-20230316100256-276c6243b2f6/go.mod h1:CJlz5H+gyd6CUWT45Oy4q24RdLyn7Md9Vj2/ldJBSIo= -github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELUXHmA= -github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo= -github.com/muesli/termenv v0.15.2 h1:GohcuySI0QmI3wN8Ok9PtKGkgkFIk7y6Vpb5PvrY+Wo= -github.com/muesli/termenv v0.15.2/go.mod h1:Epx+iuz8sNs7mNKhxzH4fWXGNpZwUaJKRS1noLXviQ8= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= @@ -650,19 +562,12 @@ github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= -github.com/opentracing/basictracer-go v1.1.0 h1:Oa1fTSBvAl8pa3U+IJYqrKm0NALwH9OsgwOqDv4xJW0= -github.com/opentracing/basictracer-go v1.1.0/go.mod h1:V2HZueSJEp879yv285Aap1BS69fQMD+MNP1mRs6mBQc= -github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= github.com/oracle/oci-go-sdk/v65 v65.69.2 h1:lROMJ8/VakGOGObAWUxTVY2AX1wQCUIzVqfL4Fb2Ay8= github.com/oracle/oci-go-sdk/v65 v65.69.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= -github.com/pgavlin/fx v0.1.6 h1:r9jEg69DhNoCd3Xh0+5mIbdbS3PqWrVWujkY76MFRTU= -github.com/pgavlin/fx v0.1.6/go.mod h1:KWZJ6fqBBSh8GxHYqwYCf3rYE7Gp2p0N8tJp8xv9u9M= -github.com/pjbgf/sha1cd v0.3.0 h1:4D5XXmUUBUl/xQ6IjCkEAbqXskkq/4O7LmGn0AqMDs4= -github.com/pjbgf/sha1cd v0.3.0/go.mod h1:nZ1rrWOcGJ5uZgEEVL1VUM9iRQiZvWdbZjkKyFzPPsI= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -680,17 +585,10 @@ github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231 h1:vkHw5I/plNdTr435cARxCW6q9gc0S/Yxz7Mkd38pOb0= -github.com/pulumi/appdash v0.0.0-20231130102222-75f619a67231/go.mod h1:murToZ2N9hNJzewjHBgfFdXhZKjY3z5cYC1VXk+lbFE= -github.com/pulumi/esc v0.9.1 h1:HH5eEv8sgyxSpY5a8yePyqFXzA8cvBvapfH8457+mIs= -github.com/pulumi/esc v0.9.1/go.mod h1:oEJ6bOsjYlQUpjf70GiX+CXn3VBmpwFDxUTlmtUN84c= -github.com/pulumi/pulumi/sdk/v3 v3.125.0 h1:hou7x/qf9G3878g4+DmBU+IEMJz66w+ZhwJONymjANE= -github.com/pulumi/pulumi/sdk/v3 v3.125.0/go.mod h1:p1U24en3zt51agx+WlNboSOV8eLlPWYAkxMzVEXKbnY= +github.com/pulumi/esc-sdk/sdk v0.9.2 h1:I+kKa7F/gY9lUiHEYuczHyrYB299CavG7rAB1yXybSw= +github.com/pulumi/esc-sdk/sdk v0.9.2/go.mod h1:J6+8bCUJyLXvYOmTAc90/EhU1iUPr1Koo3NUnFzY78k= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= -github.com/rivo/uniseg v0.2.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= -github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ= -github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= @@ -701,30 +599,21 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= -github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06 h1:OkMGxebDjyw0ULyrTYWeN0UNCCkmCWfjPnIA2W6oviI= -github.com/sabhiram/go-gitignore v0.0.0-20210923224102-525f6e181f06/go.mod h1:+ePHsJ1keEjQtpvf9HHw0f4ZeJ0TLRsxhunSI2hYJSs= -github.com/santhosh-tekuri/jsonschema/v5 v5.3.1 h1:lZUw3E0/J3roVtGQ+SCrUrg3ON6NgVqpn3+iol9aGu4= -github.com/santhosh-tekuri/jsonschema/v5 v5.3.1/go.mod h1:uToXkOrWAZ6/Oc07xWQrPOhJotwFIyu2bBVN41fcDUY= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 h1:BkTk4gynLjguayxrYxZoMZjBnAOh7ntQvUkOFmkMqPU= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 h1:2vT+ryIQGfF21HN/W5yn/CBPpsTJULuuepWfUq/geV4= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8= github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM= github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= -github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3 h1:n661drycOFuPLCN3Uc8sB6B/s6Z4t2xvBgU1htSHuq8= -github.com/sergi/go-diff v1.3.2-0.20230802210424-5b0b94c5c0d3/go.mod h1:A0bzQcvG0E7Rwjx0REVgAGH58e96+X0MeOfepqsbeW4= -github.com/sethvargo/go-password v0.3.1 h1:WqrLTjo7X6AcVYfC6R7GtSyuUQR9hGyAj/f1PYQZCJU= -github.com/sethvargo/go-password v0.3.1/go.mod h1:rXofC1zT54N7R8K/h1WDUdkf9BOx5OptoxrMBcrXzvs= +github.com/sethvargo/go-password v0.3.0 h1:OLFHZ91Z7NiNP3dnaPxLxCDXlb6TBuxFzMvv6bu+Ptw= +github.com/sethvargo/go-password v0.3.0/go.mod h1:p6we8DZ0eyYXof9pon7Cqrw98N4KTaYiadDml1dUEEw= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME= github.com/shurcooL/sanitized_anchor_name v1.0.0/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc= -github.com/sirupsen/logrus v1.7.0/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= -github.com/skeema/knownhosts v1.3.0 h1:AM+y0rI04VksttfwjkSTNQorvGqmwATnvnAHpSgc0LY= -github.com/skeema/knownhosts v1.3.0/go.mod h1:sPINvnADmT/qYH1kfv+ePMmOBTH6Tbl7b5LvTDjFK7M= github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc= github.com/smartystreets/assertions v1.1.0/go.mod h1:tcbTF8ujkAEcZ8TElKY+i30BzYlVhC/LOxJk7iOWnoo= github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA= @@ -759,8 +648,6 @@ github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= -github.com/texttheater/golang-levenshtein v1.0.1 h1:+cRNoVrfiwufQPhoMzB6N0Yf/Mqajr6t1lOv8GyGE2U= -github.com/texttheater/golang-levenshtein v1.0.1/go.mod h1:PYAKrbF5sAiq9wd+H82hs7gNaen0CplQ9uvm6+enD/8= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U= github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= @@ -774,18 +661,12 @@ github.com/tidwall/sjson v1.2.5/go.mod h1:Fvgq9kS/6ociJEDnK0Fk1cpYF4FIW6ZF7LAe+6 github.com/tjfoc/gmsm v1.3.2/go.mod h1:HaUcFuY0auTiaHB9MHFGCPx5IaLhTUd2atbCFBQXn9w= github.com/tjfoc/gmsm v1.4.1 h1:aMe1GlZb+0bLjn+cKTPEvvn9oUEBlJitaZiiBwsbgho= github.com/tjfoc/gmsm v1.4.1/go.mod h1:j4INPkHWMrhJb38G+J6W4Tw0AbuN8Thu3PbdVYhVcTE= -github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7 h1:X9dsIWPuuEJlPX//UmRKophhOKCGXc46RVIGuttks68= -github.com/tweekmonster/luser v0.0.0-20161003172636-3fa38070dbd7/go.mod h1:UxoP3EypF8JfGEjAII8jx1q8rQyDnX8qdTCs/UQBVIE= github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaOOb6ThwMmTEbhRwtKR97o= github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/xanzy/ssh-agent v0.3.3 h1:+/15pJfg/RsTxqYcX6fHqOXZwwMP+2VyYWJeWM2qQFM= -github.com/xanzy/ssh-agent v0.3.3/go.mod h1:6dzNDKs0J9rVPHPhaGCukekBHKqfl+L3KghI1Bc68Uw= -github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no= -github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM= github.com/yandex-cloud/go-genproto v0.0.0-20240701142715-6a03f33f8ec8/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= github.com/yandex-cloud/go-genproto v0.0.0-20240715115219-0c1e192fbf5c h1:GzMfpQ/oAP93MOQb5/B+3daDzdcLRRqetZ8radtnJJ4= github.com/yandex-cloud/go-genproto v0.0.0-20240715115219-0c1e192fbf5c/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= @@ -801,8 +682,6 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zalando/go-keyring v0.2.5 h1:Bc2HHpjALryKD62ppdEzaFG6VxL6Bc+5v0LYpN8Lba8= github.com/zalando/go-keyring v0.2.5/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= -github.com/zclconf/go-cty v1.15.0 h1:tTCRWxsexYUmtt/wVxgDClUe+uQusuI443uL6e+5sXQ= -github.com/zclconf/go-cty v1.15.0/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= go.mongodb.org/mongo-driver v1.16.0 h1:tpRsfBJMROVHKpdGyc1BBEzzjDUWjItxbVSZ8Ls4BQ4= go.mongodb.org/mongo-driver v1.16.0/go.mod h1:oB6AhJQvFQL4LEHyXi6aJzQJtBiTQHiAd83l0GdFaiw= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -844,7 +723,6 @@ golang.org/x/crypto v0.0.0-20200510223506-06a226fb4e37/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= @@ -918,7 +796,6 @@ golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= -golang.org/x/net v0.0.0-20200421231249-e086a090c8fd/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200501053045-e0ff5e5a1de5/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200506145744-7e3656a0809f/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= golang.org/x/net v0.0.0-20200513185701-a91f0712d120/go.mod h1:qpuaurCH72eLCgpAm/N6yyVIVM9cpaDIP3A8BGJEC5A= @@ -984,17 +861,14 @@ golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= -golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190502145724-3ef323f4f1fd/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190507160741-ecd444e8653b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190606165138-5da285871e9c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190624142023-c5567b49c5d0/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20190626221950-04f50cda93cb/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190726091711-fc99dfbffb4e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1018,7 +892,6 @@ golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20201201145000-ef89a241ccb3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210104204734-6f8348627aad/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210119212857-b64e53b001e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -1030,14 +903,13 @@ golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220503163025-988cb79eb6c6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220520151302-bc2c85ada10a/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220615213510-4f61da869c0c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1092,7 +964,6 @@ golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxb golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.0.0-20181030221726-6c7e314b6563/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= golang.org/x/tools v0.0.0-20190311212946-11955173bddd/go.mod h1:LCzVGOaR6xXOjkQ3onu1FJEFr0SW1gC7cKk1uF8kGRs= @@ -1279,6 +1150,8 @@ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/ghodss/yaml.v1 v1.0.0 h1:JlY4R6oVz+ZSvcDhVfNQ/k/8Xo6yb2s1PBhslPZPX4c= +gopkg.in/ghodss/yaml.v1 v1.0.0/go.mod h1:HDvRMPQLqycKPs9nWLuzZWxsxRzISLCRORiDpBUOMqg= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.56.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -1286,8 +1159,6 @@ gopkg.in/ini.v1 v1.67.0 h1:Dgnx+6+nfE+IfzjUEISNeydPJh9AXNNsWbGP9KzCsOA= gopkg.in/ini.v1 v1.67.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ= gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= -gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME= -gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= @@ -1327,10 +1198,6 @@ k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f h1:2sXuKesAYbRHxL3aE2PN6z k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -lukechampine.com/frand v1.4.2 h1:RzFIpOvkMXuPMBb9maa4ND4wjBn71E1Jpf8BzJHMaVw= -lukechampine.com/frand v1.4.2/go.mod h1:4S/TM2ZgrKejMcKMbeLjISpJMO+/eZ1zu3vYX9dtj3s= -pgregory.net/rapid v0.5.5 h1:jkgx1TjbQPD/feRoK+S/mXw9e1uj6WilpHrXJowi6oA= -pgregory.net/rapid v0.5.5/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/pkg/provider/pulumi/provider.go b/pkg/provider/pulumi/provider.go index 32b098a09ef..6d6aed9440d 100644 --- a/pkg/provider/pulumi/provider.go +++ b/pkg/provider/pulumi/provider.go @@ -19,7 +19,7 @@ import ( "errors" "fmt" - esc "github.com/pulumi/esc/cmd/esc/cli/client" + esc "github.com/pulumi/esc-sdk/sdk/go" kclient "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -57,9 +57,18 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, if err != nil { return nil, err } - escClient := esc.New("external-secrets-operator", cfg.APIURL, accessToken, false) + configuration := esc.NewConfiguration() + configuration.UserAgent = "external-secrets-operator" + configuration.Servers = esc.ServerConfigurations{ + esc.ServerConfiguration{ + URL: cfg.APIURL, + }, + } + authCtx := esc.NewAuthContext(accessToken) + escClient := esc.NewClient(configuration) return &client{ - escClient: escClient, + escClient: *escClient, + authCtx: authCtx, environment: cfg.Environment, organization: cfg.Organization, }, nil @@ -91,7 +100,7 @@ func getConfig(store esv1beta1.GenericStore) (*esv1beta1.PulumiProvider, error) cfg := spec.Provider.Pulumi if cfg.APIURL == "" { - cfg.APIURL = "https://api.pulumi.com" + cfg.APIURL = "https://api.pulumi.com/api/preview" } if cfg.Organization == "" { diff --git a/pkg/provider/pulumi/pulumi.go b/pkg/provider/pulumi/pulumi.go index 78c0f4e6e71..75ef8e53ab5 100644 --- a/pkg/provider/pulumi/pulumi.go +++ b/pkg/provider/pulumi/pulumi.go @@ -16,12 +16,12 @@ package pulumi import ( "context" - "encoding/json" "errors" "fmt" - "time" + "strings" - esc "github.com/pulumi/esc/cmd/esc/cli/client" + "dario.cat/mergo" + esc "github.com/pulumi/esc-sdk/sdk/go" corev1 "k8s.io/api/core/v1" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" @@ -29,7 +29,8 @@ import ( ) type client struct { - escClient esc.Client + escClient esc.EscClient + authCtx context.Context environment string organization string } @@ -37,28 +38,79 @@ type client struct { const ( errPushSecretsNotSupported = "pushing secrets is currently not supported by Pulumi" errDeleteSecretsNotSupported = "deleting secrets is currently not supported by Pulumi" - errGettingSecrets = "error getting secret %s: %w" - errUnmarshalSecret = "unable to unmarshal secret: %w" errUnableToGetValues = "unable to get value for key %s: %w" errGettingAllSecretsNotSupported = "getting all secrets is currently not supported by Pulumi" + errReadEnvironment = "error reading environment : %w" + errPushSecrets = "error pushing secret: %w" + errInterfaceType = "interface{} is not of type map[string]interface{}" + errPushWholeSecret = "pushing the whole secret is not yet implemented" ) var _ esv1beta1.SecretsClient = &client{} -func (c *client) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { - x, _, err := c.escClient.OpenEnvironment(ctx, c.organization, c.environment, "", 5*time.Minute) +func (c *client) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { + env, err := c.escClient.OpenEnvironment(c.authCtx, c.organization, c.environment) if err != nil { return nil, err } - value, err := c.escClient.GetOpenProperty(ctx, c.organization, c.environment, x, ref.Key) + + value, _, err := c.escClient.ReadEnvironmentProperty(c.authCtx, c.organization, c.environment, env.GetId(), ref.Key) if err != nil { return nil, err } - return utils.GetByteValue(value.ToJSON(false)) + return utils.GetByteValue(value.GetValue()) +} + +func createSubmaps(input map[string]interface{}) map[string]interface{} { + result := make(map[string]interface{}) + + for key, value := range input { + keys := strings.Split(key, ".") + current := result + + for i, k := range keys { + if i == len(keys)-1 { + current[k] = value + } else { + if _, exists := current[k]; !exists { + current[k] = make(map[string]interface{}) + } + current = current[k].(map[string]interface{}) + } + } + } + + return result } -func (c *client) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { - return errors.New(errPushSecretsNotSupported) +func (c *client) PushSecret(_ context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { + secretKey := data.GetSecretKey() + if secretKey == "" { + return errors.New(errPushWholeSecret) + } + value := secret.Data[secretKey] + + updatePayload := &esc.EnvironmentDefinition{ + Values: &esc.EnvironmentDefinitionValues{ + AdditionalProperties: map[string]interface{}{ + data.GetRemoteKey(): string(value), + }, + }, + } + _, oldValues, err := c.escClient.OpenAndReadEnvironment(c.authCtx, c.organization, c.environment) + if err != nil { + return fmt.Errorf(errReadEnvironment, err) + } + updatePayload.Values.AdditionalProperties = createSubmaps(updatePayload.Values.AdditionalProperties) + if err := mergo.Merge(&updatePayload.Values.AdditionalProperties, oldValues); err != nil { + return fmt.Errorf(errPushSecrets, err) + } + _, err = c.escClient.UpdateEnvironment(c.authCtx, c.organization, c.environment, updatePayload) + if err != nil { + return fmt.Errorf(errPushSecrets, err) + } + + return nil } func (c *client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { @@ -73,21 +125,46 @@ func (c *client) Validate() (esv1beta1.ValidationResult, error) { return esv1beta1.ValidationResultReady, nil } -func (c *client) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { - data, err := c.GetSecret(ctx, ref) - if err != nil { - return nil, fmt.Errorf(errGettingSecrets, ref.Key, err) +func GetMapFromInterface(i interface{}) (map[string][]byte, error) { + // Assert the interface{} to map[string]interface{} + m, ok := i.(map[string]interface{}) + if !ok { + return nil, errors.New(errInterfaceType) } - kv := make(map[string]any) - err = json.Unmarshal(data, &kv) - if err != nil { - return nil, fmt.Errorf(errUnmarshalSecret, err) + // Create a new map to hold the result + result := make(map[string][]byte) + + // Iterate over the map and convert each value to []byte + for key, value := range m { + result[key], _ = utils.GetByteValue(value) } + return result, nil +} + +func (c *client) GetSecretMap(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { + env, err := c.escClient.OpenEnvironment(c.authCtx, c.organization, c.environment) + if err != nil { + return nil, err + } + value, _, err := c.escClient.ReadEnvironmentProperty(c.authCtx, c.organization, c.environment, env.GetId(), ref.Key) + if err != nil { + return nil, err + } + kv, _ := GetMapFromInterface(value.GetValue()) secretData := make(map[string][]byte) for k, v := range kv { - secretData[k], err = utils.GetByteValue(v) + byteValue, err := utils.GetByteValue(v) + if err != nil { + return nil, err + } + val := esc.Value{} + err = val.UnmarshalJSON(byteValue) + if err != nil { + return nil, err + } + secretData[k], err = utils.GetByteValue(val.Value) if err != nil { return nil, fmt.Errorf(errUnableToGetValues, k, err) } diff --git a/pkg/provider/pulumi/pulumi_test.go b/pkg/provider/pulumi/pulumi_test.go index e1cbfd9de5f..741d91ff890 100644 --- a/pkg/provider/pulumi/pulumi_test.go +++ b/pkg/provider/pulumi/pulumi_test.go @@ -21,37 +21,62 @@ import ( "reflect" "testing" - esc2 "github.com/pulumi/esc" - esc "github.com/pulumi/esc/cmd/esc/cli/client" + esc "github.com/pulumi/esc-sdk/sdk/go" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" ) -func newTestClient(t *testing.T, _, _ string, handler func(w http.ResponseWriter, r *http.Request)) *client { - const userAgent = "test-user-agent" +// Constants for content type and value. +const contentTypeValue = "application/json" +const contentType = "Content-Type" + +func newTestClient(t *testing.T, _, pattern string, handler func(w http.ResponseWriter, r *http.Request)) *client { const token = "test-token" - server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { - require.Equal(t, "token "+token, r.Header.Get("Authorization")) - handler(w, r) - })) - t.Cleanup(server.Close) + mux := http.NewServeMux() + + mux.HandleFunc(pattern, handler) + mux.HandleFunc("/environments/foo/bar/open/", func(w http.ResponseWriter, r *http.Request) { + r.Header.Add(contentType, contentTypeValue) + w.Header().Add(contentType, contentTypeValue) + w.WriteHeader(http.StatusOK) + err := json.NewEncoder(w).Encode(map[string]interface{}{ + "id": "session-id", + }) + require.NoError(t, err) + }) + server := httptest.NewServer(mux) + t.Cleanup(server.Close) + configuration := esc.NewConfiguration() + configuration.AddDefaultHeader("Authorization", "token "+token) + configuration.UserAgent = "external-secrets-operator" + configuration.Servers = esc.ServerConfigurations{ + esc.ServerConfiguration{ + URL: server.URL, + }, + } + ctx := esc.NewAuthContext(token) + escClient := esc.NewClient(configuration) return &client{ - escClient: esc.New(userAgent, server.URL, token, true), + escClient: *escClient, + authCtx: ctx, organization: "foo", environment: "bar", } } func TestGetSecret(t *testing.T) { - ctx := context.Background() - expected := esc2.NewValue("world") + testmap := map[string]interface{}{ + "b": "world", + } - client := newTestClient(t, http.MethodGet, "/api/preview/environments/foo/bar/open/session", func(w http.ResponseWriter, r *http.Request) { - err := json.NewEncoder(w).Encode(expected) + client := newTestClient(t, http.MethodGet, "/environments/foo/bar/open/session-id", func(w http.ResponseWriter, r *http.Request) { + r.Header.Add(contentType, contentTypeValue) + w.Header().Add(contentType, contentTypeValue) + err := json.NewEncoder(w).Encode(esc.NewValue(testmap, esc.Trace{})) require.NoError(t, err) }) @@ -64,12 +89,12 @@ func TestGetSecret(t *testing.T) { ref: esv1beta1.ExternalSecretDataRemoteRef{ Key: "b", }, - want: []byte(`world`), + want: []byte(`{"b":"world"}`), }, } for name, tc := range testCases { t.Run(name, func(t *testing.T) { - got, err := client.GetSecret(ctx, tc.ref) + got, err := client.GetSecret(context.TODO(), tc.ref) if tc.err == nil { assert.NoError(t, err) assert.Equal(t, tc.want, got) @@ -86,7 +111,7 @@ func TestGetSecretMap(t *testing.T) { tests := []struct { name string ref esv1beta1.ExternalSecretDataRemoteRef - input string + input map[string]interface{} want map[string][]byte wantErr bool @@ -96,7 +121,62 @@ func TestGetSecretMap(t *testing.T) { ref: esv1beta1.ExternalSecretDataRemoteRef{ Key: "mysec", }, - input: `{"foo": "bar", "foobar": 42, "bar": true}`, + input: map[string]interface{}{ + "foo": map[string]interface{}{ + "value": "bar", + "trace": map[string]interface{}{ + "def": map[string]interface{}{ + "environment": "bar", + "begin": map[string]interface{}{ + "line": 3, + "column": 9, + "byte": 29, + }, + "end": map[string]interface{}{ + "line": 3, + "column": 13, + "byte": 33, + }, + }, + }, + }, + "foobar": map[string]interface{}{ + "value": "42", + "trace": map[string]interface{}{ + "def": map[string]interface{}{ + "environment": "bar", + "begin": map[string]interface{}{ + "line": 4, + "column": 9, + "byte": 38, + }, + "end": map[string]interface{}{ + "line": 4, + "column": 13, + "byte": 42, + }, + }, + }, + }, + "bar": map[string]interface{}{ + "value": true, + "trace": map[string]interface{}{ + "def": map[string]interface{}{ + "environment": "bar", + "begin": map[string]interface{}{ + "line": 5, + "column": 9, + "byte": 47, + }, + "end": map[string]interface{}{ + "line": 5, + "column": 13, + "byte": 51, + }, + }, + }, + }, + }, want: map[string][]byte{ "foo": []byte("bar"), "foobar": []byte("42"), @@ -109,10 +189,85 @@ func TestGetSecretMap(t *testing.T) { ref: esv1beta1.ExternalSecretDataRemoteRef{ Key: "mysec", }, - input: `{"foo": {"foobar": 42}, "bar": {"foo": "bar"}}`, + input: map[string]interface{}{ + "test22": map[string]interface{}{ + "value": map[string]interface{}{ + "my": map[string]interface{}{ + "value": "hello", + "trace": map[string]interface{}{ + "def": map[string]interface{}{ + "environment": "bar", + "begin": map[string]interface{}{ + "line": 6, + "column": 11, + "byte": 72, + }, + "end": map[string]interface{}{ + "line": 6, + "column": 16, + "byte": 77, + }, + }, + }, + }, + }, + "trace": map[string]interface{}{ + "def": map[string]interface{}{ + "environment": "bar", + "begin": map[string]interface{}{ + "line": 6, + "column": 7, + "byte": 68, + }, + "end": map[string]interface{}{ + "line": 6, + "column": 16, + "byte": 77, + }, + }, + }, + }, + "test33": map[string]interface{}{ + "value": map[string]interface{}{ + "world": map[string]interface{}{ + "value": "hello", + "trace": map[string]interface{}{ + "def": map[string]interface{}{ + "environment": "bar", + "begin": map[string]interface{}{ + "line": 8, + "column": 14, + "byte": 103, + }, + "end": map[string]interface{}{ + "line": 8, + "column": 19, + "byte": 108, + }, + }, + }, + }, + }, + "trace": map[string]interface{}{ + "def": map[string]interface{}{ + "environment": "bar", + "begin": map[string]interface{}{ + "line": 8, + "column": 7, + "byte": 96, + }, + "end": map[string]interface{}{ + "line": 8, + "column": 19, + "byte": 108, + }, + }, + }, + }, + }, want: map[string][]byte{ - "foo": []byte(`{"foobar":42}`), - "bar": []byte(`{"foo":"bar"}`), + "test22": []byte(`{"my":{"trace":{"def":{"begin":{"byte":72,"column":11,"line":6},"end":{"byte":77,"column":16,"line":6},"environment":"bar"}},"value":"hello"}}`), + "test33": []byte(`{"world":{"trace":{"def":{"begin":{"byte":103,"column":14,"line":8},"end":{"byte":108,"column":19,"line":8},"environment":"bar"}},"value":"hello"}}`), }, wantErr: false, }, @@ -121,23 +276,79 @@ func TestGetSecretMap(t *testing.T) { ref: esv1beta1.ExternalSecretDataRemoteRef{ Key: "mysec", }, - input: `{"foo": "bar", "bar": {"foo": {"bar": false}}}`, + input: map[string]interface{}{ + "foo": map[string]interface{}{ + "value": "bar", + "trace": map[string]interface{}{ + "def": map[string]interface{}{ + "environment": "bar", + "begin": map[string]interface{}{ + "line": 3, + "column": 9, + "byte": 29, + }, + "end": map[string]interface{}{ + "line": 3, + "column": 13, + "byte": 33, + }, + }, + }, + }, + "test22": map[string]interface{}{ + "value": map[string]interface{}{ + "my": map[string]interface{}{ + "value": "hello", + "trace": map[string]interface{}{ + "def": map[string]interface{}{ + "environment": "bar", + "begin": map[string]interface{}{ + "line": 6, + "column": 11, + "byte": 72, + }, + "end": map[string]interface{}{ + "line": 6, + "column": 16, + "byte": 77, + }, + }, + }, + }, + }, + "trace": map[string]interface{}{ + "def": map[string]interface{}{ + "environment": "bar", + "begin": map[string]interface{}{ + "line": 6, + "column": 7, + "byte": 68, + }, + "end": map[string]interface{}{ + "line": 6, + "column": 16, + "byte": 77, + }, + }, + }, + }, + }, want: map[string][]byte{ - "foo": []byte(`bar`), - "bar": []byte(`{"foo":{"bar":false}}`), + "foo": []byte("bar"), + "test22": []byte(`{"my":{"trace":{"def":{"begin":{"byte":72,"column":11,"line":6},"end":{"byte":77,"column":16,"line":6},"environment":"bar"}},"value":"hello"}}`), }, wantErr: false, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - p := newTestClient(t, http.MethodGet, "/api/preview/environments/foo/bar/open/session", func(w http.ResponseWriter, r *http.Request) { - esc2Input, err1 := esc2.FromJSON(tt.input, false) - require.NoError(t, err1) - err2 := json.NewEncoder(w).Encode(esc2Input) + p := newTestClient(t, http.MethodGet, "/environments/foo/bar/open/session-id", func(w http.ResponseWriter, r *http.Request) { + r.Header.Add(contentType, contentTypeValue) + w.Header().Add(contentType, contentTypeValue) + err2 := json.NewEncoder(w).Encode(esc.NewValue(tt.input, esc.Trace{})) require.NoError(t, err2) }) - got, err := p.GetSecretMap(context.Background(), tt.ref) + got, err := p.GetSecretMap(context.TODO(), tt.ref) if (err != nil) != tt.wantErr { t.Errorf("ProviderPulumi.GetSecretMap() error = %v, wantErr %v", err, tt.wantErr) return @@ -148,3 +359,51 @@ func TestGetSecretMap(t *testing.T) { }) } } + +func TestCreateSubmaps(t *testing.T) { + input := map[string]interface{}{ + "a.b.c": 1, + "a.b.d": 2, + "a.e": 3, + "f": 4, + } + + expected := map[string]interface{}{ + "a": map[string]interface{}{ + "b": map[string]interface{}{ + "c": 1, + "d": 2, + }, + "e": 3, + }, + "f": 4, + } + + result := createSubmaps(input) + + if !reflect.DeepEqual(result, expected) { + t.Errorf("createSubmaps() = %v, want %v", result, expected) + } + + // Test nested access + a, ok := result["a"].(map[string]interface{}) + if !ok { + t.Errorf("Expected 'a' to be a map") + } + + b, ok := a["b"].(map[string]interface{}) + if !ok { + t.Errorf("Expected 'a.b' to be a map") + } + + c, ok := b["c"].(int) + if !ok || c != 1 { + t.Errorf("Expected 'a.b.c' to be 1, got %v", b["c"]) + } + + // Test non-nested key + f, ok := result["f"].(int) + if !ok || f != 4 { + t.Errorf("Expected 'f' to be 4, got %v", result["f"]) + } +} From 196245c22c9f55350bdc063bd3cd4e32968d3c76 Mon Sep 17 00:00:00 2001 From: Roomba Date: Mon, 29 Jul 2024 07:08:06 +0200 Subject: [PATCH 189/517] remove redundant parameter grab call, we already have it from the getparamsbypathwctx() (#3722) --- pkg/provider/aws/parameterstore/parameterstore.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/pkg/provider/aws/parameterstore/parameterstore.go b/pkg/provider/aws/parameterstore/parameterstore.go index 4b52bf0c5b8..84e67181a55 100644 --- a/pkg/provider/aws/parameterstore/parameterstore.go +++ b/pkg/provider/aws/parameterstore/parameterstore.go @@ -308,10 +308,7 @@ func (pm *ParameterStore) findByName(ctx context.Context, ref esv1beta1.External if !matcher.MatchName(*param.Name) { continue } - err = pm.fetchAndSet(ctx, data, *param.Name) - if err != nil { - return nil, err - } + data[*param.Name] = []byte(*param.Value) } nextToken = it.NextToken if nextToken == nil { From 5a92e76faf0cb14d982b21c053a35486b8ccfaf4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 10:24:17 +0200 Subject: [PATCH 190/517] chore(deps): bump docker/login-action from 3.2.0 to 3.3.0 (#3729) Bumps [docker/login-action](https://github.com/docker/login-action) from 3.2.0 to 3.3.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](https://github.com/docker/login-action/compare/0d4c9c5ea7693da7b068278f7b52bda2a190a446...9780b0c442fbb1117ed29e0efdff1e18412f7567) --- updated-dependencies: - dependency-name: docker/login-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/helm.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/release.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 183db79d89d..5283d3164e4 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -119,7 +119,7 @@ jobs: version: v3.14.2 # remember to also update for the first job (lint-and-test) - name: Login to GHCR - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 1e030e045cc..4b19a827cbe 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -80,7 +80,7 @@ jobs: run: git fetch --prune --unshallow - name: Login to Docker - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 if: env.IS_FORK == 'false' with: registry: ghcr.io diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cf74d34bfb9..434f2460671 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -86,7 +86,7 @@ jobs: run: go mod download - name: Login to Docker - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 with: registry: ghcr.io username: ${{ secrets.GHCR_USERNAME }} From 9253ce86800d3eb5274c90a0f5012b4b8edea7eb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 10:24:31 +0200 Subject: [PATCH 191/517] chore(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0 (#3727) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.3 to 2.4.0. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](https://github.com/ossf/scorecard-action/compare/dc50aa9510b46c811795eb24b2f1ba02a914e534...62b2cac7ed8198b15735ed49ab1e5cf35480ba46) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 243853f53b3..29c469d9290 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -25,7 +25,7 @@ jobs: persist-credentials: false - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 + uses: ossf/scorecard-action@62b2cac7ed8198b15735ed49ab1e5cf35480ba46 # v2.4.0 with: results_file: results.sarif results_format: sarif From 1dff2712dc159f547626b6bbad20992569c8d766 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 10:24:39 +0200 Subject: [PATCH 192/517] chore(deps): bump docker/setup-buildx-action from 3.4.0 to 3.5.0 (#3728) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.4.0 to 3.5.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/4fd812986e6c8c2a69e18311145f9371337f27d4...aa33708b10e362ff993539393ff100fa93ed6a27) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 4b19a827cbe..a63e2be28a5 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -60,7 +60,7 @@ jobs: platforms: all - name: Setup Docker Buildx - uses: docker/setup-buildx-action@4fd812986e6c8c2a69e18311145f9371337f27d4 # v3.4.0 + uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0 with: version: 'v0.4.2' install: true From db4763d5836799e1edde4d43666a63b942c7f7b3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 10:24:46 +0200 Subject: [PATCH 193/517] chore(deps): bump docker/setup-qemu-action from 3.1.0 to 3.2.0 (#3731) Bumps [docker/setup-qemu-action](https://github.com/docker/setup-qemu-action) from 3.1.0 to 3.2.0. - [Release notes](https://github.com/docker/setup-qemu-action/releases) - [Commits](https://github.com/docker/setup-qemu-action/compare/5927c834f5b4fdf503fca6f4c7eccda82949e1ee...49b3bc8e6bdd4a60e6116a5414239cba5943d3cf) --- updated-dependencies: - dependency-name: docker/setup-qemu-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index a63e2be28a5..e38d280adce 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -55,7 +55,7 @@ jobs: ref: ${{ inputs.ref }} - name: Setup QEMU - uses: docker/setup-qemu-action@5927c834f5b4fdf503fca6f4c7eccda82949e1ee # v3.1.0 + uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0 with: platforms: all From e63dee60285d93c1ee0024938fd3613e07cc5028 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 10:24:55 +0200 Subject: [PATCH 194/517] chore(deps): bump github/codeql-action from 3.25.13 to 3.25.15 (#3730) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.13 to 3.25.15. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2d790406f505036ef40ecba973cc774a50395aac...afb54ba388a7dca6ecae48f608c4ff05ff4cc77a) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 29c469d9290..b77e1d55d25 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2d790406f505036ef40ecba973cc774a50395aac # v3.25.13 + uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 with: sarif_file: results.sarif From 366fa93a5b3bae49e02afdff1551e00aa7601126 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 10:37:44 +0200 Subject: [PATCH 195/517] chore(deps): bump alpine from `77726ef` to `0a4eaa0` (#3733) Bumps alpine from `77726ef` to `0a4eaa0`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tilt.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.dockerfile b/tilt.dockerfile index 4a33982c13c..e644d9f67d0 100644 --- a/tilt.dockerfile +++ b/tilt.dockerfile @@ -1,4 +1,4 @@ -FROM alpine@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd +FROM alpine@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 WORKDIR / COPY ./bin/external-secrets /external-secrets From 586ade7d01ed33ebd206162c1a70c7c0f1e0231d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 11:35:27 +0200 Subject: [PATCH 196/517] chore(deps): bump golang from `8c9183f` to `0d3653d` (#3732) Bumps golang from `8c9183f` to `0d3653d`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.standalone | 2 +- tilt.debug.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 846318df8a0..7209d042a8f 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.22.5-alpine@sha256:8c9183f715b0b4eca05b8b3dbf59766aaedb41ec07477b132ee2891ac0110a07 AS builder +FROM golang:1.22.5-alpine@sha256:0d3653dd6f35159ec6e3d10263a42372f6f194c3dea0b35235d72aabde86486e AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 5622fcefee1..42046d0f3ca 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.5@sha256:829eff99a4b2abffe68f6a3847337bf6455d69d17e49ec1a97dac78834754bd6 +FROM golang:1.22.5@sha256:86a3c48a61915a8c62c0e1d7594730399caa3feb73655dfe96c7bc17710e96cf WORKDIR / COPY ./bin/external-secrets /external-secrets From 2b51f8a8e150977b331310d777059d7b4a3e9100 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 29 Jul 2024 15:04:35 +0200 Subject: [PATCH 197/517] feat: increase verbosity of error message during validation (#3742) * feat: increase verbosity of error message during validation Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * removing Equal as we do not have the specific error message there Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/suites/provider/cases/vault/vault.go | 2 +- pkg/controllers/secretstore/common.go | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/e2e/suites/provider/cases/vault/vault.go b/e2e/suites/provider/cases/vault/vault.go index 453167e7e5c..cb20978da60 100644 --- a/e2e/suites/provider/cases/vault/vault.go +++ b/e2e/suites/provider/cases/vault/vault.go @@ -292,7 +292,7 @@ func testInvalidMtlsStore(tc *framework.TestCase) { Expect(string(ss.Status.Conditions[0].Type)).Should(Equal("Ready")) Expect(string(ss.Status.Conditions[0].Status)).Should(Equal("False")) Expect(ss.Status.Conditions[0].Reason).Should(Equal("ValidationFailed")) - Expect(ss.Status.Conditions[0].Message).Should(Equal("unable to validate store")) + Expect(ss.Status.Conditions[0].Message).Should(ContainSubstring("unable to validate store")) return true, nil }) Expect(err).ToNot(HaveOccurred()) diff --git a/pkg/controllers/secretstore/common.go b/pkg/controllers/secretstore/common.go index 53f74c73933..a9c5b51baf8 100644 --- a/pkg/controllers/secretstore/common.go +++ b/pkg/controllers/secretstore/common.go @@ -35,7 +35,7 @@ const ( errValidationFailed = "could not validate provider: %w" errPatchStatus = "unable to patch status: %w" errUnableCreateClient = "unable to create client" - errUnableValidateStore = "unable to validate store" + errUnableValidateStore = "unable to validate store: %s" errUnableGetProvider = "unable to get store provider" msgStoreValidated = "store validated" @@ -103,7 +103,7 @@ func validateStore(ctx context.Context, namespace, controllerClass string, store } validationResult, err := cl.Validate() if err != nil && validationResult != esapi.ValidationResultUnknown { - cond := NewSecretStoreCondition(esapi.SecretStoreReady, v1.ConditionFalse, esapi.ReasonValidationFailed, errUnableValidateStore) + cond := NewSecretStoreCondition(esapi.SecretStoreReady, v1.ConditionFalse, esapi.ReasonValidationFailed, fmt.Sprintf(errUnableValidateStore, err)) SetExternalSecretCondition(store, *cond, gaugeVecGetter) recorder.Event(store, v1.EventTypeWarning, esapi.ReasonValidationFailed, err.Error()) return fmt.Errorf(errValidationFailed, err) From e49107ff07148b5113c6ecbe34cf18063da58026 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 17:22:29 +0200 Subject: [PATCH 198/517] chore(deps): bump golang from `6c27802` to `af9b40f` in /e2e (#3734) Bumps golang from `6c27802` to `af9b40f`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 1b6c3c2eec8..05c4378e2e2 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.5-bookworm@sha256:6c2780255bb7b881e904e303be0d7a079054160b2ce1efde446693c0850a39ad as builder +FROM golang:1.22.5-bookworm@sha256:af9b40f2b1851be993763b85288f8434af87b5678af04355b1e33ff530b5765f as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From ceaa83dccdfe97863a4358c35ad0de497059b515 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 17:22:38 +0200 Subject: [PATCH 199/517] chore(deps): bump alpine from 3.20.1 to 3.20.2 in /e2e (#3735) Bumps alpine from 3.20.1 to 3.20.2. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 05c4378e2e2..c9c1b447489 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -16,7 +16,7 @@ COPY . . WORKDIR /usr/src/app/e2e RUN make e2e-bin -FROM alpine:3.20.1@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0 +FROM alpine:3.20.2@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 RUN apk add -U --no-cache \ ca-certificates \ bash \ From 5df50390922939464c07a94f08d4563032cdba81 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 17:22:54 +0200 Subject: [PATCH 200/517] chore(deps): bump alpine from `b89d9c9` to `0a4eaa0` in /hack/api-docs (#3736) Bumps alpine from `b89d9c9` to `0a4eaa0`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/Dockerfile b/hack/api-docs/Dockerfile index cadbc81bbfa..e8e6d034054 100644 --- a/hack/api-docs/Dockerfile +++ b/hack/api-docs/Dockerfile @@ -11,7 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.20@sha256:b89d9c93e9ed3597455c90a0b88a8bbb5cb7188438f70953fede212a0c4394e0 +FROM alpine:3.20@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 RUN apk add -U --no-cache \ python3 \ python3-dev \ From 9cdfbe17569d9ab4836dadd3c554b97169509e7a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 17:23:19 +0200 Subject: [PATCH 201/517] chore(deps): bump regex from 2024.5.15 to 2024.7.24 in /hack/api-docs (#3737) Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2024.5.15 to 2024.7.24. - [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt) - [Commits](https://github.com/mrabarnett/mrab-regex/compare/2024.5.15...2024.7.24) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 7f71114443e..e2e3adcffc7 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -31,7 +31,7 @@ pymdown-extensions==10.8.1 python-dateutil==2.9.0.post0 PyYAML==6.0.1 pyyaml_env_tag==0.1 -regex==2024.5.15 +regex==2024.7.24 requests==2.32.3 six==1.16.0 termcolor==2.4.0 From f4a50fcdc89ca754865b103283b64b181777ac5d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 17:23:44 +0200 Subject: [PATCH 202/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3738) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.29 to 9.5.30. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.29...9.5.30) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index e2e3adcffc7..39eabfa2bdc 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.0 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.29 +mkdocs-material==9.5.30 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 From 78a6e36b8ce99f49c92a8c7d580776ffc4e25e1e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 17:23:59 +0200 Subject: [PATCH 203/517] chore(deps): bump importlib-metadata in /hack/api-docs (#3739) Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 8.0.0 to 8.2.0. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](https://github.com/python/importlib_metadata/compare/v8.0.0...v8.2.0) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 39eabfa2bdc..3406d62d2ad 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -7,7 +7,7 @@ csscompressor==0.9.5 ghp-import==2.1.0 htmlmin==0.1.12 idna==3.7 -importlib-metadata==8.0.0 +importlib-metadata==8.2.0 importlib-resources==6.4.0 Jinja2==3.1.4 jsmin==3.0.1 From 7d7f3932b0d3c5fde3cf54bae4b021664c36cf08 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 22:32:32 +0200 Subject: [PATCH 204/517] chore(deps): bump pymdown-extensions in /hack/api-docs (#3740) Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.8.1 to 10.9. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.8.1...10.9) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 3406d62d2ad..4882d60e282 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -27,7 +27,7 @@ pathspec==0.12.1 pep562==1.1 platformdirs==4.2.2 Pygments==2.18.0 -pymdown-extensions==10.8.1 +pymdown-extensions==10.9 python-dateutil==2.9.0.post0 PyYAML==6.0.1 pyyaml_env_tag==0.1 From a2c7923e357b52585c8e5dceaba4f347041b9801 Mon Sep 17 00:00:00 2001 From: Tyler Renslow Date: Mon, 29 Jul 2024 22:33:34 +0200 Subject: [PATCH 205/517] docs: Remove references to pemCertificate and pemPrivateKey functions (#3744) * Update docs Fixes #3260 Removes old deprecated template function Signed-off-by: Tyler Renslow * Update templating-v1.md Signed-off-by: Tyler Renslow --------- Signed-off-by: Tyler Renslow --- docs/guides/templating-v1.md | 2 +- docs/snippets/gcpsm-tls-externalsecret.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/guides/templating-v1.md b/docs/guides/templating-v1.md index 82e3d5908e4..b08246305e5 100644 --- a/docs/guides/templating-v1.md +++ b/docs/guides/templating-v1.md @@ -18,7 +18,7 @@ You can use templates to inject your secrets into a configuration file that you You can also use pre-defined functions to extract data from your secrets. Here: extract key/cert from a pkcs12 archive and store it as PEM. ``` yaml -{% include 'pkcs12-template-v1-external-secret.yaml' %} +{% include 'pkcs12-template-v2-external-secret.yaml' %} ``` ### TemplateFrom diff --git a/docs/snippets/gcpsm-tls-externalsecret.yaml b/docs/snippets/gcpsm-tls-externalsecret.yaml index 69dd2b20f29..ca213c1511f 100644 --- a/docs/snippets/gcpsm-tls-externalsecret.yaml +++ b/docs/snippets/gcpsm-tls-externalsecret.yaml @@ -14,8 +14,8 @@ spec: template: type: kubernetes.io/tls data: - tls.crt: "{{ .mysecret | pkcs12cert | pemCertificate }}" - tls.key: "{{ .mysecret | pkcs12key | pemPrivateKey }}" + tls.crt: "{{ .mysecret | pkcs12cert }}" + tls.key: "{{ .mysecret | pkcs12key }}" data: # this is a pkcs12 archive that contains From 71f9bd0624a807fbbebb0fe22e046a258ba1bfd0 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 29 Jul 2024 22:34:12 +0200 Subject: [PATCH 206/517] update dependencies (#3741) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator --- e2e/go.mod | 36 +++++++++---------- e2e/go.sum | 72 +++++++++++++++++++------------------- go.mod | 50 +++++++++++++------------- go.sum | 101 ++++++++++++++++++++++++++--------------------------- 4 files changed, 129 insertions(+), 130 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index eb6592b2118..84a68e77f17 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -39,7 +39,7 @@ replace ( ) require ( - cloud.google.com/go/secretmanager v1.13.4 + cloud.google.com/go/secretmanager v1.13.5 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 @@ -48,7 +48,7 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.54.20 + github.com/aws/aws-sdk-go v1.55.3 github.com/cyberark/conjur-api-go v0.12.3 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 @@ -56,13 +56,13 @@ require ( github.com/fluxcd/source-controller/api v1.2.3 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/hashicorp/vault/api v1.14.0 - github.com/onsi/ginkgo/v2 v2.19.0 - github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.69.2 + github.com/onsi/ginkgo/v2 v2.19.1 + github.com/onsi/gomega v1.34.0 + github.com/oracle/oci-go-sdk/v65 v65.69.3 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 github.com/xanzy/go-gitlab v0.107.0 golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.188.0 + google.golang.org/api v0.189.0 k8s.io/api v0.30.3 k8s.io/apiextensions-apiserver v0.30.3 k8s.io/apimachinery v0.30.3 @@ -74,10 +74,10 @@ require ( ) require ( - cloud.google.com/go/auth v0.7.1 // indirect + cloud.google.com/go/auth v0.7.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect - cloud.google.com/go/iam v1.1.11 // indirect + cloud.google.com/go/iam v1.1.12 // indirect dario.cat/mergo v1.0.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect @@ -109,7 +109,7 @@ require ( github.com/fluxcd/pkg/apis/acl v0.1.0 // indirect github.com/fluxcd/pkg/apis/kustomize v1.2.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect - github.com/go-jose/go-jose/v4 v4.0.3 // indirect + github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-openapi/jsonpointer v0.21.0 // indirect @@ -118,7 +118,7 @@ require ( github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/goccy/go-json v0.10.3 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect - github.com/gofrs/flock v0.12.0 // indirect + github.com/gofrs/flock v0.12.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect @@ -127,11 +127,11 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240721033354-7089f98c1d14 // indirect - github.com/google/s2a-go v0.1.7 // indirect + github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect + github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.5 // indirect + github.com/googleapis/gax-go/v2 v2.13.0 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -152,7 +152,7 @@ require ( github.com/lestrrat-go/httpcc v1.0.1 // indirect github.com/lestrrat-go/httprc v1.0.6 // indirect github.com/lestrrat-go/iter v1.0.2 // indirect - github.com/lestrrat-go/jwx/v2 v2.1.0 // indirect + github.com/lestrrat-go/jwx/v2 v2.1.1 // indirect github.com/lestrrat-go/option v1.0.1 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect @@ -199,9 +199,9 @@ require ( golang.org/x/time v0.5.0 // indirect golang.org/x/tools v0.23.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d // indirect + google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f // indirect google.golang.org/grpc v1.65.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -210,7 +210,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f // indirect + k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index f23f006cc30..bf80caa745b 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.7.1 h1:Iv1bbpzJ2OIg16m94XI9/tlzZZl3cdeR3nGVGj78N7s= -cloud.google.com/go/auth v0.7.1/go.mod h1:VEc4p5NNxycWQTMQEDQF0bd6aTMb6VgYDXEwiJJQAbs= +cloud.google.com/go/auth v0.7.2 h1:uiha352VrCDMXg+yoBtaD0tUF4Kv9vrtrWPYXwutnDE= +cloud.google.com/go/auth v0.7.2/go.mod h1:VEc4p5NNxycWQTMQEDQF0bd6aTMb6VgYDXEwiJJQAbs= cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -35,14 +35,14 @@ cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJ cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.11 h1:0mQ8UKSfdHLut6pH9FM3bI55KWR46ketn0PuXleDyxw= -cloud.google.com/go/iam v1.1.11/go.mod h1:biXoiLWYIKntto2joP+62sd9uW5EpkZmKIvfNcTWlnQ= +cloud.google.com/go/iam v1.1.12 h1:JixGLimRrNGcxvJEQ8+clfLxPlbeZA6MuRJ+qJNQ5Xw= +cloud.google.com/go/iam v1.1.12/go.mod h1:9LDX8J7dN5YRyzVHxwQzrQs9opFFqn0Mxs9nAeB+Hhg= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.4 h1:pizLSVUkZ8RdeQL5Vswj/3ujVC4kSY5eTxAWyMwQ1uc= -cloud.google.com/go/secretmanager v1.13.4/go.mod h1:SjKHs6rx0ELUqfbRWrWq4e7SiNKV7QMWZtvZsQm3k5w= +cloud.google.com/go/secretmanager v1.13.5 h1:tXlHvpm97mFD0Lv50N4U4zlXfkoTNay3BmpNA/W7/oI= +cloud.google.com/go/secretmanager v1.13.5/go.mod h1:/OeZ88l5Z6nBVilV0SXgv6XJ243KP2aIhSWRMrbvDCQ= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -115,8 +115,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.54.20 h1:FZ2UcXya7bUkvkpf7TaPmiL7EubK0go1nlXGLRwEsoo= -github.com/aws/aws-sdk-go v1.54.20/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.55.3 h1:0B5hOX+mIx7I5XPOrjrHlKSDQV/+ypFZpIHOx5LOk3E= +github.com/aws/aws-sdk-go v1.55.3/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -182,8 +182,8 @@ github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyT github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v4 v4.0.3 h1:o8aphO8Hv6RPmH+GfzVuyf7YXSBibp+8YyHdOoDESGo= -github.com/go-jose/go-jose/v4 v4.0.3/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= +github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= +github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.4.2 h1:6pFjapn8bFcIbiKo3XT4j/BhANplGihG6tvd+8rYgrY= github.com/go-logr/logr v1.4.2/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY= @@ -206,8 +206,8 @@ github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PU github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= -github.com/gofrs/flock v0.12.0 h1:xHW8t8GPAiGtqz7KxiSqfOEXwpOaqhpYZrTE2MQBgXY= -github.com/gofrs/flock v0.12.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= +github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E= +github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A= @@ -289,11 +289,11 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240721033354-7089f98c1d14 h1:m2fdPWWX/0mdyA1X3XbVTag5NEwmWv0mieoVuRq14A4= -github.com/google/pprof v0.0.0-20240721033354-7089f98c1d14/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= -github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= +github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= +github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -304,8 +304,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfF github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA= -github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E= +github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= +github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= @@ -372,8 +372,8 @@ github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCG github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.1.0 h1:0zs7Ya6+39qoit7gwAf+cYm1zzgS3fceIdo7RmQ5lkw= -github.com/lestrrat-go/jwx/v2 v2.1.0/go.mod h1:Xpw9QIaUGiIUD1Wx0NcY1sIHwFf8lDuZn/cmxtXYRys= +github.com/lestrrat-go/jwx/v2 v2.1.1 h1:Y2ltVl8J6izLYFs54BVcpXLv5msSW4o8eXwnzZLI32E= +github.com/lestrrat-go/jwx/v2 v2.1.1/go.mod h1:4LvZg7oxu6Q5VJwn7Mk/UwooNRnTHUpXBj2C4j3HNx0= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= @@ -406,14 +406,14 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= -github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= -github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0= +github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA= +github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os= +github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.69.2 h1:lROMJ8/VakGOGObAWUxTVY2AX1wQCUIzVqfL4Fb2Ay8= -github.com/oracle/oci-go-sdk/v65 v65.69.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.69.3 h1:CFpvgj+0k131osppFg8GlDZW9J5GBvZOVQoBJySJP+8= +github.com/oracle/oci-go-sdk/v65 v65.69.3/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -812,8 +812,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.188.0 h1:51y8fJ/b1AaaBRJr4yWm96fPcuxSo0JcegXE3DaHQHw= -google.golang.org/api v0.188.0/go.mod h1:VR0d+2SIiWOYG3r/jdm7adPW9hI2aRv9ETOSCQ9Beag= +google.golang.org/api v0.189.0 h1:equMo30LypAkdkLMBqfeIqtyAnlyig1JSZArl4XPwdI= +google.golang.org/api v0.189.0/go.mod h1:FLWGJKb0hb+pU2j+rJqwbnsF+ym+fQs73rbJ+KAUgy8= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -861,12 +861,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d h1:/hmn0Ku5kWij/kjGsrcJeC1T/MrJi2iNWwgAqrihFwc= -google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d/go.mod h1:FfBgJBJg9GcpPvKIuHSZ/aE1g2ecGL74upMzGZjiGEY= -google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d h1:kHjw/5UfflP/L5EbledDrcG4C2597RtymmGRZvHiCuY= -google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d h1:JU0iKnSg02Gmb5ZdV8nYsKEKsP6o/FGVWTrw4i1DA9A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f h1:htT2I9bZvGm+110zq8bIErMX+WgBWxCzV3ChwbvnKnc= +google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:Sk3mLpoDFTAp6R4OvlcUgaG4ISTspKeFsIAXMn9Bm4Y= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f h1:RARaIm8pxYuxyNPbBQf5igT7XdOyCNtat1qAT2ZxjU4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -941,8 +941,8 @@ k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f h1:2sXuKesAYbRHxL3aE2PN6zX/gcJr22cjrsej+W784Tc= -k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= +k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c h1:CHL3IcTrTI3csK36iwYJy36uQRic+IpSoRMNH+0I8SE= +k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c/go.mod h1:0CVn9SVo8PeW5/JgsBZZIFmmTk5noOM8WXf2e1tCihE= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/go.mod b/go.mod index dcf002bf845..20e1bbdcb2a 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,8 @@ go 1.22.4 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 require ( - cloud.google.com/go/iam v1.1.11 - cloud.google.com/go/secretmanager v1.13.4 + cloud.google.com/go/iam v1.1.12 + cloud.google.com/go/secretmanager v1.13.5 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 @@ -19,34 +19,34 @@ require ( github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.54.20 + github.com/aws/aws-sdk-go v1.55.3 github.com/go-logr/logr v1.4.2 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 github.com/google/uuid v1.6.0 - github.com/googleapis/gax-go/v2 v2.12.5 + github.com/googleapis/gax-go/v2 v2.13.0 github.com/hashicorp/vault/api v1.14.0 github.com/hashicorp/vault/api/auth/approle v0.7.0 github.com/hashicorp/vault/api/auth/kubernetes v0.7.0 github.com/hashicorp/vault/api/auth/ldap v0.7.0 github.com/huandu/xstrings v1.5.0 // indirect - github.com/onsi/ginkgo/v2 v2.19.0 - github.com/onsi/gomega v1.33.1 - github.com/oracle/oci-go-sdk/v65 v65.69.2 + github.com/onsi/ginkgo/v2 v2.19.1 + github.com/onsi/gomega v1.34.0 + github.com/oracle/oci-go-sdk/v65 v65.69.3 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.1 github.com/xanzy/go-gitlab v0.107.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240715115219-0c1e192fbf5c - github.com/yandex-cloud/go-sdk v0.0.0-20240701143239-7326d2d09169 - github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 + github.com/yandex-cloud/go-genproto v0.0.0-20240722173647-40d4f9e8b9fa + github.com/yandex-cloud/go-sdk v0.0.0-20240722174019-5ac55728f8d8 + github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.25.0 golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.188.0 - google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d + google.golang.org/api v0.189.0 + google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f google.golang.org/grpc v1.65.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -74,7 +74,7 @@ require ( github.com/alibabacloud-go/openapi-util v0.1.0 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.6 - github.com/aliyun/credentials-go v1.3.5 + github.com/aliyun/credentials-go v1.3.6 github.com/avast/retry-go/v4 v4.6.0 github.com/cyberark/conjur-api-go v0.12.3 github.com/fortanix/sdkms-client-go v0.4.0 @@ -84,21 +84,21 @@ require ( github.com/hashicorp/vault/api/auth/aws v0.7.0 github.com/hashicorp/vault/api/auth/userpass v0.7.0 github.com/keeper-security/secrets-manager-go/core v1.6.3 - github.com/lestrrat-go/jwx/v2 v2.1.0 + github.com/lestrrat-go/jwx/v2 v2.1.1 github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 github.com/passbolt/go-passbolt v0.7.0 github.com/pulumi/esc-sdk/sdk v0.9.2 - github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 - github.com/sethvargo/go-password v0.3.0 + github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 + github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f + k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/auth v0.7.1 // indirect + cloud.google.com/go/auth v0.7.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect @@ -121,15 +121,15 @@ require ( github.com/cloudflare/circl v1.3.9 // indirect github.com/danieljoos/wincred v1.2.2 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect - github.com/gabriel-vasile/mimetype v1.4.4 // indirect - github.com/go-jose/go-jose/v4 v4.0.3 // indirect + github.com/gabriel-vasile/mimetype v1.4.5 // indirect + github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-playground/validator/v10 v10.22.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect - github.com/gofrs/flock v0.12.0 // indirect + github.com/gofrs/flock v0.12.1 // indirect github.com/google/gnostic-models v0.6.8 // indirect - github.com/google/s2a-go v0.1.7 // indirect + github.com/google/s2a-go v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect github.com/lestrrat-go/httprc v1.0.6 // indirect @@ -144,8 +144,8 @@ require ( go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/otel/trace v1.28.0 // indirect golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) @@ -190,7 +190,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240721033354-7089f98c1d14 // indirect + github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect diff --git a/go.sum b/go.sum index d00babb9644..aa089a2f5d0 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.7.1 h1:Iv1bbpzJ2OIg16m94XI9/tlzZZl3cdeR3nGVGj78N7s= -cloud.google.com/go/auth v0.7.1/go.mod h1:VEc4p5NNxycWQTMQEDQF0bd6aTMb6VgYDXEwiJJQAbs= +cloud.google.com/go/auth v0.7.2 h1:uiha352VrCDMXg+yoBtaD0tUF4Kv9vrtrWPYXwutnDE= +cloud.google.com/go/auth v0.7.2/go.mod h1:VEc4p5NNxycWQTMQEDQF0bd6aTMb6VgYDXEwiJJQAbs= cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -35,14 +35,14 @@ cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJ cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.11 h1:0mQ8UKSfdHLut6pH9FM3bI55KWR46ketn0PuXleDyxw= -cloud.google.com/go/iam v1.1.11/go.mod h1:biXoiLWYIKntto2joP+62sd9uW5EpkZmKIvfNcTWlnQ= +cloud.google.com/go/iam v1.1.12 h1:JixGLimRrNGcxvJEQ8+clfLxPlbeZA6MuRJ+qJNQ5Xw= +cloud.google.com/go/iam v1.1.12/go.mod h1:9LDX8J7dN5YRyzVHxwQzrQs9opFFqn0Mxs9nAeB+Hhg= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.4 h1:pizLSVUkZ8RdeQL5Vswj/3ujVC4kSY5eTxAWyMwQ1uc= -cloud.google.com/go/secretmanager v1.13.4/go.mod h1:SjKHs6rx0ELUqfbRWrWq4e7SiNKV7QMWZtvZsQm3k5w= +cloud.google.com/go/secretmanager v1.13.5 h1:tXlHvpm97mFD0Lv50N4U4zlXfkoTNay3BmpNA/W7/oI= +cloud.google.com/go/secretmanager v1.13.5/go.mod h1:/OeZ88l5Z6nBVilV0SXgv6XJ243KP2aIhSWRMrbvDCQ= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -182,8 +182,8 @@ github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzY github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8= github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= -github.com/aliyun/credentials-go v1.3.5 h1:KhB5hRibvCugCIcpQxLZjjkb9EuAcu+MZi3GBc+/mv0= -github.com/aliyun/credentials-go v1.3.5/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= +github.com/aliyun/credentials-go v1.3.6 h1:K5STbhaWjoj5Ht0juOj9mWE2lGelShHLzu5QR3cQ5X8= +github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= @@ -191,8 +191,8 @@ github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinR github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.54.20 h1:FZ2UcXya7bUkvkpf7TaPmiL7EubK0go1nlXGLRwEsoo= -github.com/aws/aws-sdk-go v1.54.20/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.55.3 h1:0B5hOX+mIx7I5XPOrjrHlKSDQV/+ypFZpIHOx5LOk3E= +github.com/aws/aws-sdk-go v1.55.3/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -267,8 +267,8 @@ github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7z github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= -github.com/gabriel-vasile/mimetype v1.4.4 h1:QjV6pZ7/XZ7ryI2KuyeEDE8wnh7fHP9YnQy+R0LnH8I= -github.com/gabriel-vasile/mimetype v1.4.4/go.mod h1:JwLei5XPtWdGiMFB5Pjle1oEeoSeEuJfJE+TtfvdB/s= +github.com/gabriel-vasile/mimetype v1.4.5 h1:J7wGKdGu33ocBOhGy0z653k/lFKLFDPJMG8Gql0kxn4= +github.com/gabriel-vasile/mimetype v1.4.5/go.mod h1:ibHel+/kbxn9x2407k1izTA1S81ku1z/DlgOW2QE0M4= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-chef/chef v0.30.1 h1:yvOSijEBWAQtRbBPj9hz1atEJUU6HckPc7AaEyZXnLg= @@ -276,8 +276,8 @@ github.com/go-chef/chef v0.30.1/go.mod h1:7RU1oCrRErTrkmIszkhJ9vHw7Bv2hZ1Vv1C1qK github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= -github.com/go-jose/go-jose/v4 v4.0.3 h1:o8aphO8Hv6RPmH+GfzVuyf7YXSBibp+8YyHdOoDESGo= -github.com/go-jose/go-jose/v4 v4.0.3/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= +github.com/go-jose/go-jose/v4 v4.0.4 h1:VsjPI33J0SB9vQM6PLmNjoHqMQNGPiZ0rHL7Ni7Q6/E= +github.com/go-jose/go-jose/v4 v4.0.4/go.mod h1:NKb5HO1EZccyMpiZNbdUw/14tiXNyUJh188dfnMCAfc= github.com/go-logr/logr v0.1.0/go.mod h1:ixOQHD9gLJUVQQ2ZOR7zLEifBX6tGkNJF4QyIY7sIas= github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU= github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= @@ -317,8 +317,8 @@ github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PU github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= -github.com/gofrs/flock v0.12.0 h1:xHW8t8GPAiGtqz7KxiSqfOEXwpOaqhpYZrTE2MQBgXY= -github.com/gofrs/flock v0.12.0/go.mod h1:FirDy1Ing0mI2+kB6wk+vyyAH+e6xiE+EYA0jnzV9jc= +github.com/gofrs/flock v0.12.1 h1:MTLVXXHf8ekldpJk3AKicLij9MdwOWkZ+a/jHHZby9E= +github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeHCoD0= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= @@ -401,11 +401,11 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240721033354-7089f98c1d14 h1:m2fdPWWX/0mdyA1X3XbVTag5NEwmWv0mieoVuRq14A4= -github.com/google/pprof v0.0.0-20240721033354-7089f98c1d14/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k= +github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= -github.com/google/s2a-go v0.1.7 h1:60BLSyTrOV4/haCDW4zb1guZItoSq8foHCXrAnjBo/o= -github.com/google/s2a-go v0.1.7/go.mod h1:50CgR4k1jNlWBu4UfS4AcfhVe1r6pdZPygJ3R8F0Qdw= +github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= +github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -416,8 +416,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfF github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA= -github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E= +github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= +github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= @@ -511,8 +511,8 @@ github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCG github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.1.0 h1:0zs7Ya6+39qoit7gwAf+cYm1zzgS3fceIdo7RmQ5lkw= -github.com/lestrrat-go/jwx/v2 v2.1.0/go.mod h1:Xpw9QIaUGiIUD1Wx0NcY1sIHwFf8lDuZn/cmxtXYRys= +github.com/lestrrat-go/jwx/v2 v2.1.1 h1:Y2ltVl8J6izLYFs54BVcpXLv5msSW4o8eXwnzZLI32E= +github.com/lestrrat-go/jwx/v2 v2.1.1/go.mod h1:4LvZg7oxu6Q5VJwn7Mk/UwooNRnTHUpXBj2C4j3HNx0= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= @@ -558,14 +558,14 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.19.0 h1:9Cnnf7UHo57Hy3k6/m5k3dRfGTMXGvxhHFvkDTCTpvA= -github.com/onsi/ginkgo/v2 v2.19.0/go.mod h1:rlwLi9PilAFJ8jCg9UE1QP6VBpd6/xj3SRC0d6TU0To= -github.com/onsi/gomega v1.33.1 h1:dsYjIxxSR755MDmKVsaFQTE22ChNBcuuTWgkUDSubOk= -github.com/onsi/gomega v1.33.1/go.mod h1:U4R44UsT+9eLIaYRB2a5qajjtQYn0hauxvRm16AVYg0= +github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0= +github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA= +github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os= +github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.69.2 h1:lROMJ8/VakGOGObAWUxTVY2AX1wQCUIzVqfL4Fb2Ay8= -github.com/oracle/oci-go-sdk/v65 v65.69.2/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.69.3 h1:CFpvgj+0k131osppFg8GlDZW9J5GBvZOVQoBJySJP+8= +github.com/oracle/oci-go-sdk/v65 v65.69.3/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -599,14 +599,14 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28 h1:2vT+ryIQGfF21HN/W5yn/CBPpsTJULuuepWfUq/geV4= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.28/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 h1:BkTk4gynLjguayxrYxZoMZjBnAOh7ntQvUkOFmkMqPU= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8= github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM= github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= -github.com/sethvargo/go-password v0.3.0 h1:OLFHZ91Z7NiNP3dnaPxLxCDXlb6TBuxFzMvv6bu+Ptw= -github.com/sethvargo/go-password v0.3.0/go.mod h1:p6we8DZ0eyYXof9pon7Cqrw98N4KTaYiadDml1dUEEw= +github.com/sethvargo/go-password v0.3.1 h1:WqrLTjo7X6AcVYfC6R7GtSyuUQR9hGyAj/f1PYQZCJU= +github.com/sethvargo/go-password v0.3.1/go.mod h1:rXofC1zT54N7R8K/h1WDUdkf9BOx5OptoxrMBcrXzvs= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.3.1/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp81k= @@ -667,13 +667,12 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20240701142715-6a03f33f8ec8/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-genproto v0.0.0-20240715115219-0c1e192fbf5c h1:GzMfpQ/oAP93MOQb5/B+3daDzdcLRRqetZ8radtnJJ4= -github.com/yandex-cloud/go-genproto v0.0.0-20240715115219-0c1e192fbf5c/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240701143239-7326d2d09169 h1:5LGYQ/0h1uUo3HH8MsG6R40gvSVPj/7r4D1sKVMa370= -github.com/yandex-cloud/go-sdk v0.0.0-20240701143239-7326d2d09169/go.mod h1:kRqpmRyPs8rzXuYEJe57AH546a3VcSjEIzdFa1V66hY= -github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76 h1:tBiBTKHnIjovYoLX/TPkcf+OjqqKGQrPtGT3Foz+Pgo= -github.com/youmark/pkcs8 v0.0.0-20240424034433-3c2c7870ae76/go.mod h1:SQliXeA7Dhkt//vS29v3zpbEwoa+zb2Cn5xj5uO4K5U= +github.com/yandex-cloud/go-genproto v0.0.0-20240722173647-40d4f9e8b9fa h1:MFb4Q81BMqa0vL64v/i3mel9C+XQkVnwgWqWbmqv10U= +github.com/yandex-cloud/go-genproto v0.0.0-20240722173647-40d4f9e8b9fa/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240722174019-5ac55728f8d8 h1:8820Gy661iOP7y5nQoEKwyltYe29nSfQH4xS4cs4Fcc= +github.com/yandex-cloud/go-sdk v0.0.0-20240722174019-5ac55728f8d8/go.mod h1:2ru61HUofl3wPD6tcNmLfUEAZD4WH2eOw1hLG71TQp4= +github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= +github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -1046,8 +1045,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.188.0 h1:51y8fJ/b1AaaBRJr4yWm96fPcuxSo0JcegXE3DaHQHw= -google.golang.org/api v0.188.0/go.mod h1:VR0d+2SIiWOYG3r/jdm7adPW9hI2aRv9ETOSCQ9Beag= +google.golang.org/api v0.189.0 h1:equMo30LypAkdkLMBqfeIqtyAnlyig1JSZArl4XPwdI= +google.golang.org/api v0.189.0/go.mod h1:FLWGJKb0hb+pU2j+rJqwbnsF+ym+fQs73rbJ+KAUgy8= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1097,12 +1096,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d h1:/hmn0Ku5kWij/kjGsrcJeC1T/MrJi2iNWwgAqrihFwc= -google.golang.org/genproto v0.0.0-20240711142825-46eb208f015d/go.mod h1:FfBgJBJg9GcpPvKIuHSZ/aE1g2ecGL74upMzGZjiGEY= -google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d h1:kHjw/5UfflP/L5EbledDrcG4C2597RtymmGRZvHiCuY= -google.golang.org/genproto/googleapis/api v0.0.0-20240711142825-46eb208f015d/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d h1:JU0iKnSg02Gmb5ZdV8nYsKEKsP6o/FGVWTrw4i1DA9A= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240711142825-46eb208f015d/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f h1:htT2I9bZvGm+110zq8bIErMX+WgBWxCzV3ChwbvnKnc= +google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:Sk3mLpoDFTAp6R4OvlcUgaG4ISTspKeFsIAXMn9Bm4Y= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk= +google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f h1:RARaIm8pxYuxyNPbBQf5igT7XdOyCNtat1qAT2ZxjU4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1194,8 +1193,8 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f h1:2sXuKesAYbRHxL3aE2PN6zX/gcJr22cjrsej+W784Tc= -k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= +k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c h1:CHL3IcTrTI3csK36iwYJy36uQRic+IpSoRMNH+0I8SE= +k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c/go.mod h1:0CVn9SVo8PeW5/JgsBZZIFmmTk5noOM8WXf2e1tCihE= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= From d10a66ee68f285630f49326254423102cf8b4637 Mon Sep 17 00:00:00 2001 From: Carlos Neto Date: Mon, 29 Jul 2024 17:47:48 -0300 Subject: [PATCH 207/517] docs: add more details in the externalsecret comments in the API section (creationPolicy + deletionPolicy) (#3725) Signed-off-by: c-neto --- docs/snippets/full-external-secret.yaml | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/docs/snippets/full-external-secret.yaml b/docs/snippets/full-external-secret.yaml index 6c7247f5ea8..c017bc90608 100644 --- a/docs/snippets/full-external-secret.yaml +++ b/docs/snippets/full-external-secret.yaml @@ -32,17 +32,18 @@ spec: # It is immutable name: application-config - # Enum with values: 'Owner', 'Merge', or 'None' - # Default value of 'Owner' - # Owner creates the secret and sets .metadata.ownerReferences of the resource - # Merge does not create the secret, but merges in the data fields to the secret - # None does not create a secret (future use with injector) - creationPolicy: 'Merge' - - # DeletionPolicy defines how/when to delete the Secret in Kubernetes - # if the provider secret gets deleted. - # Valid values are Delete, Merge, Retain - deletionPolicy: "Retain" + # Specifies the ExternalSecret ownership details in the created Secret. Options: + # - Owner: (default) Creates the Secret and sets .metadata.ownerReferences. If the ExternalSecret is deleted, the Secret will also be deleted. + # - Merge: Does not create the Secret but merges data fields into the existing Secret (expects the Secret to already exist). + # - Orphan: Creates the Secret but does not set .metadata.ownerReferences. If the Secret already exists, it will be updated. + # - None: Does not create or update the Secret (reserved for future use with injector). + creationPolicy: Merge + + # Specifies what happens to the Secret when data fields are deleted from the provider (e.g., Vault, AWS Parameter Store). Options: + # - Retain: (default) Retains the Secret if all Secret data fields have been deleted from the provider. + # - Delete: Removes the Secret if all Secret data fields from the provider are deleted. + # - Merge: Removes keys from the Secret but not the Secret itself. + deletionPolicy: Retain # Specify a blueprint for the resulting Kind=Secret template: From 8c709cfa43d3ab7a6a027a03302e30db83d6ad43 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Wed, 31 Jul 2024 12:29:07 +0200 Subject: [PATCH 208/517] feat: add prefix definition to all secret keys for aws parameter store (#3718) * feat: add prefix definition to all secret keys for aws parameter store Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * added a push secret test to verify called parameter has a prefix Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .../v1beta1/secretstore_aws_types.go | 4 ++ ...ternal-secrets.io_clustersecretstores.yaml | 3 + .../external-secrets.io_secretstores.yaml | 3 + deploy/crds/bundle.yaml | 6 ++ docs/api/spec.md | 12 ++++ pkg/provider/aws/parameterstore/fake/fake.go | 16 ++--- .../aws/parameterstore/parameterstore.go | 16 ++--- .../aws/parameterstore/parameterstore_test.go | 60 +++++++++++++++++-- pkg/provider/aws/provider.go | 4 +- 9 files changed, 104 insertions(+), 20 deletions(-) diff --git a/apis/externalsecrets/v1beta1/secretstore_aws_types.go b/apis/externalsecrets/v1beta1/secretstore_aws_types.go index ebc4c7976ae..0455c39cca6 100644 --- a/apis/externalsecrets/v1beta1/secretstore_aws_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_aws_types.go @@ -124,4 +124,8 @@ type AWSProvider struct { // AWS STS assume role transitive session tags. Required when multiple rules are used with the provider // +optional TransitiveTagKeys []*string `json:"transitiveTagKeys,omitempty"` + + // Prefix adds a prefix to all retrieved values. + // +optional + Prefix string `json:"prefix,omitempty"` } diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index cc6f887b71a..9b7ff0ca247 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2084,6 +2084,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index e03e4f2792f..ddde6176546 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2084,6 +2084,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 7014d317fde..bb14b0da191 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -2613,6 +2613,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -8244,6 +8247,9 @@ spec: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string diff --git a/docs/api/spec.md b/docs/api/spec.md index 7ff62480a17..bf5dcbb9605 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -281,6 +281,18 @@ SecretsManager

AWS STS assume role transitive session tags. Required when multiple rules are used with the provider

+ + +prefix
+ +string + + + +(Optional) +

Prefix adds a prefix to all retrieved values.

+ +

AWSServiceType diff --git a/pkg/provider/aws/parameterstore/fake/fake.go b/pkg/provider/aws/parameterstore/fake/fake.go index 591e37167aa..fd196bd9828 100644 --- a/pkg/provider/aws/parameterstore/fake/fake.go +++ b/pkg/provider/aws/parameterstore/fake/fake.go @@ -26,13 +26,14 @@ import ( // Client implements the aws parameterstore interface. type Client struct { - GetParameterWithContextFn GetParameterWithContextFn - GetParametersByPathWithContextFn GetParametersByPathWithContextFn - PutParameterWithContextFn PutParameterWithContextFn - PutParameterWithContextCalledN int - DeleteParameterWithContextFn DeleteParameterWithContextFn - DescribeParametersWithContextFn DescribeParametersWithContextFn - ListTagsForResourceWithContextFn ListTagsForResourceWithContextFn + GetParameterWithContextFn GetParameterWithContextFn + GetParametersByPathWithContextFn GetParametersByPathWithContextFn + PutParameterWithContextFn PutParameterWithContextFn + PutParameterWithContextCalledN int + PutParameterWithContextFnCalledWith [][]*ssm.PutParameterInput + DeleteParameterWithContextFn DeleteParameterWithContextFn + DescribeParametersWithContextFn DescribeParametersWithContextFn + ListTagsForResourceWithContextFn ListTagsForResourceWithContextFn } type GetParameterWithContextFn func(aws.Context, *ssm.GetParameterInput, ...request.Option) (*ssm.GetParameterOutput, error) @@ -88,6 +89,7 @@ func NewDescribeParametersWithContextFn(output *ssm.DescribeParametersOutput, er func (sm *Client) PutParameterWithContext(ctx aws.Context, input *ssm.PutParameterInput, options ...request.Option) (*ssm.PutParameterOutput, error) { sm.PutParameterWithContextCalledN++ + sm.PutParameterWithContextFnCalledWith = append(sm.PutParameterWithContextFnCalledWith, []*ssm.PutParameterInput{input}) return sm.PutParameterWithContextFn(ctx, input, options...) } diff --git a/pkg/provider/aws/parameterstore/parameterstore.go b/pkg/provider/aws/parameterstore/parameterstore.go index 84e67181a55..c9307a02c06 100644 --- a/pkg/provider/aws/parameterstore/parameterstore.go +++ b/pkg/provider/aws/parameterstore/parameterstore.go @@ -60,6 +60,7 @@ type ParameterStore struct { sess *session.Session client PMInterface referentAuth bool + prefix string } // PMInterface is a subset of the parameterstore api. @@ -79,11 +80,12 @@ const ( ) // New constructs a ParameterStore Provider that is specific to a store. -func New(sess *session.Session, cfg *aws.Config, referentAuth bool) (*ParameterStore, error) { +func New(sess *session.Session, cfg *aws.Config, prefix string, referentAuth bool) (*ParameterStore, error) { return &ParameterStore{ sess: sess, referentAuth: referentAuth, client: ssm.New(sess, cfg), + prefix: prefix, }, nil } @@ -105,7 +107,7 @@ func (pm *ParameterStore) getTagsByName(ctx aws.Context, ref *ssm.GetParameterOu } func (pm *ParameterStore) DeleteSecret(ctx context.Context, remoteRef esv1beta1.PushSecretRemoteRef) error { - secretName := remoteRef.GetRemoteKey() + secretName := pm.prefix + remoteRef.GetRemoteKey() secretValue := ssm.GetParameterInput{ Name: &secretName, } @@ -179,7 +181,7 @@ func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, } stringValue := string(value) - secretName := data.GetRemoteKey() + secretName := pm.prefix + data.GetRemoteKey() secretRequest := ssm.PutParameterInput{ Name: &secretName, @@ -466,7 +468,7 @@ func (pm *ParameterStore) GetSecret(ctx context.Context, ref esv1beta1.ExternalS func (pm *ParameterStore) getParameterTags(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (*ssm.GetParameterOutput, error) { param := ssm.GetParameterOutput{ Parameter: &ssm.Parameter{ - Name: parameterNameWithVersion(ref), + Name: pm.parameterNameWithVersion(ref), }, } tags, err := pm.getTagsByName(ctx, ¶m) @@ -487,7 +489,7 @@ func (pm *ParameterStore) getParameterTags(ctx context.Context, ref esv1beta1.Ex func (pm *ParameterStore) getParameterValue(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (*ssm.GetParameterOutput, error) { out, err := pm.client.GetParameterWithContext(ctx, &ssm.GetParameterInput{ - Name: parameterNameWithVersion(ref), + Name: pm.parameterNameWithVersion(ref), WithDecryption: aws.Bool(true), }) @@ -518,8 +520,8 @@ func (pm *ParameterStore) GetSecretMap(ctx context.Context, ref esv1beta1.Extern return secretData, nil } -func parameterNameWithVersion(ref esv1beta1.ExternalSecretDataRemoteRef) *string { - name := ref.Key +func (pm *ParameterStore) parameterNameWithVersion(ref esv1beta1.ExternalSecretDataRemoteRef) *string { + name := pm.prefix + ref.Key if ref.Version != "" { // see docs: https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-versions.html#reference-parameter-version name += ":" + ref.Version diff --git a/pkg/provider/aws/parameterstore/parameterstore_test.go b/pkg/provider/aws/parameterstore/parameterstore_test.go index 4aeb307eba9..2e1ccfdf053 100644 --- a/pkg/provider/aws/parameterstore/parameterstore_test.go +++ b/pkg/provider/aws/parameterstore/parameterstore_test.go @@ -42,6 +42,11 @@ const ( invalidProp = "INVALPROP" ) +var ( + fakeSecretKey = "fakeSecretKey" + fakeValue = "fakeValue" +) + type parameterstoreTestCase struct { fakeClient *fakeps.Client apiInput *ssm.GetParameterInput @@ -51,6 +56,7 @@ type parameterstoreTestCase struct { expectError string expectedSecret string expectedData map[string][]byte + prefix string } func makeValidParameterStoreTestCase() *parameterstoreTestCase { @@ -60,6 +66,7 @@ func makeValidParameterStoreTestCase() *parameterstoreTestCase { apiOutput: makeValidAPIOutput(), remoteRef: makeValidRemoteRef(), apiErr: nil, + prefix: "", expectError: "", expectedSecret: "", expectedData: make(map[string][]byte), @@ -270,8 +277,6 @@ const remoteKey = "fake-key" func TestPushSecret(t *testing.T) { invalidParameters := errors.New(ssm.ErrCodeInvalidParameters) alreadyExistsError := errors.New(ssm.ErrCodeAlreadyExistsException) - fakeSecretKey := "fakeSecretKey" - fakeValue := "fakeValue" fakeSecret := &corev1.Secret{ Data: map[string][]byte{ fakeSecretKey: []byte(fakeValue), @@ -518,9 +523,43 @@ func TestPushSecret(t *testing.T) { } } +func TestPushSecretWithPrefix(t *testing.T) { + fakeSecret := &corev1.Secret{ + Data: map[string][]byte{ + fakeSecretKey: []byte(fakeValue), + }, + } + managedByESO := ssm.Tag{ + Key: &managedBy, + Value: &externalSecrets, + } + putParameterOutput := &ssm.PutParameterOutput{} + getParameterOutput := &ssm.GetParameterOutput{} + describeParameterOutput := &ssm.DescribeParametersOutput{} + validListTagsForResourceOutput := &ssm.ListTagsForResourceOutput{ + TagList: []*ssm.Tag{&managedByESO}, + } + + client := fakeps.Client{ + PutParameterWithContextFn: fakeps.NewPutParameterWithContextFn(putParameterOutput, nil), + GetParameterWithContextFn: fakeps.NewGetParameterWithContextFn(getParameterOutput, nil), + DescribeParametersWithContextFn: fakeps.NewDescribeParametersWithContextFn(describeParameterOutput, nil), + ListTagsForResourceWithContextFn: fakeps.NewListTagsForResourceWithContextFn(validListTagsForResourceOutput, nil), + } + + psd := fake.PushSecretData{SecretKey: fakeSecretKey, RemoteKey: remoteKey} + ps := ParameterStore{ + client: &client, + prefix: "/test/this/thing/", + } + err := ps.PushSecret(context.TODO(), fakeSecret, psd) + require.NoError(t, err) + + input := client.PutParameterWithContextFnCalledWith[0][0] + assert.Equal(t, "/test/this/thing/fake-key", *input.Name) +} + func TestPushSecretCalledOnlyOnce(t *testing.T) { - fakeSecretKey := "fakeSecretKey" - fakeValue := "fakeValue" fakeSecret := &corev1.Secret{ Data: map[string][]byte{ fakeSecretKey: []byte(fakeValue), @@ -569,6 +608,17 @@ func TestGetSecret(t *testing.T) { pstc.expectedSecret = "RRRRR" } + // good case: key is passed in and prefix is set, output is sent back + setSecretStringWithPrefix := func(pstc *parameterstoreTestCase) { + pstc.apiInput = &ssm.GetParameterInput{ + Name: aws.String("/test/this/baz"), + WithDecryption: aws.Bool(true), + } + pstc.prefix = "/test/this" + pstc.apiOutput.Parameter.Value = aws.String("RRRRR") + pstc.expectedSecret = "RRRRR" + } + // good case: extract property setExtractProperty := func(pstc *parameterstoreTestCase) { pstc.apiOutput.Parameter.Value = aws.String(`{"/shmoo": "bang"}`) @@ -649,6 +699,7 @@ func TestGetSecret(t *testing.T) { } successCases := []*parameterstoreTestCase{ + makeValidParameterStoreTestCaseCustom(setSecretStringWithPrefix), makeValidParameterStoreTestCaseCustom(setSecretString), makeValidParameterStoreTestCaseCustom(setExtractProperty), makeValidParameterStoreTestCaseCustom(setMissingProperty), @@ -665,6 +716,7 @@ func TestGetSecret(t *testing.T) { ps := ParameterStore{} for k, v := range successCases { ps.client = v.fakeClient + ps.prefix = v.prefix out, err := ps.GetSecret(context.Background(), *v.remoteRef) if !ErrorContains(err, v.expectError) { t.Errorf("[%d] unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError) diff --git a/pkg/provider/aws/provider.go b/pkg/provider/aws/provider.go index 77e1cc13655..0089f5fb720 100644 --- a/pkg/provider/aws/provider.go +++ b/pkg/provider/aws/provider.go @@ -156,7 +156,7 @@ func newClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Cl case esv1beta1.AWSServiceSecretsManager: return secretsmanager.New(sess, cfg, prov.SecretsManager, true) case esv1beta1.AWSServiceParameterStore: - return parameterstore.New(sess, cfg, true) + return parameterstore.New(sess, cfg, storeSpec.Provider.AWS.Prefix, true) } return nil, fmt.Errorf(errUnknownProviderService, prov.Service) } @@ -195,7 +195,7 @@ func newClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Cl case esv1beta1.AWSServiceSecretsManager: return secretsmanager.New(sess, cfg, prov.SecretsManager, false) case esv1beta1.AWSServiceParameterStore: - return parameterstore.New(sess, cfg, false) + return parameterstore.New(sess, cfg, storeSpec.Provider.AWS.Prefix, false) } return nil, fmt.Errorf(errUnknownProviderService, prov.Service) } From d5ca3161d63b72aa7dc1d5da74018b1d60ec64a3 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Wed, 31 Jul 2024 12:29:21 +0200 Subject: [PATCH 209/517] feat: do not modify the secret in case of a NotModified (#3746) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- apis/externalsecrets/v1beta1/provider.go | 10 ++++++++++ .../v1beta1/zz_generated.deepcopy.go | 15 +++++++++++++++ docs/api/spec.md | 6 ++++++ pkg/common/webhook/webhook.go | 5 +++++ .../externalsecret/externalsecret_controller.go | 9 +++++++++ 5 files changed, 45 insertions(+) diff --git a/apis/externalsecrets/v1beta1/provider.go b/apis/externalsecrets/v1beta1/provider.go index f8e5b7498cb..be7799c26c2 100644 --- a/apis/externalsecrets/v1beta1/provider.go +++ b/apis/externalsecrets/v1beta1/provider.go @@ -105,3 +105,13 @@ type NoSecretError struct{} func (NoSecretError) Error() string { return "Secret does not exist" } + +var NotModifiedErr = NotModifiedError{} + +// NotModifiedError to signal that the webhook received no changes, +// and it should just return without doing anything. +type NotModifiedError struct{} + +func (NotModifiedError) Error() string { + return "not modified" +} diff --git a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go index d312b655b5e..3f984750661 100644 --- a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go @@ -1930,6 +1930,21 @@ func (in *NoSecretError) DeepCopy() *NoSecretError { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *NotModifiedError) DeepCopyInto(out *NotModifiedError) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NotModifiedError. +func (in *NotModifiedError) DeepCopy() *NotModifiedError { + if in == nil { + return nil + } + out := new(NotModifiedError) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *OnboardbaseAuthSecretRef) DeepCopyInto(out *OnboardbaseAuthSecretRef) { *out = *in diff --git a/docs/api/spec.md b/docs/api/spec.md index bf5dcbb9605..d9268f3c9d6 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -5033,6 +5033,12 @@ string

NoSecretError shall be returned when a GetSecret can not find the desired secret. This is used for deletionPolicy.

+

NotModifiedError +

+

+

NotModifiedError to signal that the webhook received no changes, +and it should just return without doing anything.

+

OnboardbaseAuthSecretRef

diff --git a/pkg/common/webhook/webhook.go b/pkg/common/webhook/webhook.go index 03c758913de..bde0b0b59ad 100644 --- a/pkg/common/webhook/webhook.go +++ b/pkg/common/webhook/webhook.go @@ -196,6 +196,11 @@ func (w *Webhook) GetWebhookData(ctx context.Context, provider *Spec, ref *esv1b if resp.StatusCode == 404 { return nil, esv1beta1.NoSecretError{} } + + if resp.StatusCode == http.StatusNotModified { + return nil, esv1beta1.NotModifiedError{} + } + if resp.StatusCode < 200 || resp.StatusCode >= 300 { return nil, fmt.Errorf("endpoint gave error %s", resp.Status) } diff --git a/pkg/controllers/externalsecret/externalsecret_controller.go b/pkg/controllers/externalsecret/externalsecret_controller.go index 05f2d608f5f..5ab1f989b50 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller.go +++ b/pkg/controllers/externalsecret/externalsecret_controller.go @@ -17,6 +17,7 @@ package externalsecret import ( "context" "encoding/json" + "errors" "fmt" "strings" "time" @@ -226,6 +227,14 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu return ctrl.Result{}, err } + // secret data was not modified. + if errors.Is(err, esv1beta1.NotModifiedErr) { + log.Info("secret was not modified as a NotModified was returned by the provider") + r.markAsDone(&externalSecret, start, log) + + return ctrl.Result{}, nil + } + // if no data was found we can delete the secret if needed. if len(dataMap) == 0 { switch externalSecret.Spec.Target.DeletionPolicy { From af1ebd8817c73b66fd35da9b4edd35882dbc9344 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Wed, 31 Jul 2024 13:45:33 -0300 Subject: [PATCH 210/517] feat: webhook secrets must be labeled (#3753) BREAKING CHANGE: Webhook secrets now must be labeled for Webhook SecretStore BREAKING CHANGE: Generator webhook labels changed Signed-off-by: Gustavo Carvalho --- pkg/common/webhook/webhook.go | 4 ++-- pkg/provider/webhook/webhook.go | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/pkg/common/webhook/webhook.go b/pkg/common/webhook/webhook.go index bde0b0b59ad..8995b23661e 100644 --- a/pkg/common/webhook/webhook.go +++ b/pkg/common/webhook/webhook.go @@ -64,9 +64,9 @@ func (w *Webhook) getStoreSecret(ctx context.Context, ref SecretKeySelector) (*c return nil, fmt.Errorf("failed to get clustersecretstore webhook secret %s: %w", ref.Name, err) } if w.EnforceLabels { - expected, ok := secret.Labels["generators.external-secrets.io/type"] + expected, ok := secret.Labels["external-secrets.io/type"] if !ok { - return nil, fmt.Errorf("secret does not contain needed label to be used on webhook generator") + return nil, fmt.Errorf("secret does not contain needed label 'external-secrets.io/type: webhook'. Update secret label to use it with webhook") } if expected != "webhook" { return nil, fmt.Errorf("secret type is not 'webhook'") diff --git a/pkg/provider/webhook/webhook.go b/pkg/provider/webhook/webhook.go index 852c2e1464d..31ab82deeaf 100644 --- a/pkg/provider/webhook/webhook.go +++ b/pkg/provider/webhook/webhook.go @@ -70,6 +70,7 @@ func (p *Provider) NewClient(_ context.Context, store esv1beta1.GenericStore, ku wh: wh, storeKind: store.GetObjectKind().GroupVersionKind().Kind, } + whClient.wh.EnforceLabels = true if whClient.storeKind == esv1beta1.ClusterSecretStoreKind { whClient.wh.ClusterScoped = true } From 725c0549d1bf6adb31ef64773107cbb481d5004b Mon Sep 17 00:00:00 2001 From: Ketil <477141+mysteq@users.noreply.github.com> Date: Fri, 2 Aug 2024 10:21:10 +0200 Subject: [PATCH 211/517] feat: support pkcs12 with chain in pushsecret to Azure KeyVault (#3747) Signed-off-by: Ketil Gjerde <477141+mysteq@users.noreply.github.com> --- pkg/provider/azure/keyvault/keyvault.go | 10 +++++-- pkg/provider/azure/keyvault/keyvault_test.go | 30 ++++++++++++++++++++ 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/pkg/provider/azure/keyvault/keyvault.go b/pkg/provider/azure/keyvault/keyvault.go index e629bb900ad..2a327c80489 100644 --- a/pkg/provider/azure/keyvault/keyvault.go +++ b/pkg/provider/azure/keyvault/keyvault.go @@ -350,13 +350,19 @@ func getCertificateFromValue(value []byte) (*x509.Certificate, error) { return localCert, nil } - // 2nd: try DER + // 2nd: try decode pkcs12 with chain + _, localCert, _, err = gopkcs12.DecodeChain(value, "") + if err == nil { + return localCert, nil + } + + // 3rd: try DER localCert, err = x509.ParseCertificate(value) if err == nil { return localCert, nil } - // 3nd: parse PEM blocks + // 4th: parse PEM blocks for { block, rest := pem.Decode(value) value = rest diff --git a/pkg/provider/azure/keyvault/keyvault_test.go b/pkg/provider/azure/keyvault/keyvault_test.go index febffa8ace3..cff73e6c9f1 100644 --- a/pkg/provider/azure/keyvault/keyvault_test.go +++ b/pkg/provider/azure/keyvault/keyvault_test.go @@ -378,6 +378,8 @@ func TestAzureKeyVaultDeleteSecret(t *testing.T) { } func TestAzureKeyVaultPushSecret(t *testing.T) { p12Cert, _ := base64.StdEncoding.DecodeString("MIIQaQIBAzCCEC8GCSqGSIb3DQEHAaCCECAEghAcMIIQGDCCBk8GCSqGSIb3DQEHBqCCBkAwggY8AgEAMIIGNQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIoJ3l+zBtWI8CAggAgIIGCBqkhjPsUaowPQrDumYb2OySFN7Jt91IbIeCt1W3Lk99ueJbZ4+xNUiOD+ZDLLJJI/EDtq+0b+TgWHjx92q/IEUj2woQV2rg1W8EW815MmstyD0YRnw7KvoEKBH+CsWiR/JcC/IVoiV1od0dWFfWGSBtWY5xLiaBWUX6xV8zcBVz1fkB+pHOofkStW2up6G2sQos1WwIptAvz6VpS16xLUmZ1whZZvPhqz1GPfexJSavBWEe7YcoxVd/q8LLGQmQCfV7zXwyUX3WnHATkesYPMSTDPuRWXMOrJRjy2zinQP5XweNY2DeZ2bRV6y3v8eQlQNmKBXteNj5H5lJFkOD7BA6xwYlzj3KGB37Qf7kl6R46liT2tlYp/T9eX1ejC0GqICOroPrAy1J5/r9Jlst/39K20omD7M7DGbnqhEWNUeXoXpT6m/UiXLA+0ns5TBZqt4gwC8n8qgjYVvuxvn5tY3gERzkCa6PYzxBfasjM47hHEbsQ1gQORan7OQqTBjbwjeFC4ObMc4u48qxi/cyzMsPgbgE9pQoz2eF5BC6qcJr5mxL/0RWK+Zpn0or9tK4vqf2czLKrWsMcl5sfShSELXY3+jAsUscMbo0LfRgTwsVZGPgOC1cKJlGky734WFj2l9dHVxiRInz6yuWobIT/fmlvPUhjEXNPc0p7vrPvU3/susH+zilbSrp0rY9Y8t70ixGsHPbSHTk8MapukoFnKy2RxcYZQ4cLLMRBo0BA+ugAO7/pa2qGYawzl+U6ydmBftSxTs2gm4SjDnKWoe67r0Q1FHQEWd6rCA40dzAEiCmClCSqzggDKJYnxqub3sqh3Z2Ap9EEZdWBb/Qxryw5h5H3HAOblwudftsyaXsNPf6nDrknANHZyuwkWuh5XYSkKfG8mz6B8+l5A217nYWn0P4i1+WYgnyojJ+m/ZnaNy1+pWXHy1IugoRkfZaVp3NDmwgjK+dnu6rL3/XhJbXlrOk3UEYImX1yMzIWDv/urdWr3bR/cfwM3XwVUy55QUayLIzxRWfWOLuZ8+ZKw8cJ5YGNUa9AgQ3Fs6Lfp7Qn11SdG4adCEJl6DhsugwZokfy6JqBAv0ywbZ94LKvRc1ItM/crfy/5Io1+GsinnF7lsybsZJFGB6tVNWzgZh92dluzUKIRppMG1ZhUmq/4yaJgZsXYDkAxuPWQ2iSpldijmeuBnr/Oct1BpTwM5ogUS3WCHyZajfS/vIGTzz/q8+VnR9W57hvBKulSCS7G06QsFOvr6yOexb9bJJtgsu1sGjqXqyw0SKbFU9AMRunRVezp/r1LwJ+O/8O4ZCB40o3kSJM4tFvj80zVIz8VoWME7JjwAt04v+o9evavxt6p5yaSpH6pzHbvP6cT6YnJqQbYA9J/sDyLt5caq3/OeiJe4tb1pXmJ6dtwFxFygobKnGZjHsL+yRHrIPvNaqztGRzTu5gwEddMZ38nE0IGOhPVnE6WQC1admI/KUUdVOOATD6kJxSwGYGxpsWXX0KOcy9vb3ykeafmHoJU2S64KpxClH8BfOn7Bn4ypab7rNHs76FmqZYmTV9rjHdCgMqI62pB0TKK925q/RQuX+Rn/8J4mMOOjbDQwlndYbljWq0b9tbcTHpZntnmN/KZbydggrKwb0A9PonIGxqoPs+/MrJtCmlgjhjjHE8N3a10apN/NmN/B4TlfBAr47a/2eelTX642kU2DJ2f00mEeDvwY1lkRCjx+80EiY7nUj9cFfPptNdyQbiVDthkS0rXSbyobDgt53g7KU6/UvTdaRWK5Ks9Q5NZ9c44RaHJ/Y7ukWFrsZDCpcQ2v3gn0A9mQPoZGvziMd1Mh7pOJNR2jrpmodGA9j6MMVuYFKu0GbheEhf++UrDOti40GXcPO+o1NAbTClXeIhDEl81cE1rrK+pPvZEB9m/FV7Osp8NmHQDY+z2rPKa5luO6g77/HM9fJrEGBv19ByQcOFuvOQi0RICUp5sIJD+GO3TBGO7WANpUZvB2cezkBbTa/sVAINTXSD007tOo4WfJTBrQbXAbpQ+04B/2yolFvtbYL4rOcMIIJwQYJKoZIhvcNAQcBoIIJsgSCCa4wggmqMIIJpgYLKoZIhvcNAQwKAQKgggluMIIJajAcBgoqhkiG9w0BDAEDMA4ECM7kJUu/1hDPAgIIAASCCUgs+wJaAYsjcSK7oETqGlVmKzCLwkqvstEYmYlJDihNrj0MWHQqmMP/sfdrnqIHVrLnl3vWRN0CBEtzPZGIM5BqYW1puS8mHXowz+8epz6TLRDpiKM2M29+BfAmTkZwlppfuKpu2MoXgd3LLspAQT10pLjoP66OSj+PfUpCbU82+YjjK7PSxog5OrYmuf4Tfohl8bWcFj6mIiaUYiVuF7mRLq3oUY5mE61EjMGp118JKVCG/8sS4MRZ69ulowDZEdrPOCvXzG+gK3bjeMW4aboIaIZ7UxoUy/AYQNdcYjAiUIRWrZx3s7UMa90R7ZvpWRYEEenko95WEUezaing2vVdImMphmjOIpP0Fkm+WTIQHoznE2+ppET1MtIwLyB0PjLptjFtK5orXNqplFWsN6+X5B6ATG0KCwKcsX7fmrkbDpO3B/suVAGk4SdQsV4xrlHhUneUl4hiZ6v2M9MIC+ZMRuGxmuej7znRxV6IRuVVIOqWuwGVVOQpGC4sCOc2Ej0WQeHQCxVK4EWlGL7JE9ux4Ds//40LC2mUihJXiG01ZI/v6eez1GrPeoOeTtHU7+5N7eU4f00S0XSVQGOhUwlp1E9c7DkSPA4lJ7MfTYUFLeP4R+ITpXXbdco65mwH2WFWPbTAKG1rabHj2D5DvHEoBZEsgcD4klhPnZIEBh6gFg67MZB9XNiofSiLzeSKDgfyeTG1MCctUWTa+vy1mrue4rREuRQMC4h0NMyPJ4LlVYutFfEncH2iGmB8t4CVM5CzZ0hXqDxHEgddU02ix/aIzizXqWgpPN0vkHp/Hv+/wyRvjwuiljmE8otRRFMinoIigmLKQKueJQpLWAZAvBjmCZdKTG8sjJAeo0ufOJQdi/EuCmDWR3YkXKi/RX7ub6cnc9hFb+zDGiplLPTyYqOnEPVut8fdA0kmUuAkelLpSbJcv6h3/tS/IJzH2vMCz26J152UaY6Zh0AqD1hl+wA5q5qgDER0jeFY11KypNfEgYxNhr/BcvuNYvN1/1T/wuvEIviMYhJPaSXXbtqpBzIjpkvxOzm9LeC9wqRM1Gq1HrSHwUUeRl8AeMpsRmcmRRy222ZM7p6b0T90l/AKcPLmNxQVYTy5+DeWMC/YaBFHPVMiakKEmPZjeR3Vbb63EJ5DCoAN3xh6NmpANXmXAl7z6ID0hVjNV/Ji8Y+tuJczh0IyMQncDBRw76cdup9QIk2D/pKcj9M7ul2Jx2xwBqntJbvFQqjhIhaSzLKMQtaC+qgcL/C/ANFey8IN5zUUver9RdYyEnRNf4OPl/mq7kUs8znnu5wGGOyxHuvHMFUtJfuII3P7YDSltK2QP1uhefhMfEvNYL9QqosN3740nQ8TCPvZFzzoBC8Psn6OvNXnWipz3WCZ+5u+fOXzawpNKvPHWz/D4O4dmMu9/DpxKb8UOLv/+YFEkqkGNDhS91dgyI672JqC4TQ9ijmNwtdgQt+OtOmllUO3cRP5I4nxCLjAJ5bBYmFV7kSdfWJEjkeCUGMKmwP88sXxeAV0D7qGFG0kdNgMow7WE8AI+lKo8bgBpmR8LQlD0Zt/LBlgGk1uOXolXTNaEGXUMj7h3zS46C3qR/UraHTq+vaNrLqY3qYJaVXdvhhShVDEhH6jLFFYJYCBtWCnhZ3lKkFJnIY+n+25lEQNMwR4sNOLxmUP+kzkt6qSjTRj+u1gK4NptkhFck7lFigAlHozlzg1mnKPvXcD2w3B+Qt6smAQb31rxD6P/byFVEjMFFH1LHNaSrmJNt2/Hmlgd1+2lmVieHF0OnptCDt/MxGjlZYD9/MHBDvWC6LgyGAGL3hub/C/wX5ngOYNq7SZJ1xPsonppKsWD/ixwlzXKu0MQS05CjMqnJCUW7YWl8F+2c2WcAnKA8MN4oONJbv29afj35I/mInT20PptaUH3vJg1VrbU4gWyJWw2/ap63Y2mTMwF2MRuuvIZQTlSwAXHaSZT1weqNX37NFVQLEx1GIiMSBXu+ogZEZWuKwlzB2F2OQ4DuhWgxmTA8Fh0md/IG0sc96wBb3E1Jj80UOeIMIsOO3nCA5Wa5+btUaVueIqGHM9L3IGn2jk/PdidEW5Anp7aT8f8korjBKNF/qc7Hk0V0QDvzxXbuHIE2neoZVemgPteu4tFFI5N/wtXAp3BBQi1ozdqWaBBT/fbYiWesp6fe83f6KNaVXTnjGUnkv4ougvZDi99e+plpSFgjMv180/kfyC57PfX/KLbuK6M6nmVykZSzBdxGqe7V2JUR32dYNRZeiNI6PZO2HumyM7/h8adcP2yw9NseW9D4M2wihsY/ozcU/N+Fv+/WDMd+p7Ekl7oN/PERRZcL5bpjq+Oh7cv5mIH443K/tUni1wVrs8Njft/VQfubU2HY0UcFuX0IHc8/yp9NhqFgdMVTLQWTW9RRkl/9XleMco7qqEdhJCK8dHFBAwsK6SB6aUtY4rpopltVKbgnmAmCwkMcg9Q3Bx9DFJ0SVgqQdrNnJ0koJE9BWG96SreVBW+BOCqYED9sZI7DBFc/Hnb3pDwmqV2gr4gl+bzzHfOQwADVDIe6OcT0b3t4iOVhpd6G1LT/df4IdZLxcXi5PPbpwvjFmo8jJpT8DKya0KjW3E25Q6+qQQ9vZzc4d31yUog30tGJun1HHg1A+3KSo67awfgxG7er/viMe+Nx1dLPVlj+wi3X1JJvZlBXJ4yhfaSnzOa5u1ZxAGTz1OuHYkz7USuyJlf5qYV/oCyyypwaQ5DUpzcISgQGdOe4HVA6gTMLHWbX05MCHdfBFRa64c92/nxA0OS4m8xruRgsZwxwLDtG2IHXxcA/Tfam0Rqd5+UfWWyxLSHF3/u5gpLARwPsH59Tb28MhFmVFsELOHt1VoTntQU0qJ4ZljyUwP7Y3u0TmGhj0bEv3s7eqntKUz7zpGnLyxbu1tef4EJvFMYLBNIkkB3bb68i2HCXkoLJRyRH6VT3j9ahea/acgt5U8WASlMH41jURGFdCBWHdk+aIkyqDrJ9KtZFT6h88vUWt9iiAgJInLTL+tJ2j3dMHVvT0WkcAt8w6uXLYT7AGAbKjetqwLiU6JEXfCdZfUVQG50ztLwcfuTlzCO4d9vhkiuy/NIpH9NoONGwCYSfYyx+ycxZjMnLSsJcgys2aANdLGpLnQhy3WY8QxJTAjBgkqhkiG9w0BCRUxFgQUilZxcWgYWs3WodyrZQAAsliFtB4wMTAhMAkGBSsOAwIaBQAEFLCnG3FfSE655zJaBGibla7sAnVEBAguHlNaj8V3VQICCAA=") + p12CertChainLegacy, _ := base64.StdEncoding.DecodeString("MIIWQQIBAzCCFgcGCSqGSIb3DQEHAaCCFfgEghX0MIIV8DCCDCcGCSqGSIb3DQEHBqCCDBgwggwUAgEAMIIMDQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQIrcQY81xUTjACAggAgIIL4DOy4Al54XhNHaqt0bF9FXvIta4UvQZCiCSdm4Jwjbu/pMCDi7qthVyhldB4w6SaW6epS/o35LcEvVef6JJY08i7xDvyPFiD5pI2D5TExKwu1nhTqEJpEf9TJJ8YUT0Q8w9ZNLLFw+a2VynLYnUkPtzvRSKw0K/x0YqKlgNf8f40ZDkRpXdKFogc6v2kfQW/iNWyxKkE7Mdmqgk+H4BmkmK9Yot/ifEPYYWGbKheXrbdkT7VKQ5fLEFvSBQ+/Tj6LVYAQWX6hWVaW5GvYFrDgFDcoeqY+CZ9uQ0u14x/AfaIqBq2wMIUIGuPXjtdIgs2i3WWg/8aPlrttKfCygyo24V3l4sQWdzChZJDRnceoW7sKXl//MciE0iFTBzPlcu5/4hgUb6MgbbwYFOlHxT0ec57GEeZGM+Reo94EDG2fI2dS2DLJlMua4C5IXVD4SorQkIrk9g7w9K7ByUercnLuw0063HRyeeWEVcb9z53mztGE0/8PnQUc2CoA3nTeef6UEwesbhN0FhyXYwU1nGDrEb0lKXhOTVexpFmx25dGbVNyH2YjwkASWDAM7wbUilek0HReAU1oPxRd9fR91AEYV26y6W7jWQpGkxjKRQ9kYpGEho8uNk56kb66zQf8BoVjtfdbwFgTuYMxRodhrwLgeRfzLEcMHOxqml5mgHw/sfWLVR4715G/CNdKKZPGmT7qgRlTX2Z5AuGFv2zJLMRZfuEcRbK2WqBpHYZziTmtWH1cTVkcfV73AEo0WTTXKFvHurnmnKvVfVFJfaFp8xyziKOcN+qbYiPB4ukKKX+WLZk/PDbZ/63D2u98dvkcvceRTn/tM7GARK0A9DzSTHdsG/3UPfsWRcQsQD8MaHN5vYIzBocte/WXw/7Hk6mzy6HxYFlq2pnomFbnepuJr2tkhNXEwTqjY2yHdJaE7n8tLTY+sCXCngFPDwk+VaizFS3VHgzV4l8EXpnM95j/Hkg/AV/Yj7PtgxR6gp/Cft7XzU37kPLjhe7NrLZ29Av/hrS+bJgGlQSRAa23yqSnZ05RrY4NqQ0eWqjY7l3hSSmNo5H+TqSsyn0htlglMOJSyV27Dipujr46bju+er6uIayRIFtu5GjAC8BWjLsLeKtcNOQF69GTBmb5SgH7mZ6h+p8acYUqRSBwfKTbC+20MSQg8JNeIZ1hGLJ7dD3mZxRHs9iwAYTaqVyEP1GB2z2vIT/yCzk7r9FIor2WItVkSqmUWtgW0wOJbSYkZnaHwk+5AQSEv3+Y3fMep86oYIxBGwBS2Tf0QSxEY7JI0DIdK03snt8XDv3UUASC6Z++tOJhqFmXsx9o7inurNZ8zaQzrZ8HwRWOXRX1U2QLVbSlFipkVlbIXWIz2008B/iojs5Ome0whF9apHbfKx6bu1EQ+wOUJwPPWIBQwm24hQL1Vha60f0+Uf5mzgIVKiPbYcHT8TCZ6W6QcPXVXpbLYJzqBeMDAAFc5ykJCcbpZNGedJpZHD1Zna606OaKH/PUER3uiuDi34/Sl+2QFqjJ9zJR6EYHyec2EMj0W/G6SVkAK7IYekLsafR6mXLu5XGhI+4H6g9kyihrHZw6Co27iiALNdYSHNH+Jhhe5SL+qWOa0wx+OrJ6RYU69qAsOM0sahl/lLEHKotGiLzQOjYlXTKScao4VRRm7RuDeuBK90WzIJanjxQH5KTEbnFNJYCG33wpeYD+2OVyQ2OGqnSHKLKmcYDkXsoGsIpIr90dUPjrBKJ/zx5XtMM1UeDZytFm2Hl1zAFID2ei8HwTKK1nZ4jPlOVkebqBro4hhK3dEwBctSWfWU+VHuHCKo2cELcRjKK3WFGoK02vZ7UtUjs8NEwRK34xifTvd94t1S/nrst4UbC8DylJhUHOI3VSXXFw1quIQQmiVgXKv5ojwHtOOOtOaeJQDO55pkZgR90WE1Hg2fSiUZl2dRgIP1KoBSN7hAP0XwGvdYljArVPN6qVZ4BN2rGwunAY7rMF2mCuwTF2SizMNtV5R0Hlm1G1pvXOTHsGerYCfilPv/LjNB7J0YcGvTFGQxhqLlnbPih9FrNW86A2vIy6wf8B6qk9MbBro4qwEXlvutGQ1M2Kj6CzuVH13KbQ3s9NySOYzndRN2Ny7YFxfOvL+TvLD+r/COM5DgTLB5Nrd7m94aNGw7UQgU8kGMAvTL5OrLTkYCnqCmdUEcoPfXQveQ0F2dCNtgLud9S/ibZ+F3C0Zcv+mkEVv5i7C1IvIRLwmMCX6eWYjJpQmKt/aC9mLyoCWm74gBFZMyDvxJNEWYXgXQyPt+6wzn0JLKf+Aktp/rtg2Huz9sLAt4ckWVLLdjn+dUZ3NrqqPebNgTf1a00FTmATuh3IxzIGmKIPE8aIiayfFCwepQm8xECdK6hXwkFOxvDFHG+zqO6yT1nPKa3wBWKBF2fZyiWM9WJ/4N/JQhUe9Zsf2dTgSFoQT7XSbsuPqBzWoVJU42tNg2SefTXurX2az4+g+b/D97Ac3bnI3kC6lrLFrsLSA6LDd8zLYn0Qtn/Tw7BICNHg7Cawv1722eIKAJ0FadcPRM3CkKeTQyHt94gsXT3b35DuOkozqmI4dr6qgTko0ST9RvFN8cw+V0VYA2F1ZuYjntvMVX9Eb71JUjx9hg1EkzgOLz63mdLqZIFc8Nz5CR5fYiemvY4nYJeF3J6dgCFHVuKC5LMVoVC9uH21Jtj9vILmcPTNi5Vs6LQGPmKknQVyJyk8pMshi7h3iS7+DtkG4zR9RkCGd60JZvtVJ+GJRginJ3eoQrkI6FTSE2Og9O5N75nb9k41eqcwMy18/I5J3A26g4Bmco99nPX0ui1xzMPuLoMHdIr7eTkwp5J2U3AfWTBXwjTi91yiMPB0M6kXzWvb2buBj6/2lUuOXXwt0UFMP9jY5D6tLP0+4sJPQ4mQMjfy2lqp8HnncGqpg7R0D4DDfD7rxZKsv+eCW4m7Vc8Gvx3V4O/lLVZj9kadHsJvJpvlx1i9TlqustK/dD3oHw5HLDdNKswzSBAwzBY0zHGAXd3uBp7E3qV4x8kluTrhNOmH2bAXyfZXX5q3kcTb0ShQEMOMtJshp+TxisiC8x2K7b+x75MfZstzX+BYE4W0MgxasSi25ixQ7se+Xa6guflQ3SRn0kvJ+iquidDvK6Q8ZD5ffyvyBoQRnYGCnDvTmAEwwEMitOKhj0EEIk7xlOuAzCx9O7fl2wtydtfZ/K4GelGMfTrrNRBEy23lJ06uT9jIHJTqwMgFOAfI1gn4b0x6cSRd1ge9jS17LS/uEp+RvRuNULAiB1Yt7T9YDASVIdHzfNdBb9olXop+MbLiqX2cqhv+uEn2Mosvu42aL8HcpxUf1LSQf5aiS40GkvZ2u6fmAHQKJVbfDk0ZnHipPBVP4juIp7/HCjxu7YA/NXtNaM3GnLuUZBbxksy/Zd1opFDd91EYAommSP24SPV3pr2w1YVHLiTgP3C99hWy6EEyI1QbkoymiYkj531Ntjf33JbOEUCExjNQyHtmSJO0i/KWmO+PqkzqU4xopGUoP0GmgbDvt/C+ft6uNS+MrI3jORfC8nnYw9QJj4ndAjcvxIFJi+i9Vz1GBks1Qf1CGN3OYmgGB5l+kpQZ3MLOcgrOCWCzN/YEevaZlsmggHQ9/YcOHEtLf685VkQkysKGDdo9+X9DqMwQLtOYzWJGuZFgqYizMcUs5nMWWCRBX/n2uQzENG8XzzGOR6VjhtxI9VWhcQUybRpvA8StOMWO0/6thW0KUZ1XNp2Ntue7b0gwMdwVchaclxlMquKJIX08jLB+mnEVB0CsV07GLwC6qlZed/E4rpwmmEnz6R3C7kNvW6nvpV9+1vKMKNUaJkpwgcp0t/Ux6dEg+jY6izMzUVCsYLkgPdRIbupp0I3MpjZX7F/iRLloz9xSvG/ObJet5MktSLfcHh7rMdL6dvDJJIoexIkwvKLztXQsa7fmIKI0Wdf9Tu39WBcDQ7iZlNxP0nxOB0D29rpF6A48hSz+tnqii44hEnm7gPDnvDnMnaIvcr+cBmrGhMh+UgTgabo5Q2W8KAwggnBBgkqhkiG9w0BBwGgggmyBIIJrjCCCaowggmmBgsqhkiG9w0BDAoBAqCCCW4wgglqMBwGCiqGSIb3DQEMAQMwDgQIYVYc19McXBgCAggABIIJSHMe+svM6dSohtIIhjRo4PdXqotUwKpV/+aSFiOhpWfTBXsII7CEMi6xTfbr+rkqf83X8KeRyFP1SpCVxP4YakkXLnb+iYj0yT1K50JMScyHGjGeP+nwNKErQWIg5JIz/lLzDcVprybylKtTZWDAZTQD+j+kxKatSDhoLNUVqAhw3VbVFGJnvyX+dT3g4JCnOVmmqLPYND8g+0JKVNDL0DzqGx9rlKUySSRjxsM1Mlqyf8PJ+G/i0i/VX5mr7N9oBCa4li0KF2nb2vsJdXHt2XsAmW6+Igq4w8eda6oVNW7Mo6sXy5hqV1bUmc3wTpodrSK2JvEN9k1DpPeNI6H4SELM+vMOaoL4eOQRoDkY1hUNsRbfQhSBaLSi2h7fS4qaaKnxmadQ0lcHS5pb+PJhhaMv8J4ust2BF/xLZVCfVwhhZJXIA/6NCt52e1RqYtXMcAqXdRv6DalwL4ukcg+TIUIIC4l3HDYpWkXJQeSJhWF5UzsceJbcG5+Hyx96VFa35hq9p3Pp3Q93l7plK0HZ/CQztgGh3g/IHXpNSGuXIP7DCTH9X9E5aWY68BpP0o9AYfP1ImV6iyQKZSkZ3iD1TueNNcPFT5445b0dPRyj4FbnBu699IE4kW99vW0qh6TZWUAY7OfscnY9rFra+NB1VdaqiSRi5eVH5H80gURLi56XDXsMUYqXv/LnBdseizc6F8fuOY16+8+nl9T/mAtHdCpn5ySD5P7ijZYRyVb+e3pp4H9BVEJQK8KQKGukzul8UiSpkDfHHQSIiCJaxi6/Jzef4hQx0kE2ZvzSRPHpt6G/HHbo5v2EYSkSf6uDL2g8tRuCu0q2z/pUVEvHDklCGgyfez3j3cmpXSFBJP42OYJTHAVHjxJOho232McXXwj6EqJEEgTO2mHmL/4+m98Ap6yKp+VHvtm/vkMbvx5/aKDFyglzx2MfybBe7OMmyVkmBWRG5wfKacq0g5kj2w35AVJQ3xvxbmzbA3WDV5SDC3m4kIZ/QkAs9EGB9+qbl+rshwEyc9AoEV+fwDk9tN+vrDAwdtl4kFhz0YiLrtYqYiILVw6P4/S2b7xDz34yIcUIZRpn1E3o5CMVKEOD+ncq4foWlOF5LH2ofVNqD+B4xDU9KgANV29DpevbPQGj6KUp0eDGvFtQS+RI8PK9+1c6bcs2et3nrtHKkscbDwZmMwY9pvdZDiQl5r8Q1kBDM1UEYXpm2EgTH/FatY1W4tbgZKJXFCuZ4j6h+uB/tlMT1JMDY01KKAo6MOEdRmBNnbApja5IpLxQogIWvbkqo6eksluk+VTvXA0EuwUbSNwAeXJrKrYYocaw+E1j2ivP5yxEk4ugSJRC6ykRbi1K0Z6OukedPJeBmUdXUMqj9DdN+ZFwUji8DXd9MK1gIUDy3bPGC8mCNCGYdZETY7yklB7imqgj756I1dy9kTxAqlTFpnJh60vnwHHz8od3w9G6LLstRcDzUZj3ecKAR2+oXbhY+fvEu72aYChRPY7u3yOl3VbOJUe5RBuKMKUhAPWWlgXs8dKNw5vZOyByY4RB6U0N7rNdcSH1AtJChEfCHv1W+6lc2tfeUsI27Ryiarg082+cSVc/04/vdDpPmo86Xg184AgMm/6ycXOcwRk2yVzN0gfjLIH0qs1qz4Sl/y0HWhj0wj92nXXqWEyBkUPG3O//KZt2Vemqc8Z7tTd8VfltFSpUkDXeFMFwJTA9JOXbE4z7fK1HuqEcb5Xx+iuvFBCEdse4d9j6tY00fR8FamJj/1n+UydQMhrSgNHKu7PHofwPDHQPaeumJWXdLYkzVeSCPvpVbMjSXVOID1PYaeCetzR3JYvC7SsOhwTuBLEt6Jg82c8icGQtLCm5WXuGqJ538Q3hqduVagQCM94atggnX87JDNU+R2GzsQPQX62LK2dYF4vZUWJxQvc+CFcenS4AV8xMzgzyNhTQSwp+P70jdoGuTZGj1j+0rc65mcax05D1t5Dfe7VIlonGTQWZexeo9wq1FeZkDi2dBGDt7WaRMsCN6UGdU92vSo0Ez/PizojZYnX9n9gLKd+71iOn0saIuO6BAdYN5+nd7FRecv+W2uTwdGKQMKHJPA+4qWBjUNJAptWt454g8UrfrLkMsW85mNsQLrWmQvH89ul5JnNgn5zGdkAoO/RTigYHTndtX+m2D1obL2lUzDQiPNITUKdr0eSCHjMw6znSMqwlvsEg6638FYT3HOj3v7x5CY7EF/7GrmT/JiNeWkL2zPsr+dDKkG90B0pLBTPn72eizkUKfH17d75PXzOW2JrLUhuHTSD7vDjNF5A+Xhtlsao4ykICEHRWi0aK1NMdRhjxzUTpSPe4YizohIGtGTSccm3lGtav3xRXOQst+MEC5+mwlEp55smiDih7DD6vogr/Tmd1VNG4Fym7IQ12pwkk2P4SFX4xJZY3yTeXR7+GByxRup47ousD6b1xllJHLqeVJJpBy0R/jlNxwuErahB5UeWeeN/VKFjVN1FncrIbX4AMcgTtIKxGCTpsvPtfnyCbxrE1/TwBiUCdeg+zCbNJD0Yq5/3/cKt7tCbuhkbH6DOMr5skRJtAxV1NhoyrzO90w9vp2JQYovLvFVTM0YeuiT4PWRh4pl30pE3+6D1wZPT1N61L3/3Sf6TF4VAalKWmukLnwfL9pDgkJfVGHf4dq9rOLiqCHd0gTmReJDYEpYWvglDbWJs7vC3WNn7zg/FmV3f5IC2t01qf9P02Og+h70usZj/cajjsIn4TsYKGt9xFDioZDs6pJXylzxcjHLzo140iZJVyLxTubtaP6B0oa2MpovGwt8q6ruafWIO6L/LzVwCi9NT6pGGSdeiqhnOZgLw4N5dBmyw3kQMPmhEErurC9DJaZOmslkCdtMp9e8juRUwD5j0tKBck2oK23bfCzjZnCG08DRCQrFZwmH7KtGu2TqDEY7gOVazNjaDf6B9vsA1cZcE+FvmMzM30hAOYBhc7/oI26WQEpxPRR5b4Tic90BrYd0SmvmIO0EbhNR0blg73J2Mrl/yIAn0xKn4VbYo6720k7n7mXYuRZnnGZNLeuBva/gQI5GkmcgWHbii+uIuLweBn6i0OGD4MgdGva9pvsUMfhAC7wQcaAvMW6Nn3uMMRJ8gNP+l6TIErKV5e0HloaavWRaCCtfMULTElMCMGCSqGSIb3DQEJFTEWBBSKVnFxaBhazdah3KtlAACyWIW0HjAxMCEwCQYFKw4DAhoFAAQUx9DoZdGgJeezPrDo6dX/AolmSWEECBpinZSGZMFdAgIIAA==") + p12CertChainModern, _ := base64.StdEncoding.DecodeString("MIIWzwIBAzCCFoUGCSqGSIb3DQEHAaCCFnYEghZyMIIWbjCCDGIGCSqGSIb3DQEHBqCCDFMwggxPAgEAMIIMSAYJKoZIhvcNAQcBMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAifH+TyzWyTWgICCAAwDAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEB0ps6oHS/gRSCV/29VYGeuAggvgU9Ff3wIo7PqEzv+03ljYRq9iA6GNFcLRJeNDWjB+FjXq4DPMbyMR0rUu14XgGbtmwEijgvthQ0dSNw/KL3l4y3PaEZLx0ognzgEGoqvtViLLckvzp+1naLD+G1PPAPIxXUPdniOfMECkD+yuU2UjWKtmiZjdDeDNETe7kY9/2ZLO7mkuYPcbasFLWAN5DchK8tt6bGmtJwdXrecUVmpPF0G5kzvUCvF4q2d0zRqKj5vBx3GIiTWMX/tNRSbXImySg4D81kM011QRLsVWgd/su+JdrHxwtWAYnlMJXyKakljgP80nNK7fVq/6Teo5sFqG8ske4B4WxCalwUm1bkNcIx6odDDZytrT+iROEHWLWtDZxWYn8v+Dn3fBiP5lmscqktguAWHyfKj8qU3iUfof9DKC+fDlrPfAteLCILwRNvSgG6EaoOVFTg2yv9GFzkAWa0GP4hX9umRvfg1s/2bSHFPvxNPNnOQjy30C8BJTgb96uzXET3hko6XTQ8Gk799NCOhFrLTPxJk4LG6YJZaiA1v//I9bepylsSZC0soFgoZQYeJJTBRdomZKgEBc9hJvxknkekKdWk393Xn+8Jt/KjWM7p2Wj1qqGL7TSPOXmMZFScLDnMW6bZQBtfXhQoOhbPMM1txjGTyRQs0qiCAJR3iAlj5zEoCIGOtbG9Ma5rUyPLAzaUz/XOiDxaG9fdvPhiYLjiuZgpF1+r/45j8Z+NoqvIY0ylORKbeXjG5nsJM/NQMCh0w8bEK5DdUJ4HgeRpQj77p1AZW6fNWX3nbJd1ZEme7gvYQXtfjX9dNYuGO5UOgNHjfGIpwIlRNFb02U6oPZggDqoyJcZ19BqA3PTFt0jgsi5MENHXhG3/X9DbI5JGCb3Zlsvkn7rPuHcIPnrWMRBU7YInyOzP0qiaJxGn9zwYZKwzTgR83rFmbJoDQZ3mn2PaTjq7bDbC0hM3c3YWT0We6nw5WU3kTgkPoZ9pm5JbugNlY0RUxdmxzOwv5/CrhEuJVw27TvROZKDtr0ytUqtw3gmg3s9yqJLxzt6pDvr55RW9g06ZjGmviLOW4YBAVsHWK3ZXyDAjaI4V+AamZZ8yag70E/E/2rDTKmTtGYDKdUf5BLVSToCCzDWUgAv8VWrWnsk5i//F2APk5tYhsauCG8Okj4H2Om2DUGEfoXoAcweVl6O5VZ53dSFYWrxbFFt56REQSPRf3HbFvKQtQcxNxMYfotB9uFigyJdaVkZ9RUGykIhHJO6JS68u5WHBxIN+3w9JH2fTCmbHcn+hw6qh9D8yLfA+GPC7db0cOGxcuPOXGJCU0NERZoRZDgPhk/DDkIbXF44lqe1/kDFjvy9OakjAFuLrNoZ6UUytrivU6N4fDtXVCg02Wudg6magIPvmeFISm4cWkQ/iAu0YD0IUFGrqWKN+RZCFlohOtePwozhkXkks/ehn8f/eczyIY8Sp4dejxZoK2nMIn+Q75hkUE47yx2ifc7joOjGbLCCvH8JONld6u22Kgao1E+APiMKTwV5Pf8feJStwd+pvaptM1qlccdU8e93zjkWC3msGqjx2HYacX/mgc09mt7oMW8nKZEyBuFGAUEvbglTr7wccT1emzWNaLx+YhUHHC+pP1i8Eiw/KAs3DnUjT43g403+H7EUnq9Zkscv23NJJTSHwwLKIJs9vkSFG54iOpKbz516kKJGi7twRu0QQbq4oGcLYWIe1AjiF/Pfh4itWTviVZ1GididDgbucpBRS+FPUcmwld4uyxBdcIKoVQmfTr+S1HnPyRFEQYuZmqAvdwko6w1es6xKj1lAz4Q33W32rHgxxOF0EL5ofoH9mo2pfjFrGqZ6OhnKIKkG4wg05VHVTTpsuz0Osk0thHl2TpAHif5CGqDAUh34tHTyioUds5A+1HJSXL0+6wRO/CjxfRmlFjvVpmFzcUea+xxKGCXAvDj4+KLn+R5P/4Q5prE6FVxluBksRJ5VVybZRip2xCVrrW8KF7Ag/oT7oTIE3ZZ/0XV7+qgS5S9pmJpJoQzdLY1r7IOF4iDXHpAOlv1k0hZADIQapyb6Ofjj8++bTDcwWDJLTpZB24B+LbDK/j0Lg74tGBNH/KdxGd6EXl1VR1A9D6ZFqGsVceGp9s5OsW99I+vNIj9mL8kxGLnEgaNGaaJezTu7d+t2gdD+xqzF+XkSUkNH80MaejFiudVmLubeefGOofsFSk0ihRZKB7Ho2bBgEtgXV3ptG4Dlo6HayRU8eGeQgfUH36xUGHfCbcv/b7mqKPpUrTuaxGlHZaMHELZkR8LC83jGylmd7LLYqPNIwahVCaa2p5etD/gfubUgzY5K3UypGWjpr9tq8zpbTSszSKx9wmocY1tvfdxDBlxN4EoObRNrZZU9FswTtAJjZ3ExBFSyAdvNgajtn7YYHOsESOIjvYdMAAqzk6FYptkbovmhk7Nai17DEGdJllIVHamkLTrd2o1fCR4pZ2/LYj5daWIkjvmy+c7zf7NhfhN21dmcm6KnRp0e0McNSclq2siiig01n/8qhhEimiSOdqxbAkXFLylWCxgjmHZR0jbEaG6GZ6SwS0oOhmhX+OC52Xrip+BZ0OGJ7Wohbgn+6k/ygoo4LkDmgqX/kyWQEH8ftdgt+8UCIiDvpkjiSVO6FuwnZfqlfYvlyqfpbKm2tETT7fsfJyc52Fg4cd4H048ufUXsrmuwcgVtjhknPiRyO3w5Rp72ViNQMtTegplFiJkqh+C1g912q9X9gCtOyOVLnqUoG1Mv7XiHbTpNTQS+E1YLyt8bkdhGpZ3vwNwcCH8arKD41z8w6190c7OFp0miQFzK4YQfGHy54p9nx92469LDUUXEzVlIPuDEFz7D7Peck0c1vml6ayWwixwAZb4zbrrpS+AEPsEyv1/eaeNktYQuWpTOLeoXlMKApvhZW97buwngbKxfHe7MpXsAdVL4ctGIkVoQfQaHskfRLws4UwtxUm96AtWvSGm+Wr4ebBRJVQ3fQ/ZAYkwZ9x3HrdTV+hw6xwsE4Q4Cis4XQRWJ0czzUzKHaVjWBKQd+0jOtK5444XsGFuKWQzau/jnah+BxEv1MKOi1fBhUA/eU3RdgfQJOkOiS2NokChNgs2wd1+AJj9RS+TvSWUoqEItg8VjRGBqghLfghlcqvPjvTqQ1r9Q1QrlgmO7ve+2hP9DQ6zyqfk7f1hDqPCHiKt3QXvmU7WYkYUPA4fBwQZVI3JVRux4vjHLqeqitMeAWtu6QxRglYuQg0zcdOdoUlKZRxpIc6zfXQ0w+IyVzIyCOHkWFnxe5ocGWBt/P32A1Swl9d/DuVG+awkQj4hYARWH4FX8MODa1XQNg+4VNaYXkEGKqQtwTjTBUZWfcG8wDHj7AiaHlotn3HS2Oefjb0zmi02IUOqU8G3WBP1IOBVTXrjXbPAu8Waxhq9TuPsFw8CWm+7EW0zwxtkQExcDR63UWq/QPi7qOB0+tIyI8sZ2AmcykwdcoNnIH8RkurXZr1fg3Q68uh2wDfvEIxU5rQI363TwTt4wSTlhwATJA0IvTOmPqeYpm6mXNXCOosqGOQdhgVUGZgGFZLIHfupnh/XXjHh96qa3s9cMcveGzMGnavmTz1HukevIisn35+oj++WgLbGDPHqEDJPbz688PqdrSfwAp1RCAn8iKxlL6NCnsjdAeL84lEupsuPlpv66//7mgkMVMtKx90cBy2lmh6puiunZBb0LCT6kwpoNaA6yfFEGbwLaV3rtgsnpgw1henP8UVANUStyjPuH2VsA95dN0ruK0tHUxctUVQgSHN47vxMqCBccQym9/xqyTFb0H/8sS7bCmpeHD7slVIW9czKBkM95tUXp7if5S8tobP8nfDKqR0PPVzspkx/7R+BEEsYLCGL3GzWwWqF8aT6qKWZnTmQ8FesKBPsfMr4XxGKdSwFMyhOA22/TqaaPYXhjCT0cWU7QzfwKIo10Cr9leGifV9Ns6gcK2hK8x0z2rfyw8w2wR4CjOZ9h0XsdJCQitE7gdZ+ywi4rfrLuQlISBI6WU1KHSz3lTo0qNLg8+8jKDCCCgQGCSqGSIb3DQEHAaCCCfUEggnxMIIJ7TCCCekGCyqGSIb3DQEMCgECoIIJsTCCCa0wVwYJKoZIhvcNAQUNMEowKQYJKoZIhvcNAQUMMBwECIdXYYUDreXCAgIIADAMBggqhkiG9w0CCQUAMB0GCWCGSAFlAwQBKgQQzqrgoXCbrvu61MjtyU5btQSCCVDTGsOH9sBaGwtp6QR3Pakx6JVZwwCdF+oKZ+gWGMVPqY+3sw/yMLIPSKhxpE+SRiHMtHu6gTCUOHbxwssgjTcwFtK+7P0KI2h+RqQsycrw6i8haWQeeJjeFUEi8dumZluyXCABlVv0p1bG/mQI5suzBObem+10gr1hK1fEpbGGptM2oS+no9/FPpdcraz7DZuJrEDt13nXuxvjgxAMcuknXFMCizx9IOSr1t0TYC1DXIuWkw//Ve6WWbK1eiSaW6L41JhBRQhfzOuyvd8odKZ8hz0bYA9s/l6CkhKVDadB/8CGez+/j5uNbzO4ZcOPbg8MCVv2JGw7ibuBjHW/SanLAtCVyVxfWLwaBqBimm0JLM9SKPOxdBoimzTlm7hJoymg4rg+pWuh1C+EO98WBxSJ/B92IngLoQp0mpxEjRZZbBJz5A/ClQQZHTwidGEUk+NstHTq5ydBHkZCTxrOVj1CrzZaKiEzjagaLnYm5I8hwhVFIPaSO9SJo89+oTiBx4YUFPe6JgUJZXHwXlRWyCDSDYDEPh+58QEW8lLOhwFIoN/TJj/H7XQXc35uCvWunUzX0hMXY2zlNeSNVTD03JZuNzeg12aa4gv9Yot/eyjWq5RJKjzQ39dwhmJz1O5yTLi+CshwIzrpwbJN+s6SzQuqd4NFzQnL16ezPil1mxd3k7+akOyIEv0Dyos9KB2sw2LxeWMPa4UNOqUvtghLO+lAbIxos0wUjOorPWOJhmbRP3ikl7INSphHkWnlxGu6sjkRbehA+27Scz8zLOMgJKMAZX5DapuQkfmTQU3IJH6dS35ZCMZgpVYW/rrSxsWV4FKuktNUHYH7i6Xn2MjztA9F26YVfxRo/HU8xU3Jl4DWOugOhnMQaT2yziGO421kE/eV0Kd8NLJb41mhX+igzX7kK26k7CKSkf9b1+kS1mpHHJW7eu70Tw+2hghS/lskPIq3kjDH6OuinZqQKLZvqIFMr3vSF3TtEIinaGAgnWrN392LDzS49vfBOy0qWz/dVYZEZYJcr2BCtktr6GquC1fhO+rRDYLYGFo0ACoOtgPo9VdTFVHFcTxqmcEVvaPqKjrTof8ecq6lJsQMzYRWE4xTCj33bpLQXYTX4Dc5kNlPmvV00uYgm7fhjThDAR72uBw8jchXUP3NXv/K4RDVppGbPptxA0DXgyAge+PltaXh86JgYdIeKlSSuOYAVzso3HF1HFnidyiZn9DWREh33OLQiUK/tAPPGIT0H5Fkwpn1OWCTqB5Y1ufUeM1rsgDq4emXRPNjFjkjh5kosCQDX3t2fZCJmZ3ncTZk4dbhnP20HcvJ4egqouzEzj0+/XImAL8UbyeDkx2iGli0ifepzlDfxB0V7H0Ilj7gS2TwvNViRVm7MkpcYJnDiP4VNP1MrQiM5a48Zjz9UUkm/xo67M1RYMfa7YJOaL/Zy2UvUMuxI68hJTnjpIp1S8v3siqbOi+PKKkUo5BuSFUV8f6/14lerjnM5v3+DJV6fL0R5sSDP+v9BQ5nz1OYODlmCescKUKigHOnaSu9imFGvan0ODr9JovED+VsuEVgEyvlA7KfOmXPGefIkTdNH1MXeoZbrxujVYvlJJM3QYqSU3xXGMxuWm2wjj+YIzCMZ0AzbJnES+8LhWZ1NenY9s7YeNldxSHgN2iBSHNBmUQDHdWTqWv4uiRql56phfONvCEdQwUeaK5Eg1xLisG0r3n/ItIfL3Cb+6HiZdcxF+uplL7UCw5D4BaXTF6IEOaUjyMQJR2vtK0aLniox6xymKRXaPOkE5pu2gT5t0P1yZk6Kx38+S6Zi0S+scFl+wPKw0vLedPI0leKpe//kVMNVjHxlsrhSwmNwdHnThx7RgLcbY7IrAV2ShP8WOBqLtN0wTvS0H7oEseba2DF3dNVuJ/uGMyQ3Xs1WrChjshkGWleV8jSBp1O4lBdwjZhPFoSBRe3DKjty/10dlBsHFgi4qUlOqXMxqlux9neOjak8r3GFEX5+qok+rCiFGIVIMrrVZCsFkl3wvOwtRlDWQsfQQj1RXbm4NpSUFqfd89c4d2/v0eBq8Gb1V4HKZuQxTHn5495YxuF5bJdXSa8ISQjAccQ8nCrkRXlDpKeZjDV97X1t1TzHResaWuEaOE/fWsqkF2jclZsgRpx0vyqWGK5xEQBRfhavJcHk78AewDv7p7ApmGtlcpOjNV9mANLFv13SfofHrPaDEwk1Lim5iMqWZYYmW1izU/07w9uz73QS2ecM54+7MAQU2u/BXdzlVDg3wdX9umL0HCsa8f60g/O4Lpf7G2m00sGA/UJPyWHRTiYkOX5AB7ZvfH//Sqie+TKgkDPQCScJZiw4XuLqNQtJVpnRSJpMrs1IQ5zEn3WXUCfL5BVOODi/aPP9jMWzCirr7fAZW0AVlsi2iWob6Vms02uW4cz3iewtUX12mkwVeFvKpTHT9s1Rj+P2f5ruU/tnTY1EJy358qe56clhFkMV8wKrtqi5JXNuQ22Fc9GurgrPD+VrN8xXvNLy1PjGZ8alSYkj74G43M3XUiqWxron3Z1h2MGx7p0i4nBzESpGimFQ4wBliGs9sVEnyRkelqH20fb/LXqNiq44++ruhAZSe8MRVjeFHqfWLiHe8DIuASRo2fR+I5cuL+55H6Na6GSh5RvU/JMJb0F+RatYCjHe5D4D6HGP2y9BIUE9eXwmWTsES6JxK2h6s+xCYYCFuoAfXH6laTfNmDNbUk8ovPsuW+lCaYvYQ/ZS9322iSZQCN/e+P0UYwljCrF7CnCswQ4nwg2jjdCka0jWmgED9/ZxX++cVyFvzjid5Tv6w/FBGLJ256yusoSlKfu4v5+J1Yn6b6Bhp8IDcC/mSA/rW5iiW1j884Bmek88KvGyIulwkXq0+ewpI7w7ixxCBWAIYIMwvyitis36JJjNLcXYwtWkAXPB1/qA0gpeJdXm0nFla0nVzbTGdXVjLzgnNkCNEhGoMCvyP+TjMzh1vgsbtgOmrZREiPCk5egNiWC6LyE8CuXlhmxD+TYCkwuLyQ0BrCgfX+rzmRT/+1U9kxAmZONbHyHx2wwm9P5ngFWxyMY1sgkM4sH908RosdNlAx1hDMz94IIsf85+90XGE/Huz03NPAqx0WWefSVUwr3kr0/MsbIRG8Sicb5vOKonJDaGIFQf5UelU3iIzElMCMGCSqGSIb3DQEJFTEWBBSKVnFxaBhazdah3KtlAACyWIW0HjBBMDEwDQYJYIZIAWUDBAIBBQAEINWmSkGtwKFXIYc/rCyFLZYfec67XU8EGxppguPfMI0lBAjIgLYmJTkMGAICCAA=") goodKey, _ := base64.StdEncoding.DecodeString("LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUpRZ0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQ1N3d2dna29BZ0VBQW9JQ0FRQ1pITzRvNkpteU9aZGYKQXQ3RFdqR2tHdzdENVVIU1BHZXQyTjg2cnBGWXcrZThnL3dSeDBnZDBzRk9pelBBREdjcnpmdWE5Z3ZFcDRWcwpXb2FHbmN3UXhqdnMrZ1orWmQ2UkVPNHRLNzRURmYxaWZibmowUHE2OENlQlFpaG8xbDNwM2UwQy8yemVJMjNiCnZWRHZlMm13VXE5aDY4UTFFUmdWMU1LaWJHU1Naak5DQzdkRGFQWmpKazViMFlWVFdxREViemREVnh2ZVVMNVIKcUZnL0RKQTMzVnE2VFQzQ2U5RjBIcEorb3graSs4cUxmWU5qZExSUDZlbEtLTU5naVhhNTFvdnQ5MjF4UkVGdgpYRXYvTUtqWTlhNkppNndIRSs0NmdvbFY4V2puK2xMRkRKVHh6WEFEN2p2NzVzaHY0WEczdFlaQ2J4cTMzZ2JtCm96c0VQZ3lTRGtCMm5zc0tIUEFhSVNPaWpjNDhiSXhwbDVocFJPWUZFblJDWnhablhQNjdLZVF1VWZXQkpoVWcKYWltc0JRK3p6cFB6ZjVUbjRnVExkWll2NU41V1V2djJJdUF5Qktha0ZhR1ZYTzFpZ2FDeVQvUTNBcEE2ZGx4Sgo1VW44SzY4dS9KSGFmWWZ5engwVnVoZk5zbmtiWkxWSEZsR2Rxd3JrU0tCWSs1eS9WWlpkeC9hSHNWWndVN3ZECmNlaGxlWlFNNGV2cm5tMUY3dk5xSHBUK3BHSnpNVWVUNGZMVFpabTBra1Y3ZXl5RGRMMDFEWXRXQk1TM2NEb1EKdU5vWElBMCtDeFZPOHcxcC9wbXF2UFQ3cmpad2pwYkVMUkp3MWs4R3ozU2FKb2VqaFBzWC9xNzNGWWdBc09PRApwTXJuK3ZpU2U0ZnJmR0VmZlEvYXJUVE5qK1BUb3dJREFRQUJBb0lDQUM3ek1CUmJQc1huNHdLL1hvK0ltTEE1Cm04MTEvemo0VE5LQ0xmRlFsa0VoMFcxOUMwNW9UVFRYNjI2cVFMUWpHWC9WS2RIYW9NRXNuVDBjaFNQQ1AxRGwKZUhxeU1FdVI4UzJLZzM1V2EzSnV5OFBueVppUi9GQldVOGJQQXBVakpxa1A1QjJITlZyb2drZGZSZklwWmI4cgptNXZyTDc4Vi9zeXk4UHZkUVBtalhSUmpnMDZvWU9VR1dnRE52cFJRdGZ1R0h1d0hTZ1JodmZwTUpNTXdsd2lLClY4Zkk1NmM3VUg3SzRTRHo1RCtWOWdYUDl2b0lUMEl4OTlkRnFLTnhnM1o0MDIrazcycE1BOFNpQ0t1M3dBN0gKUnozbUZsb1ZRbmV1ajI1TEdHQUo0bGVLQkNJaFhMZlgxWXpvdDQyWEU4ZkJZZW45SjdRNTRPUFlLY0NqUmpjSgp1M2NkamtIbmFWVFc1dDdLTDFuYVAxRmF0S0ZxSjY1V1Y0c3pxWDhPVkpzbWhLalNsNUhqTk1VeERuaFUraWRTCmsxaGNaa00zOWd2RGR1ekRHeHF0L2hHMWNJS3VtamxZb01WNDV4VWFoVHdhTjZnamlrTUxNdFgrb2c0MVAxU3cKa09hZTZ4enJFQmU1eXhqSnVDWFJzK2FFOXZhTmpIWmpnSTNKREJ0enNjeCtvRFZBMXoxWVBpR2t1NXBNYmxYUQpFMWlRQnlJOVRjeHMrazN0NWdIQ0d3Z2lOcXVnOVZJaXY1cTQ2R2VGRVdnQS8wZ2hEZ0hIRnNRSDJ4VEpGU2d6ClluTkRVNlZtQ1RYZEQ0QU5jS085Z0loQzdxYk9iazlUeS9zZkZIQjBrYUdCVjFFZGZ3a0R4LytYdXRacHNUN3IKdkl6SUVDd2JPTEUzZCtLb1grUUJBb0lCQVFESG9SVU42U1VmQ3I4Z2FsOFM3UDhscU1kZnhsQVNRcWRqOHY2WAp3V1o1MFJKVE9TRmxqN3dlb2FnTStDT3pEUHpoU3pMbE4vcVdnK2h1RFJGcXBWb08xTmlrZVdvZEVwajFyZG5qCmlLeFlEVUJKNjFCMk5GT3R6Qm9CZUgyOFpDR3dRUW93clZSNUh5dUlqOTRhTzBiRlNUWEJTdWx2d3NQeDZhR2cKaTV2Q0VITHB6ODZKV1BzcjYwSmxVSDk2Z2U3NXJNZEFuRTJ1UE5JVlRnR2grMHpOenZ2a21yZHRYRVR4QXpFZwo5d0RaNVFZTUNYTGVjV0RxaWtmQUpoaUFJTjdVWEtvajN0b1ZMMzh6Sm95WmNWT3ZLaVRIQXY1MCtyNGhVTzhiCjJmL1J2VllKMngybnJuSVR4L0s2Y2N3UUttb1dFNmJRdmg4SXJGTEI3aWN2cVJzUEFvSUJBUURFV1VGemRyRHgKN2w4VGg2bVV5ZlBIWWtOUU0vdDBqM3l3RDROQ2JuSlEvZGd2OGNqMVhGWTNkOWptdWZreGtrQ01WVC8rcVNrOQp1cm1JVVJDeGo5ZDJZcUtMYXZVcUVFWCtNVStIZ0VDOW4yTHluN0xXdVNyK2dFWVdkNllXUVNSVXpoS0xaN2RUCnliTnhmcnNtczNFSVJEZTkwcFV4ZGJ0eWpJSTlZd1NaRDdMUHVOQmc1cWNaTW1xWG9vSnQxdnJld1JINncwam8KM1pxTWMrVGFtNGxYc0xmU0pqTlAzd2IzZEE0ZDFvWWFIb29WWTVyK0dER1F5YnVKYllQZSt6d01NTkJhZ2dTVQpCL3J5NlBldVBTWVJnby9kTlR2TERDamJjbytXdFpncjRJaWxCVmpCbmwycEhzakVHYjZDV2Q2bXZCdlk3SWM5ClM3cXJLUGQrWE00dEFvSUJBR08wRkN2cWNkdmJKakl1Ym1XcGNKV0NnbkZYUHM2Zjg3Sjd2cVJVdDdYSHNmdFcKNFZNMFFxU1o0TEQ1amZyelZhbkFRUjh5b2psaWtFZkd4eGdZbGE0cXFEa2RXdDVDVjVyOHhZSmExSmoxcFZKRgo4TjNZcktKMCtkZ2FNZEpSd0hHalNrK2RnajhzVGpYYWhQZGMrNisxTE4vcFprV25aTzRCM2ZPdFJwSGFYVXBoCnU2bmxneTBnUnYwTEEyQlFYT2JlWUhYb212T1c5T1luRzdHbkxXanRJK205VERlV2llaEZ5OWZIQmVuTjlRTTIKQk9VTWczY2dzVTFLdVpuazBPWUhrZ0p3WDBPTmdWNHV0ckk4WTZ0c3hRbVFlVDQ3clpJK05lNFhKeW0rQXFiUgpoVEltY2x0bTFkaEExY2FOS0liMk1hNjRCZy95NFRKeW02ZTJNZ2tDZ2dFQkFKTGt5NmljVllqSjh1dGpoU1ZCCmFWWHpWN1M3RHhhRytwdWxIMmdseFBSKzFLd1owV1J1N2ptVk9mcHppOURnUDlZOU9TRkdZUXBEbGVZNzc2ZEgKbThSL3ltZFBYNWRXa1dhNGNXMUlNQ2N0QlJQTEVqcStVVUlScVYzSnFjSGdmbFBMeitmbmNpb0hMbTVzaDR0TwpsL085Ulk2SDZ3SVR1R2JjWTl1VkpxMTBKeXhzY2NqdEJubzlVNjJaOE1aSUhXdGxPaFJHNFZjRjQwZk10Snd2CjNMSjBEVEgxVGxJazRzdGlVZVZVeHdMbmNocktaL3hORVZmbTlKeStCL2hjTVBKVjJxcTd0cjBnczBmanJ0ajEKK25NRElLbzMxMEh6R09ZRWNSUXBTMjBZRUdLVSsyL3ZFTmNqcHNPL0Z0M2lha2FIV0xZVFRxSTI4N0oxZGFOZAp2d2tDZ2dFQUNqWTJIc0ErSlQvWlU1Q0k1NlFRNmlMTkdJeFNUYkxUMGJNbGNWTDJraGFFNTRMVGtld0I5enFTCk5xNVFacUhxbGk2anZiKzM4Q1FPUWxPWmd6clVtZlhIemNWQ1FwMUk1RjRmSGkyWUVVa3FJL2dWdlVGMUxCNUUKZE1KR1FZa3Jick83Qjc0eE50RUV3Mmh3UFUwcTRmby92eFZXV0pFdTNoMGpSL0llMDA3UGtPZ0p1K1R5ZWZBNwpQVkM4OFlQbmsyZ3ArUFpRdDljanhOL0V4enRweDZ4cUJzT0MvQWZIYU5BdFA0azM5MVc5NjN3eHVwbUE5SkdiCk4yM0NCRmVIZDJmTUViTWJuWDk1Q1NYNjNJVWNaNVRhZTdwQS9OZ094YkdzaGRSMHdFZldTMGNyT1VTdGt6aE0KT3lCekNZSk53d3Bld3cyOFpIMGgybHh6VVRHWStRPT0KLS0tLS1FTkQgUFJJVkFURSBLRVktLS0tLQo=") goodSecret := "old" secretKey := "fakeSecretKey" @@ -628,6 +630,32 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { }, } } + certP12ChainLegacySuccess := func(smtc *secretManagerTestCase) { + smtc.setValue = p12CertChainLegacy + smtc.pushData = testingfake.PushSecretData{ + SecretKey: secretKey, + RemoteKey: certName, + } + smtc.certOutput = keyvault.CertificateBundle{ + X509Thumbprint: pointer.To("123"), + Tags: map[string]*string{ + "managed-by": pointer.To("external-secrets"), + }, + } + } + certP12ChainModernSuccess := func(smtc *secretManagerTestCase) { + smtc.setValue = p12CertChainModern + smtc.pushData = testingfake.PushSecretData{ + SecretKey: secretKey, + RemoteKey: certName, + } + smtc.certOutput = keyvault.CertificateBundle{ + X509Thumbprint: pointer.To("123"), + Tags: map[string]*string{ + "managed-by": pointer.To("external-secrets"), + }, + } + } certPEMSuccess := func(smtc *secretManagerTestCase) { pemCert, _ := base64.StdEncoding.DecodeString("LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZwekNDQTQrZ0F3SUJBZ0lVTUhhVDZtZG8vd2Urbit0NFB2R0JZaUdDSXE0d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1l6RUxNQWtHQTFVRUJoTUNRVlV4RXpBUkJnTlZCQWdNQ2xOdmJXVXRVM1JoZEdVeElUQWZCZ05WQkFvTQpHRWx1ZEdWeWJtVjBJRmRwWkdkcGRITWdVSFI1SUV4MFpERWNNQm9HQTFVRUF3d1RZVzV2ZEdobGNpMW1iMjh0ClltRnlMbU52YlRBZUZ3MHlNakEyTURreE56UTFNelphRncweU16QTJNRGt4TnpRMU16WmFNR014Q3pBSkJnTlYKQkFZVEFrRlZNUk13RVFZRFZRUUlEQXBUYjIxbExWTjBZWFJsTVNFd0h3WURWUVFLREJoSmJuUmxjbTVsZENCWAphV1JuYVhSeklGQjBlU0JNZEdReEhEQWFCZ05WQkFNTUUyRnViM1JvWlhJdFptOXZMV0poY2k1amIyMHdnZ0lpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQ0R3QXdnZ0lLQW9JQ0FRQ1pITzRvNkpteU9aZGZBdDdEV2pHa0d3N0QKNVVIU1BHZXQyTjg2cnBGWXcrZThnL3dSeDBnZDBzRk9pelBBREdjcnpmdWE5Z3ZFcDRWc1dvYUduY3dReGp2cworZ1orWmQ2UkVPNHRLNzRURmYxaWZibmowUHE2OENlQlFpaG8xbDNwM2UwQy8yemVJMjNidlZEdmUybXdVcTloCjY4UTFFUmdWMU1LaWJHU1Naak5DQzdkRGFQWmpKazViMFlWVFdxREViemREVnh2ZVVMNVJxRmcvREpBMzNWcTYKVFQzQ2U5RjBIcEorb3graSs4cUxmWU5qZExSUDZlbEtLTU5naVhhNTFvdnQ5MjF4UkVGdlhFdi9NS2pZOWE2SgppNndIRSs0NmdvbFY4V2puK2xMRkRKVHh6WEFEN2p2NzVzaHY0WEczdFlaQ2J4cTMzZ2Jtb3pzRVBneVNEa0IyCm5zc0tIUEFhSVNPaWpjNDhiSXhwbDVocFJPWUZFblJDWnhablhQNjdLZVF1VWZXQkpoVWdhaW1zQlErenpwUHoKZjVUbjRnVExkWll2NU41V1V2djJJdUF5Qktha0ZhR1ZYTzFpZ2FDeVQvUTNBcEE2ZGx4SjVVbjhLNjh1L0pIYQpmWWZ5engwVnVoZk5zbmtiWkxWSEZsR2Rxd3JrU0tCWSs1eS9WWlpkeC9hSHNWWndVN3ZEY2VobGVaUU00ZXZyCm5tMUY3dk5xSHBUK3BHSnpNVWVUNGZMVFpabTBra1Y3ZXl5RGRMMDFEWXRXQk1TM2NEb1F1Tm9YSUEwK0N4Vk8KOHcxcC9wbXF2UFQ3cmpad2pwYkVMUkp3MWs4R3ozU2FKb2VqaFBzWC9xNzNGWWdBc09PRHBNcm4rdmlTZTRmcgpmR0VmZlEvYXJUVE5qK1BUb3dJREFRQUJvMU13VVRBZEJnTlZIUTRFRmdRVWJPQk14azJ5UkNkR1N4eEZGMzBUCkZORFhHS3N3SHdZRFZSMGpCQmd3Rm9BVWJPQk14azJ5UkNkR1N4eEZGMzBURk5EWEdLc3dEd1lEVlIwVEFRSC8KQkFVd0F3RUIvekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBZ0VBQXdudUtxOThOQ2hUMlUzU2RSNEFVem1MTjFCVwowNHIwMTA3TjlKdW9LbzJycjhoZ21mRmd0MDgrdFNDYzR5ajZSNStyY1hudXpqeEZLaWJVYnFncFpvd0pSSGEyCjF0NUJicEwxeWcybGZyZnhIb3YvRjh0VnNTbUE4d3loNlVpV1J3RTlrdlBXUm5LblR1a3Y1enpzcVNsTlNpbG0KNDl6UTdTV05sK0lBRnkvc3dacnRKUTEwVlQ5czRuUGVHM29XUU1vdE9QUCtsbFNpeW5LTFpxUTRnU0tSaTNmZQpQTGlXcHQ5WGZYb0dVQ0VqN3E1cGhibExQZ2RLVUNyaEdQMW4yalltWHNjV0xNeWtBbmEyMGNobHJxVlluQ2E4CkpVcDRMZnRGRHA4OVlUb1hPRkhuRm1uTkN2Y0lyRGZGeURmaGw0VU1GcEswT1VLcVRUeFdhSzl1cU9JcGFySXMKS1l3c3ArZkxlV0xiUTZrR2Ztbk81aURSZCtvT2hyTllvb1RaVks5ZlFSNXJEMmU0QitlYTByelFGWEFBVWpKNQpPWGFieGJEclErT01landjNEhxcXN4enRKZ0QyYVAyZUsyL0w1UFdQdWcwRSsxZzhBQlpmVmJvaC9NM01IZ2J6ClBnYVRxZ3V6R0Zka0czRVh1K09oR2JVMC8rNzdWTW5aaTJJUVpuL2F3R1VhN1grTVAwQkR2alZZNWtWcE1aMWgKYzJDbERqZ3hOc0xHdGlrTzRjV2I1c1FSUjJHWU0zZE1rNTBWUWN0SjVScXNSczZwT0NYRFhFM1JlVlFqNGhOQgplV3ZhRFdRMktteU9haTU1ZGJEcmxKK251ODNPbUNwNTlSelA1azU4WmFEWG5sQzM4VXdUdDBxMUQ3K3pGMHRzCjFHOTMydUVCSFdZSHVPQT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=") smtc.setValue = pemCert @@ -763,6 +791,8 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { successCases := []*secretManagerTestCase{ makeValidSecretManagerTestCaseCustom(certP12Success), + makeValidSecretManagerTestCaseCustom(certP12ChainLegacySuccess), + makeValidSecretManagerTestCaseCustom(certP12ChainModernSuccess), makeValidSecretManagerTestCaseCustom(certPEMSuccess), makeValidSecretManagerTestCaseCustom(certPEMWithGarbageSuccess), makeValidSecretManagerTestCaseCustom(certDERSuccess), From eae808d8510ffe945dc1b3dfef3c76ac7f968198 Mon Sep 17 00:00:00 2001 From: Ketil <477141+mysteq@users.noreply.github.com> Date: Fri, 2 Aug 2024 10:21:31 +0200 Subject: [PATCH 212/517] docs: document fullPemToPkcs12 functions (#3749) Signed-off-by: Ketil Gjerde <477141+mysteq@users.noreply.github.com> --- docs/guides/templating.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/guides/templating.md b/docs/guides/templating.md index da9854766eb..e3080c5ead7 100644 --- a/docs/guides/templating.md +++ b/docs/guides/templating.md @@ -158,8 +158,10 @@ In addition to that you can use over 200+ [sprig functions](http://masterminds.g | pkcs12keyPass | Same as `pkcs12key`. Uses the provided password to decrypt the PKCS#12 archive. | | pkcs12cert | Extracts all certificates from a PKCS#12 archive and orders them if possible. If disjunct or multiple leaf certs are provided they are returned as-is.
Sort order: `leaf / intermediate(s) / root`. | | pkcs12certPass | Same as `pkcs12cert`. Uses the provided password to decrypt the PKCS#12 archive. | -| pemToPkcs12 | Takes a PEM encoded certificate and key and creates a base64 enoded PKCS#12 archive. | +| pemToPkcs12 | Takes a PEM encoded certificate and key and creates a base64 encoded PKCS#12 archive. | | pemToPkcs12Pass | Same as `pemToPkcs12`. Uses the provided password to encrypt the PKCS#12 archive. | +| fullPemToPkcs12 | Takes a PEM encoded certificates chain and key and creates a base64 encoded PKCS#12 archive. | +| fullPemToPkcs12Pass | Same as `fullPemToPkcs12`. Uses the provided password to encrypt the PKCS#12 archive. | | filterPEM | Filters PEM blocks with a specific type from a list of PEM blocks. | | jwkPublicKeyPem | Takes an json-serialized JWK and returns an PEM block of type `PUBLIC KEY` that contains the public key. [See here](https://golang.org/pkg/crypto/x509/#MarshalPKIXPublicKey) for details. | | jwkPrivateKeyPem | Takes an json-serialized JWK as `string` and returns an PEM block of type `PRIVATE KEY` that contains the private key in PKCS #8 format. [See here](https://golang.org/pkg/crypto/x509/#MarshalPKCS8PrivateKey) for details. | From ba6627a9fcb7e3581ba73b5d71e7ae959da5ea5d Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Sat, 3 Aug 2024 09:43:52 +0200 Subject: [PATCH 213/517] release: update helm chart to v0.10.0 (#3758) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- deploy/charts/external-secrets/Chart.yaml | 4 +- deploy/charts/external-secrets/README.md | 2 +- .../cert_controller_test.yaml.snap | 10 +-- .../__snapshot__/controller_test.yaml.snap | 10 +-- .../tests/__snapshot__/crds_test.yaml.snap | 73 ++++++++++++++++++- .../tests/__snapshot__/webhook_test.yaml.snap | 14 ++-- 6 files changed, 92 insertions(+), 21 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index b3026bc2046..42d7fd8f0c8 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.9.20" -appVersion: "v0.9.20" +version: "0.10.0" +appVersion: "v0.10.0" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index 1ce3bb8ac66..4af2b7c7085 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.9.20](https://img.shields.io/badge/Version-0.9.20-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index b46f74d55a2..42ef77f87a0 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.20 - helm.sh/chart: external-secrets-0.9.20 + app.kubernetes.io/version: v0.10.0 + helm.sh/chart: external-secrets-0.10.0 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.9.20 - helm.sh/chart: external-secrets-0.9.20 + app.kubernetes.io/version: v0.10.0 + helm.sh/chart: external-secrets-0.10.0 spec: automountServiceAccountToken: true containers: @@ -41,7 +41,7 @@ should match snapshot of default values: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: ghcr.io/external-secrets/external-secrets:v0.9.20 + image: ghcr.io/external-secrets/external-secrets:v0.10.0 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index cd326b6615c..cd8fd494c19 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.20 - helm.sh/chart: external-secrets-0.9.20 + app.kubernetes.io/version: v0.10.0 + helm.sh/chart: external-secrets-0.10.0 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.9.20 - helm.sh/chart: external-secrets-0.9.20 + app.kubernetes.io/version: v0.10.0 + helm.sh/chart: external-secrets-0.10.0 spec: automountServiceAccountToken: true containers: @@ -34,7 +34,7 @@ should match snapshot of default values: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: ghcr.io/external-secrets/external-secrets:v0.9.20 + image: ghcr.io/external-secrets/external-secrets:v0.10.0 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 76d60adbbeb..1185633be79 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -1967,6 +1967,9 @@ should match snapshot of default values: externalID: description: AWS External ID set on assumed IAM roles type: string + prefix: + description: Prefix adds a prefix to all retrieved values. + type: string region: description: AWS Region to be used for the provider type: string @@ -3389,7 +3392,7 @@ should match snapshot of default values: type: object type: object apiUrl: - default: https://api.pulumi.com + default: https://api.pulumi.com/api/preview description: APIURL is the URL of the Pulumi API. type: string environment: @@ -3475,6 +3478,69 @@ should match snapshot of default values: - region - secretKey type: object + secretserver: + description: |- + SecretServer configures this store to sync secrets using SecretServer provider + https://docs.delinea.com/online-help/secret-server/start.htm + properties: + password: + description: Password is the secret server account password. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + serverURL: + description: |- + ServerURL + URL to your secret server installation + type: string + username: + description: Username is the secret server account username. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - password + - serverURL + - username + type: object senhasegura: description: Senhasegura configures this store to sync secrets using senhasegura provider properties: @@ -4039,6 +4105,11 @@ should match snapshot of default values: the option is enabled serverside. https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object namespace: description: |- Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 58c619fbfb2..e7fa28f877b 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.20 - helm.sh/chart: external-secrets-0.9.20 + app.kubernetes.io/version: v0.10.0 + helm.sh/chart: external-secrets-0.10.0 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.20 - helm.sh/chart: external-secrets-0.9.20 + app.kubernetes.io/version: v0.10.0 + helm.sh/chart: external-secrets-0.10.0 spec: automountServiceAccountToken: true containers: @@ -39,7 +39,7 @@ should match snapshot of default values: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: ghcr.io/external-secrets/external-secrets:v0.9.20 + image: ghcr.io/external-secrets/external-secrets:v0.10.0 imagePullPolicy: IfNotPresent name: webhook ports: @@ -83,8 +83,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.9.20 + app.kubernetes.io/version: v0.10.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.9.20 + helm.sh/chart: external-secrets-0.10.0 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From 6bab976275ac0ce0a7f7c4cd90a244a2771f1c20 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 5 Aug 2024 08:19:27 +0200 Subject: [PATCH 214/517] doc: add maintainer of the bitwarden secret manager provider (#3762) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/introduction/stability-support.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/introduction/stability-support.md b/docs/introduction/stability-support.md index f617a92557a..d18d016d5eb 100644 --- a/docs/introduction/stability-support.md +++ b/docs/introduction/stability-support.md @@ -58,7 +58,7 @@ The following table describes the stability level of each provider and who's res | [Passbolt](https://external-secrets.io/latest/provider/passbolt) | alpha | | | [Infisical](https://external-secrets.io/latest/provider/infisical) | alpha | [@akhilmhdh](https://github.com/akhilmhdh) | | [Device42](https://external-secrets.io/latest/provider/device42) | alpha | | -| [Bitwarden Secrets Manager](https://external-secrets.io/latest/provider/bitwarden-secrets-manager) | alpha | | +| [Bitwarden Secrets Manager](https://external-secrets.io/latest/provider/bitwarden-secrets-manager) | alpha | [@skarlso](https://github.com/Skarlso) | ## Provider Feature Support From 66a52b1728ececf2976e8a2f787f24399e5becd1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 10:52:24 +0200 Subject: [PATCH 215/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3763) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.30 to 9.5.31. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.30...9.5.31) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 4882d60e282..bf6fa63404f 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.0 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.30 +mkdocs-material==9.5.31 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 From 7343875bf77f68fa4babd215f99b9c9baff30114 Mon Sep 17 00:00:00 2001 From: Victor Santos Date: Mon, 5 Aug 2024 12:45:12 -0300 Subject: [PATCH 216/517] fix: decrypt remote secret for SecureString type (#3761) --- .../aws/parameterstore/parameterstore.go | 9 +++++- .../aws/parameterstore/parameterstore_test.go | 29 +++++++++++++++++++ 2 files changed, 37 insertions(+), 1 deletion(-) diff --git a/pkg/provider/aws/parameterstore/parameterstore.go b/pkg/provider/aws/parameterstore/parameterstore.go index c9307a02c06..bda54c3ac39 100644 --- a/pkg/provider/aws/parameterstore/parameterstore.go +++ b/pkg/provider/aws/parameterstore/parameterstore.go @@ -195,7 +195,8 @@ func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, } secretValue := ssm.GetParameterInput{ - Name: &secretName, + Name: &secretName, + WithDecryption: aws.Bool(true), } existing, err := pm.client.GetParameterWithContext(ctx, &secretValue) @@ -219,6 +220,12 @@ func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, return fmt.Errorf("secret not managed by external-secrets") } + // When fetching a remote SecureString parameter without decrypting, the default value will always be 'sensitive' + // in this case, no updates will be pushed remotely + if existing.Parameter.Value != nil && *existing.Parameter.Value == "sensitive" { + return fmt.Errorf("unable to compare 'sensitive' result, ensure to request a decrypted value") + } + if existing.Parameter.Value != nil && *existing.Parameter.Value == string(value) { return nil } diff --git a/pkg/provider/aws/parameterstore/parameterstore_test.go b/pkg/provider/aws/parameterstore/parameterstore_test.go index 2e1ccfdf053..7da9356b213 100644 --- a/pkg/provider/aws/parameterstore/parameterstore_test.go +++ b/pkg/provider/aws/parameterstore/parameterstore_test.go @@ -495,6 +495,34 @@ func TestPushSecret(t *testing.T) { err: fmt.Errorf("failed to parse metadata: failed to parse JSON raw data: invalid character 'f' looking for beginning of object key string"), }, }, + "GetRemoteSecretWithoutDecryption": { + reason: "test if push secret's get remote source is encrypted for valid comparison", + args: args{ + store: makeValidParameterStore().Spec.Provider.AWS, + metadata: &apiextensionsv1.JSON{ + Raw: []byte(` + { + "parameterStoreType": "SecureString", + "parameterStoreKeyID": "arn:aws:kms:sa-east-1:00000000000:key/bb123123-b2b0-4f60-ac3a-44a13f0e6b6c" + } + `), + }, + client: fakeps.Client{ + PutParameterWithContextFn: fakeps.NewPutParameterWithContextFn(putParameterOutput, nil), + GetParameterWithContextFn: fakeps.NewGetParameterWithContextFn(&ssm.GetParameterOutput{ + Parameter: &ssm.Parameter{ + Type: aws.String("SecureString"), + Value: aws.String("sensitive"), + }, + }, nil), + DescribeParametersWithContextFn: fakeps.NewDescribeParametersWithContextFn(describeParameterOutput, nil), + ListTagsForResourceWithContextFn: fakeps.NewListTagsForResourceWithContextFn(validListTagsForResourceOutput, nil), + }, + }, + want: want{ + err: fmt.Errorf("unable to compare 'sensitive' result, ensure to request a decrypted value"), + }, + }, } for name, tc := range tests { @@ -625,6 +653,7 @@ func TestGetSecret(t *testing.T) { pstc.expectedSecret = "bang" pstc.remoteRef.Property = "/shmoo" } + // good case: extract property with `.` setExtractPropertyWithDot := func(pstc *parameterstoreTestCase) { pstc.apiOutput.Parameter.Value = aws.String(`{"/shmoo.boom": "bang"}`) From f3aa2fc3afdd5eefd1353401c083166cef951f14 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Tue, 6 Aug 2024 07:45:16 +0200 Subject: [PATCH 217/517] update dependencies (#3766) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator --- e2e/go.mod | 28 +++++++++---------- e2e/go.sum | 56 +++++++++++++++++++------------------- go.mod | 41 ++++++++++++++-------------- go.sum | 80 +++++++++++++++++++++++++++--------------------------- 4 files changed, 102 insertions(+), 103 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 84a68e77f17..e3736d102c1 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -48,8 +48,8 @@ require ( github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 - github.com/aws/aws-sdk-go v1.55.3 - github.com/cyberark/conjur-api-go v0.12.3 + github.com/aws/aws-sdk-go v1.55.5 + github.com/cyberark/conjur-api-go v0.12.4 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 github.com/fluxcd/pkg/apis/meta v1.2.0 @@ -58,11 +58,11 @@ require ( github.com/hashicorp/vault/api v1.14.0 github.com/onsi/ginkgo/v2 v2.19.1 github.com/onsi/gomega v1.34.0 - github.com/oracle/oci-go-sdk/v65 v65.69.3 + github.com/oracle/oci-go-sdk/v65 v65.70.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 github.com/xanzy/go-gitlab v0.107.0 - golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.189.0 + golang.org/x/oauth2 v0.22.0 + google.golang.org/api v0.190.0 k8s.io/api v0.30.3 k8s.io/apiextensions-apiserver v0.30.3 k8s.io/apimachinery v0.30.3 @@ -74,7 +74,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.7.2 // indirect + cloud.google.com/go/auth v0.7.3 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect cloud.google.com/go/iam v1.1.12 // indirect @@ -178,7 +178,7 @@ require ( github.com/sony/gobreaker v1.0.0 // indirect github.com/spf13/cast v1.6.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/tidwall/gjson v1.17.1 // indirect + github.com/tidwall/gjson v1.17.3 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/tidwall/sjson v1.2.5 // indirect @@ -192,16 +192,16 @@ require ( golang.org/x/crypto v0.25.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect golang.org/x/net v0.27.0 // indirect - golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.22.0 // indirect + golang.org/x/sync v0.8.0 // indirect + golang.org/x/sys v0.23.0 // indirect golang.org/x/term v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect - golang.org/x/time v0.5.0 // indirect + golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.23.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f // indirect + google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect google.golang.org/grpc v1.65.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -210,7 +210,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c // indirect + k8s.io/kube-openapi v0.0.0-20240730131305-7a9a4e85957e // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index bf80caa745b..bcfe4365878 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.7.2 h1:uiha352VrCDMXg+yoBtaD0tUF4Kv9vrtrWPYXwutnDE= -cloud.google.com/go/auth v0.7.2/go.mod h1:VEc4p5NNxycWQTMQEDQF0bd6aTMb6VgYDXEwiJJQAbs= +cloud.google.com/go/auth v0.7.3 h1:98Vr+5jMaCZ5NZk6e/uBgf60phTk/XN84r8QEWB9yjY= +cloud.google.com/go/auth v0.7.3/go.mod h1:HJtWUx1P5eqjy/f6Iq5KeytNpbAcGolPhOgyop2LlzA= cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -115,8 +115,8 @@ github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oa github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.55.3 h1:0B5hOX+mIx7I5XPOrjrHlKSDQV/+ypFZpIHOx5LOk3E= -github.com/aws/aws-sdk-go v1.55.3/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -133,8 +133,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cyberark/conjur-api-go v0.12.3 h1:LzSXJBKO36WJEcFceXYyb3y9lxHwx5WMhx/YH+RW88M= -github.com/cyberark/conjur-api-go v0.12.3/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0sYHXTMehaqIV/GxY= +github.com/cyberark/conjur-api-go v0.12.4 h1:N1Ku6xveOHZa7NRuf//uNKxwcvwp7MTy59aB2VM0o9A= +github.com/cyberark/conjur-api-go v0.12.4/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0sYHXTMehaqIV/GxY= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -412,8 +412,8 @@ github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os= github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.69.3 h1:CFpvgj+0k131osppFg8GlDZW9J5GBvZOVQoBJySJP+8= -github.com/oracle/oci-go-sdk/v65 v65.69.3/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.70.0 h1:gLa0IX/SidTm60VbHabnImrW3hyymmNLQJy6gZGrgDA= +github.com/oracle/oci-go-sdk/v65 v65.70.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -471,8 +471,8 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U= -github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.17.3 h1:bwWLZU7icoKRG+C+0PNwIKC6FCJO/Q3p2pZvuP0jN94= +github.com/tidwall/gjson v1.17.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= @@ -633,8 +633,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= +golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -648,8 +648,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -699,8 +699,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= +golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -730,8 +730,8 @@ golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -812,8 +812,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.189.0 h1:equMo30LypAkdkLMBqfeIqtyAnlyig1JSZArl4XPwdI= -google.golang.org/api v0.189.0/go.mod h1:FLWGJKb0hb+pU2j+rJqwbnsF+ym+fQs73rbJ+KAUgy8= +google.golang.org/api v0.190.0 h1:ASM+IhLY1zljNdLu19W1jTmU6A+gMk6M46Wlur61s+Q= +google.golang.org/api v0.190.0/go.mod h1:QIr6I9iedBLnfqoD6L6Vze1UvS5Hzj5r2aUBOaZnLHo= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -861,12 +861,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f h1:htT2I9bZvGm+110zq8bIErMX+WgBWxCzV3ChwbvnKnc= -google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:Sk3mLpoDFTAp6R4OvlcUgaG4ISTspKeFsIAXMn9Bm4Y= -google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk= -google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f h1:RARaIm8pxYuxyNPbBQf5igT7XdOyCNtat1qAT2ZxjU4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf h1:OqdXDEakZCVtDiZTjcxfwbHPCT11ycCEsTKesBVKvyY= +google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:mCr1K1c8kX+1iSBREvU3Juo11CB+QOEWxbRS01wWl5M= +google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf h1:GillM0Ef0pkZPIB+5iO6SDK+4T9pf6TpaYR6ICD5rVE= +google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:OFMYQFHJ4TM3JRlWDZhJbZfra2uqc3WLBZiaaqP4DtU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -941,8 +941,8 @@ k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c h1:CHL3IcTrTI3csK36iwYJy36uQRic+IpSoRMNH+0I8SE= -k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c/go.mod h1:0CVn9SVo8PeW5/JgsBZZIFmmTk5noOM8WXf2e1tCihE= +k8s.io/kube-openapi v0.0.0-20240730131305-7a9a4e85957e h1:OnKkExfhk4yxMqvBSPzUfhv3zQ96FWJ+UOZzLrAFyAo= +k8s.io/kube-openapi v0.0.0-20240730131305-7a9a4e85957e/go.mod h1:0CVn9SVo8PeW5/JgsBZZIFmmTk5noOM8WXf2e1tCihE= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/go.mod b/go.mod index 20e1bbdcb2a..86840f7b643 100644 --- a/go.mod +++ b/go.mod @@ -13,13 +13,13 @@ require ( github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 github.com/IBM/go-sdk-core/v5 v5.17.4 - github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 + github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5 github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/sprig/v3 v3.2.3 github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 - github.com/aws/aws-sdk-go v1.55.3 + github.com/aws/aws-sdk-go v1.55.5 github.com/go-logr/logr v1.4.2 github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 @@ -32,21 +32,21 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.19.1 github.com/onsi/gomega v1.34.0 - github.com/oracle/oci-go-sdk/v65 v65.69.3 + github.com/oracle/oci-go-sdk/v65 v65.70.0 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 - github.com/tidwall/gjson v1.17.1 + github.com/tidwall/gjson v1.17.3 github.com/xanzy/go-gitlab v0.107.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240722173647-40d4f9e8b9fa - github.com/yandex-cloud/go-sdk v0.0.0-20240722174019-5ac55728f8d8 + github.com/yandex-cloud/go-genproto v0.0.0-20240729164347-c5b523b251a7 + github.com/yandex-cloud/go-sdk v0.0.0-20240729164733-eb9da8ab7eda github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.25.0 - golang.org/x/oauth2 v0.21.0 - google.golang.org/api v0.189.0 - google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f + golang.org/x/oauth2 v0.22.0 + google.golang.org/api v0.190.0 + google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf google.golang.org/grpc v1.65.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -71,12 +71,12 @@ require ( github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8 github.com/alibabacloud-go/kms-20160120/v3 v3.2.1 - github.com/alibabacloud-go/openapi-util v0.1.0 + github.com/alibabacloud-go/openapi-util v0.1.1 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.6 github.com/aliyun/credentials-go v1.3.6 github.com/avast/retry-go/v4 v4.6.0 - github.com/cyberark/conjur-api-go v0.12.3 + github.com/cyberark/conjur-api-go v0.12.4 github.com/fortanix/sdkms-client-go v0.4.0 github.com/go-openapi/strfmt v0.23.0 github.com/golang-jwt/jwt/v5 v5.2.1 @@ -92,13 +92,13 @@ require ( github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c + k8s.io/kube-openapi v0.0.0-20240730131305-7a9a4e85957e sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/auth v0.7.2 // indirect + cloud.google.com/go/auth v0.7.3 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect @@ -106,7 +106,7 @@ require ( github.com/ProtonMail/gopenpgp/v2 v2.7.5 // indirect github.com/alessio/shellescape v1.4.2 // indirect github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 // indirect - github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 // indirect + github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect github.com/alibabacloud-go/darabonba-array v0.1.0 // indirect github.com/alibabacloud-go/darabonba-encode-util v0.0.2 // indirect github.com/alibabacloud-go/darabonba-map v0.0.2 // indirect @@ -114,7 +114,6 @@ require ( github.com/alibabacloud-go/darabonba-string v1.0.2 // indirect github.com/alibabacloud-go/debug v1.0.0 // indirect github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect - github.com/alibabacloud-go/tea-utils v1.4.5 // indirect github.com/alibabacloud-go/tea-xml v1.1.3 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect @@ -143,9 +142,9 @@ require ( go.opentelemetry.io/otel v1.28.0 // indirect go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/otel/trace v1.28.0 // indirect - golang.org/x/sync v0.7.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f // indirect + golang.org/x/sync v0.8.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) @@ -244,12 +243,12 @@ require ( go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 - golang.org/x/mod v0.19.0 // indirect + golang.org/x/mod v0.20.0 // indirect golang.org/x/net v0.27.0 // indirect - golang.org/x/sys v0.22.0 // indirect + golang.org/x/sys v0.23.0 // indirect golang.org/x/term v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect - golang.org/x/time v0.5.0 // indirect + golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.23.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.34.2 // indirect diff --git a/go.sum b/go.sum index aa089a2f5d0..6cdbfe7c0a0 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.7.2 h1:uiha352VrCDMXg+yoBtaD0tUF4Kv9vrtrWPYXwutnDE= -cloud.google.com/go/auth v0.7.2/go.mod h1:VEc4p5NNxycWQTMQEDQF0bd6aTMb6VgYDXEwiJJQAbs= +cloud.google.com/go/auth v0.7.3 h1:98Vr+5jMaCZ5NZk6e/uBgf60phTk/XN84r8QEWB9yjY= +cloud.google.com/go/auth v0.7.3/go.mod h1:HJtWUx1P5eqjy/f6Iq5KeytNpbAcGolPhOgyop2LlzA= cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -105,8 +105,8 @@ github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/IBM/go-sdk-core/v5 v5.17.4 h1:VGb9+mRrnS2HpHZFM5hy4J6ppIWnwNrw0G+tLSgcJLc= github.com/IBM/go-sdk-core/v5 v5.17.4/go.mod h1:KsAAI7eStAWwQa4F96MLy+whYSh39JzNjklZRbN/8ns= -github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4 h1:xa9e+POVqaXxXHXkSMCOVAbKdUNEu86jQmo5hcpd+L4= -github.com/IBM/secrets-manager-go-sdk/v2 v2.0.4/go.mod h1:5gq8D8uWOIbqOm1uztay6lpOysgJaxxEsaVZLWGWb40= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5 h1:VMc/Zd6RzB8j60CqZekkwYT2wQsCfrkGV2n01Gviuaw= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5/go.mod h1:5kUgJ1dG9cdiAcPDqVz46m362bPnoqZQSth24NiowSg= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= @@ -138,8 +138,9 @@ github.com/alessio/shellescape v1.4.2 h1:MHPfaU+ddJ0/bYWpgIeUnQUqKrlJ1S7BfEYPM4u github.com/alessio/shellescape v1.4.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 h1:eIf+iGJxdU4U9ypaUfbtOWCsZSbTb8AUHvyPrxu6mAA= github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6/go.mod h1:4EUIoxs/do24zMOGGqYVWgw0s9NtiylnJglOeEB5UJo= -github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4 h1:iC9YFYKDGEy3n/FtqJnOkZsene9olVspKmkX5A2YBEo= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= +github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 h1:zE8vH9C7JiZLNJJQ5OwjU9mSi4T9ef9u3BURT6LCLC8= +github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5/go.mod h1:tWnyE9AjF8J8qqLk645oUmVUnFybApTQWklQmi5tY6g= github.com/alibabacloud-go/darabonba-array v0.1.0 h1:vR8s7b1fWAQIjEjWnuF0JiKsCvclSRTfDzZHTYqfufY= github.com/alibabacloud-go/darabonba-array v0.1.0/go.mod h1:BLKxr0brnggqOJPqT09DFJ8g3fsDshapUD3C3aOEFaI= github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC2NG0Ax+GpOM5gtupki31XE= @@ -161,8 +162,9 @@ github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9 github.com/alibabacloud-go/endpoint-util v1.1.1/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= github.com/alibabacloud-go/kms-20160120/v3 v3.2.1 h1:CZFbODre2r8ECRKqvS1L1DYRemj8F4eZg9KzB7dVJT4= github.com/alibabacloud-go/kms-20160120/v3 v3.2.1/go.mod h1:x/5xgaahHH2Z72RFj4b+pIa+zKcq9N5lGxh1+Y1jmvE= -github.com/alibabacloud-go/openapi-util v0.1.0 h1:0z75cIULkDrdEhkLWgi9tnLe+KhAFE/r5Pb3312/eAY= github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= +github.com/alibabacloud-go/openapi-util v0.1.1 h1:ujGErJjG8ncRW6XtBBMphzHTvCxn4DjrVw4m04HsS28= +github.com/alibabacloud-go/openapi-util v0.1.1/go.mod h1:/UehBSE2cf1gYT43GV4E+RxTdLRzURImCYY0aRmlXpw= github.com/alibabacloud-go/tea v1.1.0/go.mod h1:IkGyUSX4Ba1V+k4pCtJUc6jDpZLFph9QMy2VUPTwukg= github.com/alibabacloud-go/tea v1.1.7/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= github.com/alibabacloud-go/tea v1.1.8/go.mod h1:/tmnEaQMyb4Ky1/5D+SE1BAsa5zj/KeGOFfwYm3N/p4= @@ -173,8 +175,6 @@ github.com/alibabacloud-go/tea v1.2.1/go.mod h1:qbzof29bM/IFhLMtJPrgTGK3eauV5J2w github.com/alibabacloud-go/tea v1.2.2 h1:aTsR6Rl3ANWPfqeQugPglfurloyBJY85eFy7Gc1+8oU= github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZLAQdpmpXMgwk= github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE= -github.com/alibabacloud-go/tea-utils v1.4.5 h1:h0/6Xd2f3bPE4XHTvkpjwxowIwRCJAJOqY6Eq8f3zfA= -github.com/alibabacloud-go/tea-utils v1.4.5/go.mod h1:KNcT0oXlZZxOXINnZBs6YvgOd5aYp9U67G+E3R8fcQw= github.com/alibabacloud-go/tea-utils/v2 v2.0.5/go.mod h1:dL6vbUT35E4F4bFTHL845eUloqaerYBYPsdWR2/jhe4= github.com/alibabacloud-go/tea-utils/v2 v2.0.6 h1:ZkmUlhlQbaDC+Eba/GARMPy6hKdCLiSke5RsN5LcyQ0= github.com/alibabacloud-go/tea-utils/v2 v2.0.6/go.mod h1:qxn986l+q33J5VkialKMqT/TTs3E+U9MJpd001iWQ9I= @@ -191,8 +191,8 @@ github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinR github.com/avast/retry-go/v4 v4.6.0/go.mod h1:gvWlPhBVsvBbLkVGDg/KwvBv0bEkCOLRRSHKIr2PyOE= github.com/aws/aws-sdk-go v1.34.0/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.41.13/go.mod h1:585smgzpB/KqRA+K3y/NL/oYRqQvpNJYvLm+LY1U59Q= -github.com/aws/aws-sdk-go v1.55.3 h1:0B5hOX+mIx7I5XPOrjrHlKSDQV/+ypFZpIHOx5LOk3E= -github.com/aws/aws-sdk-go v1.55.3/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= +github.com/aws/aws-sdk-go v1.55.5 h1:KKUZBfBoyqy5d3swXyiC7Q76ic40rYcbqH7qjh59kzU= +github.com/aws/aws-sdk-go v1.55.5/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= @@ -225,8 +225,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= github.com/ctdk/goiardi v0.11.10/go.mod h1:Pr6Cj6Wsahw45myttaOEZeZ0LE7p1qzWmzgsBISkrNI= -github.com/cyberark/conjur-api-go v0.12.3 h1:LzSXJBKO36WJEcFceXYyb3y9lxHwx5WMhx/YH+RW88M= -github.com/cyberark/conjur-api-go v0.12.3/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0sYHXTMehaqIV/GxY= +github.com/cyberark/conjur-api-go v0.12.4 h1:N1Ku6xveOHZa7NRuf//uNKxwcvwp7MTy59aB2VM0o9A= +github.com/cyberark/conjur-api-go v0.12.4/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0sYHXTMehaqIV/GxY= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -564,8 +564,8 @@ github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os= github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.69.3 h1:CFpvgj+0k131osppFg8GlDZW9J5GBvZOVQoBJySJP+8= -github.com/oracle/oci-go-sdk/v65 v65.69.3/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.70.0 h1:gLa0IX/SidTm60VbHabnImrW3hyymmNLQJy6gZGrgDA= +github.com/oracle/oci-go-sdk/v65 v65.70.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -649,8 +649,8 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/gjson v1.17.1 h1:wlYEnwqAHgzmhNUFfw7Xalt2JzQvsMx2Se4PcoFCT/U= -github.com/tidwall/gjson v1.17.1/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.17.3 h1:bwWLZU7icoKRG+C+0PNwIKC6FCJO/Q3p2pZvuP0jN94= +github.com/tidwall/gjson v1.17.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= @@ -667,10 +667,10 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20240722173647-40d4f9e8b9fa h1:MFb4Q81BMqa0vL64v/i3mel9C+XQkVnwgWqWbmqv10U= -github.com/yandex-cloud/go-genproto v0.0.0-20240722173647-40d4f9e8b9fa/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240722174019-5ac55728f8d8 h1:8820Gy661iOP7y5nQoEKwyltYe29nSfQH4xS4cs4Fcc= -github.com/yandex-cloud/go-sdk v0.0.0-20240722174019-5ac55728f8d8/go.mod h1:2ru61HUofl3wPD6tcNmLfUEAZD4WH2eOw1hLG71TQp4= +github.com/yandex-cloud/go-genproto v0.0.0-20240729164347-c5b523b251a7 h1:KiwgZY3H+1+i6sUMCPRtptr7QAAvlXG/q8gL9D/9wmg= +github.com/yandex-cloud/go-genproto v0.0.0-20240729164347-c5b523b251a7/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240729164733-eb9da8ab7eda h1:lIwcS6p8UVYbqb9gN1L2oCw8KHAa1ZU1524LormjY3s= +github.com/yandex-cloud/go-sdk v0.0.0-20240729164733-eb9da8ab7eda/go.mod h1:t0kDgvr7a33/CeWw7wDb36PRV+H2VFkpZb01AItuikA= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -774,8 +774,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= -golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= +golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -841,8 +841,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.21.0 h1:tsimM75w1tF/uws5rbeHzIWxEqElMehnc+iW793zsZs= -golang.org/x/oauth2 v0.21.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= +golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -856,8 +856,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= -golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= +golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -922,8 +922,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= -golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= +golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -960,8 +960,8 @@ golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.5.0 h1:o7cqy6amK/52YcAKIPlM3a+Fpj35zvRj2TP+e1xFSfk= -golang.org/x/time v0.5.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= +golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -1045,8 +1045,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.189.0 h1:equMo30LypAkdkLMBqfeIqtyAnlyig1JSZArl4XPwdI= -google.golang.org/api v0.189.0/go.mod h1:FLWGJKb0hb+pU2j+rJqwbnsF+ym+fQs73rbJ+KAUgy8= +google.golang.org/api v0.190.0 h1:ASM+IhLY1zljNdLu19W1jTmU6A+gMk6M46Wlur61s+Q= +google.golang.org/api v0.190.0/go.mod h1:QIr6I9iedBLnfqoD6L6Vze1UvS5Hzj5r2aUBOaZnLHo= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1096,12 +1096,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f h1:htT2I9bZvGm+110zq8bIErMX+WgBWxCzV3ChwbvnKnc= -google.golang.org/genproto v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:Sk3mLpoDFTAp6R4OvlcUgaG4ISTspKeFsIAXMn9Bm4Y= -google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f h1:b1Ln/PG8orm0SsBbHZWke8dDp2lrCD4jSmfglFpTZbk= -google.golang.org/genproto/googleapis/api v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:AHT0dDg3SoMOgZGnZk29b5xTbPHMoEC8qthmBLJCpys= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f h1:RARaIm8pxYuxyNPbBQf5igT7XdOyCNtat1qAT2ZxjU4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240725223205-93522f1f2a9f/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf h1:OqdXDEakZCVtDiZTjcxfwbHPCT11ycCEsTKesBVKvyY= +google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:mCr1K1c8kX+1iSBREvU3Juo11CB+QOEWxbRS01wWl5M= +google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf h1:GillM0Ef0pkZPIB+5iO6SDK+4T9pf6TpaYR6ICD5rVE= +google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:OFMYQFHJ4TM3JRlWDZhJbZfra2uqc3WLBZiaaqP4DtU= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1193,8 +1193,8 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c h1:CHL3IcTrTI3csK36iwYJy36uQRic+IpSoRMNH+0I8SE= -k8s.io/kube-openapi v0.0.0-20240726031636-6f6746feab9c/go.mod h1:0CVn9SVo8PeW5/JgsBZZIFmmTk5noOM8WXf2e1tCihE= +k8s.io/kube-openapi v0.0.0-20240730131305-7a9a4e85957e h1:OnKkExfhk4yxMqvBSPzUfhv3zQ96FWJ+UOZzLrAFyAo= +k8s.io/kube-openapi v0.0.0-20240730131305-7a9a4e85957e/go.mod h1:0CVn9SVo8PeW5/JgsBZZIFmmTk5noOM8WXf2e1tCihE= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= From b85e22997043a8ee90108aa0e35f53082354874f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Aug 2024 08:49:16 +0200 Subject: [PATCH 218/517] chore(deps): bump golangci/golangci-lint-action from 6.0.1 to 6.1.0 (#3765) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.0.1 to 6.1.0. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/a4f60bb28d35aeee14e6880718e0c85ff1882e64...aaa42aa0628b4ae2578232a66b541047968fac86) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4c30307e1e6..6187e912c4e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -59,7 +59,7 @@ jobs: run: go mod download - name: Lint - uses: golangci/golangci-lint-action@a4f60bb28d35aeee14e6880718e0c85ff1882e64 # v6.0.1 + uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 with: version: ${{ env.GOLANGCI_VERSION }} skip-pkg-cache: true From e359df615a5174a4ace63a8063f7cfefa5cbd629 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 6 Aug 2024 08:50:43 +0200 Subject: [PATCH 219/517] chore(deps): bump docker/setup-buildx-action from 3.5.0 to 3.6.1 (#3764) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.5.0 to 3.6.1. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/aa33708b10e362ff993539393ff100fa93ed6a27...988b5a0280414f521da01fcc63a27aeeb4b104db) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index e38d280adce..9e9ae09ce6e 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -60,7 +60,7 @@ jobs: platforms: all - name: Setup Docker Buildx - uses: docker/setup-buildx-action@aa33708b10e362ff993539393ff100fa93ed6a27 # v3.5.0 + uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 with: version: 'v0.4.2' install: true From 77f5d0ad91a73d3207321b838075878b1eea1b65 Mon Sep 17 00:00:00 2001 From: btfhernandez <133419363+btfhernandez@users.noreply.github.com> Date: Wed, 7 Aug 2024 02:27:04 -0500 Subject: [PATCH 220/517] feat: add beyondtrust provider (#3683) * feat: add beyondtrust provider Signed-off-by: Felipe Hernandez * feat: edit go.mod and go.sum files Signed-off-by: Felipe Hernandez * feat: change test file name (provider_test.go) Signed-off-by: Felipe Hernandez * feat: solve PR comments Signed-off-by: Felipe Hernandez * feat: organize attributes in a higher hierarchy Signed-off-by: Felipe Hernandez * fix: fix sonar cloud issues and go.mod file conflicts Signed-off-by: Felipe Hernandez * fix: fix PR comments and apply table driven tests Signed-off-by: Felipe Hernandez * fix: fix PR comments Signed-off-by: Felipe Hernandez * fix: fix lint issues Signed-off-by: Felipe Hernandez * fix: fix lint issues on tests Signed-off-by: Felipe Hernandez * fix: run make fmt Signed-off-by: Felipe Hernandez * fix: apply camelCase to yaml attributes Signed-off-by: Felipe Hernandez * fix: solve go.mod file conflict Signed-off-by: Felipe Hernandez * fix: run make check-diff Signed-off-by: Felipe Hernandez --------- Signed-off-by: Felipe Hernandez Signed-off-by: btfhernandez <133419363+btfhernandez@users.noreply.github.com> --- .../v1beta1/secretstore_beyondtrust_types.go | 63 ++++ .../v1beta1/secretstore_types.go | 4 + .../v1beta1/zz_generated.deepcopy.go | 100 ++++++ ...ternal-secrets.io_clustersecretstores.yaml | 150 ++++++++ .../external-secrets.io_secretstores.yaml | 150 ++++++++ deploy/crds/bundle.yaml | 256 +++++++++++++ docs/api/spec.md | 243 +++++++++++++ docs/introduction/stability-support.md | 2 + docs/provider/beyondtrust.md | 124 +++++++ .../snippets/beyondtrust-external-secret.yaml | 16 + docs/snippets/beyondtrust-secret-store.yaml | 29 ++ go.mod | 2 + go.sum | 4 + pkg/provider/beyondtrust/provider.go | 338 ++++++++++++++++++ pkg/provider/beyondtrust/provider_test.go | 285 +++++++++++++++ pkg/provider/register/register.go | 1 + 16 files changed, 1767 insertions(+) create mode 100644 apis/externalsecrets/v1beta1/secretstore_beyondtrust_types.go create mode 100644 docs/provider/beyondtrust.md create mode 100644 docs/snippets/beyondtrust-external-secret.yaml create mode 100644 docs/snippets/beyondtrust-secret-store.yaml create mode 100644 pkg/provider/beyondtrust/provider.go create mode 100644 pkg/provider/beyondtrust/provider_test.go diff --git a/apis/externalsecrets/v1beta1/secretstore_beyondtrust_types.go b/apis/externalsecrets/v1beta1/secretstore_beyondtrust_types.go new file mode 100644 index 00000000000..2d9663e229a --- /dev/null +++ b/apis/externalsecrets/v1beta1/secretstore_beyondtrust_types.go @@ -0,0 +1,63 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" + +type BeyondTrustProviderSecretRef struct { + + // Value can be specified directly to set a value without using a secret. + // +optional + Value string `json:"value,omitempty"` + + // SecretRef references a key in a secret that will be used as value. + // +optional + SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"` +} + +// Configures a store to sync secrets using BeyondTrust Password Safe. +type BeyondtrustAuth struct { + // +required - API OAuth Client ID. + ClientID *BeyondTrustProviderSecretRef `json:"clientId"` + // +required - API OAuth Client Secret. + ClientSecret *BeyondTrustProviderSecretRef `json:"clientSecret"` + // Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. + Certificate *BeyondTrustProviderSecretRef `json:"certificate,omitempty"` + // Certificate private key (key.pem). For use when authenticating with an OAuth client Id + CertificateKey *BeyondTrustProviderSecretRef `json:"certificateKey,omitempty"` +} + +// Configures a store to sync secrets using BeyondTrust Password Safe. +type BeyondtrustServer struct { + // +required - BeyondTrust Password Safe API URL. https://example.com:443/beyondtrust/api/public/V3. + APIURL string `json:"apiUrl"` + // The secret retrieval type. SECRET = Secrets Safe (credential, text, file). MANAGED_ACCOUNT = Password Safe account associated with a system. + RetrievalType string `json:"retrievalType,omitempty"` + // A character that separates the folder names. + Separator string `json:"separator,omitempty"` + // +required - Indicates whether to verify the certificate authority on the Secrets Safe instance. Warning - false is insecure, instructs the BT provider not to verify the certificate authority. + VerifyCA bool `json:"verifyCA"` + // Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. Defaults to 45 seconds. + ClientTimeOutSeconds int `json:"clientTimeOutSeconds,omitempty"` +} + +type BeyondtrustProvider struct { + + // Auth configures how the operator authenticates with Beyondtrust. + Auth *BeyondtrustAuth `json:"auth"` + + // Auth configures how API server works. + Server *BeyondtrustServer `json:"server"` +} diff --git a/apis/externalsecrets/v1beta1/secretstore_types.go b/apis/externalsecrets/v1beta1/secretstore_types.go index d482c078c64..899194ab9ff 100644 --- a/apis/externalsecrets/v1beta1/secretstore_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_types.go @@ -185,6 +185,10 @@ type SecretStoreProvider struct { // Infisical configures this store to sync secrets using the Infisical provider // +optional Infisical *InfisicalProvider `json:"infisical,omitempty"` + + // Beyondtrust configures this store to sync secrets using Password Safe provider. + // +optional + Beyondtrust *BeyondtrustProvider `json:"beyondtrust,omitempty"` } type CAProviderType string diff --git a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go index 3f984750661..97f336f12d0 100644 --- a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go @@ -391,6 +391,101 @@ func (in *AzureKVProvider) DeepCopy() *AzureKVProvider { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BeyondTrustProviderSecretRef) DeepCopyInto(out *BeyondTrustProviderSecretRef) { + *out = *in + if in.SecretRef != nil { + in, out := &in.SecretRef, &out.SecretRef + *out = new(metav1.SecretKeySelector) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BeyondTrustProviderSecretRef. +func (in *BeyondTrustProviderSecretRef) DeepCopy() *BeyondTrustProviderSecretRef { + if in == nil { + return nil + } + out := new(BeyondTrustProviderSecretRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BeyondtrustAuth) DeepCopyInto(out *BeyondtrustAuth) { + *out = *in + if in.ClientID != nil { + in, out := &in.ClientID, &out.ClientID + *out = new(BeyondTrustProviderSecretRef) + (*in).DeepCopyInto(*out) + } + if in.ClientSecret != nil { + in, out := &in.ClientSecret, &out.ClientSecret + *out = new(BeyondTrustProviderSecretRef) + (*in).DeepCopyInto(*out) + } + if in.Certificate != nil { + in, out := &in.Certificate, &out.Certificate + *out = new(BeyondTrustProviderSecretRef) + (*in).DeepCopyInto(*out) + } + if in.CertificateKey != nil { + in, out := &in.CertificateKey, &out.CertificateKey + *out = new(BeyondTrustProviderSecretRef) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BeyondtrustAuth. +func (in *BeyondtrustAuth) DeepCopy() *BeyondtrustAuth { + if in == nil { + return nil + } + out := new(BeyondtrustAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BeyondtrustProvider) DeepCopyInto(out *BeyondtrustProvider) { + *out = *in + if in.Auth != nil { + in, out := &in.Auth, &out.Auth + *out = new(BeyondtrustAuth) + (*in).DeepCopyInto(*out) + } + if in.Server != nil { + in, out := &in.Server, &out.Server + *out = new(BeyondtrustServer) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BeyondtrustProvider. +func (in *BeyondtrustProvider) DeepCopy() *BeyondtrustProvider { + if in == nil { + return nil + } + out := new(BeyondtrustProvider) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *BeyondtrustServer) DeepCopyInto(out *BeyondtrustServer) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BeyondtrustServer. +func (in *BeyondtrustServer) DeepCopy() *BeyondtrustServer { + if in == nil { + return nil + } + out := new(BeyondtrustServer) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BitwardenSecretsManagerAuth) DeepCopyInto(out *BitwardenSecretsManagerAuth) { *out = *in @@ -2543,6 +2638,11 @@ func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider) { *out = new(InfisicalProvider) (*in).DeepCopyInto(*out) } + if in.Beyondtrust != nil { + in, out := &in.Beyondtrust, &out.Beyondtrust + *out = new(BeyondtrustProvider) + (*in).DeepCopyInto(*out) + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretStoreProvider. diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 9b7ff0ca247..0649370bbd1 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2297,6 +2297,156 @@ spec: required: - vaultUrl type: object + beyondtrust: + description: Beyondtrust configures this store to sync secrets + using Password Safe provider. + properties: + auth: + description: Auth configures how the operator authenticates + with Beyondtrust. + properties: + certificate: + description: Content of the certificate (cert.pem) for + use when authenticating with an OAuth client Id using + a Client Certificate. + properties: + secretRef: + description: SecretRef references a key in a secret + that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set + a value without using a secret. + type: string + type: object + certificateKey: + description: Certificate private key (key.pem). For use + when authenticating with an OAuth client Id + properties: + secretRef: + description: SecretRef references a key in a secret + that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set + a value without using a secret. + type: string + type: object + clientId: + properties: + secretRef: + description: SecretRef references a key in a secret + that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set + a value without using a secret. + type: string + type: object + clientSecret: + properties: + secretRef: + description: SecretRef references a key in a secret + that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set + a value without using a secret. + type: string + type: object + required: + - clientId + - clientSecret + type: object + server: + description: Auth configures how API server works. + properties: + apiUrl: + type: string + clientTimeOutSeconds: + description: Timeout specifies a time limit for requests + made by this Client. The timeout includes connection + time, any redirects, and reading the response body. + Defaults to 45 seconds. + type: integer + retrievalType: + description: The secret retrieval type. SECRET = Secrets + Safe (credential, text, file). MANAGED_ACCOUNT = Password + Safe account associated with a system. + type: string + separator: + description: A character that separates the folder names. + type: string + verifyCA: + type: boolean + required: + - apiUrl + - verifyCA + type: object + required: + - auth + - server + type: object bitwardensecretsmanager: description: BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index ddde6176546..5579746d45a 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2297,6 +2297,156 @@ spec: required: - vaultUrl type: object + beyondtrust: + description: Beyondtrust configures this store to sync secrets + using Password Safe provider. + properties: + auth: + description: Auth configures how the operator authenticates + with Beyondtrust. + properties: + certificate: + description: Content of the certificate (cert.pem) for + use when authenticating with an OAuth client Id using + a Client Certificate. + properties: + secretRef: + description: SecretRef references a key in a secret + that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set + a value without using a secret. + type: string + type: object + certificateKey: + description: Certificate private key (key.pem). For use + when authenticating with an OAuth client Id + properties: + secretRef: + description: SecretRef references a key in a secret + that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set + a value without using a secret. + type: string + type: object + clientId: + properties: + secretRef: + description: SecretRef references a key in a secret + that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set + a value without using a secret. + type: string + type: object + clientSecret: + properties: + secretRef: + description: SecretRef references a key in a secret + that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set + a value without using a secret. + type: string + type: object + required: + - clientId + - clientSecret + type: object + server: + description: Auth configures how API server works. + properties: + apiUrl: + type: string + clientTimeOutSeconds: + description: Timeout specifies a time limit for requests + made by this Client. The timeout includes connection + time, any redirects, and reading the response body. + Defaults to 45 seconds. + type: integer + retrievalType: + description: The secret retrieval type. SECRET = Secrets + Safe (credential, text, file). MANAGED_ACCOUNT = Password + Safe account associated with a system. + type: string + separator: + description: A character that separates the folder names. + type: string + verifyCA: + type: boolean + required: + - apiUrl + - verifyCA + type: object + required: + - auth + - server + type: object bitwardensecretsmanager: description: BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index bb14b0da191..d12f62d53ed 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -2807,6 +2807,134 @@ spec: required: - vaultUrl type: object + beyondtrust: + description: Beyondtrust configures this store to sync secrets using Password Safe provider. + properties: + auth: + description: Auth configures how the operator authenticates with Beyondtrust. + properties: + certificate: + description: Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + certificateKey: + description: Certificate private key (key.pem). For use when authenticating with an OAuth client Id + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + clientId: + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + clientSecret: + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - clientId + - clientSecret + type: object + server: + description: Auth configures how API server works. + properties: + apiUrl: + type: string + clientTimeOutSeconds: + description: Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. Defaults to 45 seconds. + type: integer + retrievalType: + description: The secret retrieval type. SECRET = Secrets Safe (credential, text, file). MANAGED_ACCOUNT = Password Safe account associated with a system. + type: string + separator: + description: A character that separates the folder names. + type: string + verifyCA: + type: boolean + required: + - apiUrl + - verifyCA + type: object + required: + - auth + - server + type: object bitwardensecretsmanager: description: BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider properties: @@ -8441,6 +8569,134 @@ spec: required: - vaultUrl type: object + beyondtrust: + description: Beyondtrust configures this store to sync secrets using Password Safe provider. + properties: + auth: + description: Auth configures how the operator authenticates with Beyondtrust. + properties: + certificate: + description: Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + certificateKey: + description: Certificate private key (key.pem). For use when authenticating with an OAuth client Id + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + clientId: + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + clientSecret: + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - clientId + - clientSecret + type: object + server: + description: Auth configures how API server works. + properties: + apiUrl: + type: string + clientTimeOutSeconds: + description: Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. Defaults to 45 seconds. + type: integer + retrievalType: + description: The secret retrieval type. SECRET = Secrets Safe (credential, text, file). MANAGED_ACCOUNT = Password Safe account associated with a system. + type: string + separator: + description: A character that separates the folder names. + type: string + verifyCA: + type: boolean + required: + - apiUrl + - verifyCA + type: object + required: + - auth + - server + type: object bitwardensecretsmanager: description: BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider properties: diff --git a/docs/api/spec.md b/docs/api/spec.md index d9268f3c9d6..9eda91245fc 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -1013,6 +1013,235 @@ string +

BeyondTrustProviderSecretRef +

+

+(Appears on: +BeyondtrustAuth) +

+

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+value
+ +string + +		 +(Optional) +

Value can be specified directly to set a value without using a secret.

+
+secretRef
+ + +External Secrets meta/v1.SecretKeySelector + + +		 +(Optional) +

SecretRef references a key in a secret that will be used as value.

+
+

BeyondtrustAuth +

+

+(Appears on: +BeyondtrustProvider) +

+

+

Configures a store to sync secrets using BeyondTrust Password Safe.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+clientId
+ + +BeyondTrustProviderSecretRef + + +		 +
+clientSecret
+ + +BeyondTrustProviderSecretRef + + +		 +
+certificate
+ + +BeyondTrustProviderSecretRef + + +		 +

Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate.

+
+certificateKey
+ + +BeyondTrustProviderSecretRef + + +		 +

Certificate private key (key.pem). For use when authenticating with an OAuth client Id

+
+

BeyondtrustProvider +

+

+(Appears on: +SecretStoreProvider) +

+

+

+ + + + + + + + + + + + + + + + + +
FieldDescription
+auth
+ + +BeyondtrustAuth + + +		 +

Auth configures how the operator authenticates with Beyondtrust.

+
+server
+ + +BeyondtrustServer + + +		 +

Auth configures how API server works.

+
+

BeyondtrustServer +

+

+(Appears on: +BeyondtrustProvider) +

+

+

Configures a store to sync secrets using BeyondTrust Password Safe.

+

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription
+apiUrl
+ +string + +		 +
+retrievalType
+ +string + +		 +

The secret retrieval type. SECRET = Secrets Safe (credential, text, file). MANAGED_ACCOUNT = Password Safe account associated with a system.

+
+separator
+ +string + +		 +

A character that separates the folder names.

+
+verifyCA
+ +bool + +		 +
+clientTimeOutSeconds
+ +int + +		 +

Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. Defaults to 45 seconds.

+

BitwardenSecretsManagerAuth

@@ -6660,6 +6889,20 @@ InfisicalProvider

Infisical configures this store to sync secrets using the Infisical provider

+ + +beyondtrust
+ + +BeyondtrustProvider + + + + +(Optional) +

Beyondtrust configures this store to sync secrets using Password Safe provider.

+ +

SecretStoreRef diff --git a/docs/introduction/stability-support.md b/docs/introduction/stability-support.md index d18d016d5eb..cc297f1691e 100644 --- a/docs/introduction/stability-support.md +++ b/docs/introduction/stability-support.md @@ -53,6 +53,7 @@ The following table describes the stability level of each provider and who's res | [Scaleway](https://external-secrets.io/latest/provider/scaleway) | alpha | [@azert9](https://github.com/azert9/) | | [Conjur](https://external-secrets.io/latest/provider/conjur) | stable | [@davidh-cyberark](https://github.com/davidh-cyberark/) [@szh](https://github.com/szh) | | [Delinea](https://external-secrets.io/latest/provider/delinea) | alpha | [@michaelsauter](https://github.com/michaelsauter/) | +| [Beyondtrust](https://external-secrets.io/latest/provider/beyondtrust) | alpha | [@btfhernandez](https://github.com/btfhernandez/) | | [SecretServer](https://external-secrets.io/latest/provider/secretserver) | alpha | [@billhamilton](https://github.com/pacificcode/) | | [Pulumi ESC](https://external-secrets.io/latest/provider/pulumi) | alpha | [@dirien](https://github.com/dirien) | | [Passbolt](https://external-secrets.io/latest/provider/passbolt) | alpha | | @@ -86,6 +87,7 @@ The following table show the support for features across different providers. | Scaleway | x | x | | | x | x | x | | Conjur | x | x | | | x | | | | Delinea | x | | | | x | | | +| Beyondtrust | x | | | | x | | | | SecretServer | x | | | | x | | | | Pulumi ESC | x | | | | x | | | | Passbolt | x | | | | x | | | diff --git a/docs/provider/beyondtrust.md b/docs/provider/beyondtrust.md new file mode 100644 index 00000000000..a7deb763ee3 --- /dev/null +++ b/docs/provider/beyondtrust.md @@ -0,0 +1,124 @@ +## BeyondTrust Password Safe + +External Secrets Operator integrates with [BeyondTrust Password Safe](https://www.beyondtrust.com/docs/beyondinsight-password-safe/). + +Warning: The External Secrets Operator secure usage involves taking several measures. Please see [Security Best Practices](https://external-secrets.io/latest/guides/security-best-practices/) for more information. + +Warning: If the BT provider secret is deleted it will still exist in the Kubernetes secrets. + +### Prerequisites +The BT provider supports retrieval of a secret from BeyondInsight/Password Safe versions 23.1 or greater. + +For this provider to retrieve a secret the Password Safe/Secrets Safe instance must be preconfigured with the secret in question and authorized to read it. + +### Authentication + +BeyondTrust [OAuth Authentication](https://www.beyondtrust.com/docs/beyondinsight-password-safe/ps/admin/configure-api-registration.htm). + +1. Create an API access registration in BeyondInsight +2. Create or use an existing Secrets Safe Group +3. Create or use an existing Application User +4. Add API registration to the Application user +5. Add the user to the group +6. Add the Secrets Safe Feature to the group + +> NOTE: The ClentID and ClientSecret must be stored in a Kubernetes secret in order for the SecretStore to read the configuration. + +```sh +kubectl create secret generic bt-secret --from-literal ClientSecret="" +kubectl create secret generic bt-id --from-literal ClientId="" +``` +### Client Certificate +Download the pfx certificate from Secrets Safe extract the certificate and create two Kubernetes secret. + +```sh +openssl pkcs12 -in client_certificate.pfx -nocerts -out ps_key.pem -nodes +openssl pkcs12 -in client_certificate.pfx -clcerts -nokeys -out ps_cert.pem + +# Copy the text from the ps_key.pem to a file. +-----BEGIN PRIVATE KEY----- +... +-----END PRIVATE KEY----- + +# Copy the text from the ps_cert.pem to a file. +-----BEGIN CERTIFICATE----- +... +-----END CERTIFICATE----- + +kubectl create secret generic bt-certificate --from-file=ClientCertificate=./ps_cert.pem +kubectl create secret generic bt-certificatekey --from-file=ClientCertificateKey=./ps_key.pem +``` + +### Creating a SecretStore + +You can follow the below example to create a `SecretStore` resource. +You can also use a `ClusterSecretStore` allowing you to reference secrets from all namespaces. [ClusterSecretStore](https://external-secrets.io/latest/api/clustersecretstore/) + +```sh +kubectl apply -f secret-store.yml +``` + +```yaml +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: secretstore-beyondtrust +spec: + provider: + beyondtrust: + apiurl: https://example.com:443/BeyondTrust/api/public/v3/ + certificate: + secretRef: + name: bt-certificate + key: ClientCertificate + certificatekey: + secretRef: + name: bt-certificatekey + key: ClientCertificateKey + clientsecret: + secretRef: + name: bt-secret + key: ClientSecret + clientid: + secretRef: + name: bt-id + key: ClientId + retrievaltype: MANAGED_ACCOUNT + verifyca: true + clienttimeoutseconds: 45 +``` + +### Creating a ExternalSecret + +You can follow the below example to create a `ExternalSecret` resource. Secrets can be referenced by path. +You can also use a `ClusterExternalSecret` allowing you to reference secrets from all namespaces. + +```sh +kubectl apply -f external-secret.yml +``` + +```yaml +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: beyondtrust-external-secret +spec: + refreshInterval: 300s + secretStoreRef: + kind: SecretStore + name: secretstore-beyondtrust + target: + name: my-beyondtrust-secret # name of secret to create in k8s secrets (etcd) + creationPolicy: Owner + data: + - secretKey: secretKey + remoteRef: + key: system01/managed_account01 +``` + +### Get the K8s secret + +```shell +# WARNING: this command will reveal the stored secret in plain text +kubectl get secret my-beyondtrust-secret -o jsonpath="{.data.secretKey}" | base64 --decode && echo +``` \ No newline at end of file diff --git a/docs/snippets/beyondtrust-external-secret.yaml b/docs/snippets/beyondtrust-external-secret.yaml new file mode 100644 index 00000000000..5dc92939ca4 --- /dev/null +++ b/docs/snippets/beyondtrust-external-secret.yaml @@ -0,0 +1,16 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: beyondtrust-external-secret +spec: + refreshInterval: 300s + secretStoreRef: + kind: SecretStore + name: secretstore-beyondtrust + target: + name: my-beyondtrust-secret # name of secret to create in k8s secrets (etcd) + creationPolicy: Owner + data: + - secretKey: secretKey + remoteRef: + key: system01/managed_account01 \ No newline at end of file diff --git a/docs/snippets/beyondtrust-secret-store.yaml b/docs/snippets/beyondtrust-secret-store.yaml new file mode 100644 index 00000000000..735e70822f9 --- /dev/null +++ b/docs/snippets/beyondtrust-secret-store.yaml @@ -0,0 +1,29 @@ +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: secretstore-beyondtrust +spec: + provider: + beyondtrust: + auth: + certificate: + secretRef: + name: bt-certificate + key: ClientCertificate + certificateKey: + secretRef: + name: bt-certificatekey + key: ClientCertificateKey + clientSecret: + secretRef: + name: bt-secret + key: ClientSecret + clientId: + secretRef: + name: bt-id + key: ClientId + server: + retrievalType: MANAGED_ACCOUNT + verifyCA: true + clientTimeOutSeconds: 45 + apiurl: https://example.ps-dev.beyondtrustcloud.com:443/BeyondTrust/api/public/v3/ \ No newline at end of file diff --git a/go.mod b/go.mod index 86840f7b643..aca569a5d5c 100644 --- a/go.mod +++ b/go.mod @@ -65,6 +65,7 @@ require ( dario.cat/mergo v1.0.0 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 + github.com/BeyondTrust/go-client-library-passwordsafe v0.6.0 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d @@ -76,6 +77,7 @@ require ( github.com/alibabacloud-go/tea-utils/v2 v2.0.6 github.com/aliyun/credentials-go v1.3.6 github.com/avast/retry-go/v4 v4.6.0 + github.com/cenkalti/backoff/v4 v4.3.0 github.com/cyberark/conjur-api-go v0.12.4 github.com/fortanix/sdkms-client-go v0.4.0 github.com/go-openapi/strfmt v0.23.0 diff --git a/go.sum b/go.sum index 6cdbfe7c0a0..afc21ff07a0 100644 --- a/go.sum +++ b/go.sum @@ -95,6 +95,8 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/BeyondTrust/go-client-library-passwordsafe v0.6.0 h1:3zdjZl8h3/9DzTnpWqAzhiUqMwIzpU+EL0grJ7BODV8= +github.com/BeyondTrust/go-client-library-passwordsafe v0.6.0/go.mod h1:TnbBwWYg9rtfDxQGF7pmD0gCPcbWgCUQIqum3dFMRTk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= @@ -201,6 +203,8 @@ github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7N github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M= github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= diff --git a/pkg/provider/beyondtrust/provider.go b/pkg/provider/beyondtrust/provider.go new file mode 100644 index 00000000000..024a9242778 --- /dev/null +++ b/pkg/provider/beyondtrust/provider.go @@ -0,0 +1,338 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implieclient. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package beyondtrust + +import ( + "context" + "errors" + "fmt" + "net/url" + "strings" + "time" + + auth "github.com/BeyondTrust/go-client-library-passwordsafe/api/authentication" + "github.com/BeyondTrust/go-client-library-passwordsafe/api/logging" + managed_account "github.com/BeyondTrust/go-client-library-passwordsafe/api/managed_account" + "github.com/BeyondTrust/go-client-library-passwordsafe/api/secrets" + "github.com/BeyondTrust/go-client-library-passwordsafe/api/utils" + "github.com/cenkalti/backoff/v4" + v1 "k8s.io/api/core/v1" + ctrl "sigs.k8s.io/controller-runtime" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + esoClient "github.com/external-secrets/external-secrets/pkg/utils" +) + +const ( + errNilStore = "nil store found" + errMissingStoreSpec = "store is missing spec" + errMissingProvider = "storeSpec is missing provider" + errInvalidProvider = "invalid provider spec. Missing field in store %s" + errInvalidHostURL = "invalid host URL" + errNoSuchKeyFmt = "no such key in secret: %q" + errInvalidRetrievalPath = "invalid retrieval path. Provide one path, separator and name" + errNotImplemented = "not implemented" +) + +var ( + errSecretRefAndValueConflict = errors.New("cannot specify both secret reference and value") + errMissingSecretName = errors.New("must specify a secret name") + errMissingSecretKey = errors.New("must specify a secret key") + ESOLogger = ctrl.Log.WithName("provider").WithName("beyondtrust") + maxFileSecretSizeBytes = 5000000 +) + +// Provider is a Password Safe secrets provider implementing NewClient and ValidateStore for the esv1beta1.Provider interface. +type Provider struct { + apiURL string + retrievaltype string + authenticate auth.AuthenticationObj + log logging.LogrLogger + separator string +} + +// Capabilities implements v1beta1.Provider. +func (*Provider) Capabilities() esv1beta1.SecretStoreCapabilities { + return esv1beta1.SecretStoreReadOnly +} + +// Close implements v1beta1.SecretsClient. +func (*Provider) Close(_ context.Context) error { + return nil +} + +// DeleteSecret implements v1beta1.SecretsClient. +func (*Provider) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { + return fmt.Errorf(errNotImplemented) +} + +// GetSecretMap implements v1beta1.SecretsClient. +func (*Provider) GetSecretMap(_ context.Context, _ esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { + return make(map[string][]byte), fmt.Errorf(errNotImplemented) +} + +// PushSecret implements v1beta1.SecretsClient. +func (*Provider) PushSecret(_ context.Context, _ *v1.Secret, _ esv1beta1.PushSecretData) error { + return fmt.Errorf(errNotImplemented) +} + +// Validate implements v1beta1.SecretsClient. +func (p *Provider) Validate() (esv1beta1.ValidationResult, error) { + timeout := 15 * time.Second + clientURL := p.apiURL + + if err := esoClient.NetworkValidate(clientURL, timeout); err != nil { + ESOLogger.Error(err, "Network Validate", "clientURL:", clientURL) + return esv1beta1.ValidationResultError, err + } + + return esv1beta1.ValidationResultReady, nil +} + +func (*Provider) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { + return false, fmt.Errorf(errNotImplemented) +} + +// NewClient this is where we initialize the SecretClient and return it for the controller to use. +func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Client, namespace string) (esv1beta1.SecretsClient, error) { + config := store.GetSpec().Provider.Beyondtrust + logger := logging.NewLogrLogger(&ESOLogger) + apiURL := config.Server.APIURL + certificate := "" + certificateKey := "" + clientTimeOutInSeconds := 45 + retryMaxElapsedTimeMinutes := 15 + separator := "/" + + if config.Server.Separator != "" { + separator = config.Server.Separator + } + + if config.Server.ClientTimeOutSeconds != 0 { + clientTimeOutInSeconds = config.Server.ClientTimeOutSeconds + } + + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.InitialInterval = 1 * time.Second + backoffDefinition.MaxElapsedTime = time.Duration(retryMaxElapsedTimeMinutes) * time.Second + backoffDefinition.RandomizationFactor = 0.5 + + clientID, err := loadConfigSecret(ctx, config.Auth.ClientID, kube, namespace) + if err != nil { + return nil, fmt.Errorf("error loading clientID: %w", err) + } + + clientSecret, err := loadConfigSecret(ctx, config.Auth.ClientSecret, kube, namespace) + if err != nil { + return nil, fmt.Errorf("error loading clientSecret: %w", err) + } + + if config.Auth.Certificate != nil && config.Auth.CertificateKey != nil { + loadedCertificate, err := loadConfigSecret(ctx, config.Auth.Certificate, kube, namespace) + if err != nil { + return nil, fmt.Errorf("error loading Certificate: %w", err) + } + + certificate = loadedCertificate + + loadedCertificateKey, err := loadConfigSecret(ctx, config.Auth.CertificateKey, kube, namespace) + if err != nil { + return nil, fmt.Errorf("error loading Certificate Key: %w", err) + } + + certificateKey = loadedCertificateKey + } + + // Create an instance of ValidationParams + params := utils.ValidationParams{ + ClientID: clientID, + ClientSecret: clientSecret, + ApiUrl: &apiURL, + ClientTimeOutInSeconds: clientTimeOutInSeconds, + Separator: &separator, + VerifyCa: config.Server.VerifyCA, + Logger: logger, + Certificate: certificate, + CertificateKey: certificateKey, + RetryMaxElapsedTimeMinutes: &retryMaxElapsedTimeMinutes, + MaxFileSecretSizeBytes: &maxFileSecretSizeBytes, + } + + errorsInInputs := utils.ValidateInputs(params) + + if errorsInInputs != nil { + return nil, fmt.Errorf("error in Inputs: %w", errorsInInputs) + } + + // creating a http client + httpClientObj, err := utils.GetHttpClient(clientTimeOutInSeconds, config.Server.VerifyCA, certificate, certificateKey, logger) + + if err != nil { + return nil, fmt.Errorf("error creating http client: %w", err) + } + + // instantiating authenticate obj, injecting httpClient object + authenticate, _ := auth.Authenticate(*httpClientObj, backoffDefinition, apiURL, clientID, clientSecret, logger, retryMaxElapsedTimeMinutes) + + return &Provider{ + apiURL: config.Server.APIURL, + retrievaltype: config.Server.RetrievalType, + authenticate: *authenticate, + log: *logger, + separator: separator, + }, nil +} + +func loadConfigSecret(ctx context.Context, ref *esv1beta1.BeyondTrustProviderSecretRef, kube client.Client, defaultNamespace string) (string, error) { + if ref.SecretRef == nil { + return ref.Value, nil + } + + if err := validateSecretRef(ref); err != nil { + return "", err + } + + namespace := defaultNamespace + if ref.SecretRef.Namespace != nil { + namespace = *ref.SecretRef.Namespace + } + + ESOLogger.Info("using k8s secret", "name:", ref.SecretRef.Name, "namespace:", namespace) + objKey := client.ObjectKey{Namespace: namespace, Name: ref.SecretRef.Name} + secret := v1.Secret{} + err := kube.Get(ctx, objKey, &secret) + if err != nil { + return "", err + } + + value, ok := secret.Data[ref.SecretRef.Key] + if !ok { + return "", fmt.Errorf(errNoSuchKeyFmt, ref.SecretRef.Key) + } + + return string(value), nil +} + +func validateSecretRef(ref *esv1beta1.BeyondTrustProviderSecretRef) error { + if ref.SecretRef != nil { + if ref.Value != "" { + return errSecretRefAndValueConflict + } + if ref.SecretRef.Name == "" { + return errMissingSecretName + } + if ref.SecretRef.Key == "" { + return errMissingSecretKey + } + } + + return nil +} + +func (p *Provider) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { + return nil, fmt.Errorf("GetAllSecrets not implemented") +} + +// GetSecret reads the secret from the Password Safe server and returns it. The controller uses the value here to +// create the Kubernetes secret. +func (p *Provider) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { + managedAccountType := !strings.EqualFold(p.retrievaltype, "SECRET") + + retrievalPaths := utils.ValidatePaths([]string{ref.Key}, managedAccountType, p.separator, &p.log) + + if len(retrievalPaths) != 1 { + return nil, fmt.Errorf(errInvalidRetrievalPath) + } + + retrievalPath := retrievalPaths[0] + + _, err := p.authenticate.GetPasswordSafeAuthentication() + if err != nil { + return nil, fmt.Errorf("error getting authentication: %w", err) + } + + managedFetch := func() (string, error) { + ESOLogger.Info("retrieve managed account value", "retrievalPath:", retrievalPath) + manageAccountObj, _ := managed_account.NewManagedAccountObj(p.authenticate, &p.log) + return manageAccountObj.GetSecret(retrievalPath, p.separator) + } + unmanagedFetch := func() (string, error) { + ESOLogger.Info("retrieve secrets safe value", "retrievalPath:", retrievalPath) + secretObj, _ := secrets.NewSecretObj(p.authenticate, &p.log, maxFileSecretSizeBytes) + return secretObj.GetSecret(retrievalPath, p.separator) + } + fetch := unmanagedFetch + if managedAccountType { + fetch = managedFetch + } + returnSecret, err := fetch() + if err != nil { + if serr := p.authenticate.SignOut(); serr != nil { + return nil, errors.Join(err, serr) + } + return nil, fmt.Errorf("error getting secret/managed account: %w", err) + } + return []byte(returnSecret), nil +} + +// ValidateStore validates the store configuration to prevent unexpected errors. +func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error) { + if store == nil { + return nil, fmt.Errorf(errNilStore) + } + + spec := store.GetSpec() + + if spec == nil { + return nil, fmt.Errorf(errMissingStoreSpec) + } + + if spec.Provider == nil { + return nil, fmt.Errorf(errMissingProvider) + } + + provider := spec.Provider.Beyondtrust + if provider == nil { + return nil, fmt.Errorf(errInvalidProvider, store.GetObjectMeta().String()) + } + + apiURL, err := url.Parse(provider.Server.APIURL) + if err != nil { + return nil, fmt.Errorf(errInvalidHostURL) + } + + if provider.Auth.ClientID.SecretRef != nil { + return nil, err + } + + if provider.Auth.ClientSecret.SecretRef != nil { + return nil, err + } + + if apiURL.Host == "" { + return nil, fmt.Errorf(errInvalidHostURL) + } + + return nil, nil +} + +// registers the provider object to process on each reconciliation loop. +func init() { + esv1beta1.Register(&Provider{}, &esv1beta1.SecretStoreProvider{ + Beyondtrust: &esv1beta1.BeyondtrustProvider{}, + }) +} diff --git a/pkg/provider/beyondtrust/provider_test.go b/pkg/provider/beyondtrust/provider_test.go new file mode 100644 index 00000000000..37bb6a4af31 --- /dev/null +++ b/pkg/provider/beyondtrust/provider_test.go @@ -0,0 +1,285 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + http://www.apache.org/licenses/LICENSE-2.0 +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implieclient. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package beyondtrust + +import ( + "context" + "net/http" + "net/http/httptest" + "testing" + + "github.com/stretchr/testify/assert" + "k8s.io/client-go/tools/clientcmd" + clientcmdapi "k8s.io/client-go/tools/clientcmd/api" + kubeclient "sigs.k8s.io/controller-runtime/pkg/client" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" +) + +const ( + errTestCase = "Test case Failed" + fakeAPIURL = "https://example.com:443/BeyondTrust/api/public/v3/" + clientID = "12345678-25fg-4b05-9ced-35e7dd5093ae" + clientSecret = "12345678-25fg-4b05-9ced-35e7dd5093ae" +) + +func createMockPasswordSafeClient(t *testing.T) kubeclient.Client { + server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { + switch r.URL.Path { + case "/Auth/SignAppin": + _, err := w.Write([]byte(`{"UserId":1, "EmailAddress":"fake@beyondtrust.com"}`)) + if err != nil { + t.Error(errTestCase) + } + + case "/Auth/Signout": + _, err := w.Write([]byte(``)) + if err != nil { + t.Error(errTestCase) + } + + case "/secrets-safe/secrets": + _, err := w.Write([]byte(`[{"SecretType": "FILE", "Password": "credential_in_sub_3_password","Id": "12345678-07d6-4955-175a-08db047219ce","Title": "credential_in_sub_3"}]`)) + if err != nil { + t.Error(errTestCase) + } + + case "/secrets-safe/secrets/12345678-07d6-4955-175a-08db047219ce/file/download": + _, err := w.Write([]byte(`fake_password`)) + if err != nil { + t.Error(errTestCase) + } + + default: + http.NotFound(w, r) + } + })) + t.Cleanup(server.Close) + + clientConfig := clientcmd.NewDefaultClientConfig(clientcmdapi.Config{ + Clusters: map[string]*clientcmdapi.Cluster{ + "test": { + Server: server.URL, + }, + }, + AuthInfos: map[string]*clientcmdapi.AuthInfo{ + "test": { + Token: "token", + }, + }, + Contexts: map[string]*clientcmdapi.Context{ + "test": { + Cluster: "test", + AuthInfo: "test", + }, + }, + CurrentContext: "test", + }, &clientcmd.ConfigOverrides{}) + + restConfig, err := clientConfig.ClientConfig() + assert.Nil(t, err) + c, err := kubeclient.New(restConfig, kubeclient.Options{}) + assert.Nil(t, err) + + return c +} + +func TestNewClient(t *testing.T) { + type args struct { + store esv1beta1.SecretStore + kube kubeclient.Client + provider esv1beta1.Provider + } + tests := []struct { + name string + nameSpace string + args args + validateErrorNil bool + validateErrorText bool + expectedErrorText string + }{ + { + name: "Client ok", + nameSpace: "test", + args: args{ + store: esv1beta1.SecretStore{ + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + Beyondtrust: &esv1beta1.BeyondtrustProvider{ + Server: &esv1beta1.BeyondtrustServer{ + APIURL: fakeAPIURL, + RetrievalType: "SECRET", + }, + + Auth: &esv1beta1.BeyondtrustAuth{ + ClientID: &esv1beta1.BeyondTrustProviderSecretRef{ + Value: clientID, + }, + ClientSecret: &esv1beta1.BeyondTrustProviderSecretRef{ + Value: clientSecret, + }, + }, + }, + }, + }, + }, + kube: createMockPasswordSafeClient(t), + provider: &Provider{}, + }, + validateErrorNil: true, + validateErrorText: false, + }, + { + name: "Bad Client Id", + nameSpace: "test", + args: args{ + store: esv1beta1.SecretStore{ + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + Beyondtrust: &esv1beta1.BeyondtrustProvider{ + Server: &esv1beta1.BeyondtrustServer{ + APIURL: fakeAPIURL, + RetrievalType: "SECRET", + }, + + Auth: &esv1beta1.BeyondtrustAuth{ + ClientID: &esv1beta1.BeyondTrustProviderSecretRef{ + Value: "6138d050", + }, + ClientSecret: &esv1beta1.BeyondTrustProviderSecretRef{ + Value: clientSecret, + }, + }, + }, + }, + }, + }, + kube: createMockPasswordSafeClient(t), + provider: &Provider{}, + }, + validateErrorNil: false, + validateErrorText: true, + expectedErrorText: "error in Inputs: Key: 'UserInputValidaton.ClientId' Error:Field validation for 'ClientId' failed on the 'min' tag", + }, + { + name: "Bad Client Secret", + nameSpace: "test", + args: args{ + store: esv1beta1.SecretStore{ + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + Beyondtrust: &esv1beta1.BeyondtrustProvider{ + Server: &esv1beta1.BeyondtrustServer{ + APIURL: fakeAPIURL, + RetrievalType: "SECRET", + }, + + Auth: &esv1beta1.BeyondtrustAuth{ + ClientSecret: &esv1beta1.BeyondTrustProviderSecretRef{ + Value: "8i7U0Yulabon8mTc", + }, + ClientID: &esv1beta1.BeyondTrustProviderSecretRef{ + Value: clientID, + }, + }, + }, + }, + }, + }, + kube: createMockPasswordSafeClient(t), + provider: &Provider{}, + }, + validateErrorNil: false, + validateErrorText: true, + expectedErrorText: "error in Inputs: Key: 'UserInputValidaton.ClientSecret' Error:Field validation for 'ClientSecret' failed on the 'min' tag", + }, + { + name: "Bad Separator", + nameSpace: "test", + args: args{ + store: esv1beta1.SecretStore{ + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + Beyondtrust: &esv1beta1.BeyondtrustProvider{ + Server: &esv1beta1.BeyondtrustServer{ + APIURL: fakeAPIURL, + Separator: "//", + RetrievalType: "SECRET", + }, + Auth: &esv1beta1.BeyondtrustAuth{ + ClientID: &esv1beta1.BeyondTrustProviderSecretRef{ + Value: clientID, + }, + ClientSecret: &esv1beta1.BeyondTrustProviderSecretRef{ + Value: clientSecret, + }, + }, + }, + }, + }, + }, + kube: createMockPasswordSafeClient(t), + provider: &Provider{}, + }, + validateErrorNil: false, + validateErrorText: true, + expectedErrorText: "error in Inputs: Key: 'UserInputValidaton.Separator' Error:Field validation for 'Separator' failed on the 'max' tag", + }, + { + name: "Time Out", + nameSpace: "test", + args: args{ + store: esv1beta1.SecretStore{ + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + Beyondtrust: &esv1beta1.BeyondtrustProvider{ + Server: &esv1beta1.BeyondtrustServer{ + APIURL: fakeAPIURL, + Separator: "/", + ClientTimeOutSeconds: 400, + RetrievalType: "SECRET", + }, + Auth: &esv1beta1.BeyondtrustAuth{ + ClientID: &esv1beta1.BeyondTrustProviderSecretRef{ + Value: clientID, + }, + ClientSecret: &esv1beta1.BeyondTrustProviderSecretRef{ + Value: clientSecret, + }, + }, + }, + }, + }, + }, + kube: createMockPasswordSafeClient(t), + provider: &Provider{}, + }, + validateErrorNil: false, + validateErrorText: true, + expectedErrorText: "error in Inputs: Key: 'UserInputValidaton.ClientTimeOutinSeconds' Error:Field validation for 'ClientTimeOutinSeconds' failed on the 'lte' tag", + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + _, err := tt.args.provider.NewClient(context.Background(), &tt.args.store, tt.args.kube, tt.nameSpace) + if err != nil && tt.validateErrorNil { + t.Errorf("ProviderBeyondtrust.NewClient() error = %v", err) + } + + if err != nil && tt.validateErrorText { + assert.Equal(t, err.Error(), tt.expectedErrorText) + } + }) + } +} diff --git a/pkg/provider/register/register.go b/pkg/provider/register/register.go index ab0e5407f45..9920381bfce 100644 --- a/pkg/provider/register/register.go +++ b/pkg/provider/register/register.go @@ -21,6 +21,7 @@ import ( _ "github.com/external-secrets/external-secrets/pkg/provider/alibaba" _ "github.com/external-secrets/external-secrets/pkg/provider/aws" _ "github.com/external-secrets/external-secrets/pkg/provider/azure/keyvault" + _ "github.com/external-secrets/external-secrets/pkg/provider/beyondtrust" _ "github.com/external-secrets/external-secrets/pkg/provider/bitwarden" _ "github.com/external-secrets/external-secrets/pkg/provider/chef" _ "github.com/external-secrets/external-secrets/pkg/provider/conjur" From d230fd7e9f28873acd4d22a6eff1175c1bdccc74 Mon Sep 17 00:00:00 2001 From: Kris Date: Thu, 8 Aug 2024 19:48:08 +1000 Subject: [PATCH 221/517] chore: add minimal policy for fetching parameters from ssm (#3770) Signed-off-by: Kris Johnstone --- docs/provider/aws-parameter-store.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/docs/provider/aws-parameter-store.md b/docs/provider/aws-parameter-store.md index aeff67a16bf..e35f92e808a 100644 --- a/docs/provider/aws-parameter-store.md +++ b/docs/provider/aws-parameter-store.md @@ -21,6 +21,8 @@ way users of the `SecretStore` can only access the secrets necessary. ### IAM Policy +#### Fetching Parameters + The example policy below shows the minimum required permissions for fetching SSM parameters. This policy permits pinning down access to secrets with a path matching `dev-*`. Other operations may require additional permission. For example, finding parameters based on tags will also require `ssm:DescribeParameters` and `tag:GetResources` permission with `"Resource": "*"`. Generally, the specific permission required will be logged as an error if an operation fails. For further information see [AWS Documentation](https://docs.aws.amazon.com/systems-manager/latest/userguide/sysman-paramstore-access.html). @@ -40,11 +42,29 @@ For further information see [AWS Documentation](https://docs.aws.amazon.com/syst } ``` +#### Pushing Parameters + +The example policy below shows the minimum required permissions for pushing SSM parameters. Like with the fetching policy it restricts the path in which it can push secrets too. + +``` json +{ + "Action": [ + "ssm:GetParameter*", + "ssm:PutParameter*", + "ssm:AddTagsToResource", + "ssm:ListTagsForResource" + ], + "Effect": "Allow", + "Resource": "arn:aws:ssm:us-east-2:1234567889911:parameter/dev-*" +} +``` + ### JSON Secret Values You can store JSON objects in a parameter. You can access nested values or arrays using [gjson syntax](https://github.com/tidwall/gjson/blob/master/SYNTAX.md): Consider the following JSON object that is stored in the Parameter Store key `friendslist`: + ``` json { "name": {"first": "Tom", "last": "Anderson"}, @@ -57,6 +77,7 @@ Consider the following JSON object that is stored in the Parameter Store key `fr ``` This is an example on how you would look up nested keys in the above json object: + ``` yaml apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret @@ -87,6 +108,7 @@ spec: key: database-credentials property: dev ``` + ### Parameter Versions ParameterStore creates a new version of a parameter every time it is updated with a new value. The parameter can be referenced via the `version` property From ea86507b9cddeb5c9f130b54e72013f307628975 Mon Sep 17 00:00:00 2001 From: Jeroen Op 't Eynde Date: Mon, 12 Aug 2024 15:16:54 +0200 Subject: [PATCH 222/517] Add Grafana Labs to ADOPTERS.md (#3787) Signed-off-by: Jeroen Op 't Eynde --- ADOPTERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/ADOPTERS.md b/ADOPTERS.md index 3d43bbbb72a..c2d3db78ef0 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -11,6 +11,7 @@ - [Fivetran](https://www.fivetran.com) - [Form3](https://www.form3.tech/) - [GoTo](https://www.goto.com/) +- [Grafana Labs](https://grafana.com/) - [Heureka Group](https://heureka.group) - [K8S Website Infra](https://k8s.io/) - [Mercedes-Benz Tech Innovation](https://www.mercedes-benz-techinnovation.com/) From ad0143d315d6526ac849342d1cc82e486c2c3d6f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Aug 2024 10:56:28 +0200 Subject: [PATCH 223/517] chore(deps): bump golang from 1.22.5 to 1.22.6 (#3778) Bumps golang from 1.22.5 to 1.22.6. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.standalone | 2 +- tilt.debug.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 7209d042a8f..b140a9f0c21 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.22.5-alpine@sha256:0d3653dd6f35159ec6e3d10263a42372f6f194c3dea0b35235d72aabde86486e AS builder +FROM golang:1.22.6-alpine@sha256:1a478681b671001b7f029f94b5016aed984a23ad99c707f6a0ab6563860ae2f3 AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 42046d0f3ca..292b8a6bbee 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.5@sha256:86a3c48a61915a8c62c0e1d7594730399caa3feb73655dfe96c7bc17710e96cf +FROM golang:1.22.6@sha256:2bd56f00ff47baf33e64eae7996b65846c7cb5e0a46e0a882ef179fd89654afa WORKDIR / COPY ./bin/external-secrets /external-secrets From c62e116a5904ee8b3e161743d097a82508cb3ef8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Aug 2024 10:56:39 +0200 Subject: [PATCH 224/517] chore(deps): bump pyyaml from 6.0.1 to 6.0.2 in /hack/api-docs (#3779) Bumps [pyyaml](https://github.com/yaml/pyyaml) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/yaml/pyyaml/releases) - [Changelog](https://github.com/yaml/pyyaml/blob/main/CHANGES) - [Commits](https://github.com/yaml/pyyaml/compare/6.0.1...6.0.2) --- updated-dependencies: - dependency-name: pyyaml dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index bf6fa63404f..e30db89177e 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -29,7 +29,7 @@ platformdirs==4.2.2 Pygments==2.18.0 pymdown-extensions==10.9 python-dateutil==2.9.0.post0 -PyYAML==6.0.1 +PyYAML==6.0.2 pyyaml_env_tag==0.1 regex==2024.7.24 requests==2.32.3 From d43c78fe7cd5f02931b339e295ba1a5341099e8d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Aug 2024 10:58:15 +0200 Subject: [PATCH 225/517] chore(deps): bump zipp from 3.19.2 to 3.20.0 in /hack/api-docs (#3780) Bumps [zipp](https://github.com/jaraco/zipp) from 3.19.2 to 3.20.0. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.19.2...v3.20.0) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index e30db89177e..7ae2f483227 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -39,4 +39,4 @@ tornado==6.4.1 urllib3==2.2.2 verspec==0.1.0 watchdog==4.0.1 -zipp==3.19.2 +zipp==3.20.0 From 26151b58f526865e426a630b87c375c9db63985e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Aug 2024 10:58:33 +0200 Subject: [PATCH 226/517] chore(deps): bump babel from 2.15.0 to 2.16.0 in /hack/api-docs (#3781) Bumps [babel](https://github.com/python-babel/babel) from 2.15.0 to 2.16.0. - [Release notes](https://github.com/python-babel/babel/releases) - [Changelog](https://github.com/python-babel/babel/blob/master/CHANGES.rst) - [Commits](https://github.com/python-babel/babel/compare/v2.15.0...v2.16.0) --- updated-dependencies: - dependency-name: babel dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 7ae2f483227..982b44a8428 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -1,4 +1,4 @@ -Babel==2.15.0 +Babel==2.16.0 certifi==2024.7.4 charset-normalizer==3.3.2 click==8.1.7 From a5adfb07646a06c2d1babed0e03d89230b7b4122 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Aug 2024 10:59:06 +0200 Subject: [PATCH 227/517] chore(deps): bump golang from 1.22.5-bookworm to 1.22.6-bookworm in /e2e (#3783) Bumps golang from 1.22.5-bookworm to 1.22.6-bookworm. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index c9c1b447489..fc8aa2354ea 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.5-bookworm@sha256:af9b40f2b1851be993763b85288f8434af87b5678af04355b1e33ff530b5765f as builder +FROM golang:1.22.6-bookworm@sha256:39b7e6ebaca464d51989858871f792f2e186dce8ce0cbdba7e88e4444b244407 as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From c4c1cefdeb2a03895a0abbacbb5c82bcae73d239 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Aug 2024 11:00:17 +0200 Subject: [PATCH 228/517] chore(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#3784) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/afb54ba388a7dca6ecae48f608c4ff05ff4cc77a...eb055d739abdc2e8de2e5f4ba1a8b246daa779aa) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index b77e1d55d25..f5aa15ece1c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@afb54ba388a7dca6ecae48f608c4ff05ff4cc77a # v3.25.15 + uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 with: sarif_file: results.sarif From e2cd91a2d2315812ff67f7c50e36fb68f1f77637 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Aug 2024 11:00:31 +0200 Subject: [PATCH 229/517] chore(deps): bump fossas/fossa-action from 1.3.3 to 1.4.0 (#3785) Bumps [fossas/fossa-action](https://github.com/fossas/fossa-action) from 1.3.3 to 1.4.0. - [Release notes](https://github.com/fossas/fossa-action/releases) - [Commits](https://github.com/fossas/fossa-action/compare/47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0...09bcf127dc0ccb4b5a023f6f906728878e8610ba) --- updated-dependencies: - dependency-name: fossas/fossa-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/dlc.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/dlc.yml b/.github/workflows/dlc.yml index 4867f1e7fc1..ac7dae071f4 100644 --- a/.github/workflows/dlc.yml +++ b/.github/workflows/dlc.yml @@ -17,12 +17,12 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: "Run FOSSA Scan" - uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # main + uses: fossas/fossa-action@09bcf127dc0ccb4b5a023f6f906728878e8610ba # main with: api-key: ${{secrets.FOSSA_API_KEY}} - name: "Run FOSSA Test" - uses: fossas/fossa-action@47ef11b1e1e3812e88dae436ccbd2d0cbd1adab0 # main + uses: fossas/fossa-action@09bcf127dc0ccb4b5a023f6f906728878e8610ba # main with: api-key: ${{secrets.FOSSA_API_KEY}} run-tests: true From 22b877df2a1398d41dedf95dcf071b979d0466df Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 13 Aug 2024 11:29:54 +0200 Subject: [PATCH 230/517] chore(deps): bump watchdog from 4.0.1 to 4.0.2 in /hack/api-docs (#3782) Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 4.0.1 to 4.0.2. - [Release notes](https://github.com/gorakhargosh/watchdog/releases) - [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst) - [Commits](https://github.com/gorakhargosh/watchdog/compare/v4.0.1...v4.0.2) --- updated-dependencies: - dependency-name: watchdog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 982b44a8428..26feb0186a1 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -38,5 +38,5 @@ termcolor==2.4.0 tornado==6.4.1 urllib3==2.2.2 verspec==0.1.0 -watchdog==4.0.1 +watchdog==4.0.2 zipp==3.20.0 From d8c232afba6220632e61716d5d693952b60696fe Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Tue, 13 Aug 2024 17:33:12 +0200 Subject: [PATCH 231/517] update dependencies (#3786) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator --- e2e/go.mod | 42 +++++++++++----------- e2e/go.sum | 84 ++++++++++++++++++++++---------------------- go.mod | 50 +++++++++++++-------------- go.sum | 100 ++++++++++++++++++++++++++--------------------------- 4 files changed, 138 insertions(+), 138 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index e3736d102c1..a37b8eebaf5 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -39,7 +39,7 @@ replace ( ) require ( - cloud.google.com/go/secretmanager v1.13.5 + cloud.google.com/go/secretmanager v1.13.6 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 @@ -56,13 +56,13 @@ require ( github.com/fluxcd/source-controller/api v1.2.3 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/hashicorp/vault/api v1.14.0 - github.com/onsi/ginkgo/v2 v2.19.1 - github.com/onsi/gomega v1.34.0 - github.com/oracle/oci-go-sdk/v65 v65.70.0 + github.com/onsi/ginkgo/v2 v2.20.0 + github.com/onsi/gomega v1.34.1 + github.com/oracle/oci-go-sdk/v65 v65.71.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 github.com/xanzy/go-gitlab v0.107.0 golang.org/x/oauth2 v0.22.0 - google.golang.org/api v0.190.0 + google.golang.org/api v0.191.0 k8s.io/api v0.30.3 k8s.io/apiextensions-apiserver v0.30.3 k8s.io/apimachinery v0.30.3 @@ -74,12 +74,12 @@ require ( ) require ( - cloud.google.com/go/auth v0.7.3 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect + cloud.google.com/go/auth v0.8.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect - cloud.google.com/go/iam v1.1.12 // indirect + cloud.google.com/go/iam v1.1.13 // indirect dario.cat/mergo v1.0.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect @@ -176,7 +176,7 @@ require ( github.com/shopspring/decimal v1.4.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/sony/gobreaker v1.0.0 // indirect - github.com/spf13/cast v1.6.0 // indirect + github.com/spf13/cast v1.7.0 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/tidwall/gjson v1.17.3 // indirect github.com/tidwall/match v1.1.1 // indirect @@ -189,19 +189,19 @@ require ( go.opentelemetry.io/otel v1.28.0 // indirect go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/otel/trace v1.28.0 // indirect - golang.org/x/crypto v0.25.0 // indirect - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 // indirect - golang.org/x/net v0.27.0 // indirect + golang.org/x/crypto v0.26.0 // indirect + golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect + golang.org/x/net v0.28.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.23.0 // indirect - golang.org/x/term v0.22.0 // indirect - golang.org/x/text v0.16.0 // indirect + golang.org/x/sys v0.24.0 // indirect + golang.org/x/term v0.23.0 // indirect + golang.org/x/text v0.17.0 // indirect golang.org/x/time v0.6.0 // indirect - golang.org/x/tools v0.23.0 // indirect + golang.org/x/tools v0.24.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect + google.golang.org/genproto v0.0.0-20240808171019-573a1156607a // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a // indirect google.golang.org/grpc v1.65.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -210,7 +210,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240730131305-7a9a4e85957e // indirect + k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index bcfe4365878..e33e211cbed 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,10 +20,10 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.7.3 h1:98Vr+5jMaCZ5NZk6e/uBgf60phTk/XN84r8QEWB9yjY= -cloud.google.com/go/auth v0.7.3/go.mod h1:HJtWUx1P5eqjy/f6Iq5KeytNpbAcGolPhOgyop2LlzA= -cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= -cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= +cloud.google.com/go/auth v0.8.0 h1:y8jUJLl/Fg+qNBWxP/Hox2ezJvjkrPb952PC1p0G6A4= +cloud.google.com/go/auth v0.8.0/go.mod h1:qGVp/Y3kDRSDZ5gFD/XPUfYQ9xW1iI7q8RIRoCyBbJc= +cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= +cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -35,14 +35,14 @@ cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJ cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.12 h1:JixGLimRrNGcxvJEQ8+clfLxPlbeZA6MuRJ+qJNQ5Xw= -cloud.google.com/go/iam v1.1.12/go.mod h1:9LDX8J7dN5YRyzVHxwQzrQs9opFFqn0Mxs9nAeB+Hhg= +cloud.google.com/go/iam v1.1.13 h1:7zWBXG9ERbMLrzQBRhFliAV+kjcRToDTgQT3CTwYyv4= +cloud.google.com/go/iam v1.1.13/go.mod h1:K8mY0uSXwEXS30KrnVb+j54LB/ntfZu1dr+4zFMNbus= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.5 h1:tXlHvpm97mFD0Lv50N4U4zlXfkoTNay3BmpNA/W7/oI= -cloud.google.com/go/secretmanager v1.13.5/go.mod h1:/OeZ88l5Z6nBVilV0SXgv6XJ243KP2aIhSWRMrbvDCQ= +cloud.google.com/go/secretmanager v1.13.6 h1:0ZEl/LuoB4xQsjVfQt3Gi/dZfOv36n4JmdPrMargzYs= +cloud.google.com/go/secretmanager v1.13.6/go.mod h1:x2ySyOrqv3WGFRFn2Xk10iHmNmvmcEVSSqc30eb1bhw= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -55,8 +55,8 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= @@ -406,14 +406,14 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0= -github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA= -github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os= -github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo= +github.com/onsi/ginkgo/v2 v2.20.0 h1:PE84V2mHqoT1sglvHc8ZdQtPcwmvvt29WLEEO3xmdZw= +github.com/onsi/ginkgo/v2 v2.20.0/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.70.0 h1:gLa0IX/SidTm60VbHabnImrW3hyymmNLQJy6gZGrgDA= -github.com/oracle/oci-go-sdk/v65 v65.70.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.71.0 h1:eEnFD/CzcoqdAA0xu+EmK32kJL3jfV0oLYNWVzoKNyo= +github.com/oracle/oci-go-sdk/v65 v65.71.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -448,8 +448,8 @@ github.com/sony/gobreaker v0.5.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJ github.com/sony/gobreaker v1.0.0 h1:feX5fGGXSl3dYd4aHZItw+FpHLvvoaqkawKjVNiFMNQ= github.com/sony/gobreaker v1.0.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= -github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= +github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -536,8 +536,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -548,8 +548,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa h1:ELnwvuAXPNtPk1TJRuGkI9fDTwym6AYBu0qzT8AcHdI= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -618,8 +618,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= -golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -699,8 +699,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= -golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -709,8 +709,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= -golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -725,8 +725,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -782,8 +782,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= +golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -812,8 +812,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.190.0 h1:ASM+IhLY1zljNdLu19W1jTmU6A+gMk6M46Wlur61s+Q= -google.golang.org/api v0.190.0/go.mod h1:QIr6I9iedBLnfqoD6L6Vze1UvS5Hzj5r2aUBOaZnLHo= +google.golang.org/api v0.191.0 h1:cJcF09Z+4HAB2t5qTQM1ZtfL/PemsLFkcFG67qq2afk= +google.golang.org/api v0.191.0/go.mod h1:tD5dsFGxFza0hnQveGfVk9QQYKcfp+VzgRqyXFxE0+E= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -861,12 +861,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf h1:OqdXDEakZCVtDiZTjcxfwbHPCT11ycCEsTKesBVKvyY= -google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:mCr1K1c8kX+1iSBREvU3Juo11CB+QOEWxbRS01wWl5M= -google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf h1:GillM0Ef0pkZPIB+5iO6SDK+4T9pf6TpaYR6ICD5rVE= -google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:OFMYQFHJ4TM3JRlWDZhJbZfra2uqc3WLBZiaaqP4DtU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240808171019-573a1156607a h1:3JVv3Ujh+kGiajpSqHWnbWPuu0nQqMZ3hASNDDF9974= +google.golang.org/genproto v0.0.0-20240808171019-573a1156607a/go.mod h1:7uvplUBj4RjHAxIZ//98LzOvrQ04JBkaixRmCMI29hc= +google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a h1:KyUe15n7B1YCu+kMmPtlXxgkLQbp+Dw0tCRZf9Sd+CE= +google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a/go.mod h1:4+X6GvPs+25wZKbQq9qyAXrwIRExv7w0Ea6MgZLZiDM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a h1:EKiZZXueP9/T68B8Nl0GAx9cjbQnCId0yP3qPMgaaHs= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -941,8 +941,8 @@ k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240730131305-7a9a4e85957e h1:OnKkExfhk4yxMqvBSPzUfhv3zQ96FWJ+UOZzLrAFyAo= -k8s.io/kube-openapi v0.0.0-20240730131305-7a9a4e85957e/go.mod h1:0CVn9SVo8PeW5/JgsBZZIFmmTk5noOM8WXf2e1tCihE= +k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 h1:1Wof1cGQgA5pqgo8MxKPtf+qN6Sh/0JzznmeGPm1HnE= +k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8/go.mod h1:Os6V6dZwLNii3vxFpxcNaTmH8LJJBkOTg1N0tOA0fvA= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/go.mod b/go.mod index aca569a5d5c..884b14ff606 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,8 @@ go 1.22.4 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 require ( - cloud.google.com/go/iam v1.1.12 - cloud.google.com/go/secretmanager v1.13.5 + cloud.google.com/go/iam v1.1.13 + cloud.google.com/go/secretmanager v1.13.6 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 @@ -30,23 +30,23 @@ require ( github.com/hashicorp/vault/api/auth/kubernetes v0.7.0 github.com/hashicorp/vault/api/auth/ldap v0.7.0 github.com/huandu/xstrings v1.5.0 // indirect - github.com/onsi/ginkgo/v2 v2.19.1 - github.com/onsi/gomega v1.34.0 - github.com/oracle/oci-go-sdk/v65 v65.70.0 + github.com/onsi/ginkgo/v2 v2.20.0 + github.com/onsi/gomega v1.34.1 + github.com/oracle/oci-go-sdk/v65 v65.71.0 github.com/prometheus/client_golang v1.19.1 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.3 github.com/xanzy/go-gitlab v0.107.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240729164347-c5b523b251a7 - github.com/yandex-cloud/go-sdk v0.0.0-20240729164733-eb9da8ab7eda + github.com/yandex-cloud/go-genproto v0.0.0-20240805150959-00c80a383bd3 + github.com/yandex-cloud/go-sdk v0.0.0-20240805151354-29f07dbe484e github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.25.0 + golang.org/x/crypto v0.26.0 golang.org/x/oauth2 v0.22.0 - google.golang.org/api v0.190.0 - google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf + google.golang.org/api v0.191.0 + google.golang.org/genproto v0.0.0-20240808171019-573a1156607a google.golang.org/grpc v1.65.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -63,14 +63,14 @@ require github.com/1Password/connect-sdk-go v1.5.3 require ( dario.cat/mergo v1.0.0 - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 github.com/BeyondTrust/go-client-library-passwordsafe v0.6.0 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d github.com/akeylesslabs/akeyless-go/v3 v3.6.3 - github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8 + github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9 github.com/alibabacloud-go/kms-20160120/v3 v3.2.1 github.com/alibabacloud-go/openapi-util v0.1.1 github.com/alibabacloud-go/tea v1.2.2 @@ -94,14 +94,14 @@ require ( github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - k8s.io/kube-openapi v0.0.0-20240730131305-7a9a4e85957e + k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/auth v0.7.3 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.3 // indirect + cloud.google.com/go/auth v0.8.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect @@ -145,8 +145,8 @@ require ( go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/otel/trace v1.28.0 // indirect golang.org/x/sync v0.8.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) @@ -235,23 +235,23 @@ require ( github.com/ryanuber/go-glob v1.0.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect github.com/sony/gobreaker v1.0.0 // indirect - github.com/spf13/cast v1.6.0 // indirect + github.com/spf13/cast v1.7.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect github.com/uber/jaeger-lib v2.4.1+incompatible // indirect - go.mongodb.org/mongo-driver v1.16.0 // indirect + go.mongodb.org/mongo-driver v1.16.1 // indirect go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 + golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa golang.org/x/mod v0.20.0 // indirect - golang.org/x/net v0.27.0 // indirect - golang.org/x/sys v0.23.0 // indirect - golang.org/x/term v0.22.0 // indirect - golang.org/x/text v0.16.0 // indirect + golang.org/x/net v0.28.0 // indirect + golang.org/x/sys v0.24.0 // indirect + golang.org/x/term v0.23.0 // indirect + golang.org/x/text v0.17.0 // indirect golang.org/x/time v0.6.0 // indirect - golang.org/x/tools v0.23.0 // indirect + golang.org/x/tools v0.24.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index afc21ff07a0..5c4ebb437e6 100644 --- a/go.sum +++ b/go.sum @@ -20,10 +20,10 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.7.3 h1:98Vr+5jMaCZ5NZk6e/uBgf60phTk/XN84r8QEWB9yjY= -cloud.google.com/go/auth v0.7.3/go.mod h1:HJtWUx1P5eqjy/f6Iq5KeytNpbAcGolPhOgyop2LlzA= -cloud.google.com/go/auth/oauth2adapt v0.2.3 h1:MlxF+Pd3OmSudg/b1yZ5lJwoXCEaeedAguodky1PcKI= -cloud.google.com/go/auth/oauth2adapt v0.2.3/go.mod h1:tMQXOfZzFuNuUxOypHlQEXgdfX5cuhwU+ffUuXRJE8I= +cloud.google.com/go/auth v0.8.0 h1:y8jUJLl/Fg+qNBWxP/Hox2ezJvjkrPb952PC1p0G6A4= +cloud.google.com/go/auth v0.8.0/go.mod h1:qGVp/Y3kDRSDZ5gFD/XPUfYQ9xW1iI7q8RIRoCyBbJc= +cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= +cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -35,14 +35,14 @@ cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJ cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.12 h1:JixGLimRrNGcxvJEQ8+clfLxPlbeZA6MuRJ+qJNQ5Xw= -cloud.google.com/go/iam v1.1.12/go.mod h1:9LDX8J7dN5YRyzVHxwQzrQs9opFFqn0Mxs9nAeB+Hhg= +cloud.google.com/go/iam v1.1.13 h1:7zWBXG9ERbMLrzQBRhFliAV+kjcRToDTgQT3CTwYyv4= +cloud.google.com/go/iam v1.1.13/go.mod h1:K8mY0uSXwEXS30KrnVb+j54LB/ntfZu1dr+4zFMNbus= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.5 h1:tXlHvpm97mFD0Lv50N4U4zlXfkoTNay3BmpNA/W7/oI= -cloud.google.com/go/secretmanager v1.13.5/go.mod h1:/OeZ88l5Z6nBVilV0SXgv6XJ243KP2aIhSWRMrbvDCQ= +cloud.google.com/go/secretmanager v1.13.6 h1:0ZEl/LuoB4xQsjVfQt3Gi/dZfOv36n4JmdPrMargzYs= +cloud.google.com/go/secretmanager v1.13.6/go.mod h1:x2ySyOrqv3WGFRFn2Xk10iHmNmvmcEVSSqc30eb1bhw= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -57,8 +57,8 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0 h1:GJHeeA2N7xrG3q30L2UXDyuWRzDM900/65j70wcM4Ww= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.13.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= @@ -150,8 +150,8 @@ github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc= github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= -github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8 h1:benoD0QHDrylMzEQVpX/6uKtrN8LohT66ZlKXVJh7pM= -github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.8/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9 h1:fxMCrZatZfXq5nLcgkmWBXmU3FLC1OR+m/SqVtMqflk= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9/go.mod h1:bb+Io8Sn2RuM3/Rpme6ll86jMyFSrD1bxeV/+v61KeU= github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg= github.com/alibabacloud-go/darabonba-signature-util v0.0.7/go.mod h1:oUzCYV2fcCH797xKdL6BDH8ADIHlzrtKVjeRtunBNTQ= github.com/alibabacloud-go/darabonba-string v1.0.2 h1:E714wms5ibdzCqGeYJ9JCFywE5nDyvIXIIQbZVFkkqo= @@ -562,14 +562,14 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.19.1 h1:QXgq3Z8Crl5EL1WBAC98A5sEBHARrAJNzAmMxzLcRF0= -github.com/onsi/ginkgo/v2 v2.19.1/go.mod h1:O3DtEWQkPa/F7fBMgmZQKKsluAy8pd3rEQdrjkPb9zA= -github.com/onsi/gomega v1.34.0 h1:eSSPsPNp6ZpsG8X1OVmOTxig+CblTc4AxpPBykhe2Os= -github.com/onsi/gomega v1.34.0/go.mod h1:MIKI8c+f+QLWk+hxbePD4i0LMJSExPaZOVfkoex4cAo= +github.com/onsi/ginkgo/v2 v2.20.0 h1:PE84V2mHqoT1sglvHc8ZdQtPcwmvvt29WLEEO3xmdZw= +github.com/onsi/ginkgo/v2 v2.20.0/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= +github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= +github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.70.0 h1:gLa0IX/SidTm60VbHabnImrW3hyymmNLQJy6gZGrgDA= -github.com/oracle/oci-go-sdk/v65 v65.70.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.71.0 h1:eEnFD/CzcoqdAA0xu+EmK32kJL3jfV0oLYNWVzoKNyo= +github.com/oracle/oci-go-sdk/v65 v65.71.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -626,8 +626,8 @@ github.com/sony/gobreaker v1.0.0 h1:feX5fGGXSl3dYd4aHZItw+FpHLvvoaqkawKjVNiFMNQ= github.com/sony/gobreaker v1.0.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.6.0 h1:GEiTHELF+vaR5dhz3VqZfFSzZjYbgeKDpBxQVS4GYJ0= -github.com/spf13/cast v1.6.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= +github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -671,10 +671,10 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20240729164347-c5b523b251a7 h1:KiwgZY3H+1+i6sUMCPRtptr7QAAvlXG/q8gL9D/9wmg= -github.com/yandex-cloud/go-genproto v0.0.0-20240729164347-c5b523b251a7/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240729164733-eb9da8ab7eda h1:lIwcS6p8UVYbqb9gN1L2oCw8KHAa1ZU1524LormjY3s= -github.com/yandex-cloud/go-sdk v0.0.0-20240729164733-eb9da8ab7eda/go.mod h1:t0kDgvr7a33/CeWw7wDb36PRV+H2VFkpZb01AItuikA= +github.com/yandex-cloud/go-genproto v0.0.0-20240805150959-00c80a383bd3 h1:5cPFwSkj7HFyFwystyt4UXvAulxdjWAOMXpY3OQH9hk= +github.com/yandex-cloud/go-genproto v0.0.0-20240805150959-00c80a383bd3/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240805151354-29f07dbe484e h1:eprYcOC0KCmaFNfUQNrovFboWq6dLFWYm20M22uUs5Q= +github.com/yandex-cloud/go-sdk v0.0.0-20240805151354-29f07dbe484e/go.mod h1:7OD14iLpLhBeaRZokSeNRvp58RIAEEmc7fj5z9SjzAA= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -685,8 +685,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zalando/go-keyring v0.2.5 h1:Bc2HHpjALryKD62ppdEzaFG6VxL6Bc+5v0LYpN8Lba8= github.com/zalando/go-keyring v0.2.5/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= -go.mongodb.org/mongo-driver v1.16.0 h1:tpRsfBJMROVHKpdGyc1BBEzzjDUWjItxbVSZ8Ls4BQ4= -go.mongodb.org/mongo-driver v1.16.0/go.mod h1:oB6AhJQvFQL4LEHyXi6aJzQJtBiTQHiAd83l0GdFaiw= +go.mongodb.org/mongo-driver v1.16.1 h1:rIVLL3q0IHM39dvE+z2ulZLp9ENZKThVfuvN/IiN4l8= +go.mongodb.org/mongo-driver v1.16.1/go.mod h1:oB6AhJQvFQL4LEHyXi6aJzQJtBiTQHiAd83l0GdFaiw= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -739,8 +739,8 @@ golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= -golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= +golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= +golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -751,8 +751,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56 h1:2dVuKD2vS7b0QIHQbpyTISPd0LeHDbnYEryqj5Q1ug8= -golang.org/x/exp v0.0.0-20240719175910-8a7402abbf56/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa h1:ELnwvuAXPNtPk1TJRuGkI9fDTwym6AYBu0qzT8AcHdI= +golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -830,8 +830,8 @@ golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= -golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= +golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -926,8 +926,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.23.0 h1:YfKFowiIMvtgl1UERQoTPPToxltDeZfbj4H7dVUCwmM= -golang.org/x/sys v0.23.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= +golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -941,8 +941,8 @@ golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= -golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= +golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= +golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -959,8 +959,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= -golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= +golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1019,8 +1019,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= -golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= +golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1049,8 +1049,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.190.0 h1:ASM+IhLY1zljNdLu19W1jTmU6A+gMk6M46Wlur61s+Q= -google.golang.org/api v0.190.0/go.mod h1:QIr6I9iedBLnfqoD6L6Vze1UvS5Hzj5r2aUBOaZnLHo= +google.golang.org/api v0.191.0 h1:cJcF09Z+4HAB2t5qTQM1ZtfL/PemsLFkcFG67qq2afk= +google.golang.org/api v0.191.0/go.mod h1:tD5dsFGxFza0hnQveGfVk9QQYKcfp+VzgRqyXFxE0+E= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1100,12 +1100,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf h1:OqdXDEakZCVtDiZTjcxfwbHPCT11ycCEsTKesBVKvyY= -google.golang.org/genproto v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:mCr1K1c8kX+1iSBREvU3Juo11CB+QOEWxbRS01wWl5M= -google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf h1:GillM0Ef0pkZPIB+5iO6SDK+4T9pf6TpaYR6ICD5rVE= -google.golang.org/genproto/googleapis/api v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:OFMYQFHJ4TM3JRlWDZhJbZfra2uqc3WLBZiaaqP4DtU= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf h1:liao9UHurZLtiEwBgT9LMOnKYsHze6eA6w1KQCMVN2Q= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240730163845-b1a4ccb954bf/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240808171019-573a1156607a h1:3JVv3Ujh+kGiajpSqHWnbWPuu0nQqMZ3hASNDDF9974= +google.golang.org/genproto v0.0.0-20240808171019-573a1156607a/go.mod h1:7uvplUBj4RjHAxIZ//98LzOvrQ04JBkaixRmCMI29hc= +google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a h1:KyUe15n7B1YCu+kMmPtlXxgkLQbp+Dw0tCRZf9Sd+CE= +google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a/go.mod h1:4+X6GvPs+25wZKbQq9qyAXrwIRExv7w0Ea6MgZLZiDM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a h1:EKiZZXueP9/T68B8Nl0GAx9cjbQnCId0yP3qPMgaaHs= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1197,8 +1197,8 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240730131305-7a9a4e85957e h1:OnKkExfhk4yxMqvBSPzUfhv3zQ96FWJ+UOZzLrAFyAo= -k8s.io/kube-openapi v0.0.0-20240730131305-7a9a4e85957e/go.mod h1:0CVn9SVo8PeW5/JgsBZZIFmmTk5noOM8WXf2e1tCihE= +k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 h1:1Wof1cGQgA5pqgo8MxKPtf+qN6Sh/0JzznmeGPm1HnE= +k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8/go.mod h1:Os6V6dZwLNii3vxFpxcNaTmH8LJJBkOTg1N0tOA0fvA= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= From 098d03792d21fbbe6a9538b9c56e20b1ecea14fc Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Thu, 15 Aug 2024 16:31:01 -0300 Subject: [PATCH 232/517] chore: update security best practice (#3794) Signed-off-by: Gustavo Carvalho --- docs/guides/security-best-practices.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/docs/guides/security-best-practices.md b/docs/guides/security-best-practices.md index 1637474873d..d199db859b5 100644 --- a/docs/guides/security-best-practices.md +++ b/docs/guides/security-best-practices.md @@ -63,6 +63,14 @@ scopedRBAC: true scopedNamespace: my-namespace ``` +### 5. Restrict Webhook TLS Ciphers + +Consider installing ESO restricting webhook ciphers. Use the following Helm values to scope webhook for specific TLS ciphers: +```yaml +webhook: + extraArgs: + tls-ciphers: "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256" +``` ## Pod Security The Pods of the External Secrets Operator have been configured to meet the [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/), specifically the restricted profile. This configuration ensures a strong security posture by implementing recommended best practices for hardening Pods, including those outlined in the [NSA Kubernetes Hardening Guide](https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF). From 82d419e2ee773504f5933580107f80d87b997f70 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Fri, 16 Aug 2024 12:32:35 +0200 Subject: [PATCH 233/517] feat: add CAProvider to Bitwarden provider (#3699) * feat: add CAProvider to bitwarden This change introduces a refactor as well since CAProvider was used by multiple providers with diverging implementations. The following providers were affected: - webhook - akeyless - vault - conjur - kubernetes Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * refactored the Kubernetes provider to use create ca Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * refactor webhook, vault and kubernetes provider Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * rename CreateCACert to FetchCACertFromSource Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * addressed comments and autodecoding base64 data Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * check if the decoded value is a valid certificate Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .../v1beta1/secretsstore_bitwarden_types.go | 7 +- .../v1beta1/zz_generated.deepcopy.go | 5 + ...ternal-secrets.io_clustersecretstores.yaml | 28 +++- .../external-secrets.io_secretstores.yaml | 28 +++- deploy/crds/bundle.yaml | 50 ++++++- docs/api/spec.md | 16 +++ pkg/common/webhook/models.go | 28 +--- pkg/common/webhook/webhook.go | 46 +++---- pkg/generator/webhook/webhook.go | 2 +- pkg/provider/akeyless/akeyless.go | 113 +++------------- pkg/provider/akeyless/utils.go | 10 -- pkg/provider/bitwarden/bitwarden_sdk.go | 16 ++- pkg/provider/bitwarden/client.go | 14 -- pkg/provider/bitwarden/provider.go | 54 ++++++-- pkg/provider/conjur/client.go | 92 ++----------- pkg/provider/conjur/provider_test.go | 17 ++- pkg/provider/kubernetes/auth.go | 78 ++--------- pkg/provider/kubernetes/auth_test.go | 26 ++-- pkg/provider/vault/auth_approle.go | 2 +- pkg/provider/vault/client.go | 91 ++----------- pkg/provider/vault/provider.go | 12 +- pkg/provider/vault/provider_test.go | 8 +- pkg/provider/webhook/webhook.go | 8 +- pkg/utils/utils.go | 128 +++++++++++++++++- 24 files changed, 418 insertions(+), 461 deletions(-) diff --git a/apis/externalsecrets/v1beta1/secretsstore_bitwarden_types.go b/apis/externalsecrets/v1beta1/secretsstore_bitwarden_types.go index aec55cf62c8..5bc06c3e6dc 100644 --- a/apis/externalsecrets/v1beta1/secretsstore_bitwarden_types.go +++ b/apis/externalsecrets/v1beta1/secretsstore_bitwarden_types.go @@ -23,8 +23,11 @@ type BitwardenSecretsManagerProvider struct { BitwardenServerSDKURL string `json:"bitwardenServerSDKURL,omitempty"` // Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack // can be performed. - // +required - CABundle string `json:"caBundle"` + // +optional + CABundle string `json:"caBundle,omitempty"` + // see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider + // +optional + CAProvider *CAProvider `json:"caProvider,omitempty"` // OrganizationID determines which organization this secret store manages. OrganizationID string `json:"organizationID"` // ProjectID determines which project this secret store manages. diff --git a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go index 97f336f12d0..9ae94b7a163 100644 --- a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go @@ -505,6 +505,11 @@ func (in *BitwardenSecretsManagerAuth) DeepCopy() *BitwardenSecretsManagerAuth { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BitwardenSecretsManagerProvider) DeepCopyInto(out *BitwardenSecretsManagerProvider) { *out = *in + if in.CAProvider != nil { + in, out := &in.CAProvider, &out.CAProvider + *out = new(CAProvider) + (*in).DeepCopyInto(*out) + } in.Auth.DeepCopyInto(&out.Auth) } diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 0649370bbd1..8e0927f3d89 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2493,6 +2493,33 @@ spec: Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack can be performed. type: string + caProvider: + description: 'see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider' + properties: + key: + description: The key where the CA certificate can be found + in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the provider + type. + type: string + namespace: + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", + or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object identityURL: type: string organizationID: @@ -2505,7 +2532,6 @@ spec: type: string required: - auth - - caBundle - organizationID - projectID type: object diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index 5579746d45a..a4fa6194a95 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2493,6 +2493,33 @@ spec: Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack can be performed. type: string + caProvider: + description: 'see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider' + properties: + key: + description: The key where the CA certificate can be found + in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the provider + type. + type: string + namespace: + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", + or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object identityURL: type: string organizationID: @@ -2505,7 +2532,6 @@ spec: type: string required: - auth - - caBundle - organizationID - projectID type: object diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index d12f62d53ed..e7b72080e0f 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -2978,6 +2978,30 @@ spec: Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack can be performed. type: string + caProvider: + description: 'see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider' + properties: + key: + description: The key where the CA certificate can be found in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the provider type. + type: string + namespace: + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object identityURL: type: string organizationID: @@ -2988,7 +3012,6 @@ spec: type: string required: - auth - - caBundle - organizationID - projectID type: object @@ -8740,6 +8763,30 @@ spec: Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack can be performed. type: string + caProvider: + description: 'see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider' + properties: + key: + description: The key where the CA certificate can be found in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the provider type. + type: string + namespace: + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object identityURL: type: string organizationID: @@ -8750,7 +8797,6 @@ spec: type: string required: - auth - - caBundle - organizationID - projectID type: object diff --git a/docs/api/spec.md b/docs/api/spec.md index 9eda91245fc..cabce94d4d2 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -1328,12 +1328,27 @@ string +(Optional)

Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack can be performed.

+caProvider
+ + +CAProvider + + + + +(Optional) +

see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider

+ + + + organizationID
string @@ -1407,6 +1422,7 @@ External Secrets meta/v1.SecretKeySelector

(Appears on: AkeylessProvider, +BitwardenSecretsManagerProvider, ConjurProvider, KubernetesServer, VaultProvider) diff --git a/pkg/common/webhook/models.go b/pkg/common/webhook/models.go index 1101f8aa11e..3151cbec63f 100644 --- a/pkg/common/webhook/models.go +++ b/pkg/common/webhook/models.go @@ -16,6 +16,8 @@ package webhook import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" ) type Spec struct { @@ -55,31 +57,7 @@ type Spec struct { // The provider for the CA bundle to use to validate webhook server certificate. // +optional - CAProvider *CAProvider `json:"caProvider,omitempty"` -} -type CAProviderType string - -const ( - CAProviderTypeSecret CAProviderType = "Secret" - CAProviderTypeConfigMap CAProviderType = "ConfigMap" -) - -// Defines a location to fetch the cert for the webhook provider from. -type CAProvider struct { - // The type of provider to use such as "Secret", or "ConfigMap". - // +kubebuilder:validation:Enum="Secret";"ConfigMap" - Type CAProviderType `json:"type"` - - // The name of the object located at the provider type. - Name string `json:"name"` - - // The key the value inside of the provider type to use, only used with "Secret" type - // +kubebuilder:validation:Optional - Key string `json:"key,omitempty"` - - // The namespace the Provider type is in. - // +optional - Namespace *string `json:"namespace,omitempty"` + CAProvider *esv1beta1.CAProvider `json:"caProvider,omitempty"` } type Result struct { diff --git a/pkg/common/webhook/webhook.go b/pkg/common/webhook/webhook.go index 8995b23661e..bca483ee0df 100644 --- a/pkg/common/webhook/webhook.go +++ b/pkg/common/webhook/webhook.go @@ -207,7 +207,7 @@ func (w *Webhook) GetWebhookData(ctx context.Context, provider *Spec, ref *esv1b return io.ReadAll(resp.Body) } -func (w *Webhook) GetHTTPClient(provider *Spec) (*http.Client, error) { +func (w *Webhook) GetHTTPClient(ctx context.Context, provider *Spec) (*http.Client, error) { client := &http.Client{} if provider.Timeout != nil { client.Timeout = provider.Timeout.Duration @@ -216,7 +216,7 @@ func (w *Webhook) GetHTTPClient(provider *Spec) (*http.Client, error) { // No need to process ca stuff if it is not there return client, nil } - caCertPool, err := w.GetCACertPool(provider) + caCertPool, err := w.GetCACertPool(ctx, provider) if err != nil { return nil, err } @@ -230,37 +230,23 @@ func (w *Webhook) GetHTTPClient(provider *Spec) (*http.Client, error) { return client, nil } -func (w *Webhook) GetCACertPool(provider *Spec) (*x509.CertPool, error) { +func (w *Webhook) GetCACertPool(ctx context.Context, provider *Spec) (*x509.CertPool, error) { caCertPool := x509.NewCertPool() - if len(provider.CABundle) > 0 { - ok := caCertPool.AppendCertsFromPEM(provider.CABundle) - if !ok { - return nil, fmt.Errorf("failed to append cabundle") - } + ca, err := utils.FetchCACertFromSource(ctx, utils.CreateCertOpts{ + CABundle: provider.CABundle, + CAProvider: provider.CAProvider, + StoreKind: w.StoreKind, + Namespace: w.Namespace, + Client: w.Kube, + }) + if err != nil { + return nil, err } - - if provider.CAProvider != nil { - var cert []byte - var err error - - switch provider.CAProvider.Type { - case CAProviderTypeSecret: - cert, err = w.GetCertFromSecret(provider) - case CAProviderTypeConfigMap: - cert, err = w.GetCertFromConfigMap(provider) - default: - err = fmt.Errorf("unknown caprovider type: %s", provider.CAProvider.Type) - } - - if err != nil { - return nil, err - } - - ok := caCertPool.AppendCertsFromPEM(cert) - if !ok { - return nil, fmt.Errorf("failed to append cabundle") - } + ok := caCertPool.AppendCertsFromPEM(ca) + if !ok { + return nil, fmt.Errorf("failed to append cabundle") } + return caCertPool, nil } diff --git a/pkg/generator/webhook/webhook.go b/pkg/generator/webhook/webhook.go index 78fb1d7c360..7f2f5f62cbb 100644 --- a/pkg/generator/webhook/webhook.go +++ b/pkg/generator/webhook/webhook.go @@ -42,7 +42,7 @@ func (w *Webhook) Generate(ctx context.Context, jsonSpec *apiextensions.JSON, kc w.wh.Namespace = ns w.url = provider.URL w.wh.Kube = kclient - w.wh.HTTP, err = w.wh.GetHTTPClient(provider) + w.wh.HTTP, err = w.wh.GetHTTPClient(ctx, provider) if err != nil { return nil, fmt.Errorf("failed to prepare provider http client: %w", err) } diff --git a/pkg/provider/akeyless/akeyless.go b/pkg/provider/akeyless/akeyless.go index f324b12ad8e..e9af372d410 100644 --- a/pkg/provider/akeyless/akeyless.go +++ b/pkg/provider/akeyless/akeyless.go @@ -37,10 +37,8 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" - esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" "github.com/external-secrets/external-secrets/pkg/find" "github.com/external-secrets/external-secrets/pkg/utils" - "github.com/external-secrets/external-secrets/pkg/utils/resolvers" ) const ( @@ -180,7 +178,7 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin return nil, nil } -func newClient(_ context.Context, store esv1beta1.GenericStore, kube client.Client, corev1 typedcorev1.CoreV1Interface, namespace string) (esv1beta1.SecretsClient, error) { +func newClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Client, corev1 typedcorev1.CoreV1Interface, namespace string) (esv1beta1.SecretsClient, error) { akl := &akeylessBase{ kube: kube, store: store, @@ -202,7 +200,7 @@ func newClient(_ context.Context, store esv1beta1.GenericStore, kube client.Clie return nil, fmt.Errorf("missing Auth in store config") } - client, err := akl.getAkeylessHTTPClient(spec) + client, err := akl.getAkeylessHTTPClient(ctx, spec) if err != nil { return nil, err } @@ -406,16 +404,29 @@ func (a *Akeyless) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecre return secretData, nil } -func (a *akeylessBase) getAkeylessHTTPClient(provider *esv1beta1.AkeylessProvider) (*http.Client, error) { +func (a *akeylessBase) getAkeylessHTTPClient(ctx context.Context, provider *esv1beta1.AkeylessProvider) (*http.Client, error) { client := &http.Client{Timeout: 30 * time.Second} if len(provider.CABundle) == 0 && provider.CAProvider == nil { return client, nil } - caCertPool, err := a.getCACertPool(provider) + + cert, err := utils.FetchCACertFromSource(ctx, utils.CreateCertOpts{ + StoreKind: a.storeKind, + Client: a.kube, + Namespace: a.namespace, + CABundle: provider.CABundle, + CAProvider: provider.CAProvider, + }) if err != nil { return nil, err } + caCertPool := x509.NewCertPool() + ok := caCertPool.AppendCertsFromPEM(cert) + if !ok { + return nil, fmt.Errorf("failed to append caBundle") + } + tlsConf := &tls.Config{ RootCAs: caCertPool, MinVersion: tls.VersionTLS12, @@ -423,93 +434,3 @@ func (a *akeylessBase) getAkeylessHTTPClient(provider *esv1beta1.AkeylessProvide client.Transport = &http.Transport{TLSClientConfig: tlsConf} return client, nil } - -func (a *akeylessBase) getCACertPool(provider *esv1beta1.AkeylessProvider) (*x509.CertPool, error) { - caCertPool := x509.NewCertPool() - if len(provider.CABundle) > 0 { - pem, err := base64decode(provider.CABundle) - if err != nil { - pem = provider.CABundle - } - ok := caCertPool.AppendCertsFromPEM(pem) - if !ok { - return nil, fmt.Errorf("failed to append caBundle") - } - } - - if provider.CAProvider != nil && - a.storeKind == esv1beta1.ClusterSecretStoreKind && - provider.CAProvider.Namespace == nil { - return nil, fmt.Errorf("missing namespace on caProvider secret") - } - - if provider.CAProvider != nil { - var cert []byte - var err error - - switch provider.CAProvider.Type { - case esv1beta1.CAProviderTypeSecret: - cert, err = a.getCertFromSecret(provider) - case esv1beta1.CAProviderTypeConfigMap: - cert, err = a.getCertFromConfigMap(provider) - default: - err = fmt.Errorf("unknown CAProvider type: %s", provider.CAProvider.Type) - } - - if err != nil { - return nil, err - } - pem, err := base64decode(cert) - if err != nil { - pem = cert - } - ok := caCertPool.AppendCertsFromPEM(pem) - if !ok { - return nil, fmt.Errorf("failed to append caBundle") - } - } - return caCertPool, nil -} - -func (a *akeylessBase) getCertFromSecret(provider *esv1beta1.AkeylessProvider) ([]byte, error) { - secretRef := esmeta.SecretKeySelector{ - Name: provider.CAProvider.Name, - Key: provider.CAProvider.Key, - } - - if provider.CAProvider.Namespace != nil { - secretRef.Namespace = provider.CAProvider.Namespace - } - - ctx := context.Background() - cert, err := resolvers.SecretKeyRef(ctx, a.kube, a.storeKind, a.namespace, &secretRef) - if err != nil { - return nil, err - } - - return []byte(cert), nil -} - -func (a *akeylessBase) getCertFromConfigMap(provider *esv1beta1.AkeylessProvider) ([]byte, error) { - objKey := client.ObjectKey{ - Name: provider.CAProvider.Name, - } - - if provider.CAProvider.Namespace != nil { - objKey.Namespace = *provider.CAProvider.Namespace - } - - configMapRef := &corev1.ConfigMap{} - ctx := context.Background() - err := a.kube.Get(ctx, objKey, configMapRef) - if err != nil { - return nil, fmt.Errorf("failed to get caProvider secret %s: %w", objKey.Name, err) - } - - val, ok := configMapRef.Data[provider.CAProvider.Key] - if !ok { - return nil, fmt.Errorf("failed to get caProvider configMap %s -> %s", objKey.Name, provider.CAProvider.Key) - } - - return []byte(val), nil -} diff --git a/pkg/provider/akeyless/utils.go b/pkg/provider/akeyless/utils.go index 26f82ae0d25..b8bcc54f6f2 100644 --- a/pkg/provider/akeyless/utils.go +++ b/pkg/provider/akeyless/utils.go @@ -15,7 +15,6 @@ limitations under the License. package akeyless import ( - "encoding/base64" "fmt" "io" "net/http" @@ -109,12 +108,3 @@ func sendReq(url string) string { body, _ := io.ReadAll(resp.Body) return string(body) } - -func base64decode(in []byte) ([]byte, error) { - out := make([]byte, len(in)) - l, err := base64.StdEncoding.Decode(out, in) - if err != nil { - return nil, err - } - return out[:l], nil -} diff --git a/pkg/provider/bitwarden/bitwarden_sdk.go b/pkg/provider/bitwarden/bitwarden_sdk.go index 12dd0bda311..1a50785f504 100644 --- a/pkg/provider/bitwarden/bitwarden_sdk.go +++ b/pkg/provider/bitwarden/bitwarden_sdk.go @@ -21,6 +21,10 @@ import ( "fmt" "io" "net/http" + + "sigs.k8s.io/controller-runtime/pkg/client" + + "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" ) // Defined Header Keys. @@ -100,18 +104,18 @@ type SdkClient struct { client *http.Client } -func NewSdkClient(apiURL, identityURL, bitwardenURL, token string, caBundle []byte) (*SdkClient, error) { - client, err := newHTTPSClient(caBundle) +func NewSdkClient(ctx context.Context, c client.Client, storeKind, namespace string, provider *v1beta1.BitwardenSecretsManagerProvider, token string) (*SdkClient, error) { + httpsClient, err := newHTTPSClient(ctx, c, storeKind, namespace, provider) if err != nil { return nil, fmt.Errorf("error creating https client: %w", err) } return &SdkClient{ - apiURL: apiURL, - identityURL: identityURL, + apiURL: provider.APIURL, + identityURL: provider.IdentityURL, + bitwardenSdkServerURL: provider.BitwardenServerSDKURL, token: token, - client: client, - bitwardenSdkServerURL: bitwardenURL, + client: httpsClient, }, nil } diff --git a/pkg/provider/bitwarden/client.go b/pkg/provider/bitwarden/client.go index 80d58fc44c1..ec80c32e04d 100644 --- a/pkg/provider/bitwarden/client.go +++ b/pkg/provider/bitwarden/client.go @@ -26,10 +26,6 @@ import ( "github.com/external-secrets/external-secrets/pkg/utils" ) -var ( - errBadCertBundle = "caBundle failed to base64 decode: %w" -) - const ( // NoteMetadataKey defines the note for the pushed secret. NoteMetadataKey = "note" @@ -249,16 +245,6 @@ func (p *Provider) Close(_ context.Context) error { return nil } -// getCABundle try retrieve the CA bundle from the provider CABundle. -func (p *Provider) getCABundle(provider *esv1beta1.BitwardenSecretsManagerProvider) ([]byte, error) { - certBytes, decodeErr := utils.Decode(esv1beta1.ExternalSecretDecodeBase64, []byte(provider.CABundle)) - if decodeErr != nil { - return nil, fmt.Errorf(errBadCertBundle, decodeErr) - } - - return certBytes, nil -} - func (p *Provider) findSecretByRef(ctx context.Context, key, projectID string) (*SecretResponse, error) { spec := p.store.GetSpec() if spec == nil || spec.Provider == nil { diff --git a/pkg/provider/bitwarden/provider.go b/pkg/provider/bitwarden/provider.go index cdc8d0d5fcb..97aa5711ac4 100644 --- a/pkg/provider/bitwarden/provider.go +++ b/pkg/provider/bitwarden/provider.go @@ -26,6 +26,7 @@ import ( "sigs.k8s.io/controller-runtime/pkg/webhook/admission" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + "github.com/external-secrets/external-secrets/pkg/utils" "github.com/external-secrets/external-secrets/pkg/utils/resolvers" ) @@ -58,17 +59,12 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, return nil, fmt.Errorf("could not resolve auth credentials: %w", err) } - bundle, err := p.getCABundle(storeSpec.Provider.BitwardenSecretsManager) - if err != nil { - return nil, fmt.Errorf("could not resolve caBundle: %w", err) - } - - sdkClient, err := NewSdkClient( - storeSpec.Provider.BitwardenSecretsManager.APIURL, - storeSpec.Provider.BitwardenSecretsManager.IdentityURL, - storeSpec.Provider.BitwardenSecretsManager.BitwardenServerSDKURL, + sdkClient, err := NewSdkClient(ctx, + kube, + store.GetKind(), + namespace, + storeSpec.Provider.BitwardenSecretsManager, token, - bundle, ) if err != nil { return nil, fmt.Errorf("could not create SdkClient: %w", err) @@ -88,17 +84,49 @@ func (p *Provider) Capabilities() esv1beta1.SecretStoreCapabilities { } // ValidateStore validates the store. -func (p *Provider) ValidateStore(_ esv1beta1.GenericStore) (admission.Warnings, error) { +func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error) { + storeSpec := store.GetSpec() + if storeSpec == nil { + return admission.Warnings{}, fmt.Errorf("no store type or wrong store type") + } + + if storeSpec.Provider == nil { + return admission.Warnings{}, fmt.Errorf("provider not configured") + } + + bitwardenSpec := storeSpec.Provider.BitwardenSecretsManager + if bitwardenSpec == nil { + return admission.Warnings{}, fmt.Errorf("bitwarden spec not configured") + } + + if bitwardenSpec.CAProvider == nil && bitwardenSpec.CABundle == "" { + return admission.Warnings{ + "Neither CA nor CA bundle is configured; user is expected to provide certificate information via volume mount.", + }, nil + } + return nil, nil } // newHTTPSClient creates a new HTTPS client with the given cert. -func newHTTPSClient(cert []byte) (*http.Client, error) { +func newHTTPSClient(ctx context.Context, c client.Client, storeKind, namespace string, provider *esv1beta1.BitwardenSecretsManagerProvider) (*http.Client, error) { + cert, err := utils.FetchCACertFromSource(ctx, utils.CreateCertOpts{ + CABundle: []byte(provider.CABundle), + CAProvider: provider.CAProvider, + StoreKind: storeKind, + Namespace: namespace, + Client: c, + }) + if err != nil { + return nil, err + } + pool := x509.NewCertPool() ok := pool.AppendCertsFromPEM(cert) if !ok { - return nil, fmt.Errorf("can't append Conjur SSL cert") + return nil, fmt.Errorf("failed to append caBundle") } + tr := &http.Transport{ TLSClientConfig: &tls.Config{RootCAs: pool, MinVersion: tls.VersionTLS12}, } diff --git a/pkg/provider/conjur/client.go b/pkg/provider/conjur/client.go index 8a413ba660a..2514056c082 100644 --- a/pkg/provider/conjur/client.go +++ b/pkg/provider/conjur/client.go @@ -17,7 +17,6 @@ package conjur import ( "context" "fmt" - "strings" "github.com/cyberark/conjur-api-go/conjurapi" "github.com/cyberark/conjur-api-go/conjurapi/authn" @@ -26,24 +25,17 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" - esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" "github.com/external-secrets/external-secrets/pkg/provider/conjur/util" "github.com/external-secrets/external-secrets/pkg/utils" "github.com/external-secrets/external-secrets/pkg/utils/resolvers" ) var ( - errConjurClient = "cannot setup new Conjur client: %w" - errBadCertBundle = "caBundle failed to base64 decode: %w" - errBadServiceUser = "could not get Auth.Apikey.UserRef: %w" - errBadServiceAPIKey = "could not get Auth.Apikey.ApiKeyRef: %w" - + errConjurClient = "cannot setup new Conjur client: %w" + errBadServiceUser = "could not get Auth.Apikey.UserRef: %w" + errBadServiceAPIKey = "could not get Auth.Apikey.ApiKeyRef: %w" errGetKubeSATokenRequest = "cannot request Kubernetes service account token for service account %q: %w" - - errUnableToFetchCAProviderCM = "unable to fetch Server.CAProvider ConfigMap: %w" - errUnableToFetchCAProviderSecret = "unable to fetch Server.CAProvider Secret: %w" - - errSecretKeyFmt = "cannot find secret data for key: %q" + errSecretKeyFmt = "cannot find secret data for key: %q" ) // Client is a provider for Conjur. @@ -68,14 +60,20 @@ func (c *Client) GetConjurClient(ctx context.Context) (SecretsClient, error) { return nil, err } - cert, getCertErr := c.getCA(ctx, prov) + cert, getCertErr := utils.FetchCACertFromSource(ctx, utils.CreateCertOpts{ + CABundle: []byte(prov.CABundle), + CAProvider: prov.CAProvider, + StoreKind: c.store.GetKind(), + Namespace: c.namespace, + Client: c.kube, + }) if getCertErr != nil { return nil, getCertErr } config := conjurapi.Config{ ApplianceURL: prov.URL, - SSLCert: cert, + SSLCert: string(cert), } if prov.Auth.APIKey != nil { @@ -151,69 +149,3 @@ func (c *Client) Validate() (esv1beta1.ValidationResult, error) { func (c *Client) Close(_ context.Context) error { return nil } - -// configMapKeyRef returns the value of a key in a ConfigMap. -func (c *Client) configMapKeyRef(ctx context.Context, cmRef *esmeta.SecretKeySelector) (string, error) { - configMap := &corev1.ConfigMap{} - ref := client.ObjectKey{ - Namespace: c.namespace, - Name: cmRef.Name, - } - if (c.StoreKind == esv1beta1.ClusterSecretStoreKind) && - (cmRef.Namespace != nil) { - ref.Namespace = *cmRef.Namespace - } - err := c.kube.Get(ctx, ref, configMap) - if err != nil { - return "", err - } - - keyBytes, ok := configMap.Data[cmRef.Key] - if !ok { - return "", err - } - - valueStr := strings.TrimSpace(keyBytes) - return valueStr, nil -} - -// getCA try retrieve the CA bundle from the provider CABundle or from the CAProvider. -func (c *Client) getCA(ctx context.Context, provider *esv1beta1.ConjurProvider) (string, error) { - if provider.CAProvider != nil { - var ca string - var err error - switch provider.CAProvider.Type { - case esv1beta1.CAProviderTypeConfigMap: - keySelector := esmeta.SecretKeySelector{ - Name: provider.CAProvider.Name, - Namespace: provider.CAProvider.Namespace, - Key: provider.CAProvider.Key, - } - ca, err = c.configMapKeyRef(ctx, &keySelector) - if err != nil { - return "", fmt.Errorf(errUnableToFetchCAProviderCM, err) - } - case esv1beta1.CAProviderTypeSecret: - keySelector := esmeta.SecretKeySelector{ - Name: provider.CAProvider.Name, - Namespace: provider.CAProvider.Namespace, - Key: provider.CAProvider.Key, - } - ca, err = resolvers.SecretKeyRef( - ctx, - c.kube, - c.StoreKind, - c.namespace, - &keySelector) - if err != nil { - return "", fmt.Errorf(errUnableToFetchCAProviderSecret, err) - } - } - return ca, nil - } - certBytes, decodeErr := utils.Decode(esv1beta1.ExternalSecretDecodeBase64, []byte(provider.CABundle)) - if decodeErr != nil { - return "", fmt.Errorf(errBadCertBundle, decodeErr) - } - return string(certBytes), nil -} diff --git a/pkg/provider/conjur/provider_test.go b/pkg/provider/conjur/provider_test.go index 500e28d6d21..1c70537ef8f 100644 --- a/pkg/provider/conjur/provider_test.go +++ b/pkg/provider/conjur/provider_test.go @@ -458,8 +458,21 @@ func TestGetCA(t *testing.T) { want want } - certData := "mycertdata" - certDataEncoded := "bXljZXJ0ZGF0YQo=" + certData := `-----BEGIN CERTIFICATE----- +MIICGTCCAZ+gAwIBAgIQCeCTZaz32ci5PhwLBCou8zAKBggqhkjOPQQDAzBOMQsw +CQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xJjAkBgNVBAMTHURp +Z2lDZXJ0IFRMUyBFQ0MgUDM4NCBSb290IEc1MB4XDTIxMDExNTAwMDAwMFoXDTQ2 +MDExNDIzNTk1OVowTjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDkRpZ2lDZXJ0LCBJ +bmMuMSYwJAYDVQQDEx1EaWdpQ2VydCBUTFMgRUNDIFAzODQgUm9vdCBHNTB2MBAG +ByqGSM49AgEGBSuBBAAiA2IABMFEoc8Rl1Ca3iOCNQfN0MsYndLxf3c1TzvdlHJS +7cI7+Oz6e2tYIOyZrsn8aLN1udsJ7MgT9U7GCh1mMEy7H0cKPGEQQil8pQgO4CLp +0zVozptjn4S1mU1YoI71VOeVyaNCMEAwHQYDVR0OBBYEFMFRRVBZqz7nLFr6ICIS +B4CIfBFqMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49 +BAMDA2gAMGUCMQCJao1H5+z8blUD2WdsJk6Dxv3J+ysTvLd6jLRl0mlpYxNjOyZQ +LgGheQaRnUi/wr4CMEfDFXuxoJGZSZOoPHzoRgaLLPIxAJSdYsiJvRmEFOml+wG4 +DXZDjC5Ty3zfDBeWUA== +-----END CERTIFICATE-----` + certDataEncoded := "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUNHVENDQVorZ0F3SUJBZ0lRQ2VDVFphejMyY2k1UGh3TEJDb3U4ekFLQmdncWhrak9QUVFEQXpCT01Rc3cKQ1FZRFZRUUdFd0pWVXpFWE1CVUdBMVVFQ2hNT1JHbG5hVU5sY25Rc0lFbHVZeTR4SmpBa0JnTlZCQU1USFVScApaMmxEWlhKMElGUk1VeUJGUTBNZ1VETTROQ0JTYjI5MElFYzFNQjRYRFRJeE1ERXhOVEF3TURBd01Gb1hEVFEyCk1ERXhOREl6TlRrMU9Wb3dUakVMTUFrR0ExVUVCaE1DVlZNeEZ6QVZCZ05WQkFvVERrUnBaMmxEWlhKMExDQkoKYm1NdU1TWXdKQVlEVlFRREV4MUVhV2RwUTJWeWRDQlVURk1nUlVORElGQXpPRFFnVW05dmRDQkhOVEIyTUJBRwpCeXFHU000OUFnRUdCU3VCQkFBaUEySUFCTUZFb2M4UmwxQ2EzaU9DTlFmTjBNc1luZEx4ZjNjMVR6dmRsSEpTCjdjSTcrT3o2ZTJ0WUlPeVpyc244YUxOMXVkc0o3TWdUOVU3R0NoMW1NRXk3SDBjS1BHRVFRaWw4cFFnTzRDTHAKMHpWb3pwdGpuNFMxbVUxWW9JNzFWT2VWeWFOQ01FQXdIUVlEVlIwT0JCWUVGTUZSUlZCWnF6N25MRnI2SUNJUwpCNENJZkJGcU1BNEdBMVVkRHdFQi93UUVBd0lCaGpBUEJnTlZIUk1CQWY4RUJUQURBUUgvTUFvR0NDcUdTTTQ5CkJBTURBMmdBTUdVQ01RQ0phbzFINSt6OGJsVUQyV2RzSms2RHh2M0oreXNUdkxkNmpMUmwwbWxwWXhOak95WlEKTGdHaGVRYVJuVWkvd3I0Q01FZkRGWHV4b0pHWlNaT29QSHpvUmdhTExQSXhBSlNkWXNpSnZSbUVGT21sK3dHNApEWFpEakM1VHkzemZEQmVXVUE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0t" cases := map[string]testCase{ "UseCABundleSuccess": { diff --git a/pkg/provider/kubernetes/auth.go b/pkg/provider/kubernetes/auth.go index 547283e2e92..70e848399a8 100644 --- a/pkg/provider/kubernetes/auth.go +++ b/pkg/provider/kubernetes/auth.go @@ -19,23 +19,18 @@ import ( "fmt" authenticationv1 "k8s.io/api/authentication/v1" - corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" + "github.com/external-secrets/external-secrets/pkg/utils" "github.com/external-secrets/external-secrets/pkg/utils/resolvers" ) const ( - errInvalidClusterStoreMissingNamespace = "missing namespace" - errFetchCredentials = "could not fetch credentials: %w" - errMissingCredentials = "missing credentials: \"%s\"" - errEmptyKey = "key %s found but empty" - errUnableCreateToken = "cannot create service account token: %q" + errUnableCreateToken = "cannot create service account token: %q" ) func (c *Client) getAuth(ctx context.Context) (*rest.Config, error) { @@ -48,7 +43,13 @@ func (c *Client) getAuth(ctx context.Context) (*rest.Config, error) { return clientcmd.RESTConfigFromKubeConfig(cfg) } - ca, err := c.getCA(ctx) + ca, err := utils.FetchCACertFromSource(ctx, utils.CreateCertOpts{ + CABundle: c.store.Server.CABundle, + CAProvider: c.store.Server.CAProvider, + StoreKind: c.storeKind, + Namespace: c.namespace, + Client: c.ctrlClient, + }) if err != nil { return nil, err } @@ -92,40 +93,6 @@ func (c *Client) getAuth(ctx context.Context) (*rest.Config, error) { }, nil } -func (c *Client) getCA(ctx context.Context) ([]byte, error) { - if c.store.Server.CABundle != nil { - return c.store.Server.CABundle, nil - } - if c.store.Server.CAProvider != nil { - var ca []byte - var err error - switch c.store.Server.CAProvider.Type { - case esv1beta1.CAProviderTypeConfigMap: - keySelector := esmeta.SecretKeySelector{ - Name: c.store.Server.CAProvider.Name, - Namespace: c.store.Server.CAProvider.Namespace, - Key: c.store.Server.CAProvider.Key, - } - ca, err = c.fetchConfigMapKey(ctx, keySelector) - if err != nil { - return nil, fmt.Errorf("unable to fetch Server.CAProvider ConfigMap: %w", err) - } - case esv1beta1.CAProviderTypeSecret: - keySelector := esmeta.SecretKeySelector{ - Name: c.store.Server.CAProvider.Name, - Namespace: c.store.Server.CAProvider.Namespace, - Key: c.store.Server.CAProvider.Key, - } - ca, err = c.fetchSecretKey(ctx, keySelector) - if err != nil { - return nil, fmt.Errorf("unable to fetch Server.CAProvider Secret: %w", err) - } - } - return ca, nil - } - return nil, fmt.Errorf("no Certificate Authority provided") -} - func (c *Client) getClientKeyAndCert(ctx context.Context) ([]byte, []byte, error) { var err error cert, err := c.fetchSecretKey(ctx, c.store.Auth.Cert.ClientCert) @@ -171,30 +138,3 @@ func (c *Client) fetchSecretKey(ctx context.Context, ref esmeta.SecretKeySelecto } return []byte(secret), nil } - -func (c *Client) fetchConfigMapKey(ctx context.Context, key esmeta.SecretKeySelector) ([]byte, error) { - configMap := &corev1.ConfigMap{} - objectKey := types.NamespacedName{ - Name: key.Name, - Namespace: c.namespace, - } - // only ClusterStore is allowed to set namespace (and then it's required) - if c.storeKind == esv1beta1.ClusterSecretStoreKind { - if key.Namespace == nil { - return nil, fmt.Errorf(errInvalidClusterStoreMissingNamespace) - } - objectKey.Namespace = *key.Namespace - } - err := c.ctrlClient.Get(ctx, objectKey, configMap) - if err != nil { - return nil, fmt.Errorf(errFetchCredentials, err) - } - val, ok := configMap.Data[key.Key] - if !ok { - return nil, fmt.Errorf(errMissingCredentials, key.Key) - } - if val == "" { - return nil, fmt.Errorf(errEmptyKey, key.Key) - } - return []byte(val), nil -} diff --git a/pkg/provider/kubernetes/auth_test.go b/pkg/provider/kubernetes/auth_test.go index 5d23de3c7b5..84e2a0d75da 100644 --- a/pkg/provider/kubernetes/auth_test.go +++ b/pkg/provider/kubernetes/auth_test.go @@ -18,7 +18,7 @@ import ( "context" "testing" - "github.com/google/go-cmp/cmp" + "github.com/stretchr/testify/assert" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1" @@ -99,7 +99,7 @@ func TestSetAuth(t *testing.T) { fields: fields{ store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ - CABundle: []byte("1234"), + CABundle: []byte(caCert), }, }, }, @@ -116,7 +116,7 @@ func TestSetAuth(t *testing.T) { Namespace: "default", }, Data: map[string][]byte{ - "cert": []byte("1234"), + "cert": []byte(caCert), "token": []byte("mytoken"), }, }).Build(), @@ -144,7 +144,7 @@ func TestSetAuth(t *testing.T) { Host: "https://my.test.tld", BearerToken: "mytoken", TLSClientConfig: rest.TLSClientConfig{ - CAData: []byte("1234"), + CAData: []byte(caCert), }, }, wantErr: false, @@ -215,7 +215,7 @@ func TestSetAuth(t *testing.T) { store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ URL: "https://my.test.tld", - CABundle: []byte("1234"), + CABundle: []byte(caCert), }, Auth: esv1beta1.KubernetesAuth{ Token: &esv1beta1.TokenAuth{ @@ -232,7 +232,7 @@ func TestSetAuth(t *testing.T) { Host: "https://my.test.tld", BearerToken: "mytoken", TLSClientConfig: rest.TLSClientConfig{ - CAData: []byte("1234"), + CAData: []byte(caCert), }, }, wantErr: false, @@ -262,7 +262,7 @@ func TestSetAuth(t *testing.T) { store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ URL: "https://my.test.tld", - CABundle: []byte("1234"), + CABundle: []byte(caCert), }, Auth: esv1beta1.KubernetesAuth{ Token: &esv1beta1.TokenAuth{ @@ -289,7 +289,7 @@ func TestSetAuth(t *testing.T) { Host: "https://my.test.tld", BearerToken: "mytoken", TLSClientConfig: rest.TLSClientConfig{ - CAData: []byte("1234"), + CAData: []byte(caCert), CertData: []byte("my-cert"), KeyData: []byte("my-key"), }, @@ -310,7 +310,7 @@ func TestSetAuth(t *testing.T) { store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ URL: "https://my.test.tld", - CABundle: []byte("1234"), + CABundle: []byte(caCert), }, Auth: esv1beta1.KubernetesAuth{ ServiceAccount: &v1.ServiceAccountSelector{ @@ -324,7 +324,7 @@ func TestSetAuth(t *testing.T) { Host: "https://my.test.tld", BearerToken: "my-sa-token", TLSClientConfig: rest.TLSClientConfig{ - CAData: []byte("1234"), + CAData: []byte(caCert), }, }, wantErr: false, @@ -342,7 +342,7 @@ func TestSetAuth(t *testing.T) { kubeclientset: utilfake.NewCreateTokenMock().WithToken("my-sa-token"), store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ - CABundle: []byte("1234"), + CABundle: []byte(caCert), }, Auth: esv1beta1.KubernetesAuth{ ServiceAccount: &v1.ServiceAccountSelector{ @@ -399,9 +399,7 @@ func TestSetAuth(t *testing.T) { if (err != nil) != tt.wantErr { t.Errorf("BaseClient.setAuth() error = %v, wantErr %v", err, tt.wantErr) } - if !cmp.Equal(cfg, tt.want) { - t.Errorf("unexpected value: expected %#v, got %#v", tt.want, cfg) - } + assert.Equal(t, tt.want, cfg) }) } } diff --git a/pkg/provider/vault/auth_approle.go b/pkg/provider/vault/auth_approle.go index 25b21e39e86..adcf14dff63 100644 --- a/pkg/provider/vault/auth_approle.go +++ b/pkg/provider/vault/auth_approle.go @@ -19,7 +19,7 @@ import ( "fmt" "strings" - approle "github.com/hashicorp/vault/api/auth/approle" + "github.com/hashicorp/vault/api/auth/approle" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" "github.com/external-secrets/external-secrets/pkg/constants" diff --git a/pkg/provider/vault/client.go b/pkg/provider/vault/client.go index e6cb3131991..8de3f2bf5c1 100644 --- a/pkg/provider/vault/client.go +++ b/pkg/provider/vault/client.go @@ -25,13 +25,12 @@ import ( "github.com/go-logr/logr" vault "github.com/hashicorp/vault/api" corev1 "k8s.io/api/core/v1" - "k8s.io/apimachinery/pkg/types" typedcorev1 "k8s.io/client-go/kubernetes/typed/core/v1" kclient "sigs.k8s.io/controller-runtime/pkg/client" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" - esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" "github.com/external-secrets/external-secrets/pkg/provider/vault/util" + "github.com/external-secrets/external-secrets/pkg/utils" "github.com/external-secrets/external-secrets/pkg/utils/resolvers" ) @@ -56,39 +55,19 @@ func (c *client) newConfig(ctx context.Context) (*vault.Config, error) { if len(c.store.CABundle) != 0 || c.store.CAProvider != nil { caCertPool := x509.NewCertPool() - - if len(c.store.CABundle) > 0 { - ok := caCertPool.AppendCertsFromPEM(c.store.CABundle) - if !ok { - return nil, fmt.Errorf(errVaultCert, errors.New("failed to parse certificates from CertPool")) - } - } - - if c.store.CAProvider != nil && c.storeKind == esv1beta1.ClusterSecretStoreKind && c.store.CAProvider.Namespace == nil { - return nil, errors.New(errCANamespace) + ca, err := utils.FetchCACertFromSource(ctx, utils.CreateCertOpts{ + CABundle: c.store.CABundle, + CAProvider: c.store.CAProvider, + StoreKind: c.storeKind, + Namespace: c.namespace, + Client: c.kube, + }) + if err != nil { + return nil, err } - - if c.store.CAProvider != nil { - var cert []byte - var err error - - switch c.store.CAProvider.Type { - case esv1beta1.CAProviderTypeSecret: - cert, err = getCertFromSecret(c) - case esv1beta1.CAProviderTypeConfigMap: - cert, err = getCertFromConfigMap(c) - default: - return nil, errors.New(errUnknownCAProvider) - } - - if err != nil { - return nil, err - } - - ok := caCertPool.AppendCertsFromPEM(cert) - if !ok { - return nil, fmt.Errorf(errVaultCert, errors.New("failed to parse certificates from CertPool")) - } + ok := caCertPool.AppendCertsFromPEM(ca) + if !ok { + return nil, fmt.Errorf(errVaultCert, errors.New("failed to parse certificates from CertPool")) } if transport, ok := cfg.HttpClient.Transport.(*http.Transport); ok { @@ -138,50 +117,6 @@ func (c *client) configureClientTLS(ctx context.Context, cfg *vault.Config) erro return nil } -func getCertFromSecret(v *client) ([]byte, error) { - secretRef := esmeta.SecretKeySelector{ - Name: v.store.CAProvider.Name, - Namespace: &v.namespace, - Key: v.store.CAProvider.Key, - } - - if v.store.CAProvider.Namespace != nil { - secretRef.Namespace = v.store.CAProvider.Namespace - } - - ctx := context.Background() - res, err := resolvers.SecretKeyRef(ctx, v.kube, v.storeKind, v.namespace, &secretRef) - if err != nil { - return nil, fmt.Errorf(errVaultCert, err) - } - - return []byte(res), nil -} - -func getCertFromConfigMap(v *client) ([]byte, error) { - objKey := types.NamespacedName{ - Name: v.store.CAProvider.Name, - Namespace: v.namespace, - } - - if v.store.CAProvider.Namespace != nil { - objKey.Namespace = *v.store.CAProvider.Namespace - } - - configMapRef := &corev1.ConfigMap{} - ctx := context.Background() - err := v.kube.Get(ctx, objKey, configMapRef) - if err != nil { - return nil, fmt.Errorf(errVaultCert, err) - } - - val, ok := configMapRef.Data[v.store.CAProvider.Key] - if !ok { - return nil, fmt.Errorf(errConfigMapFmt, v.store.CAProvider.Key) - } - return []byte(val), nil -} - func (c *client) Close(ctx context.Context) error { // Revoke the token if we have one set, it wasn't sourced from a TokenSecretRef, // and token caching isn't enabled diff --git a/pkg/provider/vault/provider.go b/pkg/provider/vault/provider.go index 597839c0a5a..7a5b6752703 100644 --- a/pkg/provider/vault/provider.go +++ b/pkg/provider/vault/provider.go @@ -43,13 +43,11 @@ var ( ) const ( - errVaultStore = "received invalid Vault SecretStore resource: %w" - errVaultClient = "cannot setup new vault client: %w" - errVaultCert = "cannot set Vault CA certificate: %w" - errConfigMapFmt = "cannot find config map data for key: %q" - errClientTLSAuth = "error from Client TLS Auth: %q" - errUnknownCAProvider = "unknown caProvider type given" - errCANamespace = "cannot read secret for CAProvider due to missing namespace on kind ClusterSecretStore" + errVaultStore = "received invalid Vault SecretStore resource: %w" + errVaultClient = "cannot setup new vault client: %w" + errVaultCert = "cannot set Vault CA certificate: %w" + errClientTLSAuth = "error from Client TLS Auth: %q" + errCANamespace = "missing namespace on caProvider secret" ) type Provider struct { diff --git a/pkg/provider/vault/provider_test.go b/pkg/provider/vault/provider_test.go index 709516780fe..b6061beeab7 100644 --- a/pkg/provider/vault/provider_test.go +++ b/pkg/provider/vault/provider_test.go @@ -306,7 +306,7 @@ MIIFkTCCA3mgAwIBAgIUBEUg3m/WqAsWHG4Q/II3IePFfuowDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE }), }, want: want{ - err: fmt.Errorf(errVaultCert, errors.New("failed to parse certificates from CertPool")), + err: fmt.Errorf("failed to decode ca bundle: %w", errors.New("failed to parse the new certificate, not valid pem data")), }, }, "VaultAuthFormatError": { @@ -419,7 +419,7 @@ MIIFkTCCA3mgAwIBAgIUBEUg3m/WqAsWHG4Q/II3IePFfuowDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE newClientFunc: fake.ClientWithLoginMock, }, want: want{ - err: fmt.Errorf(errVaultCert, errors.New(`cannot find secret data for key: "cert"`)), + err: fmt.Errorf("failed to get cert from secret: %w", fmt.Errorf("failed to resolve secret key ref: %w", errors.New("cannot find secret data for key: \"cert\""))), }, }, "SuccessfulVaultStoreWithIamAuthSecret": { @@ -491,7 +491,7 @@ MIIFkTCCA3mgAwIBAgIUBEUg3m/WqAsWHG4Q/II3IePFfuowDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE newClientFunc: fake.ClientWithLoginMock, }, want: want{ - err: fmt.Errorf(errConfigMapFmt, "cert"), + err: fmt.Errorf("failed to get cert from configmap: %w", errors.New("failed to get caProvider configMap vault-cert -> cert")), }, }, "GetCertificateFormatError": { @@ -506,7 +506,7 @@ MIIFkTCCA3mgAwIBAgIUBEUg3m/WqAsWHG4Q/II3IePFfuowDQYJKoZIhvcNAQELBQAwWDELMAkGA1UE }, Data: map[string][]byte{ tlsKey: secretClientKey, - tlsCrt: []byte("cert with mistak"), + tlsCrt: []byte("cert with mistake"), }, }).Build(), newClientFunc: fake.ClientWithLoginMock, diff --git a/pkg/provider/webhook/webhook.go b/pkg/provider/webhook/webhook.go index 31ab82deeaf..51e35a7355b 100644 --- a/pkg/provider/webhook/webhook.go +++ b/pkg/provider/webhook/webhook.go @@ -60,7 +60,7 @@ func (p *Provider) Capabilities() esv1beta1.SecretStoreCapabilities { return esv1beta1.SecretStoreReadOnly } -func (p *Provider) NewClient(_ context.Context, store esv1beta1.GenericStore, kube client.Client, namespace string) (esv1beta1.SecretsClient, error) { +func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Client, namespace string) (esv1beta1.SecretsClient, error) { wh := webhook.Webhook{ Kube: kube, Namespace: namespace, @@ -80,7 +80,7 @@ func (p *Provider) NewClient(_ context.Context, store esv1beta1.GenericStore, ku } whClient.url = provider.URL - whClient.wh.HTTP, err = whClient.wh.GetHTTPClient(provider) + whClient.wh.HTTP, err = whClient.wh.GetHTTPClient(ctx, provider) if err != nil { return nil, err } @@ -113,12 +113,12 @@ func (w *WebHook) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRe return false, fmt.Errorf(errNotImplemented) } -// Not Implemented PushSecret. +// PushSecret not implement. func (w *WebHook) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { return fmt.Errorf(errNotImplemented) } -// Empty GetAllSecrets. +// GetAllSecrets Empty . func (w *WebHook) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { // TO be implemented return nil, fmt.Errorf(errNotImplemented) diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index e4961870cba..430e223fcd0 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -16,9 +16,12 @@ package utils import ( "bytes" + "context" "crypto/md5" //nolint:gosec + "crypto/x509" "encoding/base64" "encoding/json" + "encoding/pem" "errors" "fmt" "net" @@ -31,12 +34,15 @@ import ( "time" "unicode" + corev1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "sigs.k8s.io/controller-runtime/pkg/client" esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" "github.com/external-secrets/external-secrets/pkg/template/v2" + "github.com/external-secrets/external-secrets/pkg/utils/resolvers" ) const ( @@ -139,7 +145,7 @@ func transform(val string, data map[string][]byte) ([]byte, error) { return buf.Bytes(), nil } -// DecodeValues decodes values from a secretMap. +// DecodeMap decodes values from a secretMap. func DecodeMap(strategy esv1beta1.ExternalSecretDecodingStrategy, in map[string][]byte) (map[string][]byte, error) { out := make(map[string][]byte, len(in)) for k, v := range in { @@ -515,3 +521,123 @@ func CompareStringAndByteSlices(valueString *string, valueByte []byte) bool { return bytes.Equal(valueByte, []byte(*valueString)) } + +// CreateCertOpts contains options for a cert pool creation. +type CreateCertOpts struct { + CABundle []byte + CAProvider *esv1beta1.CAProvider + StoreKind string + Namespace string + Client client.Client +} + +// FetchCACertFromSource creates a CertPool using either a CABundle directly, or +// a ConfigMap / Secret. +func FetchCACertFromSource(ctx context.Context, opts CreateCertOpts) ([]byte, error) { + if len(opts.CABundle) == 0 && opts.CAProvider == nil { + return nil, nil + } + + if len(opts.CABundle) > 0 { + pem, err := base64decode(opts.CABundle) + if err != nil { + return nil, fmt.Errorf("failed to decode ca bundle: %w", err) + } + + return pem, nil + } + + if opts.CAProvider != nil && + opts.StoreKind == esv1beta1.ClusterSecretStoreKind && + opts.CAProvider.Namespace == nil { + return nil, fmt.Errorf("missing namespace on caProvider secret") + } + + switch opts.CAProvider.Type { + case esv1beta1.CAProviderTypeSecret: + cert, err := getCertFromSecret(ctx, opts.Client, opts.CAProvider, opts.StoreKind, opts.Namespace) + if err != nil { + return nil, fmt.Errorf("failed to get cert from secret: %w", err) + } + + return cert, nil + case esv1beta1.CAProviderTypeConfigMap: + cert, err := getCertFromConfigMap(ctx, opts.Namespace, opts.Client, opts.CAProvider) + if err != nil { + return nil, fmt.Errorf("failed to get cert from configmap: %w", err) + } + + return cert, nil + } + + return nil, fmt.Errorf("unsupported CA provider type: %s", opts.CAProvider.Type) +} + +func base64decode(cert []byte) ([]byte, error) { + if c, err := parseCertificateBytes(cert); err == nil { + return c, nil + } + + // try decoding and test for validity again... + certificate, err := Decode(esv1beta1.ExternalSecretDecodeAuto, cert) + if err != nil { + return nil, fmt.Errorf("failed to decode base64: %w", err) + } + + return parseCertificateBytes(certificate) +} + +func parseCertificateBytes(certBytes []byte) ([]byte, error) { + block, _ := pem.Decode(certBytes) + if block == nil { + return nil, errors.New("failed to parse the new certificate, not valid pem data") + } + + if _, err := x509.ParseCertificate(block.Bytes); err != nil { + return nil, fmt.Errorf("failed to validate certificate: %w", err) + } + + return certBytes, nil +} + +func getCertFromSecret(ctx context.Context, c client.Client, provider *esv1beta1.CAProvider, storeKind, namespace string) ([]byte, error) { + secretRef := esmeta.SecretKeySelector{ + Name: provider.Name, + Key: provider.Key, + } + + if provider.Namespace != nil { + secretRef.Namespace = provider.Namespace + } + + cert, err := resolvers.SecretKeyRef(ctx, c, storeKind, namespace, &secretRef) + if err != nil { + return nil, fmt.Errorf("failed to resolve secret key ref: %w", err) + } + + return []byte(cert), nil +} + +func getCertFromConfigMap(ctx context.Context, namespace string, c client.Client, provider *esv1beta1.CAProvider) ([]byte, error) { + objKey := client.ObjectKey{ + Name: provider.Name, + Namespace: namespace, + } + + if provider.Namespace != nil { + objKey.Namespace = *provider.Namespace + } + + configMapRef := &corev1.ConfigMap{} + err := c.Get(ctx, objKey, configMapRef) + if err != nil { + return nil, fmt.Errorf("failed to get caProvider secret %s: %w", objKey.Name, err) + } + + val, ok := configMapRef.Data[provider.Key] + if !ok { + return nil, fmt.Errorf("failed to get caProvider configMap %s -> %s", objKey.Name, provider.Key) + } + + return []byte(val), nil +} From 139b00687f86c04dfab4637fed00e863dd5f8657 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 19 Aug 2024 13:39:50 +0200 Subject: [PATCH 234/517] fix: run helm.test.update on main branch (#3816) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .../tests/__snapshot__/crds_test.yaml.snap | 153 +++++++++++++++++- 1 file changed, 152 insertions(+), 1 deletion(-) diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 1185633be79..79d78ead32b 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -2161,6 +2161,134 @@ should match snapshot of default values: required: - vaultUrl type: object + beyondtrust: + description: Beyondtrust configures this store to sync secrets using Password Safe provider. + properties: + auth: + description: Auth configures how the operator authenticates with Beyondtrust. + properties: + certificate: + description: Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + certificateKey: + description: Certificate private key (key.pem). For use when authenticating with an OAuth client Id + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + clientId: + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + clientSecret: + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object + required: + - clientId + - clientSecret + type: object + server: + description: Auth configures how API server works. + properties: + apiUrl: + type: string + clientTimeOutSeconds: + description: Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. Defaults to 45 seconds. + type: integer + retrievalType: + description: The secret retrieval type. SECRET = Secrets Safe (credential, text, file). MANAGED_ACCOUNT = Password Safe account associated with a system. + type: string + separator: + description: A character that separates the folder names. + type: string + verifyCA: + type: boolean + required: + - apiUrl + - verifyCA + type: object + required: + - auth + - server + type: object bitwardensecretsmanager: description: BitwardenSecretsManager configures this store to sync secrets using BitwardenSecretsManager provider properties: @@ -2204,6 +2332,30 @@ should match snapshot of default values: Base64 encoded certificate for the bitwarden server sdk. The sdk MUST run with HTTPS to make sure no MITM attack can be performed. type: string + caProvider: + description: 'see: https://external-secrets.io/latest/spec/#external-secrets.io/v1alpha1.CAProvider' + properties: + key: + description: The key where the CA certificate can be found in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the provider type. + type: string + namespace: + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object identityURL: type: string organizationID: @@ -2214,7 +2366,6 @@ should match snapshot of default values: type: string required: - auth - - caBundle - organizationID - projectID type: object From 3414bd6428d850feba46fc855d10fe1317d04b16 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 19 Aug 2024 17:07:20 +0200 Subject: [PATCH 235/517] chore: update dependencies (#3815) --- ...nal-secrets.io_clusterexternalsecrets.yaml | 3 +- ...ternal-secrets.io_clustersecretstores.yaml | 2 +- .../external-secrets.io_externalsecrets.yaml | 7 +- .../external-secrets.io_pushsecrets.yaml | 2 +- .../external-secrets.io_secretstores.yaml | 2 +- ...s.external-secrets.io_acraccesstokens.yaml | 5 +- ...nal-secrets.io_ecrauthorizationtokens.yaml | 2 +- .../generators.external-secrets.io_fakes.yaml | 2 +- ...s.external-secrets.io_gcraccesstokens.yaml | 2 +- ...xternal-secrets.io_githubaccesstokens.yaml | 2 +- ...erators.external-secrets.io_passwords.yaml | 2 +- ...ternal-secrets.io_vaultdynamicsecrets.yaml | 2 +- ...nerators.external-secrets.io_webhooks.yaml | 2 +- deploy/crds/bundle.yaml | 35 +++--- docs/introduction/stability-support.md | 3 +- e2e/go.mod | 83 +++++++------- e2e/go.sum | 78 ++++++++------ go.mod | 50 +++++---- go.sum | 101 ++++++++++-------- pkg/provider/alibaba/kms_test.go | 2 +- 20 files changed, 199 insertions(+), 188 deletions(-) diff --git a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml index 3691932e10b..9bf15ee30ff 100644 --- a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io @@ -141,7 +141,6 @@ spec: description: |- GeneratorRef points to a generator custom resource. - Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1. properties: diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 8e0927f3d89..5b9e828f79a 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: clustersecretstores.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index 2faadc356b7..697d80ca891 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: externalsecrets.external-secrets.io @@ -262,9 +262,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -408,7 +406,6 @@ spec: description: |- GeneratorRef points to a generator custom resource. - Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1. properties: @@ -796,9 +793,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic diff --git a/config/crds/bases/external-secrets.io_pushsecrets.yaml b/config/crds/bases/external-secrets.io_pushsecrets.yaml index c7b93b884f5..d6f173dff74 100644 --- a/config/crds/bases/external-secrets.io_pushsecrets.yaml +++ b/config/crds/bases/external-secrets.io_pushsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: pushsecrets.external-secrets.io spec: group: external-secrets.io diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index a4fa6194a95..b7fdee61a29 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml index e5aa42fbb1c..55df6220e35 100644 --- a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io @@ -30,7 +30,6 @@ spec: This can be scoped down to the repository level using .spec.scope. In case scope is defined it will return an ACR Access Token. - See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md properties: apiVersion: @@ -173,12 +172,10 @@ spec: if not provided it will return a refresh token that has full scope. Note: you need to pin it down to the repository level, there is no wildcard available. - examples: repository:my-repository:pull,push repository:my-repository:pull - see docs for details: https://docs.docker.com/registry/spec/auth/scope/ type: string tenantId: diff --git a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml index ef5afb1f9c1..12808473572 100644 --- a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_fakes.yaml b/config/crds/bases/generators.external-secrets.io_fakes.yaml index fc9ea06b3ce..06d6f2fe985 100644 --- a/config/crds/bases/generators.external-secrets.io_fakes.yaml +++ b/config/crds/bases/generators.external-secrets.io_fakes.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: fakes.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml index 50bb4adba60..28b826f4dcf 100644 --- a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml index c9d6eeb5e77..eb01493bd97 100644 --- a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_passwords.yaml b/config/crds/bases/generators.external-secrets.io_passwords.yaml index ae8604910f0..7ae401dd3f9 100644 --- a/config/crds/bases/generators.external-secrets.io_passwords.yaml +++ b/config/crds/bases/generators.external-secrets.io_passwords.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: passwords.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml index b7b4dc8e838..52c9c0db65b 100644 --- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml +++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_webhooks.yaml b/config/crds/bases/generators.external-secrets.io_webhooks.yaml index e17a20d398e..829ab05118e 100644 --- a/config/crds/bases/generators.external-secrets.io_webhooks.yaml +++ b/config/crds/bases/generators.external-secrets.io_webhooks.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: webhooks.generators.external-secrets.io diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index e7b72080e0f..e6622b41fe0 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io @@ -132,7 +132,6 @@ spec: description: |- GeneratorRef points to a generator custom resource. - Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1. properties: @@ -660,7 +659,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: clustersecretstores.external-secrets.io @@ -5252,7 +5251,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: externalsecrets.external-secrets.io @@ -5501,9 +5500,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -5640,7 +5637,6 @@ spec: description: |- GeneratorRef points to a generator custom resource. - Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1. properties: @@ -6012,9 +6008,7 @@ spec: This field is effectively required, but due to backwards compatibility is allowed to be empty. Instances of this type with an empty value here are almost certainly wrong. - TODO: Add other useful fields. apiVersion, kind, uid? More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names - TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896. type: string type: object x-kubernetes-map-type: atomic @@ -6068,7 +6062,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -6445,7 +6439,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io @@ -11037,7 +11031,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io @@ -11065,7 +11059,6 @@ spec: This can be scoped down to the repository level using .spec.scope. In case scope is defined it will return an ACR Access Token. - See docs: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md properties: apiVersion: @@ -11199,12 +11192,10 @@ spec: if not provided it will return a refresh token that has full scope. Note: you need to pin it down to the repository level, there is no wildcard available. - examples: repository:my-repository:pull,push repository:my-repository:pull - see docs for details: https://docs.docker.com/registry/spec/auth/scope/ type: string tenantId: @@ -11234,7 +11225,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io @@ -11402,7 +11393,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: fakes.generators.external-secrets.io @@ -11479,7 +11470,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io @@ -11608,7 +11599,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io @@ -11711,7 +11702,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: passwords.generators.external-secrets.io @@ -11810,7 +11801,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io @@ -12508,7 +12499,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: webhooks.generators.external-secrets.io diff --git a/docs/introduction/stability-support.md b/docs/introduction/stability-support.md index cc297f1691e..93af218e024 100644 --- a/docs/introduction/stability-support.md +++ b/docs/introduction/stability-support.md @@ -18,7 +18,8 @@ We want to cover the following cases: - backport bug fixes on demand | ESO Version | Kubernetes Version | Release Date | End of Life | -| ----------- | ------------------ | ------------ | -------------- | +|-------------|--------------------|--------------| -------------- | +| 0.10.x | 1.19 → 1.31 | Aug 3, 2024 | Release of 1.1 | | 0.9.x | 1.19 → 1.30 | Jun 22, 2023 | Release of 1.1 | | 0.8.x | 1.19 → 1.28 | Mar 16, 2023 | Release of 1.0 | | 0.7.x | 1.19 → 1.26 | Dec 11, 2022 | Jun 22, 2023 | diff --git a/e2e/go.mod b/e2e/go.mod index a37b8eebaf5..50ea79db038 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -10,32 +10,32 @@ replace ( replace ( github.com/external-secrets/external-secrets v0.0.0 => ../ github.com/go-check/check => github.com/go-check/check v0.0.0-20180628173108-788fd7840127 - k8s.io/api => k8s.io/api v0.30.0 - k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.30.0 - k8s.io/apimachinery => k8s.io/apimachinery v0.30.0 - k8s.io/apiserver => k8s.io/apiserver v0.30.0 - k8s.io/cli-runtime => k8s.io/cli-runtime v0.30.0 - k8s.io/client-go => k8s.io/client-go v0.30.0 - k8s.io/cloud-provider => k8s.io/cloud-provider v0.30.0 - k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.30.0 - k8s.io/code-generator => k8s.io/code-generator v0.30.0 - k8s.io/component-base => k8s.io/component-base v0.30.0 - k8s.io/component-helpers => k8s.io/component-helpers v0.30.0 - k8s.io/controller-manager => k8s.io/controller-manager v0.30.0 - k8s.io/cri-api => k8s.io/cri-api v0.30.0 - k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.30.0 - k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.30.0 - k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.30.0 - k8s.io/kube-proxy => k8s.io/kube-proxy v0.30.0 - k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.30.0 - k8s.io/kubectl => k8s.io/kubectl v0.30.0 - k8s.io/kubelet => k8s.io/kubelet v0.30.0 + k8s.io/api => k8s.io/api v0.31.0 + k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.31.0 + k8s.io/apimachinery => k8s.io/apimachinery v0.31.0 + k8s.io/apiserver => k8s.io/apiserver v0.31.0 + k8s.io/cli-runtime => k8s.io/cli-runtime v0.31.0 + k8s.io/client-go => k8s.io/client-go v0.31.0 + k8s.io/cloud-provider => k8s.io/cloud-provider v0.31.0 + k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.31.0 + k8s.io/code-generator => k8s.io/code-generator v0.31.0 + k8s.io/component-base => k8s.io/component-base v0.31.0 + k8s.io/component-helpers => k8s.io/component-helpers v0.31.0 + k8s.io/controller-manager => k8s.io/controller-manager v0.31.0 + k8s.io/cri-api => k8s.io/cri-api v0.31.0 + k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.31.0 + k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.31.0 + k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.31.0 + k8s.io/kube-proxy => k8s.io/kube-proxy v0.31.0 + k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.31.0 + k8s.io/kubectl => k8s.io/kubectl v0.31.0 + k8s.io/kubelet => k8s.io/kubelet v0.31.0 k8s.io/kubernetes => k8s.io/kubernetes v1.30.0 - k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.30.0 - k8s.io/metrics => k8s.io/metrics v0.30.0 - k8s.io/mount-utils => k8s.io/mount-utils v0.30.0 - k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.30.0 - k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.30.0 + k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.31.0 + k8s.io/metrics => k8s.io/metrics v0.31.0 + k8s.io/mount-utils => k8s.io/mount-utils v0.31.0 + k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.31.0 + k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.31.0 ) require ( @@ -58,27 +58,27 @@ require ( github.com/hashicorp/vault/api v1.14.0 github.com/onsi/ginkgo/v2 v2.20.0 github.com/onsi/gomega v1.34.1 - github.com/oracle/oci-go-sdk/v65 v65.71.0 + github.com/oracle/oci-go-sdk/v65 v65.71.1 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 github.com/xanzy/go-gitlab v0.107.0 golang.org/x/oauth2 v0.22.0 - google.golang.org/api v0.191.0 - k8s.io/api v0.30.3 - k8s.io/apiextensions-apiserver v0.30.3 - k8s.io/apimachinery v0.30.3 + google.golang.org/api v0.192.0 + k8s.io/api v0.31.0 + k8s.io/apiextensions-apiserver v0.31.0 + k8s.io/apimachinery v0.31.0 k8s.io/client-go v1.5.2 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 - sigs.k8s.io/controller-runtime v0.18.4 + sigs.k8s.io/controller-runtime v0.19.0 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/auth v0.8.0 // indirect + cloud.google.com/go/auth v0.8.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect cloud.google.com/go/iam v1.1.13 // indirect - dario.cat/mergo v1.0.0 // indirect + dario.cat/mergo v1.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect @@ -100,7 +100,7 @@ require ( github.com/cenkalti/backoff/v3 v3.2.2 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/danieljoos/wincred v1.2.2 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect @@ -109,6 +109,7 @@ require ( github.com/fluxcd/pkg/apis/acl v0.1.0 // indirect github.com/fluxcd/pkg/apis/kustomize v1.2.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/logr v1.4.2 // indirect github.com/go-logr/stdr v1.2.2 // indirect @@ -147,6 +148,7 @@ require ( github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect + github.com/klauspost/compress v1.17.9 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/lestrrat-go/blackmagic v1.0.2 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect @@ -159,7 +161,7 @@ require ( github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect github.com/mitchellh/reflectwalk v1.0.2 // indirect - github.com/moby/spdystream v0.2.0 // indirect + github.com/moby/spdystream v0.4.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -167,7 +169,7 @@ require ( github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.19.1 // indirect + github.com/prometheus/client_golang v1.20.0 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.55.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect @@ -182,6 +184,7 @@ require ( github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/tidwall/sjson v1.2.5 // indirect + github.com/x448/float16 v0.8.4 // indirect github.com/zalando/go-keyring v0.2.5 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect @@ -199,9 +202,9 @@ require ( golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.24.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240808171019-573a1156607a // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a // indirect + google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect google.golang.org/grpc v1.65.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -210,7 +213,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 // indirect + k8s.io/kube-openapi v0.0.0-20240816214639-573285566f34 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index e33e211cbed..73a0def8eed 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.8.0 h1:y8jUJLl/Fg+qNBWxP/Hox2ezJvjkrPb952PC1p0G6A4= -cloud.google.com/go/auth v0.8.0/go.mod h1:qGVp/Y3kDRSDZ5gFD/XPUfYQ9xW1iI7q8RIRoCyBbJc= +cloud.google.com/go/auth v0.8.1 h1:QZW9FjC5lZzN864p13YxvAtGUlQ+KgRL+8Sg45Z6vxo= +cloud.google.com/go/auth v0.8.1/go.mod h1:qGVp/Y3kDRSDZ5gFD/XPUfYQ9xW1iI7q8RIRoCyBbJc= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -48,8 +48,9 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0hS+6+I79yEDJBqVNcqUzU= github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= @@ -138,8 +139,9 @@ github.com/cyberark/conjur-api-go v0.12.4/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0s github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= @@ -179,6 +181,8 @@ github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHk github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8= @@ -306,7 +310,6 @@ github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+ github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= -github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -355,6 +358,8 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -392,8 +397,8 @@ github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RR github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= github.com/mitchellh/reflectwalk v1.0.2 h1:G2LzWKi524PWgd3mLHV8Y5k7s6XUvT0Gef6zxSIeXaQ= github.com/mitchellh/reflectwalk v1.0.2/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= -github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= -github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= +github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= +github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -412,17 +417,18 @@ github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.71.0 h1:eEnFD/CzcoqdAA0xu+EmK32kJL3jfV0oLYNWVzoKNyo= -github.com/oracle/oci-go-sdk/v65 v65.71.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.71.1 h1:t1GpyLYaD/x2OrUoSyxNwBQaDaQP4F084FX8LQMXA/s= +github.com/oracle/oci-go-sdk/v65 v65.71.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= -github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.20.0 h1:jBzTZ7B099Rg24tny+qngoynol8LtVYlA2bqx3vEloI= +github.com/prometheus/client_golang v1.20.0/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= @@ -484,6 +490,8 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -510,8 +518,8 @@ go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= -go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= -go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= @@ -812,8 +820,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.191.0 h1:cJcF09Z+4HAB2t5qTQM1ZtfL/PemsLFkcFG67qq2afk= -google.golang.org/api v0.191.0/go.mod h1:tD5dsFGxFza0hnQveGfVk9QQYKcfp+VzgRqyXFxE0+E= +google.golang.org/api v0.192.0 h1:PljqpNAfZaaSpS+TnANfnNAXKdzHM/B9bKhwRlo7JP0= +google.golang.org/api v0.192.0/go.mod h1:9VcphjvAxPKLmSxVSzPlSRXy/5ARMEw5bf58WoVXafQ= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -861,12 +869,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240808171019-573a1156607a h1:3JVv3Ujh+kGiajpSqHWnbWPuu0nQqMZ3hASNDDF9974= -google.golang.org/genproto v0.0.0-20240808171019-573a1156607a/go.mod h1:7uvplUBj4RjHAxIZ//98LzOvrQ04JBkaixRmCMI29hc= -google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a h1:KyUe15n7B1YCu+kMmPtlXxgkLQbp+Dw0tCRZf9Sd+CE= -google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a/go.mod h1:4+X6GvPs+25wZKbQq9qyAXrwIRExv7w0Ea6MgZLZiDM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a h1:EKiZZXueP9/T68B8Nl0GAx9cjbQnCId0yP3qPMgaaHs= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142 h1:oLiyxGgE+rt22duwci1+TG7bg2/L1LQsXwfjPlmuJA0= +google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142/go.mod h1:G11eXq53iI5Q+kyNOmCvnzBaxEA2Q/Ik5Tj7nqBE8j4= +google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 h1:wKguEg1hsxI2/L3hUYrpo1RVi48K+uTyzKqprwLXsb8= +google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -908,6 +916,8 @@ gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw= gopkg.in/ini.v1 v1.66.2/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k= @@ -931,25 +941,25 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.30.0 h1:siWhRq7cNjy2iHssOB9SCGNCl2spiF1dO3dABqZ8niA= -k8s.io/api v0.30.0/go.mod h1:OPlaYhoHs8EQ1ql0R/TsUgaRPhpKNxIMrKQfWUp8QSE= -k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs= -k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y= -k8s.io/apimachinery v0.30.0 h1:qxVPsyDM5XS96NIh9Oj6LavoVFYff/Pon9cZeDIkHHA= -k8s.io/apimachinery v0.30.0/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/client-go v0.30.0 h1:sB1AGGlhY/o7KCyCEQ0bPWzYDL0pwOZO4vAtTSh/gJQ= -k8s.io/client-go v0.30.0/go.mod h1:g7li5O5256qe6TYdAMyX/otJqMhIiGgTapdLchhmOaY= +k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo= +k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE= +k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= +k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= +k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= +k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= +k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 h1:1Wof1cGQgA5pqgo8MxKPtf+qN6Sh/0JzznmeGPm1HnE= -k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8/go.mod h1:Os6V6dZwLNii3vxFpxcNaTmH8LJJBkOTg1N0tOA0fvA= +k8s.io/kube-openapi v0.0.0-20240816214639-573285566f34 h1:/amS69DLm09mtbFtN3+LyygSFohnYGMseF8iv+2zulg= +k8s.io/kube-openapi v0.0.0-20240816214639-573285566f34/go.mod h1:G0W3eI9gG219NHRq3h5uQaRBl4pj4ZpwzRP5ti8y770= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= -sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= +sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= +sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/go.mod b/go.mod index 884b14ff606..09492fd5b76 100644 --- a/go.mod +++ b/go.mod @@ -32,37 +32,37 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.20.0 github.com/onsi/gomega v1.34.1 - github.com/oracle/oci-go-sdk/v65 v65.71.0 - github.com/prometheus/client_golang v1.19.1 + github.com/oracle/oci-go-sdk/v65 v65.71.1 + github.com/prometheus/client_golang v1.20.0 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.3 github.com/xanzy/go-gitlab v0.107.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240805150959-00c80a383bd3 - github.com/yandex-cloud/go-sdk v0.0.0-20240805151354-29f07dbe484e + github.com/yandex-cloud/go-genproto v0.0.0-20240813143603-58770ef469b7 + github.com/yandex-cloud/go-sdk v0.0.0-20240813144531-905aa41b481f github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.26.0 golang.org/x/oauth2 v0.22.0 - google.golang.org/api v0.191.0 - google.golang.org/genproto v0.0.0-20240808171019-573a1156607a + google.golang.org/api v0.192.0 + google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142 google.golang.org/grpc v1.65.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 - k8s.io/api v0.30.3 - k8s.io/apiextensions-apiserver v0.30.3 - k8s.io/apimachinery v0.30.3 - k8s.io/client-go v0.30.3 + k8s.io/api v0.31.0 + k8s.io/apiextensions-apiserver v0.31.0 + k8s.io/apimachinery v0.31.0 + k8s.io/client-go v0.31.0 k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 - sigs.k8s.io/controller-runtime v0.18.4 - sigs.k8s.io/controller-tools v0.15.0 + sigs.k8s.io/controller-runtime v0.19.0 + sigs.k8s.io/controller-tools v0.16.1 ) require github.com/1Password/connect-sdk-go v1.5.3 require ( - dario.cat/mergo v1.0.0 + dario.cat/mergo v1.0.1 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 github.com/BeyondTrust/go-client-library-passwordsafe v0.6.0 @@ -71,11 +71,11 @@ require ( github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9 - github.com/alibabacloud-go/kms-20160120/v3 v3.2.1 + github.com/alibabacloud-go/kms-20160120/v3 v3.2.2 github.com/alibabacloud-go/openapi-util v0.1.1 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.6 - github.com/aliyun/credentials-go v1.3.6 + github.com/aliyun/credentials-go v1.3.7 github.com/avast/retry-go/v4 v4.6.0 github.com/cenkalti/backoff/v4 v4.3.0 github.com/cyberark/conjur-api-go v0.12.4 @@ -88,19 +88,19 @@ require ( github.com/keeper-security/secrets-manager-go/core v1.6.3 github.com/lestrrat-go/jwx/v2 v2.1.1 github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 - github.com/passbolt/go-passbolt v0.7.0 + github.com/passbolt/go-passbolt v0.7.1 github.com/pulumi/esc-sdk/sdk v0.9.2 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 + k8s.io/kube-openapi v0.0.0-20240816214639-573285566f34 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/auth v0.8.0 // indirect + cloud.google.com/go/auth v0.8.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect @@ -122,6 +122,7 @@ require ( github.com/cloudflare/circl v1.3.9 // indirect github.com/danieljoos/wincred v1.2.2 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect + github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/gabriel-vasile/mimetype v1.4.5 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect @@ -133,11 +134,13 @@ require ( github.com/google/s2a-go v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect + github.com/klauspost/compress v1.17.9 // indirect github.com/lestrrat-go/httprc v1.0.6 // indirect github.com/nxadm/tail v1.4.11 // indirect github.com/segmentio/asm v1.2.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/tjfoc/gmsm v1.4.1 // indirect + github.com/x448/float16 v0.8.4 // indirect github.com/zalando/go-keyring v0.2.5 // indirect go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect @@ -145,8 +148,9 @@ require ( go.opentelemetry.io/otel/metric v1.28.0 // indirect go.opentelemetry.io/otel/trace v1.28.0 // indirect golang.org/x/sync v0.8.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect + gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) @@ -166,7 +170,7 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cenkalti/backoff/v3 v3.2.2 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect - github.com/davecgh/go-spew v1.1.1 // indirect + github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect github.com/dimchansky/utfbom v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect @@ -228,7 +232,7 @@ require ( github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/pmezard/go-difflib v1.0.0 // indirect + github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/common v0.55.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect @@ -257,7 +261,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 // indirect + k8s.io/gengo v0.0.0-20240815230951-44b8d154562d // indirect k8s.io/klog v1.0.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect diff --git a/go.sum b/go.sum index 5c4ebb437e6..5c9beec5fa3 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.8.0 h1:y8jUJLl/Fg+qNBWxP/Hox2ezJvjkrPb952PC1p0G6A4= -cloud.google.com/go/auth v0.8.0/go.mod h1:qGVp/Y3kDRSDZ5gFD/XPUfYQ9xW1iI7q8RIRoCyBbJc= +cloud.google.com/go/auth v0.8.1 h1:QZW9FjC5lZzN864p13YxvAtGUlQ+KgRL+8Sg45Z6vxo= +cloud.google.com/go/auth v0.8.1/go.mod h1:qGVp/Y3kDRSDZ5gFD/XPUfYQ9xW1iI7q8RIRoCyBbJc= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -48,8 +48,9 @@ cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0Zeo cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= cloud.google.com/go/storage v1.8.0/go.mod h1:Wv1Oy7z6Yz3DshWRJFhqM/UCfaWIRTdp0RXyy7KQOVs= cloud.google.com/go/storage v1.10.0/go.mod h1:FLPqc6j+Ki4BU591ie1oL6qBQGu2Bl/tZ9ullr3+Kg0= -dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= dario.cat/mergo v1.0.0/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= +dario.cat/mergo v1.0.1 h1:Ra4+bf83h2ztPIQYNP99R6m+Y7KfnARDfID+a+vLl4s= +dario.cat/mergo v1.0.1/go.mod h1:uNxQE+84aUszobStD9th8a29P2fMDhsBdgRYvZOxGmk= dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU= github.com/1Password/connect-sdk-go v1.5.3 h1:KyjJ+kCKj6BwB2Y8tPM1Ixg5uIS6HsB0uWA8U38p/Uk= github.com/1Password/connect-sdk-go v1.5.3/go.mod h1:5rSymY4oIYtS4G3t0oMkGAXBeoYiukV3vkqlnEjIDJs= @@ -149,7 +150,6 @@ github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F4PKuMgEUETNZasrDM6vqVr/Can7H8= github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc= github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc= -github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.7/go.mod h1:CzQnh+94WDnJOnKZH5YRyouL+OOcdBnXY5VWAf0McgI= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9 h1:fxMCrZatZfXq5nLcgkmWBXmU3FLC1OR+m/SqVtMqflk= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9/go.mod h1:bb+Io8Sn2RuM3/Rpme6ll86jMyFSrD1bxeV/+v61KeU= github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg= @@ -162,8 +162,8 @@ github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/ql github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9GQdZO3mcSUTUy8= github.com/alibabacloud-go/endpoint-util v1.1.1/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= -github.com/alibabacloud-go/kms-20160120/v3 v3.2.1 h1:CZFbODre2r8ECRKqvS1L1DYRemj8F4eZg9KzB7dVJT4= -github.com/alibabacloud-go/kms-20160120/v3 v3.2.1/go.mod h1:x/5xgaahHH2Z72RFj4b+pIa+zKcq9N5lGxh1+Y1jmvE= +github.com/alibabacloud-go/kms-20160120/v3 v3.2.2 h1:eXky+IaKIX52b5y2IVS71DJAAkEIOX6QVR03QhAO8ow= +github.com/alibabacloud-go/kms-20160120/v3 v3.2.2/go.mod h1:3rIyughsFDLie1ut9gQJXkWkMg/NfXBCk+OtXnPu3lw= github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= github.com/alibabacloud-go/openapi-util v0.1.1 h1:ujGErJjG8ncRW6XtBBMphzHTvCxn4DjrVw4m04HsS28= github.com/alibabacloud-go/openapi-util v0.1.1/go.mod h1:/UehBSE2cf1gYT43GV4E+RxTdLRzURImCYY0aRmlXpw= @@ -184,8 +184,9 @@ github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzY github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8= github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= -github.com/aliyun/credentials-go v1.3.6 h1:K5STbhaWjoj5Ht0juOj9mWE2lGelShHLzu5QR3cQ5X8= github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= +github.com/aliyun/credentials-go v1.3.7 h1:f1XaxzMlyxvcRtHBWF6W3bWHWa2q26xNDjSnujXWgfM= +github.com/aliyun/credentials-go v1.3.7/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= @@ -234,8 +235,9 @@ github.com/cyberark/conjur-api-go v0.12.4/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0s github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= -github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1VwoXQT9A3Wy9MM3WgvqSxFWenqJduM= +github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= @@ -271,6 +273,8 @@ github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7z github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= +github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/gabriel-vasile/mimetype v1.4.5 h1:J7wGKdGu33ocBOhGy0z653k/lFKLFDPJMG8Gql0kxn4= github.com/gabriel-vasile/mimetype v1.4.5/go.mod h1:ibHel+/kbxn9x2407k1izTA1S81ku1z/DlgOW2QE0M4= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= @@ -494,6 +498,8 @@ github.com/keeper-security/secrets-manager-go/core v1.6.3 h1:XEHZ8fQ2DFBISK80jWd github.com/keeper-security/secrets-manager-go/core v1.6.3/go.mod h1:dtlaeeds9+SZsbDAZnQRsDSqEAK9a62SYtqhNql+VgQ= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= @@ -568,20 +574,21 @@ github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.71.0 h1:eEnFD/CzcoqdAA0xu+EmK32kJL3jfV0oLYNWVzoKNyo= -github.com/oracle/oci-go-sdk/v65 v65.71.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= -github.com/passbolt/go-passbolt v0.7.0 h1:zwwTCwL3vjTTKln1hxwKuzzax4R/yvxGXSZhMh0OY5Y= -github.com/passbolt/go-passbolt v0.7.0/go.mod h1:af3TVSJ+0A4sXeK8KgVzhV8Tej/i25biFIQjhL0FOMk= +github.com/oracle/oci-go-sdk/v65 v65.71.1 h1:t1GpyLYaD/x2OrUoSyxNwBQaDaQP4F084FX8LQMXA/s= +github.com/oracle/oci-go-sdk/v65 v65.71.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/passbolt/go-passbolt v0.7.1 h1:boNYHZmSnWl/3bKbUiaWgF/mELCtHfliGHzggf884GE= +github.com/passbolt/go-passbolt v0.7.1/go.mod h1:if/jzzYYUjRtq/5h+l+J5Dka0f5dED67QM1lhpTx4pY= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= -github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.19.1 h1:wZWJDwK+NameRJuPGDhlnFgx8e8HN3XHQeLaYJFJBOE= -github.com/prometheus/client_golang v1.19.1/go.mod h1:mP78NwGzrVks5S2H6ab8+ZZGJLZUq1hoULYBAYBw1Ho= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= +github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/prometheus/client_golang v1.20.0 h1:jBzTZ7B099Rg24tny+qngoynol8LtVYlA2bqx3vEloI= +github.com/prometheus/client_golang v1.20.0/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= @@ -669,12 +676,14 @@ github.com/uber/jaeger-client-go v2.30.0+incompatible h1:D6wyKGCecFaSRUpo8lCVbaO github.com/uber/jaeger-client-go v2.30.0+incompatible/go.mod h1:WVhlPFC8FDjOFMMWRy2pZqQJSXxYSwNYOkTr/Z6d3Kk= github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVKhn2Um6rjCsSsg= github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= +github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= +github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20240805150959-00c80a383bd3 h1:5cPFwSkj7HFyFwystyt4UXvAulxdjWAOMXpY3OQH9hk= -github.com/yandex-cloud/go-genproto v0.0.0-20240805150959-00c80a383bd3/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240805151354-29f07dbe484e h1:eprYcOC0KCmaFNfUQNrovFboWq6dLFWYm20M22uUs5Q= -github.com/yandex-cloud/go-sdk v0.0.0-20240805151354-29f07dbe484e/go.mod h1:7OD14iLpLhBeaRZokSeNRvp58RIAEEmc7fj5z9SjzAA= +github.com/yandex-cloud/go-genproto v0.0.0-20240813143603-58770ef469b7 h1:PSXr/xm10ZZ0f2pDWCX6wtY7EXfyBtoAGAD5Rzxstb0= +github.com/yandex-cloud/go-genproto v0.0.0-20240813143603-58770ef469b7/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240813144531-905aa41b481f h1:oetXcQPVH/CfyBD5MXnxOQY7IFvhTZpLLQKKLmTVRPM= +github.com/yandex-cloud/go-sdk v0.0.0-20240813144531-905aa41b481f/go.mod h1:9sGM6Epw7DGLLs57/XVQzzwY1ZRP3U5xyqg8j8wdn3M= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -704,8 +713,8 @@ go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= -go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= -go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= +go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= +go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= @@ -1049,8 +1058,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.191.0 h1:cJcF09Z+4HAB2t5qTQM1ZtfL/PemsLFkcFG67qq2afk= -google.golang.org/api v0.191.0/go.mod h1:tD5dsFGxFza0hnQveGfVk9QQYKcfp+VzgRqyXFxE0+E= +google.golang.org/api v0.192.0 h1:PljqpNAfZaaSpS+TnANfnNAXKdzHM/B9bKhwRlo7JP0= +google.golang.org/api v0.192.0/go.mod h1:9VcphjvAxPKLmSxVSzPlSRXy/5ARMEw5bf58WoVXafQ= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1100,12 +1109,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240808171019-573a1156607a h1:3JVv3Ujh+kGiajpSqHWnbWPuu0nQqMZ3hASNDDF9974= -google.golang.org/genproto v0.0.0-20240808171019-573a1156607a/go.mod h1:7uvplUBj4RjHAxIZ//98LzOvrQ04JBkaixRmCMI29hc= -google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a h1:KyUe15n7B1YCu+kMmPtlXxgkLQbp+Dw0tCRZf9Sd+CE= -google.golang.org/genproto/googleapis/api v0.0.0-20240808171019-573a1156607a/go.mod h1:4+X6GvPs+25wZKbQq9qyAXrwIRExv7w0Ea6MgZLZiDM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a h1:EKiZZXueP9/T68B8Nl0GAx9cjbQnCId0yP3qPMgaaHs= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240808171019-573a1156607a/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= +google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142 h1:oLiyxGgE+rt22duwci1+TG7bg2/L1LQsXwfjPlmuJA0= +google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142/go.mod h1:G11eXq53iI5Q+kyNOmCvnzBaxEA2Q/Ik5Tj7nqBE8j4= +google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 h1:wKguEg1hsxI2/L3hUYrpo1RVi48K+uTyzKqprwLXsb8= +google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1153,6 +1162,8 @@ gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= +gopkg.in/evanphx/json-patch.v4 v4.12.0 h1:n6jtcsulIzXPJaxegRbvFNNrZDjbij7ny3gmSPG+6V4= +gopkg.in/evanphx/json-patch.v4 v4.12.0/go.mod h1:p8EYWUEYMpynmqDbY58zCKCFZw8pRWMG4EsWvDvM72M= gopkg.in/ghodss/yaml.v1 v1.0.0 h1:JlY4R6oVz+ZSvcDhVfNQ/k/8Xo6yb2s1PBhslPZPX4c= gopkg.in/ghodss/yaml.v1 v1.0.0/go.mod h1:HDvRMPQLqycKPs9nWLuzZWxsxRzISLCRORiDpBUOMqg= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= @@ -1180,34 +1191,34 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.30.3 h1:ImHwK9DCsPA9uoU3rVh4QHAHHK5dTSv1nxJUapx8hoQ= -k8s.io/api v0.30.3/go.mod h1:GPc8jlzoe5JG3pb0KJCSLX5oAFIW3/qNJITlDj8BH04= -k8s.io/apiextensions-apiserver v0.30.3 h1:oChu5li2vsZHx2IvnGP3ah8Nj3KyqG3kRSaKmijhB9U= -k8s.io/apiextensions-apiserver v0.30.3/go.mod h1:uhXxYDkMAvl6CJw4lrDN4CPbONkF3+XL9cacCT44kV4= -k8s.io/apimachinery v0.30.3 h1:q1laaWCmrszyQuSQCfNB8cFgCuDAoPszKY4ucAjDwHc= -k8s.io/apimachinery v0.30.3/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= -k8s.io/client-go v0.30.3 h1:bHrJu3xQZNXIi8/MoxYtZBBWQQXwy16zqJwloXXfD3k= -k8s.io/client-go v0.30.3/go.mod h1:8d4pf8vYu665/kUbsxWAQ/JDBNWqfFeZnvFiVdmx89U= +k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo= +k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE= +k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= +k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= +k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= +k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= +k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/gengo v0.0.0-20240404160639-a0386bf69313 h1:wBIDZID8ju9pwOiLlV22YYKjFGtiNSWgHf5CnKLRUuM= -k8s.io/gengo v0.0.0-20240404160639-a0386bf69313/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/gengo v0.0.0-20240815230951-44b8d154562d h1:k9+VnMFK87/cliLr/mdSWNKKI7KXQEnk9bqZLgeMSIc= +k8s.io/gengo v0.0.0-20240815230951-44b8d154562d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8 h1:1Wof1cGQgA5pqgo8MxKPtf+qN6Sh/0JzznmeGPm1HnE= -k8s.io/kube-openapi v0.0.0-20240808142205-8e686545bdb8/go.mod h1:Os6V6dZwLNii3vxFpxcNaTmH8LJJBkOTg1N0tOA0fvA= +k8s.io/kube-openapi v0.0.0-20240816214639-573285566f34 h1:/amS69DLm09mtbFtN3+LyygSFohnYGMseF8iv+2zulg= +k8s.io/kube-openapi v0.0.0-20240816214639-573285566f34/go.mod h1:G0W3eI9gG219NHRq3h5uQaRBl4pj4ZpwzRP5ti8y770= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.18.4 h1:87+guW1zhvuPLh1PHybKdYFLU0YJp4FhJRmiHvm5BZw= -sigs.k8s.io/controller-runtime v0.18.4/go.mod h1:TVoGrfdpbA9VRFaRnKgk9P5/atA0pMwq+f+msb9M8Sg= -sigs.k8s.io/controller-tools v0.15.0 h1:4dxdABXGDhIa68Fiwaif0vcu32xfwmgQ+w8p+5CxoAI= -sigs.k8s.io/controller-tools v0.15.0/go.mod h1:8zUSS2T8Hx0APCNRhJWbS3CAQEbIxLa07khzh7pZmXM= +sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= +sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/controller-tools v0.16.1 h1:gvIsZm+2aimFDIBiDKumR7EBkc+oLxljoUVfRbDI6RI= +sigs.k8s.io/controller-tools v0.16.1/go.mod h1:0I0xqjR65YTfoO12iR+mZR6s6UAVcUARgXRlsu0ljB0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/pkg/provider/alibaba/kms_test.go b/pkg/provider/alibaba/kms_test.go index 01fca59a923..103cb445b27 100644 --- a/pkg/provider/alibaba/kms_test.go +++ b/pkg/provider/alibaba/kms_test.go @@ -77,7 +77,7 @@ func makeValidAPIOutput() *kmssdk.GetSecretValueResponseBody { response := &kmssdk.GetSecretValueResponseBody{ SecretName: utils.Ptr(secretName), SecretData: utils.Ptr(secretValue), - VersionStages: &kmssdk.GetSecretValueResponseBodyVersionStages{}, + VersionStages: []*string{}, } return response } From 8edfb562c5f992f47702b81eadd0d331b05a0145 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Aug 2024 10:16:46 +0200 Subject: [PATCH 236/517] chore(deps): bump importlib-resources in /hack/api-docs (#3810) Bumps [importlib-resources](https://github.com/python/importlib_resources) from 6.4.0 to 6.4.3. - [Release notes](https://github.com/python/importlib_resources/releases) - [Changelog](https://github.com/python/importlib_resources/blob/main/NEWS.rst) - [Commits](https://github.com/python/importlib_resources/compare/v6.4.0...v6.4.3) --- updated-dependencies: - dependency-name: importlib-resources dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 26feb0186a1..6dcee283f03 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -8,7 +8,7 @@ ghp-import==2.1.0 htmlmin==0.1.12 idna==3.7 importlib-metadata==8.2.0 -importlib-resources==6.4.0 +importlib-resources==6.4.3 Jinja2==3.1.4 jsmin==3.0.1 livereload==2.7.0 From 3a010f7ee9a93d134d44fc2550518c01556651d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 20 Aug 2024 10:17:05 +0200 Subject: [PATCH 237/517] chore(deps): bump markdown from 3.6 to 3.7 in /hack/api-docs (#3811) Bumps [markdown](https://github.com/Python-Markdown/markdown) from 3.6 to 3.7. - [Release notes](https://github.com/Python-Markdown/markdown/releases) - [Changelog](https://github.com/Python-Markdown/markdown/blob/master/docs/changelog.md) - [Commits](https://github.com/Python-Markdown/markdown/compare/3.6...3.7) --- updated-dependencies: - dependency-name: markdown dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 6dcee283f03..23300bab9c2 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -12,7 +12,7 @@ importlib-resources==6.4.3 Jinja2==3.1.4 jsmin==3.0.1 livereload==2.7.0 -Markdown==3.6 +Markdown==3.7 MarkupSafe==2.1.5 mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 From a7ecb8d8f6817a5c6502b9afe8c4309f250c6349 Mon Sep 17 00:00:00 2001 From: Prateek Kumar <85689959+PrateekKumar1709@users.noreply.github.com> Date: Wed, 21 Aug 2024 02:28:06 -0400 Subject: [PATCH 238/517] Bump helm-docs image version to v1.7.0 in Makefile (#3806) --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index f7b8d1653a9..4f7b17c1530 100644 --- a/Makefile +++ b/Makefile @@ -163,7 +163,7 @@ tilt-up: tilt manifests ## Generates the local manifests that tilt will use to d helm.docs: ## Generate helm docs @cd $(HELM_DIR); \ - docker run --rm -v $(shell pwd)/$(HELM_DIR):/helm-docs -u $(shell id -u) jnorwood/helm-docs:v1.5.0 + docker run --rm -v $(shell pwd)/$(HELM_DIR):/helm-docs -u $(shell id -u) jnorwood/helm-docs:v1.7.0 HELM_VERSION ?= $(shell helm show chart $(HELM_DIR) | grep 'version:' | sed 's/version: //g') From dfbb156c18af0a0018a7a152896807d048d108d8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 22 Aug 2024 13:25:03 +0200 Subject: [PATCH 239/517] chore(deps): bump github/codeql-action from 3.26.0 to 3.26.2 (#3812) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.0 to 3.26.2. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/eb055d739abdc2e8de2e5f4ba1a8b246daa779aa...429e1977040da7a23b6822b13c129cd1ba93dbb2) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f5aa15ece1c..f959acfb68c 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@eb055d739abdc2e8de2e5f4ba1a8b246daa779aa # v3.26.0 + uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 with: sarif_file: results.sarif From 100474503a0ae63965e6249f9f60f5f420f09a1d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 24 Aug 2024 12:26:14 +0300 Subject: [PATCH 240/517] chore(deps): bump golang from 1.22.6-bookworm to 1.23.0-bookworm in /e2e (#3813) --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index fc8aa2354ea..55ff2238af4 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.6-bookworm@sha256:39b7e6ebaca464d51989858871f792f2e186dce8ce0cbdba7e88e4444b244407 as builder +FROM golang:1.23.0-bookworm@sha256:31dc846dd1bcca84d2fa231bcd16c09ff271bcc1a5ae2c48ff10f13b039688f3 as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From a5ddd97c217fb11afb0c7a401c2bd82731e06641 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 26 Aug 2024 11:10:58 +0200 Subject: [PATCH 241/517] chore: update go version of the project to 1.23 (#3829) * chore: update go version of the project to 1.23 Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fixed an absurd amount of linter issues Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/ci.yml | 4 +- Dockerfile.standalone | 2 +- Makefile | 2 +- .../v1beta1/externalsecret_validator.go | 14 ++--- .../v1beta1/provider_schema.go | 3 +- .../v1beta1/secretstore_validator.go | 4 +- design/007-provider-versioning-strategy.md | 2 +- e2e/framework/addon/vault.go | 8 +-- e2e/go.mod | 2 +- go.mod | 2 +- pkg/common/webhook/webhook.go | 9 ++-- .../clusterexternalsecret_controller.go | 3 +- pkg/controllers/crds/crds_controller.go | 8 +-- .../externalsecret_controller_test.go | 5 +- .../pushsecret/pushsecret_controller.go | 2 +- .../pushsecret/pushsecret_controller_test.go | 11 ++-- pkg/controllers/secretstore/client_manager.go | 3 +- .../webhookconfig/webhookconfig.go | 10 ++-- pkg/generator/acr/acr.go | 8 +-- pkg/generator/ecr/ecr.go | 5 +- pkg/generator/fake/fake.go | 3 +- pkg/generator/gcr/gcr.go | 3 +- pkg/generator/github/github.go | 5 +- pkg/generator/password/password.go | 3 +- pkg/generator/password/password_test.go | 4 +- pkg/generator/vault/vault.go | 7 +-- pkg/generator/vault/vault_test.go | 7 ++- pkg/provider/akeyless/akeyless.go | 28 +++++----- pkg/provider/akeyless/akeyless_api.go | 2 +- pkg/provider/akeyless/akeyless_test.go | 7 +-- pkg/provider/akeyless/auth.go | 5 +- pkg/provider/akeyless/utils.go | 7 +-- pkg/provider/alibaba/client.go | 3 +- pkg/provider/alibaba/kms.go | 33 ++++++------ pkg/provider/alibaba/kms_test.go | 8 +-- pkg/provider/aws/parameterstore/fake/fake.go | 4 +- .../aws/parameterstore/parameterstore.go | 6 +-- .../aws/parameterstore/parameterstore_test.go | 15 +++--- pkg/provider/aws/secretsmanager/fake/fake.go | 7 +-- .../aws/secretsmanager/secretsmanager.go | 4 +- .../aws/secretsmanager/secretsmanager_test.go | 4 +- pkg/provider/aws/util/provider.go | 7 +-- pkg/provider/azure/keyvault/keyvault.go | 54 +++++++++---------- pkg/provider/azure/keyvault/keyvault_test.go | 8 +-- pkg/provider/beyondtrust/provider.go | 22 ++++---- pkg/provider/bitwarden/client.go | 18 +++---- pkg/provider/bitwarden/provider.go | 11 ++-- pkg/provider/chef/chef.go | 44 +++++++-------- pkg/provider/chef/chef_test.go | 18 +++---- pkg/provider/conjur/auth_jwt.go | 5 +- pkg/provider/conjur/client.go | 5 +- pkg/provider/conjur/provider_test.go | 4 +- pkg/provider/conjur/util/provider.go | 9 ++-- pkg/provider/conjur/validate.go | 17 +++--- pkg/provider/conjur/validate_test.go | 20 +++---- pkg/provider/device42/device42.go | 19 +++---- pkg/provider/device42/device42_api.go | 3 +- pkg/provider/doppler/client.go | 3 +- pkg/provider/doppler/doppler_test.go | 24 ++++----- pkg/provider/doppler/fake/fake.go | 6 +-- pkg/provider/doppler/provider.go | 3 +- pkg/provider/fake/fake.go | 7 +-- pkg/provider/gcp/secretmanager/auth.go | 3 +- pkg/provider/gcp/secretmanager/client.go | 8 ++- pkg/provider/gcp/secretmanager/client_test.go | 12 ++--- pkg/provider/gcp/secretmanager/fake/fake.go | 2 +- pkg/provider/gcp/secretmanager/provider.go | 13 ++--- pkg/provider/gitlab/gitlab.go | 19 +++---- pkg/provider/gitlab/gitlab_test.go | 15 +++--- pkg/provider/gitlab/provider.go | 12 ++--- pkg/provider/ibm/provider.go | 35 ++++++------ pkg/provider/ibm/provider_test.go | 9 ++-- pkg/provider/keepersecurity/client.go | 8 +-- pkg/provider/keepersecurity/provider.go | 28 +++++----- pkg/provider/kubernetes/auth.go | 5 +- pkg/provider/kubernetes/client.go | 7 +-- pkg/provider/kubernetes/provider.go | 3 +- pkg/provider/kubernetes/validate.go | 15 +++--- pkg/provider/onboardbase/client.go | 7 +-- pkg/provider/onboardbase/fake/fake.go | 4 +- pkg/provider/onboardbase/onboardbase_test.go | 20 +++---- pkg/provider/onboardbase/provider.go | 3 +- pkg/provider/onepassword/onepassword.go | 22 ++++---- pkg/provider/onepassword/onepassword_test.go | 28 +++++----- pkg/provider/oracle/oracle.go | 38 ++++++------- pkg/provider/oracle/oracle_test.go | 23 ++++---- pkg/provider/passbolt/passbolt.go | 8 +-- pkg/provider/passbolt/passbolt_test.go | 19 ++++--- pkg/provider/passworddepot/passworddepot.go | 27 ++++------ pkg/provider/scaleway/client.go | 16 +++--- pkg/provider/scaleway/provider.go | 11 ++-- pkg/provider/senhasegura/provider.go | 15 +++--- pkg/provider/vault/auth.go | 8 +-- pkg/provider/vault/auth_approle.go | 4 +- pkg/provider/vault/auth_jwt.go | 3 +- pkg/provider/vault/auth_test.go | 2 +- pkg/provider/vault/client_get.go | 2 +- pkg/provider/vault/client_get_test.go | 4 +- pkg/provider/vault/client_push.go | 2 +- pkg/provider/vault/client_push_test.go | 16 +++--- pkg/provider/vault/fake/vault.go | 5 +- pkg/provider/vault/validate.go | 12 ++--- pkg/provider/webhook/webhook.go | 13 ++--- .../certificatemanager/certificatemanager.go | 6 +-- .../certificatemanager/client/fakeclient.go | 12 ++--- pkg/provider/yandex/common/secretsclient.go | 10 ++-- .../yandex/lockbox/client/fakeclient.go | 12 ++--- pkg/provider/yandex/lockbox/lockbox.go | 6 +-- pkg/template/v2/pem_chain.go | 10 ++-- pkg/template/v2/pkcs12.go | 3 +- pkg/utils/utils.go | 2 +- 111 files changed, 591 insertions(+), 555 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6187e912c4e..98691952b75 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,8 +9,8 @@ on: env: # Common versions - GOLANGCI_VERSION: 'v1.57.2' - KUBERNETES_VERSION: '1.30.x' + GOLANGCI_VERSION: 'v1.60.1' + KUBERNETES_VERSION: '1.31.x' # Sonar SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} diff --git a/Dockerfile.standalone b/Dockerfile.standalone index b140a9f0c21..dfa6c8a7207 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.22.6-alpine@sha256:1a478681b671001b7f029f94b5016aed984a23ad99c707f6a0ab6563860ae2f3 AS builder +FROM golang:1.23.0-alpine@sha256:d0b31558e6b3e4cc59f6011d79905835108c919143ebecc58f35965bf79948f4 AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/Makefile b/Makefile index 4f7b17c1530..45575acbce9 100644 --- a/Makefile +++ b/Makefile @@ -322,7 +322,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint ## Tool Versions -GOLANGCI_VERSION := 1.57.2 +GOLANGCI_VERSION := 1.60.1 KUBERNETES_VERSION := 1.30.x TILT_VERSION := 0.33.10 diff --git a/apis/externalsecrets/v1beta1/externalsecret_validator.go b/apis/externalsecrets/v1beta1/externalsecret_validator.go index 6560c893e5f..073ff361f05 100644 --- a/apis/externalsecrets/v1beta1/externalsecret_validator.go +++ b/apis/externalsecrets/v1beta1/externalsecret_validator.go @@ -40,35 +40,35 @@ func (esv *ExternalSecretValidator) ValidateDelete(_ context.Context, _ runtime. func validateExternalSecret(obj runtime.Object) (admission.Warnings, error) { es, ok := obj.(*ExternalSecret) if !ok { - return nil, fmt.Errorf("unexpected type") + return nil, errors.New("unexpected type") } var errs error if (es.Spec.Target.DeletionPolicy == DeletionPolicyDelete && es.Spec.Target.CreationPolicy == CreatePolicyMerge) || (es.Spec.Target.DeletionPolicy == DeletionPolicyDelete && es.Spec.Target.CreationPolicy == CreatePolicyNone) { - errs = errors.Join(errs, fmt.Errorf("deletionPolicy=Delete must not be used when the controller doesn't own the secret. Please set creationPolicy=Owner")) + errs = errors.Join(errs, errors.New("deletionPolicy=Delete must not be used when the controller doesn't own the secret. Please set creationPolicy=Owner")) } if es.Spec.Target.DeletionPolicy == DeletionPolicyMerge && es.Spec.Target.CreationPolicy == CreatePolicyNone { - errs = errors.Join(errs, fmt.Errorf("deletionPolicy=Merge must not be used with creationPolicy=None. There is no Secret to merge with")) + errs = errors.Join(errs, errors.New("deletionPolicy=Merge must not be used with creationPolicy=None. There is no Secret to merge with")) } if len(es.Spec.Data) == 0 && len(es.Spec.DataFrom) == 0 { - errs = errors.Join(errs, fmt.Errorf("either data or dataFrom should be specified")) + errs = errors.Join(errs, errors.New("either data or dataFrom should be specified")) } for _, ref := range es.Spec.DataFrom { generatorRef := ref.SourceRef != nil && ref.SourceRef.GeneratorRef != nil if (ref.Find != nil && (ref.Extract != nil || generatorRef)) || (ref.Extract != nil && (ref.Find != nil || generatorRef)) || (generatorRef && (ref.Find != nil || ref.Extract != nil)) { - errs = errors.Join(errs, fmt.Errorf("extract, find, or generatorRef cannot be set at the same time")) + errs = errors.Join(errs, errors.New("extract, find, or generatorRef cannot be set at the same time")) } if ref.Find == nil && ref.Extract == nil && ref.SourceRef == nil { - errs = errors.Join(errs, fmt.Errorf("either extract, find, or sourceRef must be set to dataFrom")) + errs = errors.Join(errs, errors.New("either extract, find, or sourceRef must be set to dataFrom")) } if ref.SourceRef != nil && ref.SourceRef.GeneratorRef == nil && ref.SourceRef.SecretStoreRef == nil { - errs = errors.Join(errs, fmt.Errorf("generatorRef or storeRef must be set when using sourceRef in dataFrom")) + errs = errors.Join(errs, errors.New("generatorRef or storeRef must be set when using sourceRef in dataFrom")) } } diff --git a/apis/externalsecrets/v1beta1/provider_schema.go b/apis/externalsecrets/v1beta1/provider_schema.go index acbe069af82..f990480d169 100644 --- a/apis/externalsecrets/v1beta1/provider_schema.go +++ b/apis/externalsecrets/v1beta1/provider_schema.go @@ -16,6 +16,7 @@ package v1beta1 import ( "encoding/json" + "errors" "fmt" "sync" ) @@ -116,5 +117,5 @@ func getProviderName(storeSpec *SecretStoreProvider) (string, error) { return k, nil } - return "", fmt.Errorf("failed to find registered store backend") + return "", errors.New("failed to find registered store backend") } diff --git a/apis/externalsecrets/v1beta1/secretstore_validator.go b/apis/externalsecrets/v1beta1/secretstore_validator.go index 20da62a0a17..ecdb96234c6 100644 --- a/apis/externalsecrets/v1beta1/secretstore_validator.go +++ b/apis/externalsecrets/v1beta1/secretstore_validator.go @@ -36,7 +36,7 @@ type GenericStoreValidator struct{} func (r *GenericStoreValidator) ValidateCreate(_ context.Context, obj runtime.Object) (admission.Warnings, error) { st, ok := obj.(GenericStore) if !ok { - return nil, fmt.Errorf(errInvalidStore) + return nil, errors.New(errInvalidStore) } return validateStore(st) } @@ -45,7 +45,7 @@ func (r *GenericStoreValidator) ValidateCreate(_ context.Context, obj runtime.Ob func (r *GenericStoreValidator) ValidateUpdate(_ context.Context, _, newObj runtime.Object) (admission.Warnings, error) { st, ok := newObj.(GenericStore) if !ok { - return nil, fmt.Errorf(errInvalidStore) + return nil, errors.New(errInvalidStore) } return validateStore(st) } diff --git a/design/007-provider-versioning-strategy.md b/design/007-provider-versioning-strategy.md index 8aa3525fae1..f5f5c60cda9 100644 --- a/design/007-provider-versioning-strategy.md +++ b/design/007-provider-versioning-strategy.md @@ -126,7 +126,7 @@ func (g *gitlabBase) getAuth(ctx context.Context) ([]byte, error) { credentials := credentialsSecret.Data[g.store.Auth.SecretRef.AccessToken.Key] if len(credentials) == 0 { - return nil, fmt.Errorf(errMissingSAK) + return nil, errors.New(errMissingSAK) } return credentials, nil } diff --git a/e2e/framework/addon/vault.go b/e2e/framework/addon/vault.go index a46984b891a..8d5748bdc7c 100644 --- a/e2e/framework/addon/vault.go +++ b/e2e/framework/addon/vault.go @@ -22,14 +22,16 @@ import ( "crypto/x509/pkix" "encoding/json" "encoding/pem" + "errors" "fmt" - "k8s.io/apimachinery/pkg/types" "math/big" "net" "net/http" "os" "time" + "k8s.io/apimachinery/pkg/types" + "github.com/golang-jwt/jwt/v4" vault "github.com/hashicorp/vault/api" @@ -320,7 +322,7 @@ func genVaultCertificates(namespace string) ([]byte, []byte, []byte, []byte, []b "vault-" + namespace, fmt.Sprintf("vault-%s.%s.svc.cluster.local", namespace, namespace)}) if err != nil { - return nil, nil, nil, nil, nil, nil, fmt.Errorf("unable to generate vault server cert") + return nil, nil, nil, nil, nil, nil, errors.New("unable to generate vault server cert") } serverKeyPem := pem.EncodeToMemory(&pem.Block{ Type: privatePemType, @@ -333,7 +335,7 @@ func genVaultCertificates(namespace string) ([]byte, []byte, []byte, []byte, []b } clientPem, clientKey, err := genPeerCert(clientRootCert, clientRootKey, "vault-client", nil) if err != nil { - return nil, nil, nil, nil, nil, nil, fmt.Errorf("unable to generate vault server cert") + return nil, nil, nil, nil, nil, nil, errors.New("unable to generate vault server cert") } clientKeyPem := pem.EncodeToMemory(&pem.Block{ Type: privatePemType, diff --git a/e2e/go.mod b/e2e/go.mod index 50ea79db038..767efe96001 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -1,6 +1,6 @@ module github.com/external-secrets/external-secrets-e2e -go 1.22.4 +go 1.23 replace ( github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 diff --git a/go.mod b/go.mod index 09492fd5b76..0868b988775 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/external-secrets/external-secrets -go 1.22.4 +go 1.23 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 diff --git a/pkg/common/webhook/webhook.go b/pkg/common/webhook/webhook.go index bca483ee0df..f540d31ec5c 100644 --- a/pkg/common/webhook/webhook.go +++ b/pkg/common/webhook/webhook.go @@ -20,6 +20,7 @@ import ( "crypto/tls" "crypto/x509" "encoding/json" + "errors" "fmt" "io" "net/http" @@ -66,10 +67,10 @@ func (w *Webhook) getStoreSecret(ctx context.Context, ref SecretKeySelector) (*c if w.EnforceLabels { expected, ok := secret.Labels["external-secrets.io/type"] if !ok { - return nil, fmt.Errorf("secret does not contain needed label 'external-secrets.io/type: webhook'. Update secret label to use it with webhook") + return nil, errors.New("secret does not contain needed label 'external-secrets.io/type: webhook'. Update secret label to use it with webhook") } if expected != "webhook" { - return nil, fmt.Errorf("secret type is not 'webhook'") + return nil, errors.New("secret type is not 'webhook'") } } return secret, nil @@ -150,7 +151,7 @@ func (w *Webhook) GetTemplateData(ctx context.Context, ref *esv1beta1.ExternalSe func (w *Webhook) GetWebhookData(ctx context.Context, provider *Spec, ref *esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if w.HTTP == nil { - return nil, fmt.Errorf("http client not initialized") + return nil, errors.New("http client not initialized") } escapedData, err := w.GetTemplateData(ctx, ref, provider.Secrets, true) @@ -244,7 +245,7 @@ func (w *Webhook) GetCACertPool(ctx context.Context, provider *Spec) (*x509.Cert } ok := caCertPool.AppendCertsFromPEM(ca) if !ok { - return nil, fmt.Errorf("failed to append cabundle") + return nil, errors.New("failed to append cabundle") } return caCertPool, nil diff --git a/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go b/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go index 13c1cf0f4d2..961952f965a 100644 --- a/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go +++ b/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go @@ -16,6 +16,7 @@ package clusterexternalsecret import ( "context" + "errors" "fmt" "reflect" "slices" @@ -132,7 +133,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu } if err == nil && !isExternalSecretOwnedBy(&existingES, clusterExternalSecret.Name) { - failedNamespaces[namespace.Name] = fmt.Errorf("external secret already exists in namespace") + failedNamespaces[namespace.Name] = errors.New("external secret already exists in namespace") continue } diff --git a/pkg/controllers/crds/crds_controller.go b/pkg/controllers/crds/crds_controller.go index ae1eca177c8..bd5ab895a98 100644 --- a/pkg/controllers/crds/crds_controller.go +++ b/pkg/controllers/crds/crds_controller.go @@ -175,10 +175,10 @@ func (r *Reconciler) checkEndpoints() error { return err } if len(eps.Subsets) == 0 { - return fmt.Errorf(errSubsetsNotReady) + return errors.New(errSubsetsNotReady) } if len(eps.Subsets[0].Addresses) == 0 { - return fmt.Errorf(errAddressesNotReady) + return errors.New(errAddressesNotReady) } return nil } @@ -234,7 +234,7 @@ func injectService(crd *apiext.CustomResourceDefinition, svc types.NamespacedNam crd.Spec.Conversion.Webhook == nil || crd.Spec.Conversion.Webhook.ClientConfig == nil || crd.Spec.Conversion.Webhook.ClientConfig.Service == nil { - return fmt.Errorf("unexpected crd conversion webhook config") + return errors.New("unexpected crd conversion webhook config") } crd.Spec.Conversion.Webhook.ClientConfig.Service.Namespace = svc.Namespace crd.Spec.Conversion.Webhook.ClientConfig.Service.Name = svc.Name @@ -245,7 +245,7 @@ func injectCert(crd *apiext.CustomResourceDefinition, certPem []byte) error { if crd.Spec.Conversion == nil || crd.Spec.Conversion.Webhook == nil || crd.Spec.Conversion.Webhook.ClientConfig == nil { - return fmt.Errorf("unexpected crd conversion webhook config") + return errors.New("unexpected crd conversion webhook config") } crd.Spec.Conversion.Webhook.ClientConfig.CABundle = certPem return nil diff --git a/pkg/controllers/externalsecret/externalsecret_controller_test.go b/pkg/controllers/externalsecret/externalsecret_controller_test.go index fd74c08cd5b..99b2d2b2247 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_test.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_test.go @@ -18,6 +18,7 @@ import ( "bytes" "context" "encoding/json" + "errors" "fmt" "os" "strconv" @@ -1724,7 +1725,7 @@ var _ = Describe("ExternalSecret controller", Serial, func() { // a error condition must be set. providerErrCondition := func(tc *testCase) { const secretVal = "foobar" - fakeProvider.WithGetSecret(nil, fmt.Errorf("boom")) + fakeProvider.WithGetSecret(nil, errors.New("boom")) tc.externalSecret.Spec.RefreshInterval = &metav1.Duration{Duration: time.Millisecond * 100} tc.checkCondition = func(es *esv1beta1.ExternalSecret) bool { cond := GetExternalSecretCondition(es.Status, esv1beta1.ExternalSecretReady) @@ -1787,7 +1788,7 @@ var _ = Describe("ExternalSecret controller", Serial, func() { storeConstructErrCondition := func(tc *testCase) { fakeProvider.WithNew(func(context.Context, esv1beta1.GenericStore, client.Client, string) (esv1beta1.SecretsClient, error) { - return nil, fmt.Errorf("artificial constructor error") + return nil, errors.New("artificial constructor error") }) tc.checkCondition = func(es *esv1beta1.ExternalSecret) bool { // condition must be false diff --git a/pkg/controllers/pushsecret/pushsecret_controller.go b/pkg/controllers/pushsecret/pushsecret_controller.go index bf13900c26f..22822a78480 100644 --- a/pkg/controllers/pushsecret/pushsecret_controller.go +++ b/pkg/controllers/pushsecret/pushsecret_controller.go @@ -406,7 +406,7 @@ func (r *Reconciler) GetSecretStores(ctx context.Context, ps esapi.PushSecret) ( func (r *Reconciler) getSecretStoreFromName(ctx context.Context, refStore esapi.PushSecretStoreRef, ns string) (v1beta1.GenericStore, error) { if refStore.Name == "" { - return nil, fmt.Errorf("refStore Name must be provided") + return nil, errors.New("refStore Name must be provided") } ref := types.NamespacedName{ Name: refStore.Name, diff --git a/pkg/controllers/pushsecret/pushsecret_controller_test.go b/pkg/controllers/pushsecret/pushsecret_controller_test.go index f7b16faf712..c7e59baa033 100644 --- a/pkg/controllers/pushsecret/pushsecret_controller_test.go +++ b/pkg/controllers/pushsecret/pushsecret_controller_test.go @@ -17,6 +17,7 @@ package pushsecret import ( "bytes" "context" + "errors" "fmt" "os" "strconv" @@ -350,7 +351,7 @@ var _ = Describe("PushSecret controller", func() { return nil } fakeProvider.SecretExistsFn = func(ctx context.Context, ref v1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf("don't know") + return false, errors.New("don't know") } tc.pushsecret.Spec.UpdatePolicy = v1alpha1.PushSecretUpdatePolicyIfNotExists initialValue := fakeProvider.SetSecretArgs[tc.pushsecret.Spec.Data[0].Match.RemoteRef.RemoteKey].Value @@ -553,7 +554,7 @@ var _ = Describe("PushSecret controller", func() { return nil } fakeProvider.DeleteSecretFn = func() error { - return fmt.Errorf("Nope") + return errors.New("Nope") } tc.pushsecret = &v1alpha1.PushSecret{ ObjectMeta: metav1.ObjectMeta{ @@ -611,7 +612,7 @@ var _ = Describe("PushSecret controller", func() { return nil } fakeProvider.DeleteSecretFn = func() error { - return fmt.Errorf("boom") + return errors.New("boom") } tc.pushsecret.Spec.DeletionPolicy = v1alpha1.PushSecretDeletionPolicyDelete tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool { @@ -995,7 +996,7 @@ var _ = Describe("PushSecret controller", func() { // if target Secret name is not specified it should use the ExternalSecret name. setSecretFail := func(tc *testCase) { fakeProvider.SetSecretFn = func() error { - return fmt.Errorf("boom") + return errors.New("boom") } tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool { expected := v1alpha1.PushSecretStatusCondition{ @@ -1010,7 +1011,7 @@ var _ = Describe("PushSecret controller", func() { // if target Secret name is not specified it should use the ExternalSecret name. newClientFail := func(tc *testCase) { fakeProvider.NewFn = func(context.Context, v1beta1.GenericStore, client.Client, string) (v1beta1.SecretsClient, error) { - return nil, fmt.Errorf("boom") + return nil, errors.New("boom") } tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool { expected := v1alpha1.PushSecretStatusCondition{ diff --git a/pkg/controllers/secretstore/client_manager.go b/pkg/controllers/secretstore/client_manager.go index 8920586bc24..dc8d5bee454 100644 --- a/pkg/controllers/secretstore/client_manager.go +++ b/pkg/controllers/secretstore/client_manager.go @@ -16,6 +16,7 @@ package secretstore import ( "context" + "errors" "fmt" "regexp" "strings" @@ -114,7 +115,7 @@ func (m *Manager) Get(ctx context.Context, storeRef esv1beta1.SecretStoreRef, na } // check if store should be handled by this controller instance if !ShouldProcessStore(store, m.controllerClass) { - return nil, fmt.Errorf("can not reference unmanaged store") + return nil, errors.New("can not reference unmanaged store") } // when using ClusterSecretStore, validate the ClusterSecretStore namespace conditions shouldProcess, err := m.shouldProcessSecret(store, namespace) diff --git a/pkg/controllers/webhookconfig/webhookconfig.go b/pkg/controllers/webhookconfig/webhookconfig.go index f81c02f4bce..58eae5a678b 100644 --- a/pkg/controllers/webhookconfig/webhookconfig.go +++ b/pkg/controllers/webhookconfig/webhookconfig.go @@ -17,7 +17,7 @@ package webhookconfig import ( "context" "encoding/base64" - "fmt" + "errors" "net/http" "strings" "sync" @@ -145,7 +145,7 @@ func (r *Reconciler) ReadyCheck(_ *http.Request) error { r.webhookReadyMu.Lock() defer r.webhookReadyMu.Unlock() if !r.webhookReady { - return fmt.Errorf(errWebhookNotReady) + return errors.New(errWebhookNotReady) } var eps v1.Endpoints err := r.Get(context.TODO(), types.NamespacedName{ @@ -156,10 +156,10 @@ func (r *Reconciler) ReadyCheck(_ *http.Request) error { return err } if len(eps.Subsets) == 0 { - return fmt.Errorf(errSubsetsNotReady) + return errors.New(errSubsetsNotReady) } if len(eps.Subsets[0].Addresses) == 0 { - return fmt.Errorf(errAddressesNotReady) + return errors.New(errAddressesNotReady) } return nil } @@ -178,7 +178,7 @@ func (r *Reconciler) updateConfig(ctx context.Context, cfg *admissionregistratio crt, ok := secret.Data[caCertName] if !ok { - return fmt.Errorf(errCACertNotReady) + return errors.New(errCACertNotReady) } if err := r.inject(cfg, r.SvcName, r.SvcNamespace, crt); err != nil { return err diff --git a/pkg/generator/acr/acr.go b/pkg/generator/acr/acr.go index 5aaff55806d..7f7ca48a247 100644 --- a/pkg/generator/acr/acr.go +++ b/pkg/generator/acr/acr.go @@ -102,7 +102,7 @@ func (g *Generator) generate( fetchAccessToken accessTokenFetcher, fetchRefreshToken refreshTokenFetcher) (map[string][]byte, error) { if jsonSpec == nil { - return nil, fmt.Errorf(errNoSpec) + return nil, errors.New(errNoSpec) } res, err := parseSpec(jsonSpec.Raw) if err != nil { @@ -136,7 +136,7 @@ func (g *Generator) generate( namespace, ) } else { - return nil, fmt.Errorf("unexpeted configuration") + return nil, errors.New("unexpeted configuration") } if err != nil { return nil, err @@ -187,7 +187,7 @@ func fetchACRAccessToken(acrRefreshToken, _, registryURL, scope string) (string, } accessToken, ok := payload["access_token"] if !ok { - return "", fmt.Errorf("unable to get token") + return "", errors.New("unable to get token") } return accessToken, nil } @@ -222,7 +222,7 @@ func fetchACRRefreshToken(aadAccessToken, tenantID, registryURL string) (string, } refreshToken, ok := payload["refresh_token"] if !ok { - return "", fmt.Errorf("unable to get token") + return "", errors.New("unable to get token") } return refreshToken, nil } diff --git a/pkg/generator/ecr/ecr.go b/pkg/generator/ecr/ecr.go index e896c03d14c..257ea4bafc7 100644 --- a/pkg/generator/ecr/ecr.go +++ b/pkg/generator/ecr/ecr.go @@ -17,6 +17,7 @@ package ecr import ( "context" "encoding/base64" + "errors" "fmt" "strconv" "strings" @@ -54,7 +55,7 @@ func (g *Generator) generate( ecrFunc ecrFactoryFunc, ) (map[string][]byte, error) { if jsonSpec == nil { - return nil, fmt.Errorf(errNoSpec) + return nil, errors.New(errNoSpec) } res, err := parseSpec(jsonSpec.Raw) if err != nil { @@ -91,7 +92,7 @@ func (g *Generator) generate( } parts := strings.Split(string(decodedToken), ":") if len(parts) != 2 { - return nil, fmt.Errorf("unexpected token format") + return nil, errors.New("unexpected token format") } exp := out.AuthorizationData[0].ExpiresAt.UTC().Unix() diff --git a/pkg/generator/fake/fake.go b/pkg/generator/fake/fake.go index 88ca9b9f5a1..4ddf54dcc72 100644 --- a/pkg/generator/fake/fake.go +++ b/pkg/generator/fake/fake.go @@ -16,6 +16,7 @@ package fake import ( "context" + "errors" "fmt" apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" @@ -35,7 +36,7 @@ const ( func (g *Generator) Generate(_ context.Context, jsonSpec *apiextensions.JSON, _ client.Client, _ string) (map[string][]byte, error) { if jsonSpec == nil { - return nil, fmt.Errorf(errNoSpec) + return nil, errors.New(errNoSpec) } res, err := parseSpec(jsonSpec.Raw) if err != nil { diff --git a/pkg/generator/gcr/gcr.go b/pkg/generator/gcr/gcr.go index 8264b84e10a..11e9b0cdddf 100644 --- a/pkg/generator/gcr/gcr.go +++ b/pkg/generator/gcr/gcr.go @@ -16,6 +16,7 @@ package gcr import ( "context" + "errors" "fmt" "strconv" @@ -57,7 +58,7 @@ func (g *Generator) generate( namespace string, tokenSource tokenSourceFunc) (map[string][]byte, error) { if jsonSpec == nil { - return nil, fmt.Errorf(errNoSpec) + return nil, errors.New(errNoSpec) } res, err := parseSpec(jsonSpec.Raw) if err != nil { diff --git a/pkg/generator/github/github.go b/pkg/generator/github/github.go index 08af9de33db..5dfa6de8561 100644 --- a/pkg/generator/github/github.go +++ b/pkg/generator/github/github.go @@ -18,6 +18,7 @@ import ( "context" "crypto/rsa" "encoding/json" + "errors" "fmt" "net/http" "time" @@ -70,7 +71,7 @@ func (g *Generator) generate( kube client.Client, namespace string) (map[string][]byte, error) { if jsonSpec == nil { - return nil, fmt.Errorf(errNoSpec) + return nil, errors.New(errNoSpec) } ctx, cancel := context.WithTimeout(ctx, contextTimeout) defer cancel() @@ -101,7 +102,7 @@ func (g *Generator) generate( accessToken, ok := gat["token"].(string) if !ok { - return nil, fmt.Errorf("token isn't a string or token key doesn't exist") + return nil, errors.New("token isn't a string or token key doesn't exist") } return map[string][]byte{ defaultLoginUsername: []byte(accessToken), diff --git a/pkg/generator/password/password.go b/pkg/generator/password/password.go index 5b48e0102d0..312d7ef103a 100644 --- a/pkg/generator/password/password.go +++ b/pkg/generator/password/password.go @@ -16,6 +16,7 @@ package password import ( "context" + "errors" "fmt" "github.com/sethvargo/go-password/password" @@ -57,7 +58,7 @@ func (g *Generator) Generate(_ context.Context, jsonSpec *apiextensions.JSON, _ func (g *Generator) generate(jsonSpec *apiextensions.JSON, passGen generateFunc) (map[string][]byte, error) { if jsonSpec == nil { - return nil, fmt.Errorf(errNoSpec) + return nil, errors.New(errNoSpec) } res, err := parseSpec(jsonSpec.Raw) if err != nil { diff --git a/pkg/generator/password/password_test.go b/pkg/generator/password/password_test.go index d334351a023..baf0c622798 100644 --- a/pkg/generator/password/password_test.go +++ b/pkg/generator/password/password_test.go @@ -15,7 +15,7 @@ limitations under the License. package password import ( - "fmt" + "errors" "reflect" "testing" @@ -103,7 +103,7 @@ func TestGenerate(t *testing.T) { }, passGen: func(len int, symbols int, symbolCharacters string, digits int, noUpper bool, allowRepeat bool, ) (string, error) { - return "", fmt.Errorf("boom") + return "", errors.New("boom") }, }, wantErr: true, diff --git a/pkg/generator/vault/vault.go b/pkg/generator/vault/vault.go index c397f42b300..e32912356a6 100644 --- a/pkg/generator/vault/vault.go +++ b/pkg/generator/vault/vault.go @@ -17,6 +17,7 @@ package vaultdynamic import ( "context" "encoding/json" + "errors" "fmt" vault "github.com/hashicorp/vault/api" @@ -61,14 +62,14 @@ func (g *Generator) Generate(ctx context.Context, jsonSpec *apiextensions.JSON, func (g *Generator) generate(ctx context.Context, c *provider.Provider, jsonSpec *apiextensions.JSON, kube client.Client, corev1 typedcorev1.CoreV1Interface, namespace string) (map[string][]byte, error) { if jsonSpec == nil { - return nil, fmt.Errorf(errNoSpec) + return nil, errors.New(errNoSpec) } res, err := parseSpec(jsonSpec.Raw) if err != nil { return nil, fmt.Errorf(errParseSpec, err) } if res == nil || res.Spec.Provider == nil { - return nil, fmt.Errorf("no Vault provider config in spec") + return nil, errors.New("no Vault provider config in spec") } cl, err := c.NewGeneratorClient(ctx, kube, corev1, res.Spec.Provider, namespace) if err != nil { @@ -96,7 +97,7 @@ func (g *Generator) generate(ctx context.Context, c *provider.Provider, jsonSpec return nil, err } if result == nil { - return nil, fmt.Errorf(errGetSecret, fmt.Errorf("empty response from Vault")) + return nil, fmt.Errorf(errGetSecret, errors.New("empty response from Vault")) } data := make(map[string]any) diff --git a/pkg/generator/vault/vault_test.go b/pkg/generator/vault/vault_test.go index a8693246f75..3781ac34e15 100644 --- a/pkg/generator/vault/vault_test.go +++ b/pkg/generator/vault/vault_test.go @@ -17,7 +17,6 @@ package vaultdynamic import ( "context" "errors" - "fmt" "testing" "github.com/google/go-cmp/cmp" @@ -91,7 +90,7 @@ spec: kube: clientfake.NewClientBuilder().Build(), }, want: want{ - err: fmt.Errorf("unable to setup Vault client: no role name was provided"), + err: errors.New("unable to setup Vault client: no role name was provided"), }, }, "EmptyVaultResponse": { @@ -124,7 +123,7 @@ spec: }).Build(), }, want: want{ - err: fmt.Errorf("unable to get dynamic secret: empty response from Vault"), + err: errors.New("unable to get dynamic secret: empty response from Vault"), }, }, "EmptyVaultPOST": { @@ -159,7 +158,7 @@ spec: }).Build(), }, want: want{ - err: fmt.Errorf("unable to get dynamic secret: empty response from Vault"), + err: errors.New("unable to get dynamic secret: empty response from Vault"), }, }, } diff --git a/pkg/provider/akeyless/akeyless.go b/pkg/provider/akeyless/akeyless.go index e9af372d410..1c332c1ac14 100644 --- a/pkg/provider/akeyless/akeyless.go +++ b/pkg/provider/akeyless/akeyless.go @@ -119,11 +119,11 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin if akeylessGWApiURL != nil && *akeylessGWApiURL != "" { url, err := url.Parse(*akeylessGWApiURL) if err != nil { - return nil, fmt.Errorf(errInvalidAkeylessURL) + return nil, errors.New(errInvalidAkeylessURL) } if url.Host == "" { - return nil, fmt.Errorf(errInvalidAkeylessURL) + return nil, errors.New(errInvalidAkeylessURL) } } if akeylessSpec.Auth.KubernetesAuth != nil { @@ -140,11 +140,11 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin } if akeylessSpec.Auth.KubernetesAuth.AccessID == "" { - return nil, fmt.Errorf("missing kubernetes auth-method access-id") + return nil, errors.New("missing kubernetes auth-method access-id") } if akeylessSpec.Auth.KubernetesAuth.K8sConfName == "" { - return nil, fmt.Errorf("missing kubernetes config name") + return nil, errors.New("missing kubernetes config name") } return nil, nil } @@ -156,11 +156,11 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin } if accessID.Name == "" { - return nil, fmt.Errorf(errInvalidAkeylessAccessIDName) + return nil, errors.New(errInvalidAkeylessAccessIDName) } if accessID.Key == "" { - return nil, fmt.Errorf(errInvalidAkeylessAccessIDKey) + return nil, errors.New(errInvalidAkeylessAccessIDKey) } accessType := akeylessSpec.Auth.SecretRef.AccessType @@ -197,7 +197,7 @@ func newClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Cl } if spec.Auth == nil { - return nil, fmt.Errorf("missing Auth in store config") + return nil, errors.New("missing Auth in store config") } client, err := akl.getAkeylessHTTPClient(ctx, spec) @@ -235,22 +235,22 @@ func (a *Akeyless) Validate() (esv1beta1.ValidationResult, error) { } func (a *Akeyless) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (a *Akeyless) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (a *Akeyless) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf(errNotImplemented) + return false, errors.New(errNotImplemented) } // Implements store.Client.GetSecret Interface. // Retrieves a secret with the secret name defined in ref.Name. func (a *Akeyless) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if utils.IsNil(a.Client) { - return nil, fmt.Errorf(errUninitalizedAkeylessProvider) + return nil, errors.New(errUninitalizedAkeylessProvider) } token, err := a.Client.TokenFromSecretRef(ctx) @@ -295,7 +295,7 @@ func (a *Akeyless) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDa // Retrieves a all secrets with defined in ref.Name or tags. func (a *Akeyless) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error) { if utils.IsNil(a.Client) { - return nil, fmt.Errorf(errUninitalizedAkeylessProvider) + return nil, errors.New(errUninitalizedAkeylessProvider) } searchPath := "" @@ -382,7 +382,7 @@ func (a *Akeyless) findSecretsFromName(ctx context.Context, candidates []string, // New version of GetSecretMap. func (a *Akeyless) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { if utils.IsNil(a.Client) { - return nil, fmt.Errorf(errUninitalizedAkeylessProvider) + return nil, errors.New(errUninitalizedAkeylessProvider) } val, err := a.GetSecret(ctx, ref) @@ -424,7 +424,7 @@ func (a *akeylessBase) getAkeylessHTTPClient(ctx context.Context, provider *esv1 caCertPool := x509.NewCertPool() ok := caCertPool.AppendCertsFromPEM(cert) if !ok { - return nil, fmt.Errorf("failed to append caBundle") + return nil, errors.New("failed to append caBundle") } tlsConf := &tls.Config{ diff --git a/pkg/provider/akeyless/akeyless_api.go b/pkg/provider/akeyless/akeyless_api.go index 7cb1445662a..1d883a7dd29 100644 --- a/pkg/provider/akeyless/akeyless_api.go +++ b/pkg/provider/akeyless/akeyless_api.go @@ -185,7 +185,7 @@ func (a *akeylessBase) GetRotatedSecrets(ctx context.Context, secretName, token if ok { val, convert := valI.(map[string]any) if !convert { - return "", fmt.Errorf("failure converting key from gsvOut") + return "", errors.New("failure converting key from gsvOut") } if _, ok := val["payload"]; ok { return fmt.Sprintf("%v", val["payload"]), nil diff --git a/pkg/provider/akeyless/akeyless_test.go b/pkg/provider/akeyless/akeyless_test.go index 8ad4c3f0c86..074ea5b23da 100644 --- a/pkg/provider/akeyless/akeyless_test.go +++ b/pkg/provider/akeyless/akeyless_test.go @@ -16,6 +16,7 @@ package akeyless import ( "context" + "errors" "fmt" "reflect" "strings" @@ -85,7 +86,7 @@ func makeValidAkeylessTestCaseCustom(tweaks ...func(smtc *akeylessTestCase)) *ak // This case can be shared by both GetSecret and GetSecretMap tests. // bad case: set apiErr. var setAPIErr = func(smtc *akeylessTestCase) { - smtc.apiOutput.Err = fmt.Errorf("oh no") + smtc.apiOutput.Err = errors.New("oh no") smtc.expectError = "oh no" } @@ -160,7 +161,7 @@ func TestValidateStore(t *testing.T) { _, err := provider.ValidateStore(store) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } }) @@ -186,7 +187,7 @@ func TestValidateStore(t *testing.T) { _, err := provider.ValidateStore(store) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } }) diff --git a/pkg/provider/akeyless/auth.go b/pkg/provider/akeyless/auth.go index fac21bc9e06..112d2e49218 100644 --- a/pkg/provider/akeyless/auth.go +++ b/pkg/provider/akeyless/auth.go @@ -16,6 +16,7 @@ package akeyless import ( "context" + "errors" "fmt" "github.com/external-secrets/external-secrets/pkg/utils/resolvers" @@ -72,10 +73,10 @@ func (a *akeylessBase) TokenFromSecretRef(ctx context.Context) (string, error) { } if accessID == "" { - return "", fmt.Errorf(errMissingSAK) + return "", errors.New(errMissingSAK) } if accessType == "" { - return "", fmt.Errorf(errMissingAKID) + return "", errors.New(errMissingAKID) } return a.GetToken(accessID, accessType, accessTypeParam, prov.Auth.KubernetesAuth) diff --git a/pkg/provider/akeyless/utils.go b/pkg/provider/akeyless/utils.go index b8bcc54f6f2..7bc406cc860 100644 --- a/pkg/provider/akeyless/utils.go +++ b/pkg/provider/akeyless/utils.go @@ -15,6 +15,7 @@ limitations under the License. package akeyless import ( + "errors" "fmt" "io" "net/http" @@ -47,14 +48,14 @@ const ( // GetAKeylessProvider does the necessary nil checks and returns the akeyless provider or an error. func GetAKeylessProvider(store esv1beta1.GenericStore) (*esv1beta1.AkeylessProvider, error) { if store == nil { - return nil, fmt.Errorf(errNilStore) + return nil, errors.New(errNilStore) } spc := store.GetSpec() if spc == nil { - return nil, fmt.Errorf(errMissingStoreSpec) + return nil, errors.New(errMissingStoreSpec) } if spc.Provider == nil { - return nil, fmt.Errorf(errMissingProvider) + return nil, errors.New(errMissingStoreSpec) } prov := spc.Provider.Akeyless if prov == nil { diff --git a/pkg/provider/alibaba/client.go b/pkg/provider/alibaba/client.go index 55b0c91218c..0de0b1f25f1 100644 --- a/pkg/provider/alibaba/client.go +++ b/pkg/provider/alibaba/client.go @@ -16,6 +16,7 @@ package alibaba import ( "context" + "errors" "fmt" "net/http" "net/url" @@ -66,7 +67,7 @@ func newClient(config *openapi.Config, options *util.RuntimeOptions) (*secretsMa } if utils.Deref(endpoint) == "" { - return nil, fmt.Errorf("error KMS endpoint is missing") + return nil, errors.New("error KMS endpoint is missing") } const ( diff --git a/pkg/provider/alibaba/kms.go b/pkg/provider/alibaba/kms.go index 258fbc8f919..f03b83817c4 100644 --- a/pkg/provider/alibaba/kms.go +++ b/pkg/provider/alibaba/kms.go @@ -17,6 +17,7 @@ package alibaba import ( "context" "encoding/json" + "errors" "fmt" openapi "github.com/alibabacloud-go/darabonba-openapi/v2/client" @@ -57,27 +58,27 @@ type SMInterface interface { } func (kms *KeyManagementService) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (kms *KeyManagementService) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (kms *KeyManagementService) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf(errNotImplemented) + return false, errors.New(errNotImplemented) } // Empty GetAllSecrets. func (kms *KeyManagementService) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { // TO be implemented - return nil, fmt.Errorf(errNotImplemented) + return nil, errors.New(errNotImplemented) } // GetSecret returns a single secret from the provider. func (kms *KeyManagementService) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if utils.IsNil(kms.Client) { - return nil, fmt.Errorf(errUninitalizedAlibabaProvider) + return nil, errors.New(errUninitalizedAlibabaProvider) } request := &kmssdk.GetSecretValueRequest{ @@ -199,7 +200,7 @@ func newAuth(ctx context.Context, kube kclient.Client, store esv1beta1.GenericSt return credentials, nil default: - return nil, fmt.Errorf("alibaba authentication methods wasn't provided") + return nil, errors.New("alibaba authentication methods wasn't provided") } } @@ -273,7 +274,7 @@ func (kms *KeyManagementService) ValidateStore(store esv1beta1.GenericStore) (ad regionID := alibabaSpec.RegionID if regionID == "" { - return nil, fmt.Errorf("missing alibaba region") + return nil, errors.New("missing alibaba region") } return nil, kms.validateStoreAuth(store) @@ -289,7 +290,7 @@ func (kms *KeyManagementService) validateStoreAuth(store esv1beta1.GenericStore) case alibabaSpec.Auth.SecretRef != nil: return kms.validateStoreAccessKeyAuth(store) default: - return fmt.Errorf("missing alibaba auth provider") + return errors.New("missing alibaba auth provider") } } @@ -298,19 +299,19 @@ func (kms *KeyManagementService) validateStoreRRSAAuth(store esv1beta1.GenericSt alibabaSpec := storeSpec.Provider.Alibaba if alibabaSpec.Auth.RRSAAuth.OIDCProviderARN == "" { - return fmt.Errorf("missing alibaba OIDC proivder ARN") + return errors.New("missing alibaba OIDC proivder ARN") } if alibabaSpec.Auth.RRSAAuth.OIDCTokenFilePath == "" { - return fmt.Errorf("missing alibaba OIDC token file path") + return errors.New("missing alibaba OIDC token file path") } if alibabaSpec.Auth.RRSAAuth.RoleARN == "" { - return fmt.Errorf("missing alibaba Assume Role ARN") + return errors.New("missing alibaba Assume Role ARN") } if alibabaSpec.Auth.RRSAAuth.SessionName == "" { - return fmt.Errorf("missing alibaba session name") + return errors.New("missing alibaba session name") } return nil @@ -327,11 +328,11 @@ func (kms *KeyManagementService) validateStoreAccessKeyAuth(store esv1beta1.Gene } if accessKeyID.Name == "" { - return fmt.Errorf("missing alibaba access ID name") + return errors.New("missing alibaba access ID name") } if accessKeyID.Key == "" { - return fmt.Errorf("missing alibaba access ID key") + return errors.New("missing alibaba access ID key") } accessKeySecret := alibabaSpec.Auth.SecretRef.AccessKeySecret @@ -341,11 +342,11 @@ func (kms *KeyManagementService) validateStoreAccessKeyAuth(store esv1beta1.Gene } if accessKeySecret.Name == "" { - return fmt.Errorf("missing alibaba access key secret name") + return errors.New("missing alibaba access key secret name") } if accessKeySecret.Key == "" { - return fmt.Errorf("missing alibaba access key secret key") + return errors.New("missing alibaba access key secret key") } return nil diff --git a/pkg/provider/alibaba/kms_test.go b/pkg/provider/alibaba/kms_test.go index 103cb445b27..af12eb25656 100644 --- a/pkg/provider/alibaba/kms_test.go +++ b/pkg/provider/alibaba/kms_test.go @@ -16,7 +16,7 @@ package alibaba import ( "context" - "fmt" + "errors" "reflect" "strings" "testing" @@ -92,7 +92,7 @@ func makeValidKMSTestCaseCustom(tweaks ...func(kmstc *keyManagementServiceTestCa } var setAPIErr = func(kmstc *keyManagementServiceTestCase) { - kmstc.apiErr = fmt.Errorf("oh no") + kmstc.apiErr = errors.New("oh no") kmstc.expectError = "oh no" } @@ -203,7 +203,7 @@ func TestValidateAccessKeyStore(t *testing.T) { _, err := kms.ValidateStore(store) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } } @@ -230,7 +230,7 @@ func TestValidateRRSAStore(t *testing.T) { _, err := kms.ValidateStore(store) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } } diff --git a/pkg/provider/aws/parameterstore/fake/fake.go b/pkg/provider/aws/parameterstore/fake/fake.go index fd196bd9828..1787e02a5d6 100644 --- a/pkg/provider/aws/parameterstore/fake/fake.go +++ b/pkg/provider/aws/parameterstore/fake/fake.go @@ -16,7 +16,7 @@ package fake import ( "context" - "fmt" + "errors" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/request" @@ -102,7 +102,7 @@ func NewPutParameterWithContextFn(output *ssm.PutParameterOutput, err error) Put func (sm *Client) WithValue(in *ssm.GetParameterInput, val *ssm.GetParameterOutput, err error) { sm.GetParameterWithContextFn = func(ctx aws.Context, paramIn *ssm.GetParameterInput, options ...request.Option) (*ssm.GetParameterOutput, error) { if !cmp.Equal(paramIn, in) { - return nil, fmt.Errorf("unexpected test argument") + return nil, errors.New("unexpected test argument") } return val, err } diff --git a/pkg/provider/aws/parameterstore/parameterstore.go b/pkg/provider/aws/parameterstore/parameterstore.go index bda54c3ac39..23d3f8f6f4a 100644 --- a/pkg/provider/aws/parameterstore/parameterstore.go +++ b/pkg/provider/aws/parameterstore/parameterstore.go @@ -144,7 +144,7 @@ func (pm *ParameterStore) DeleteSecret(ctx context.Context, remoteRef esv1beta1. } func (pm *ParameterStore) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf("not implemented") + return false, errors.New("not implemented") } func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { @@ -217,13 +217,13 @@ func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, isManaged := isManagedByESO(tags) if !isManaged { - return fmt.Errorf("secret not managed by external-secrets") + return errors.New("secret not managed by external-secrets") } // When fetching a remote SecureString parameter without decrypting, the default value will always be 'sensitive' // in this case, no updates will be pushed remotely if existing.Parameter.Value != nil && *existing.Parameter.Value == "sensitive" { - return fmt.Errorf("unable to compare 'sensitive' result, ensure to request a decrypted value") + return errors.New("unable to compare 'sensitive' result, ensure to request a decrypted value") } if existing.Parameter.Value != nil && *existing.Parameter.Value == string(value) { diff --git a/pkg/provider/aws/parameterstore/parameterstore_test.go b/pkg/provider/aws/parameterstore/parameterstore_test.go index 7da9356b213..91f4b7a866b 100644 --- a/pkg/provider/aws/parameterstore/parameterstore_test.go +++ b/pkg/provider/aws/parameterstore/parameterstore_test.go @@ -17,7 +17,6 @@ package parameterstore import ( "context" "errors" - "fmt" "strings" "testing" @@ -403,7 +402,7 @@ func TestPushSecret(t *testing.T) { }, }, want: want{ - err: fmt.Errorf("secret not managed by external-secrets"), + err: errors.New("secret not managed by external-secrets"), }, }, "SetSecretGetTagsError": { @@ -414,11 +413,11 @@ func TestPushSecret(t *testing.T) { PutParameterWithContextFn: fakeps.NewPutParameterWithContextFn(putParameterOutput, nil), GetParameterWithContextFn: fakeps.NewGetParameterWithContextFn(validGetParameterOutput, nil), DescribeParametersWithContextFn: fakeps.NewDescribeParametersWithContextFn(describeParameterOutput, nil), - ListTagsForResourceWithContextFn: fakeps.NewListTagsForResourceWithContextFn(nil, fmt.Errorf("you shall not tag")), + ListTagsForResourceWithContextFn: fakeps.NewListTagsForResourceWithContextFn(nil, errors.New("you shall not tag")), }, }, want: want{ - err: fmt.Errorf("you shall not tag"), + err: errors.New("you shall not tag"), }, }, "SetSecretContentMatches": { @@ -492,7 +491,7 @@ func TestPushSecret(t *testing.T) { }, }, want: want{ - err: fmt.Errorf("failed to parse metadata: failed to parse JSON raw data: invalid character 'f' looking for beginning of object key string"), + err: errors.New("failed to parse metadata: failed to parse JSON raw data: invalid character 'f' looking for beginning of object key string"), }, }, "GetRemoteSecretWithoutDecryption": { @@ -520,7 +519,7 @@ func TestPushSecret(t *testing.T) { }, }, want: want{ - err: fmt.Errorf("unable to compare 'sensitive' result, ensure to request a decrypted value"), + err: errors.New("unable to compare 'sensitive' result, ensure to request a decrypted value"), }, }, } @@ -691,7 +690,7 @@ func TestGetSecret(t *testing.T) { // base case: api output return error setAPIError := func(pstc *parameterstoreTestCase) { pstc.apiOutput = &ssm.GetParameterOutput{} - pstc.apiErr = fmt.Errorf("oh no") + pstc.apiErr = errors.New("oh no") pstc.expectError = "oh no" } @@ -775,7 +774,7 @@ func TestGetSecretMap(t *testing.T) { setAPIError := func(pstc *parameterstoreTestCase) { pstc.apiOutput.Parameter = &ssm.Parameter{} pstc.expectError = "some api err" - pstc.apiErr = fmt.Errorf("some api err") + pstc.apiErr = errors.New("some api err") } // bad case: invalid json setInvalidJSON := func(pstc *parameterstoreTestCase) { diff --git a/pkg/provider/aws/secretsmanager/fake/fake.go b/pkg/provider/aws/secretsmanager/fake/fake.go index 21ca2135e23..9fba686a24c 100644 --- a/pkg/provider/aws/secretsmanager/fake/fake.go +++ b/pkg/provider/aws/secretsmanager/fake/fake.go @@ -16,6 +16,7 @@ package fake import ( "bytes" + "errors" "fmt" "time" @@ -51,7 +52,7 @@ func (sm Client) CreateSecretWithContext(ctx aws.Context, input *awssm.CreateSec func NewCreateSecretWithContextFn(output *awssm.CreateSecretOutput, err error, expectedSecretBinary ...[]byte) CreateSecretWithContextFn { return func(ctx aws.Context, actualInput *awssm.CreateSecretInput, options ...request.Option) (*awssm.CreateSecretOutput, error) { if *actualInput.ClientRequestToken != "00000000-0000-0000-0000-000000000001" { - return nil, fmt.Errorf("expected the version to be 1 at creation") + return nil, errors.New("expected the version to be 1 at creation") } if len(expectedSecretBinary) == 1 { if bytes.Equal(actualInput.SecretBinary, expectedSecretBinary[0]) { @@ -156,7 +157,7 @@ func (sm *Client) GetSecretValue(in *awssm.GetSecretValueInput) (*awssm.GetSecre if entry, found := sm.valFn[sm.cacheKeyForInput(in)]; found { return entry(in) } - return nil, fmt.Errorf("test case not found") + return nil, errors.New("test case not found") } func (sm *Client) ListSecrets(input *awssm.ListSecretsInput) (*awssm.ListSecretsOutput, error) { @@ -177,7 +178,7 @@ func (sm *Client) cacheKeyForInput(in *awssm.GetSecretValueInput) string { func (sm *Client) WithValue(in *awssm.GetSecretValueInput, val *awssm.GetSecretValueOutput, err error) { sm.valFn[sm.cacheKeyForInput(in)] = func(paramIn *awssm.GetSecretValueInput) (*awssm.GetSecretValueOutput, error) { if !cmp.Equal(paramIn, in) { - return nil, fmt.Errorf("unexpected test argument") + return nil, errors.New("unexpected test argument") } return val, err } diff --git a/pkg/provider/aws/secretsmanager/secretsmanager.go b/pkg/provider/aws/secretsmanager/secretsmanager.go index 24452e1f5ed..b313b3b4cd0 100644 --- a/pkg/provider/aws/secretsmanager/secretsmanager.go +++ b/pkg/provider/aws/secretsmanager/secretsmanager.go @@ -237,7 +237,7 @@ func (sm *SecretsManager) handleSecretError(err error) (bool, error) { func (sm *SecretsManager) PushSecret(ctx context.Context, secret *corev1.Secret, psd esv1beta1.PushSecretData) error { if psd.GetSecretKey() == "" { - return fmt.Errorf("pushing the whole secret is not yet implemented") + return errors.New("pushing the whole secret is not yet implemented") } secretName := psd.GetRemoteKey() @@ -586,7 +586,7 @@ func (sm *SecretsManager) putSecretValueWithContext(ctx context.Context, secretI return err } if !isManagedByESO(data) { - return fmt.Errorf("secret not managed by external-secrets") + return errors.New("secret not managed by external-secrets") } if awsSecret != nil && bytes.Equal(awsSecret.SecretBinary, value) || utils.CompareStringAndByteSlices(awsSecret.SecretString, value) { return nil diff --git a/pkg/provider/aws/secretsmanager/secretsmanager_test.go b/pkg/provider/aws/secretsmanager/secretsmanager_test.go index d10c450313d..ee82b35dca2 100644 --- a/pkg/provider/aws/secretsmanager/secretsmanager_test.go +++ b/pkg/provider/aws/secretsmanager/secretsmanager_test.go @@ -111,7 +111,7 @@ func makeValidSecretsManagerTestCaseCustom(tweaks ...func(smtc *secretsManagerTe // This case can be shared by both GetSecret and GetSecretMap tests. // bad case: set apiErr. var setAPIErr = func(smtc *secretsManagerTestCase) { - smtc.apiErr = fmt.Errorf("oh no") + smtc.apiErr = errors.New("oh no") smtc.expectError = "oh no" } @@ -769,7 +769,7 @@ func TestSetSecret(t *testing.T) { pushSecretData: pushSecretDataWithoutProperty, }, want: want{ - err: fmt.Errorf("secret not managed by external-secrets"), + err: errors.New("secret not managed by external-secrets"), }, }, } diff --git a/pkg/provider/aws/util/provider.go b/pkg/provider/aws/util/provider.go index 8dcba3ef54e..1ddc1d82756 100644 --- a/pkg/provider/aws/util/provider.go +++ b/pkg/provider/aws/util/provider.go @@ -16,6 +16,7 @@ package util import ( "encoding/json" + "errors" "fmt" awssm "github.com/aws/aws-sdk-go/service/secretsmanager" @@ -35,14 +36,14 @@ const ( // it returns the aws provider or an error. func GetAWSProvider(store esv1beta1.GenericStore) (*esv1beta1.AWSProvider, error) { if store == nil { - return nil, fmt.Errorf(errNilStore) + return nil, errors.New(errNilStore) } spc := store.GetSpec() if spc == nil { - return nil, fmt.Errorf(errMissingStoreSpec) + return nil, errors.New(errMissingStoreSpec) } if spc.Provider == nil { - return nil, fmt.Errorf(errMissingProvider) + return nil, errors.New(errMissingProvider) } prov := spc.Provider.AWS if prov == nil { diff --git a/pkg/provider/azure/keyvault/keyvault.go b/pkg/provider/azure/keyvault/keyvault.go index 2a327c80489..6ce6ea14a06 100644 --- a/pkg/provider/azure/keyvault/keyvault.go +++ b/pkg/provider/azure/keyvault/keyvault.go @@ -79,21 +79,17 @@ const ( errInvalidClientCredentials = "both clientSecret and clientCredentials set" errMultipleClientID = "multiple clientID found. Check secretRef and serviceAccountRef" errMultipleTenantID = "multiple tenantID found. Check secretRef, 'spec.provider.azurekv.tenantId', and serviceAccountRef" - errFindSecret = "could not find secret %s/%s: %w" - errFindDataKey = "no data for %q in secret '%s/%s'" - - errInvalidStore = "invalid store" - errInvalidStoreSpec = "invalid store spec" - errInvalidStoreProv = "invalid store provider" - errInvalidAzureProv = "invalid azure keyvault provider" - errInvalidSecRefClientID = "invalid AuthSecretRef.ClientID: %w" - errInvalidSecRefClientSecret = "invalid AuthSecretRef.ClientSecret: %w" - errInvalidSecRefClientCertificate = "invalid AuthSecretRef.ClientCertificate: %w" - errInvalidSARef = "invalid ServiceAccountRef: %w" + + errInvalidStore = "invalid store" + errInvalidStoreSpec = "invalid store spec" + errInvalidStoreProv = "invalid store provider" + errInvalidAzureProv = "invalid azure keyvault provider" + errInvalidSecRefClientID = "invalid AuthSecretRef.ClientID: %w" + errInvalidSecRefClientSecret = "invalid AuthSecretRef.ClientSecret: %w" + errInvalidSARef = "invalid ServiceAccountRef: %w" errMissingWorkloadEnvVars = "missing environment variables. AZURE_CLIENT_ID, AZURE_TENANT_ID and AZURE_FEDERATED_TOKEN_FILE must be set" errReadTokenFile = "unable to read token file %s: %w" - errMissingSAAnnotation = "missing service account annotation: %s" ) // https://github.com/external-secrets/external-secrets/issues/644 @@ -177,7 +173,7 @@ func newClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Cl case esv1beta1.AzureWorkloadIdentity: authorizer, err = az.authorizerForWorkloadIdentity(ctx, NewTokenProvider) default: - err = fmt.Errorf(errMissingAuthType) + err = errors.New(errMissingAuthType) } cl := keyvault.New() @@ -198,18 +194,18 @@ func getProvider(store esv1beta1.GenericStore) (*esv1beta1.AzureKVProvider, erro func (a *Azure) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error) { if store == nil { - return nil, fmt.Errorf(errInvalidStore) + return nil, errors.New(errInvalidStore) } spc := store.GetSpec() if spc == nil { - return nil, fmt.Errorf(errInvalidStoreSpec) + return nil, errors.New(errInvalidStoreSpec) } if spc.Provider == nil { - return nil, fmt.Errorf(errInvalidStoreProv) + return nil, errors.New(errInvalidStoreProv) } p := spc.Provider.AzureKV if p == nil { - return nil, fmt.Errorf(errInvalidAzureProv) + return nil, errors.New(errInvalidAzureProv) } if p.AuthSecretRef != nil { if p.AuthSecretRef.ClientID != nil { @@ -245,7 +241,7 @@ func canDelete(tags map[string]*string, err error) (bool, error) { } manager, ok := tags["managed-by"] if !ok || manager == nil || *manager != managerLabel { - return false, fmt.Errorf("not managed by external-secrets") + return false, errors.New("not managed by external-secrets") } return true, nil } @@ -374,7 +370,7 @@ func getCertificateFromValue(value []byte) (*x509.Certificate, error) { return cert, nil } } - return nil, fmt.Errorf("could not parse certificate value as PKCS#12, DER or PEM") + return nil, errors.New("could not parse certificate value as PKCS#12, DER or PEM") } func getKeyFromValue(value []byte) (any, error) { @@ -409,7 +405,7 @@ func canCreate(tags map[string]*string, err error) (bool, error) { if err == nil { manager, ok := tags["managed-by"] if !ok || manager == nil || *manager != managerLabel { - return false, fmt.Errorf("not managed by external-secrets") + return false, errors.New("not managed by external-secrets") } } return true, nil @@ -770,9 +766,9 @@ func (a *Azure) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDa return getSecretMapMap(data) case objectTypeCert: - return nil, fmt.Errorf(errDataFromCert) + return nil, errors.New(errDataFromCert) case objectTypeKey: - return nil, fmt.Errorf(errDataFromKey) + return nil, errors.New(errDataFromKey) } return nil, fmt.Errorf(errUnknownObjectType, secretName) } @@ -855,7 +851,7 @@ func (a *Azure) authorizerForWorkloadIdentity(ctx context.Context, tokenProvider // First check if AuthSecretRef is set and clientID can be fetched from there if a.provider.AuthSecretRef != nil { if a.provider.AuthSecretRef.ClientID == nil { - return nil, fmt.Errorf(errMissingClientIDSecret) + return nil, errors.New(errMissingClientIDSecret) } clientID, err = resolvers.SecretKeyRef( ctx, @@ -872,7 +868,7 @@ func (a *Azure) authorizerForWorkloadIdentity(ctx context.Context, tokenProvider if val, found := sa.ObjectMeta.Annotations[AnnotationClientID]; found { // If clientID is defined in both Annotations and AuthSecretRef, return an error if clientID != "" { - return nil, fmt.Errorf(errMultipleClientID) + return nil, errors.New(errMultipleClientID) } clientID = val } @@ -907,7 +903,7 @@ func (a *Azure) authorizerForWorkloadIdentity(ctx context.Context, tokenProvider if val, found := sa.ObjectMeta.Annotations[AnnotationTenantID]; found { // If tenantID is defined in both Annotations and AuthSecretRef, return an error if tenantID != "" { - return nil, fmt.Errorf(errMultipleTenantID) + return nil, errors.New(errMultipleTenantID) } tenantID = val } @@ -995,16 +991,16 @@ func (a *Azure) authorizerForManagedIdentity() (autorest.Authorizer, error) { func (a *Azure) authorizerForServicePrincipal(ctx context.Context) (autorest.Authorizer, error) { if a.provider.TenantID == nil { - return nil, fmt.Errorf(errMissingTenant) + return nil, errors.New(errMissingTenant) } if a.provider.AuthSecretRef == nil { - return nil, fmt.Errorf(errMissingSecretRef) + return nil, errors.New(errMissingSecretRef) } if a.provider.AuthSecretRef.ClientID == nil || (a.provider.AuthSecretRef.ClientSecret == nil && a.provider.AuthSecretRef.ClientCertificate == nil) { - return nil, fmt.Errorf(errMissingClientIDSecret) + return nil, errors.New(errMissingClientIDSecret) } if a.provider.AuthSecretRef.ClientSecret != nil && a.provider.AuthSecretRef.ClientCertificate != nil { - return nil, fmt.Errorf(errInvalidClientCredentials) + return nil, errors.New(errInvalidClientCredentials) } return a.getAuthorizerFromCredentials(ctx) diff --git a/pkg/provider/azure/keyvault/keyvault_test.go b/pkg/provider/azure/keyvault/keyvault_test.go index cff73e6c9f1..88e81f81fc5 100644 --- a/pkg/provider/azure/keyvault/keyvault_test.go +++ b/pkg/provider/azure/keyvault/keyvault_test.go @@ -200,7 +200,7 @@ func TestAzureKeyVaultDeleteSecret(t *testing.T) { RemoteKey: secretName, } smtc.expectError = "boom" - smtc.apiErr = fmt.Errorf("boom") + smtc.apiErr = errors.New("boom") } secretNoDeletePermissions := func(smtc *secretManagerTestCase) { @@ -258,7 +258,7 @@ func TestAzureKeyVaultDeleteSecret(t *testing.T) { RemoteKey: certName, } smtc.expectError = "crash" - smtc.apiErr = fmt.Errorf("crash") + smtc.apiErr = errors.New("crash") } certNoDeletePermissions := func(smtc *secretManagerTestCase) { @@ -315,7 +315,7 @@ func TestAzureKeyVaultDeleteSecret(t *testing.T) { RemoteKey: keyName, } smtc.expectError = "tls timeout" - smtc.apiErr = fmt.Errorf("tls timeout") + smtc.apiErr = errors.New("tls timeout") } keyNoDeletePermissions := func(smtc *secretManagerTestCase) { @@ -483,7 +483,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { SecretKey: secretKey, RemoteKey: secretName, } - smtc.apiErr = fmt.Errorf("crash") + smtc.apiErr = errors.New("crash") smtc.expectError = "crash" } failedSetSecret := func(smtc *secretManagerTestCase) { diff --git a/pkg/provider/beyondtrust/provider.go b/pkg/provider/beyondtrust/provider.go index 024a9242778..c8fe32fd11d 100644 --- a/pkg/provider/beyondtrust/provider.go +++ b/pkg/provider/beyondtrust/provider.go @@ -77,17 +77,17 @@ func (*Provider) Close(_ context.Context) error { // DeleteSecret implements v1beta1.SecretsClient. func (*Provider) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } // GetSecretMap implements v1beta1.SecretsClient. func (*Provider) GetSecretMap(_ context.Context, _ esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { - return make(map[string][]byte), fmt.Errorf(errNotImplemented) + return make(map[string][]byte), errors.New(errNotImplemented) } // PushSecret implements v1beta1.SecretsClient. func (*Provider) PushSecret(_ context.Context, _ *v1.Secret, _ esv1beta1.PushSecretData) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } // Validate implements v1beta1.SecretsClient. @@ -104,7 +104,7 @@ func (p *Provider) Validate() (esv1beta1.ValidationResult, error) { } func (*Provider) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf(errNotImplemented) + return false, errors.New(errNotImplemented) } // NewClient this is where we initialize the SecretClient and return it for the controller to use. @@ -244,7 +244,7 @@ func validateSecretRef(ref *esv1beta1.BeyondTrustProviderSecretRef) error { } func (p *Provider) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { - return nil, fmt.Errorf("GetAllSecrets not implemented") + return nil, errors.New("GetAllSecrets not implemented") } // GetSecret reads the secret from the Password Safe server and returns it. The controller uses the value here to @@ -255,7 +255,7 @@ func (p *Provider) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretData retrievalPaths := utils.ValidatePaths([]string{ref.Key}, managedAccountType, p.separator, &p.log) if len(retrievalPaths) != 1 { - return nil, fmt.Errorf(errInvalidRetrievalPath) + return nil, errors.New(errInvalidRetrievalPath) } retrievalPath := retrievalPaths[0] @@ -292,17 +292,17 @@ func (p *Provider) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretData // ValidateStore validates the store configuration to prevent unexpected errors. func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error) { if store == nil { - return nil, fmt.Errorf(errNilStore) + return nil, errors.New(errNilStore) } spec := store.GetSpec() if spec == nil { - return nil, fmt.Errorf(errMissingStoreSpec) + return nil, errors.New(errMissingStoreSpec) } if spec.Provider == nil { - return nil, fmt.Errorf(errMissingProvider) + return nil, errors.New(errMissingProvider) } provider := spec.Provider.Beyondtrust @@ -312,7 +312,7 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin apiURL, err := url.Parse(provider.Server.APIURL) if err != nil { - return nil, fmt.Errorf(errInvalidHostURL) + return nil, errors.New(errInvalidHostURL) } if provider.Auth.ClientID.SecretRef != nil { @@ -324,7 +324,7 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin } if apiURL.Host == "" { - return nil, fmt.Errorf(errInvalidHostURL) + return nil, errors.New(errInvalidHostURL) } return nil, nil diff --git a/pkg/provider/bitwarden/client.go b/pkg/provider/bitwarden/client.go index ec80c32e04d..b4a45c0d606 100644 --- a/pkg/provider/bitwarden/client.go +++ b/pkg/provider/bitwarden/client.go @@ -43,15 +43,15 @@ const ( func (p *Provider) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { spec := p.store.GetSpec() if spec == nil || spec.Provider == nil { - return fmt.Errorf("store does not have a provider") + return errors.New("store does not have a provider") } if data.GetSecretKey() == "" { - return fmt.Errorf("pushing the whole secret is not yet implemented") + return errors.New("pushing the whole secret is not yet implemented") } if data.GetRemoteKey() == "" { - return fmt.Errorf("remote key must be defined") + return errors.New("remote key must be defined") } value, ok := secret.Data[data.GetSecretKey()] @@ -132,7 +132,7 @@ func (p *Provider) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDa spec := p.store.GetSpec() if spec == nil || spec.Provider == nil { - return nil, fmt.Errorf("store does not have a provider") + return nil, errors.New("store does not have a provider") } secret, err := p.findSecretByRef(ctx, ref.Key, spec.Provider.BitwardenSecretsManager.ProjectID) @@ -151,7 +151,7 @@ func (p *Provider) DeleteSecret(ctx context.Context, ref esv1beta1.PushSecretRem spec := p.store.GetSpec() if spec == nil || spec.Provider == nil { - return fmt.Errorf("store does not have a provider") + return errors.New("store does not have a provider") } secret, err := p.findSecretByRef(ctx, ref.GetRemoteKey(), spec.Provider.BitwardenSecretsManager.ProjectID) @@ -193,7 +193,7 @@ func (p *Provider) SecretExists(ctx context.Context, ref esv1beta1.PushSecretRem spec := p.store.GetSpec() if spec == nil || spec.Provider == nil { - return false, fmt.Errorf("store does not have a provider") + return false, errors.New("store does not have a provider") } if _, err := p.findSecretByRef(ctx, ref.GetRemoteKey(), spec.Provider.BitwardenSecretsManager.ProjectID); err != nil { @@ -205,7 +205,7 @@ func (p *Provider) SecretExists(ctx context.Context, ref esv1beta1.PushSecretRem // GetSecretMap returns multiple k/v pairs from the provider. func (p *Provider) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { - return nil, fmt.Errorf("GetSecretMap() not implemented") + return nil, errors.New("GetSecretMap() not implemented") } // GetAllSecrets gets multiple secrets from the provider and loads into a kubernetes secret. @@ -214,7 +214,7 @@ func (p *Provider) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecre func (p *Provider) GetAllSecrets(ctx context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { spec := p.store.GetSpec() if spec == nil { - return nil, fmt.Errorf("store does not have a provider") + return nil, errors.New("store does not have a provider") } secrets, err := p.bitwardenSdkClient.ListSecrets(ctx, spec.Provider.BitwardenSecretsManager.OrganizationID) @@ -248,7 +248,7 @@ func (p *Provider) Close(_ context.Context) error { func (p *Provider) findSecretByRef(ctx context.Context, key, projectID string) (*SecretResponse, error) { spec := p.store.GetSpec() if spec == nil || spec.Provider == nil { - return nil, fmt.Errorf("store does not have a provider") + return nil, errors.New("store does not have a provider") } // ListAll Secrets for an organization. If the key matches our key, we GetSecret that and do a compare. diff --git a/pkg/provider/bitwarden/provider.go b/pkg/provider/bitwarden/provider.go index 97aa5711ac4..1568b51ca94 100644 --- a/pkg/provider/bitwarden/provider.go +++ b/pkg/provider/bitwarden/provider.go @@ -18,6 +18,7 @@ import ( "context" "crypto/tls" "crypto/x509" + "errors" "fmt" "net/http" "time" @@ -45,7 +46,7 @@ func init() { func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Client, namespace string) (esv1beta1.SecretsClient, error) { storeSpec := store.GetSpec() if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.BitwardenSecretsManager == nil { - return nil, fmt.Errorf("no store type or wrong store type") + return nil, errors.New("no store type or wrong store type") } token, err := resolvers.SecretKeyRef( @@ -87,16 +88,16 @@ func (p *Provider) Capabilities() esv1beta1.SecretStoreCapabilities { func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error) { storeSpec := store.GetSpec() if storeSpec == nil { - return admission.Warnings{}, fmt.Errorf("no store type or wrong store type") + return admission.Warnings{}, errors.New("no store type or wrong store type") } if storeSpec.Provider == nil { - return admission.Warnings{}, fmt.Errorf("provider not configured") + return admission.Warnings{}, errors.New("provider not configured") } bitwardenSpec := storeSpec.Provider.BitwardenSecretsManager if bitwardenSpec == nil { - return admission.Warnings{}, fmt.Errorf("bitwarden spec not configured") + return admission.Warnings{}, errors.New("bitwarden spec not configured") } if bitwardenSpec.CAProvider == nil && bitwardenSpec.CABundle == "" { @@ -124,7 +125,7 @@ func newHTTPSClient(ctx context.Context, c client.Client, storeKind, namespace s pool := x509.NewCertPool() ok := pool.AppendCertsFromPEM(cert) if !ok { - return nil, fmt.Errorf("failed to append caBundle") + return nil, errors.New("failed to append caBundle") } tr := &http.Transport{ diff --git a/pkg/provider/chef/chef.go b/pkg/provider/chef/chef.go index 24e727ce785..31c6dbfcdf4 100644 --- a/pkg/provider/chef/chef.go +++ b/pkg/provider/chef/chef.go @@ -11,11 +11,13 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ + package chef import ( "context" "encoding/json" + "errors" "fmt" "net/url" "strings" @@ -108,7 +110,7 @@ func (providerchef *Providerchef) NewClient(ctx context.Context, store v1beta1.G if store.GetObjectKind().GroupVersionKind().Kind == v1beta1.ClusterSecretStoreKind { if chefProvider.Auth.SecretRef.SecretKey.Namespace == nil { - return nil, fmt.Errorf(errInvalidClusterStoreMissingPKNamespace) + return nil, errors.New(errInvalidClusterStoreMissingPKNamespace) } objectKey.Namespace = *chefProvider.Auth.SecretRef.SecretKey.Namespace } @@ -119,7 +121,7 @@ func (providerchef *Providerchef) NewClient(ctx context.Context, store v1beta1.G secretKey := credentialsSecret.Data[chefProvider.Auth.SecretRef.SecretKey.Key] if len(secretKey) == 0 { - return nil, fmt.Errorf(errMissingSecretKey) + return nil, errors.New(errMissingSecretKey) } client, err := chef.NewClient(&chef.Config{ @@ -149,20 +151,20 @@ func (providerchef *Providerchef) Validate() (v1beta1.ValidationResult, error) { _, err := providerchef.userService.Get(providerchef.clientName) metrics.ObserveAPICall(ProviderChef, CallChefGetUser, err) if err != nil { - return v1beta1.ValidationResultError, fmt.Errorf(errStoreValidateFailed) + return v1beta1.ValidationResultError, errors.New(errStoreValidateFailed) } return v1beta1.ValidationResultReady, nil } // GetAllSecrets Retrieves a map[string][]byte with the Databag names as key and the Databag's Items as secrets. func (providerchef *Providerchef) GetAllSecrets(_ context.Context, _ v1beta1.ExternalSecretFind) (map[string][]byte, error) { - return nil, fmt.Errorf("dataFrom.find not suppported") + return nil, errors.New("dataFrom.find not suppported") } // GetSecret returns a databagItem present in the databag. format example: databagName/databagItemName. func (providerchef *Providerchef) GetSecret(ctx context.Context, ref v1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if utils.IsNil(providerchef.databagService) { - return nil, fmt.Errorf(errUninitalizedChefProvider) + return nil, errors.New(errUninitalizedChefProvider) } key := ref.Key @@ -178,7 +180,7 @@ func (providerchef *Providerchef) GetSecret(ctx context.Context, ref v1beta1.Ext return getSingleDatabagItemWithContext(ctx, providerchef, databagName, databagItem, ref.Property) } - return nil, fmt.Errorf(errInvalidFormat) + return nil, errors.New(errInvalidFormat) } func getSingleDatabagItemWithContext(ctx context.Context, providerchef *Providerchef, dataBagName, databagItemName, propertyName string) ([]byte, error) { @@ -200,7 +202,7 @@ func getSingleDatabagItemWithContext(ctx context.Context, providerchef *Provider } jsonByte, err := json.Marshal(ditem) if err != nil { - resultChan <- result{err: fmt.Errorf(errUnableToConvertToJSON)} + resultChan <- result{err: errors.New(errUnableToConvertToJSON)} return } if propertyName != "" { @@ -250,12 +252,12 @@ func getPropertyFromDatabagItem(jsonByte []byte, propertyName string) ([]byte, e // databagItemName or Property not expected in key. func (providerchef *Providerchef) GetSecretMap(ctx context.Context, ref v1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { if utils.IsNil(providerchef.databagService) { - return nil, fmt.Errorf(errUninitalizedChefProvider) + return nil, errors.New(errUninitalizedChefProvider) } databagName := ref.Key if strings.Contains(databagName, "/") { - return nil, fmt.Errorf(errInvalidDataform) + return nil, errors.New(errInvalidDataform) } getAllSecrets := make(map[string][]byte) providerchef.log.Info("fetching all items from", "databag:", databagName) @@ -291,38 +293,38 @@ func (providerchef *Providerchef) ValidateStore(store v1beta1.GenericStore) (adm // getChefProvider validates the incoming store and return the chef provider. func getChefProvider(store v1beta1.GenericStore) (*v1beta1.ChefProvider, error) { if store == nil { - return nil, fmt.Errorf(errMissingStore) + return nil, errors.New(errMissingStore) } storeSpec := store.GetSpec() if storeSpec == nil { - return nil, fmt.Errorf(errMissingStoreSpec) + return nil, errors.New(errMissingStoreSpec) } provider := storeSpec.Provider if provider == nil { - return nil, fmt.Errorf(errMissingProvider) + return nil, errors.New(errMissingProvider) } chefProvider := storeSpec.Provider.Chef if chefProvider == nil { - return nil, fmt.Errorf(errMissingChefProvider) + return nil, errors.New(errMissingChefProvider) } if chefProvider.UserName == "" { - return chefProvider, fmt.Errorf(errMissingUserName) + return chefProvider, errors.New(errMissingUserName) } if chefProvider.ServerURL == "" { - return chefProvider, fmt.Errorf(errMissingServerURL) + return chefProvider, errors.New(errMissingServerURL) } if !strings.HasSuffix(chefProvider.ServerURL, "/") { - return chefProvider, fmt.Errorf(errServerURLNoEndSlash) + return chefProvider, errors.New(errServerURLNoEndSlash) } // check valid URL if _, err := url.ParseRequestURI(chefProvider.ServerURL); err != nil { return chefProvider, fmt.Errorf(errInvalidURL, err) } if chefProvider.Auth == nil { - return chefProvider, fmt.Errorf(errMissingAuth) + return chefProvider, errors.New(errMissingAuth) } if chefProvider.Auth.SecretRef.SecretKey.Key == "" { - return chefProvider, fmt.Errorf(errMissingSecretKey) + return chefProvider, errors.New(errMissingSecretKey) } return chefProvider, nil @@ -330,16 +332,16 @@ func getChefProvider(store v1beta1.GenericStore) (*v1beta1.ChefProvider, error) // Not Implemented DeleteSecret. func (providerchef *Providerchef) DeleteSecret(_ context.Context, _ v1beta1.PushSecretRemoteRef) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } // Not Implemented PushSecret. func (providerchef *Providerchef) PushSecret(_ context.Context, _ *corev1.Secret, _ v1beta1.PushSecretData) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (providerchef *Providerchef) SecretExists(_ context.Context, _ v1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf(errNotImplemented) + return false, errors.New(errNotImplemented) } // Capabilities return the provider supported capabilities (ReadOnly, WriteOnly, ReadWrite). diff --git a/pkg/provider/chef/chef_test.go b/pkg/provider/chef/chef_test.go index d5f16e9e277..63aceac4a09 100644 --- a/pkg/provider/chef/chef_test.go +++ b/pkg/provider/chef/chef_test.go @@ -278,31 +278,31 @@ func TestValidateStore(t *testing.T) { testCases := []ValidateStoreTestCase{ { store: makeSecretStore("", baseURL, makeAuth(authName, authNamespace, authKey)), - err: fmt.Errorf("received invalid Chef SecretStore resource: missing username"), + err: errors.New("received invalid Chef SecretStore resource: missing username"), }, { store: makeSecretStore(name, "", makeAuth(authName, authNamespace, authKey)), - err: fmt.Errorf("received invalid Chef SecretStore resource: missing serverurl"), + err: errors.New("received invalid Chef SecretStore resource: missing serverurl"), }, { store: makeSecretStore(name, baseURL, nil), - err: fmt.Errorf("received invalid Chef SecretStore resource: cannot initialize Chef Client: no valid authType was specified"), + err: errors.New("received invalid Chef SecretStore resource: cannot initialize Chef Client: no valid authType was specified"), }, { store: makeSecretStore(name, baseInvalidURL, makeAuth(authName, authNamespace, authKey)), - err: fmt.Errorf("received invalid Chef SecretStore resource: invalid serverurl: parse \"invalid base URL/\": invalid URI for request"), + err: errors.New("received invalid Chef SecretStore resource: invalid serverurl: parse \"invalid base URL/\": invalid URI for request"), }, { store: makeSecretStore(name, noEndSlashInvalidBaseURL, makeAuth(authName, authNamespace, authKey)), - err: fmt.Errorf("received invalid Chef SecretStore resource: serverurl does not end with slash(/)"), + err: errors.New("received invalid Chef SecretStore resource: serverurl does not end with slash(/)"), }, { store: makeSecretStore(name, baseURL, makeAuth(authName, authNamespace, "")), - err: fmt.Errorf("received invalid Chef SecretStore resource: missing Secret Key"), + err: errors.New("received invalid Chef SecretStore resource: missing Secret Key"), }, { store: makeSecretStore(name, baseURL, makeAuth(authName, authNamespace, authKey)), - err: fmt.Errorf("received invalid Chef SecretStore resource: namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), + err: errors.New("received invalid Chef SecretStore resource: namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), }, { store: &esv1beta1.SecretStore{ @@ -310,7 +310,7 @@ func TestValidateStore(t *testing.T) { Provider: nil, }, }, - err: fmt.Errorf("received invalid Chef SecretStore resource: missing provider"), + err: errors.New("received invalid Chef SecretStore resource: missing provider"), }, { store: &esv1beta1.SecretStore{ @@ -320,7 +320,7 @@ func TestValidateStore(t *testing.T) { }, }, }, - err: fmt.Errorf("received invalid Chef SecretStore resource: missing chef provider"), + err: errors.New("received invalid Chef SecretStore resource: missing chef provider"), }, } pc := Providerchef{} diff --git a/pkg/provider/conjur/auth_jwt.go b/pkg/provider/conjur/auth_jwt.go index f9c9d1018bc..f13e4539782 100644 --- a/pkg/provider/conjur/auth_jwt.go +++ b/pkg/provider/conjur/auth_jwt.go @@ -18,6 +18,7 @@ import ( "context" "crypto/tls" "crypto/x509" + "errors" "fmt" "net/http" "time" @@ -59,7 +60,7 @@ func (c *Client) getJWTToken(ctx context.Context, conjurJWTConfig *esv1beta1.Con } return jwtToken, nil } - return "", fmt.Errorf("missing ServiceAccountRef or SecretRef") + return "", errors.New("missing ServiceAccountRef or SecretRef") } // getJwtFromServiceAccountTokenRequest uses the TokenRequest API to get a JWT token for the given service account. @@ -108,7 +109,7 @@ func newHTTPSClient(cert []byte) (*http.Client, error) { pool := x509.NewCertPool() ok := pool.AppendCertsFromPEM(cert) if !ok { - return nil, fmt.Errorf("can't append Conjur SSL cert") + return nil, errors.New("can't append Conjur SSL cert") } tr := &http.Transport{ TLSClientConfig: &tls.Config{RootCAs: pool, MinVersion: tls.VersionTLS12}, diff --git a/pkg/provider/conjur/client.go b/pkg/provider/conjur/client.go index 2514056c082..b18d21bc193 100644 --- a/pkg/provider/conjur/client.go +++ b/pkg/provider/conjur/client.go @@ -16,6 +16,7 @@ package conjur import ( "context" + "errors" "fmt" "github.com/cyberark/conjur-api-go/conjurapi" @@ -121,7 +122,7 @@ func (c *Client) GetConjurClient(ctx context.Context) (SecretsClient, error) { return conjur, nil } else { // Should not happen because validate func should catch this - return nil, fmt.Errorf("no authentication method provided") + return nil, errors.New("no authentication method provided") } } @@ -137,7 +138,7 @@ func (c *Client) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef } func (c *Client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf("not implemented") + return false, errors.New("not implemented") } // Validate validates the provider. diff --git a/pkg/provider/conjur/provider_test.go b/pkg/provider/conjur/provider_test.go index 1c70537ef8f..7235a956028 100644 --- a/pkg/provider/conjur/provider_test.go +++ b/pkg/provider/conjur/provider_test.go @@ -271,7 +271,7 @@ func TestGetAllSecrets(t *testing.T) { search: "^secret[1,2", // Missing `]` }, want: want{ - err: fmt.Errorf("could not compile find.name.regexp [%s]: %w", "^secret[1,2", fmt.Errorf("error parsing regexp: missing closing ]: `[1,2`")), + err: fmt.Errorf("could not compile find.name.regexp [%s]: %w", "^secret[1,2", errors.New("error parsing regexp: missing closing ]: `[1,2`")), values: nil, }, }, @@ -415,7 +415,7 @@ func TestGetSecretMap(t *testing.T) { }, }, want: want{ - err: fmt.Errorf("%w", fmt.Errorf("error getting secret json_map: cannot find secret data for key: \"key3\"")), + err: fmt.Errorf("%w", errors.New("error getting secret json_map: cannot find secret data for key: \"key3\"")), val: nil, }, }, diff --git a/pkg/provider/conjur/util/provider.go b/pkg/provider/conjur/util/provider.go index 374e856c5c4..d6012e62083 100644 --- a/pkg/provider/conjur/util/provider.go +++ b/pkg/provider/conjur/util/provider.go @@ -15,6 +15,7 @@ limitations under the License. package util import ( + "errors" "fmt" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" @@ -31,18 +32,18 @@ const ( // it returns the conjur provider or an error. func GetConjurProvider(store esv1beta1.GenericStore) (*esv1beta1.ConjurProvider, error) { if store == nil { - return nil, fmt.Errorf(errNilStore) + return nil, errors.New(errNilStore) } spec := store.GetSpec() if spec == nil { - return nil, fmt.Errorf(errMissingStoreSpec) + return nil, errors.New(errMissingStoreSpec) } if spec.Provider == nil { - return nil, fmt.Errorf(errMissingProvider) + return nil, errors.New(errMissingProvider) } if spec.Provider.Conjur == nil { - return nil, fmt.Errorf(errMissingProvider) + return nil, errors.New(errMissingProvider) } prov := spec.Provider.Conjur diff --git a/pkg/provider/conjur/validate.go b/pkg/provider/conjur/validate.go index 5a072a3bad1..aa0fb5cba7e 100644 --- a/pkg/provider/conjur/validate.go +++ b/pkg/provider/conjur/validate.go @@ -16,6 +16,7 @@ limitations under the License. package conjur import ( + "errors" "fmt" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" @@ -33,7 +34,7 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin } if prov.URL == "" { - return nil, fmt.Errorf("conjur URL cannot be empty") + return nil, errors.New("conjur URL cannot be empty") } if prov.Auth.APIKey != nil { err := validateAPIKeyStore(store, *prov.Auth.APIKey) @@ -51,7 +52,7 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin // At least one auth must be configured if prov.Auth.APIKey == nil && prov.Auth.Jwt == nil { - return nil, fmt.Errorf("missing Auth.* configuration") + return nil, errors.New("missing Auth.* configuration") } return nil, nil @@ -59,13 +60,13 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin func validateAPIKeyStore(store esv1beta1.GenericStore, auth esv1beta1.ConjurAPIKey) error { if auth.Account == "" { - return fmt.Errorf("missing Auth.ApiKey.Account") + return errors.New("missing Auth.ApiKey.Account") } if auth.UserRef == nil { - return fmt.Errorf("missing Auth.Apikey.UserRef") + return errors.New("missing Auth.Apikey.UserRef") } if auth.APIKeyRef == nil { - return fmt.Errorf("missing Auth.Apikey.ApiKeyRef") + return errors.New("missing Auth.Apikey.ApiKeyRef") } if err := utils.ValidateReferentSecretSelector(store, *auth.UserRef); err != nil { return fmt.Errorf("invalid Auth.Apikey.UserRef: %w", err) @@ -78,13 +79,13 @@ func validateAPIKeyStore(store esv1beta1.GenericStore, auth esv1beta1.ConjurAPIK func validateJWTStore(store esv1beta1.GenericStore, auth esv1beta1.ConjurJWT) error { if auth.Account == "" { - return fmt.Errorf("missing Auth.Jwt.Account") + return errors.New("missing Auth.Jwt.Account") } if auth.ServiceID == "" { - return fmt.Errorf("missing Auth.Jwt.ServiceID") + return errors.New("missing Auth.Jwt.ServiceID") } if auth.ServiceAccountRef == nil && auth.SecretRef == nil { - return fmt.Errorf("must specify Auth.Jwt.SecretRef or Auth.Jwt.ServiceAccountRef") + return errors.New("must specify Auth.Jwt.SecretRef or Auth.Jwt.ServiceAccountRef") } if auth.SecretRef != nil { if err := utils.ValidateReferentSecretSelector(store, *auth.SecretRef); err != nil { diff --git a/pkg/provider/conjur/validate_test.go b/pkg/provider/conjur/validate_test.go index 23a39f6ef87..f860d57de67 100644 --- a/pkg/provider/conjur/validate_test.go +++ b/pkg/provider/conjur/validate_test.go @@ -15,7 +15,7 @@ limitations under the License. package conjur import ( - "fmt" + "errors" "testing" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" @@ -34,19 +34,19 @@ func TestValidateStore(t *testing.T) { }, { store: makeAPIKeySecretStore("", svcUser, svcApikey, svcAccount), - err: fmt.Errorf("conjur URL cannot be empty"), + err: errors.New("conjur URL cannot be empty"), }, { store: makeAPIKeySecretStore(svcURL, "", svcApikey, svcAccount), - err: fmt.Errorf("missing Auth.Apikey.UserRef"), + err: errors.New("missing Auth.Apikey.UserRef"), }, { store: makeAPIKeySecretStore(svcURL, svcUser, "", svcAccount), - err: fmt.Errorf("missing Auth.Apikey.ApiKeyRef"), + err: errors.New("missing Auth.Apikey.ApiKeyRef"), }, { store: makeAPIKeySecretStore(svcURL, svcUser, svcApikey, ""), - err: fmt.Errorf("missing Auth.ApiKey.Account"), + err: errors.New("missing Auth.ApiKey.Account"), }, { @@ -59,24 +59,24 @@ func TestValidateStore(t *testing.T) { }, { store: makeJWTSecretStore(svcURL, "conjur", "", jwtAuthnService, "", ""), - err: fmt.Errorf("missing Auth.Jwt.Account"), + err: errors.New("missing Auth.Jwt.Account"), }, { store: makeJWTSecretStore(svcURL, "conjur", "", "", "", "myconjuraccount"), - err: fmt.Errorf("missing Auth.Jwt.ServiceID"), + err: errors.New("missing Auth.Jwt.ServiceID"), }, { store: makeJWTSecretStore("", "conjur", "", jwtAuthnService, "", "myconjuraccount"), - err: fmt.Errorf("conjur URL cannot be empty"), + err: errors.New("conjur URL cannot be empty"), }, { store: makeJWTSecretStore(svcURL, "", "", jwtAuthnService, "", "myconjuraccount"), - err: fmt.Errorf("must specify Auth.Jwt.SecretRef or Auth.Jwt.ServiceAccountRef"), + err: errors.New("must specify Auth.Jwt.SecretRef or Auth.Jwt.ServiceAccountRef"), }, { store: makeNoAuthSecretStore(svcURL), - err: fmt.Errorf("missing Auth.* configuration"), + err: errors.New("missing Auth.* configuration"), }, } p := Provider{} diff --git a/pkg/provider/device42/device42.go b/pkg/provider/device42/device42.go index dcd2c04f1ea..00858e64a3b 100644 --- a/pkg/provider/device42/device42.go +++ b/pkg/provider/device42/device42.go @@ -16,6 +16,7 @@ package device42 import ( "context" + "errors" "fmt" "time" @@ -67,7 +68,7 @@ func (c *device42Client) getAuth(ctx context.Context) (string, string, error) { credentialsSecret := &corev1.Secret{} credentialsSecretName := c.store.Auth.SecretRef.Credentials.Name if credentialsSecretName == "" { - return "", "", fmt.Errorf(errCredSecretName) + return "", "", errors.New(errCredSecretName) } objectKey := types.NamespacedName{ Name: credentialsSecretName, @@ -76,7 +77,7 @@ func (c *device42Client) getAuth(ctx context.Context) (string, string, error) { // only ClusterStore is allowed to set namespace (and then it's required) if c.storeKind == esv1beta1.ClusterSecretStoreKind { if c.store.Auth.SecretRef.Credentials.Namespace == nil { - return "", "", fmt.Errorf(errInvalidClusterStoreMissingSAKNamespace) + return "", "", errors.New(errInvalidClusterStoreMissingSAKNamespace) } objectKey.Namespace = *c.store.Auth.SecretRef.Credentials.Namespace } @@ -89,7 +90,7 @@ func (c *device42Client) getAuth(ctx context.Context) (string, string, error) { username := credentialsSecret.Data["username"] password := credentialsSecret.Data["password"] if len(username) == 0 || len(password) == 0 { - return "", "", fmt.Errorf(errMissingSAK) + return "", "", errors.New(errMissingSAK) } return string(username), string(password), nil @@ -103,7 +104,7 @@ func NewDevice42Provider() *Device42 { func (p *Device42) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube kclient.Client, namespace string) (esv1beta1.SecretsClient, error) { storeSpec := store.GetSpec() if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.Device42 == nil { - return nil, fmt.Errorf("no store type or wrong store type") + return nil, errors.New("no store type or wrong store type") } storeSpecDevice42 := storeSpec.Provider.Device42 @@ -125,7 +126,7 @@ func (p *Device42) NewClient(ctx context.Context, store esv1beta1.GenericStore, } func (p *Device42) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf(errNotImplemented) + return false, errors.New(errNotImplemented) } func (p *Device42) Validate() (esv1beta1.ValidationResult, error) { @@ -139,20 +140,20 @@ func (p *Device42) Validate() (esv1beta1.ValidationResult, error) { } func (p *Device42) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (p *Device42) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { - return nil, fmt.Errorf(errNotImplemented) + return nil, errors.New(errNotImplemented) } func (p *Device42) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (p *Device42) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if utils.IsNil(p.client) { - return nil, fmt.Errorf(errUninitializedProvider) + return nil, errors.New(errUninitializedProvider) } data, err := p.client.GetSecret(ref.Key) diff --git a/pkg/provider/device42/device42_api.go b/pkg/provider/device42/device42_api.go index 873f67a1ee0..659575a9e0e 100644 --- a/pkg/provider/device42/device42_api.go +++ b/pkg/provider/device42/device42_api.go @@ -19,6 +19,7 @@ import ( "context" "crypto/tls" "encoding/json" + "errors" "fmt" "net/http" "strconv" @@ -119,7 +120,7 @@ func (api *API) GetSecret(secretID string) (D42Password, error) { } func (api *API) GetSecretMap(_ context.Context, _ esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { - return nil, fmt.Errorf(errNotImplemented) + return nil, errors.New(errNotImplemented) } func (s D42Password) ToMap() map[string][]byte { diff --git a/pkg/provider/doppler/client.go b/pkg/provider/doppler/client.go index 5f09723b9af..4b9a405be3e 100644 --- a/pkg/provider/doppler/client.go +++ b/pkg/provider/doppler/client.go @@ -17,6 +17,7 @@ package doppler import ( "context" "encoding/json" + "errors" "fmt" "net/url" "strings" @@ -119,7 +120,7 @@ func (c *Client) DeleteSecret(_ context.Context, ref esv1beta1.PushSecretRemoteR } func (c *Client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf("not implemented") + return false, errors.New("not implemented") } func (c *Client) PushSecret(_ context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { diff --git a/pkg/provider/doppler/doppler_test.go b/pkg/provider/doppler/doppler_test.go index 01c87ebe7e2..2b524ddf13d 100644 --- a/pkg/provider/doppler/doppler_test.go +++ b/pkg/provider/doppler/doppler_test.go @@ -16,7 +16,7 @@ package doppler import ( "context" - "fmt" + "errors" "strings" "testing" @@ -191,7 +191,7 @@ func TestGetSecret(t *testing.T) { pstc.request.Name = missingSecret pstc.response = nil pstc.expectError = missingSecretErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } setInvalidSecret := func(pstc *dopplerTestCase) { @@ -200,14 +200,14 @@ func TestGetSecret(t *testing.T) { pstc.request.Name = invalidSecret pstc.response = nil pstc.expectError = missingSecretErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } setClientError := func(pstc *dopplerTestCase) { pstc.label = "invalid client error" //nolint:goconst pstc.response = &client.SecretResponse{} pstc.expectError = missingSecretErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } testCases := []*dopplerTestCase{ @@ -254,7 +254,7 @@ func TestGetSecretMap(t *testing.T) { pstc.label = "client error" pstc.response = &client.SecretResponse{} pstc.expectError = missingSecretErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } testCases := []*dopplerTestCase{ @@ -300,14 +300,14 @@ func TestDeleteSecret(t *testing.T) { pstc.request = makeValidDeleteRequest() pstc.remoteRef.RemoteKey = invalidRemoteKey pstc.expectError = missingDeleteErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } setClientError := func(pstc *updateSecretCase) { pstc.label = "invalid client error" pstc.request = makeValidDeleteRequest() pstc.expectError = missingDeleteErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } testCases := []*updateSecretCase{ @@ -337,7 +337,7 @@ func TestPushSecret(t *testing.T) { pstc.label = "push missing secret key" pstc.secretData = makeSecretData(invalidSecret, *makeValidPushRemoteRef()) pstc.expectError = missingPushErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } pushMissingRemoteSecret := func(pstc *updateSecretCase) { @@ -349,13 +349,13 @@ func TestPushSecret(t *testing.T) { }, ) pstc.expectError = missingPushErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } setClientError := func(pstc *updateSecretCase) { pstc.label = "invalid client error" pstc.expectError = missingPushErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } testCases := []*updateSecretCase{ @@ -418,12 +418,12 @@ func TestValidateStore(t *testing.T) { { label: "invalid store missing dopplerToken.name", store: makeSecretStore(withAuth("", "", nil)), - err: fmt.Errorf("invalid store: dopplerToken.name cannot be empty"), + err: errors.New("invalid store: dopplerToken.name cannot be empty"), }, { label: "invalid store namespace not allowed", store: makeSecretStore(withAuth(secretName, "", &namespace)), - err: fmt.Errorf("invalid store: namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), + err: errors.New("invalid store: namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), }, { label: "valid provide optional dopplerToken.key", diff --git a/pkg/provider/doppler/fake/fake.go b/pkg/provider/doppler/fake/fake.go index 061024f13ab..2af17e8581f 100644 --- a/pkg/provider/doppler/fake/fake.go +++ b/pkg/provider/doppler/fake/fake.go @@ -15,7 +15,7 @@ limitations under the License. package fake import ( - "fmt" + "errors" "net/url" "github.com/google/go-cmp/cmp" @@ -53,7 +53,7 @@ func (dc *DopplerClient) WithValue(request client.SecretRequest, response *clien if dc != nil { dc.getSecret = func(requestIn client.SecretRequest) (*client.SecretResponse, error) { if !cmp.Equal(requestIn, request) { - return nil, fmt.Errorf("unexpected test argument") + return nil, errors.New("unexpected test argument") } return response, err } @@ -64,7 +64,7 @@ func (dc *DopplerClient) WithUpdateValue(request client.UpdateSecretsRequest, er if dc != nil { dc.updateSecrets = func(requestIn client.UpdateSecretsRequest) error { if !cmp.Equal(requestIn, request) { - return fmt.Errorf("unexpected test argument") + return errors.New("unexpected test argument") } return err } diff --git a/pkg/provider/doppler/provider.go b/pkg/provider/doppler/provider.go index 1bf21d4c13b..0b7fcb7e0b2 100644 --- a/pkg/provider/doppler/provider.go +++ b/pkg/provider/doppler/provider.go @@ -16,6 +16,7 @@ package doppler import ( "context" + "errors" "fmt" "os" "strconv" @@ -55,7 +56,7 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, storeSpec := store.GetSpec() if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.Doppler == nil { - return nil, fmt.Errorf(errDopplerStore) + return nil, errors.New(errDopplerStore) } dopplerStoreSpec := storeSpec.Provider.Doppler diff --git a/pkg/provider/fake/fake.go b/pkg/provider/fake/fake.go index 3a8ae0c2a07..2d64c7bf2d2 100644 --- a/pkg/provider/fake/fake.go +++ b/pkg/provider/fake/fake.go @@ -17,6 +17,7 @@ package fake import ( "context" "encoding/json" + "errors" "fmt" "strings" @@ -31,8 +32,8 @@ import ( ) var ( - errMissingStore = fmt.Errorf("missing store provider") - errMissingFakeProvider = fmt.Errorf("missing store provider fake") + errMissingStore = errors.New("missing store provider") + errMissingFakeProvider = errors.New("missing store provider fake") errMissingKeyField = "key must be set in data %v" errMissingValueField = "at least one of value or valueMap must be set in data %v" ) @@ -129,7 +130,7 @@ func (p *Provider) PushSecret(_ context.Context, secret *corev1.Secret, data esv } if currentData.Origin != FakeSetSecret { - return fmt.Errorf("key already exists") + return errors.New("key already exists") } currentData.Value = string(value) diff --git a/pkg/provider/gcp/secretmanager/auth.go b/pkg/provider/gcp/secretmanager/auth.go index 5fd89f6a264..ab9648a45c1 100644 --- a/pkg/provider/gcp/secretmanager/auth.go +++ b/pkg/provider/gcp/secretmanager/auth.go @@ -16,6 +16,7 @@ package secretmanager import ( "context" + "errors" "fmt" "golang.org/x/oauth2" @@ -33,7 +34,7 @@ func NewTokenSource(ctx context.Context, auth esv1beta1.GCPSMAuth, projectID, st } wi, err := newWorkloadIdentity(ctx, projectID) if err != nil { - return nil, fmt.Errorf("unable to initialize workload identity") + return nil, errors.New("unable to initialize workload identity") } defer wi.Close() isClusterKind := storeKind == esv1beta1.ClusterSecretStoreKind diff --git a/pkg/provider/gcp/secretmanager/client.go b/pkg/provider/gcp/secretmanager/client.go index 8fcb1fee192..d3e7c59cab1 100644 --- a/pkg/provider/gcp/secretmanager/client.go +++ b/pkg/provider/gcp/secretmanager/client.go @@ -50,8 +50,6 @@ const ( errGCPSMStore = "received invalid GCPSM SecretStore resource" errUnableGetCredentials = "unable to get credentials: %w" errClientClose = "unable to close SecretManager client: %w" - errMissingStoreSpec = "invalid: missing store spec" - errFetchSAKSecret = "could not fetch SecretAccessKey secret: %w" errUnableProcessJSONCredentials = "failed to process the provided JSON credentials: %w" errUnableCreateGCPSMClient = "failed to create GCP secretmanager client: %w" errUninitalizedGCPProvider = "provider GCP is not initialized" @@ -131,7 +129,7 @@ func parseError(err error) error { } func (c *Client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf("not implemented") + return false, errors.New("not implemented") } // PushSecret pushes a kubernetes secret key into gcp provider Secret. @@ -414,7 +412,7 @@ func (c *Client) extractProjectIDNumber(secretFullName string) string { // GetSecret returns a single secret from the provider. func (c *Client) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if utils.IsNil(c.smClient) || c.store.ProjectID == "" { - return nil, fmt.Errorf(errUninitalizedGCPProvider) + return nil, errors.New(errUninitalizedGCPProvider) } if ref.MetadataPolicy == esv1beta1.ExternalSecretMetadataPolicyFetch { @@ -527,7 +525,7 @@ func (c *Client) getSecretMetadata(ctx context.Context, ref esv1beta1.ExternalSe // GetSecretMap returns multiple k/v pairs from the provider. func (c *Client) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { if c.smClient == nil || c.store.ProjectID == "" { - return nil, fmt.Errorf(errUninitalizedGCPProvider) + return nil, errors.New(errUninitalizedGCPProvider) } data, err := c.GetSecret(ctx, ref) diff --git a/pkg/provider/gcp/secretmanager/client_test.go b/pkg/provider/gcp/secretmanager/client_test.go index f9267870d61..f3f742735a8 100644 --- a/pkg/provider/gcp/secretmanager/client_test.go +++ b/pkg/provider/gcp/secretmanager/client_test.go @@ -100,7 +100,7 @@ func makeValidSecretManagerTestCaseCustom(tweaks ...func(smtc *secretManagerTest // This case can be shared by both GetSecret and GetSecretMap tests. // bad case: set apiErr. var setAPIErr = func(smtc *secretManagerTestCase) { - smtc.apiErr = fmt.Errorf("oh no") + smtc.apiErr = errors.New("oh no") smtc.expectError = "oh no" } @@ -517,7 +517,7 @@ func TestPushSecret(t *testing.T) { canceledError := status.Error(codes.Canceled, "canceled") canceledError, _ = apierror.FromError(canceledError) - APIerror := fmt.Errorf("API Error") + APIerror := errors.New("API Error") labelError := fmt.Errorf("secret %v is not managed by external secrets", remoteKey) secret := secretmanagerpb.Secret{ @@ -672,16 +672,16 @@ func TestPushSecret(t *testing.T) { req: func(m *fakesm.MockSMClient) error { req, ok := m.CreateSecretCalledWithN[0] if !ok { - return fmt.Errorf("index 0 for call not found in the list of calls") + return errors.New("index 0 for call not found in the list of calls") } user, ok := req.Secret.Replication.Replication.(*secretmanagerpb.Replication_UserManaged_) if !ok { - return fmt.Errorf("req.Secret.Replication.Replication was not of type *secretmanagerpb.Replication_UserManaged_") + return errors.New("req.Secret.Replication.Replication was not of type *secretmanagerpb.Replication_UserManaged_") } if len(user.UserManaged.Replicas) < 1 { - return fmt.Errorf("req.Secret.Replication.Replication.Replicas was not empty") + return errors.New("req.Secret.Replication.Replication.Replicas was not empty") } if user.UserManaged.Replicas[0].Location != "us-east-1" { @@ -702,7 +702,7 @@ func TestPushSecret(t *testing.T) { }, GetSecretMockReturn: fakesm.SecretMockReturn{Secret: &secret, Err: nil}}, want: want{ - err: fmt.Errorf("failed to decode PushSecret metadata"), + err: errors.New("failed to decode PushSecret metadata"), }, }, { diff --git a/pkg/provider/gcp/secretmanager/fake/fake.go b/pkg/provider/gcp/secretmanager/fake/fake.go index 22c9648927a..92c0fb39aa9 100644 --- a/pkg/provider/gcp/secretmanager/fake/fake.go +++ b/pkg/provider/gcp/secretmanager/fake/fake.go @@ -198,7 +198,7 @@ func (mc *MockSMClient) WithValue(_ context.Context, req *secretmanagerpb.Access // type secretmanagerpb.AccessSecretVersionRequest contains unexported fields // use cmpopts.IgnoreUnexported to ignore all the unexported fields in the cmp. if !cmp.Equal(paramReq, req, cmpopts.IgnoreUnexported(secretmanagerpb.AccessSecretVersionRequest{})) { - return nil, fmt.Errorf("unexpected test argument") + return nil, errors.New("unexpected test argument") } return val, err } diff --git a/pkg/provider/gcp/secretmanager/provider.go b/pkg/provider/gcp/secretmanager/provider.go index 5996d87c9f7..44a594b0770 100644 --- a/pkg/provider/gcp/secretmanager/provider.go +++ b/pkg/provider/gcp/secretmanager/provider.go @@ -16,6 +16,7 @@ package secretmanager import ( "context" + "errors" "fmt" "sync" @@ -60,7 +61,7 @@ func (p *Provider) Capabilities() esv1beta1.SecretStoreCapabilities { func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube kclient.Client, namespace string) (esv1beta1.SecretsClient, error) { storeSpec := store.GetSpec() if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.GCPSM == nil { - return nil, fmt.Errorf(errGCPSMStore) + return nil, errors.New(errGCPSMStore) } gcpStore := storeSpec.Provider.GCPSM @@ -113,18 +114,18 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error) { if store == nil { - return nil, fmt.Errorf(errInvalidStore) + return nil, errors.New(errInvalidStore) } spc := store.GetSpec() if spc == nil { - return nil, fmt.Errorf(errInvalidStoreSpec) + return nil, errors.New(errInvalidStoreSpec) } if spc.Provider == nil { - return nil, fmt.Errorf(errInvalidStoreProv) + return nil, errors.New(errInvalidStoreProv) } g := spc.Provider.GCPSM if p == nil { - return nil, fmt.Errorf(errInvalidGCPProv) + return nil, errors.New(errInvalidGCPProv) } if g.Auth.SecretRef != nil { if err := utils.ValidateReferentSecretSelector(store, g.Auth.SecretRef.SecretAccessKey); err != nil { @@ -145,7 +146,7 @@ func clusterProjectID(spec *esv1beta1.SecretStoreSpec) (string, error) { } else if spec.Provider.GCPSM.ProjectID != "" { return spec.Provider.GCPSM.ProjectID, nil } else { - return "", fmt.Errorf(errNoProjectID) + return "", errors.New(errNoProjectID) } } diff --git a/pkg/provider/gitlab/gitlab.go b/pkg/provider/gitlab/gitlab.go index f5fd1e00b43..a7c226721e4 100644 --- a/pkg/provider/gitlab/gitlab.go +++ b/pkg/provider/gitlab/gitlab.go @@ -17,6 +17,7 @@ package gitlab import ( "context" "encoding/json" + "errors" "fmt" "net/http" "sort" @@ -89,21 +90,21 @@ func (g *gitlabBase) getAuth(ctx context.Context) (string, error) { } func (g *gitlabBase) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (g *gitlabBase) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf(errNotImplemented) + return false, errors.New(errNotImplemented) } func (g *gitlabBase) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } // GetAllSecrets syncs all gitlab project and group variables into a single Kubernetes Secret. func (g *gitlabBase) GetAllSecrets(_ context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error) { if utils.IsNil(g.projectVariablesClient) { - return nil, fmt.Errorf(errUninitializedGitlabProvider) + return nil, errors.New(errUninitializedGitlabProvider) } var effectiveEnvironment = g.store.Environment if ref.Tags != nil { @@ -112,15 +113,15 @@ func (g *gitlabBase) GetAllSecrets(_ context.Context, ref esv1beta1.ExternalSecr return nil, err } if !isEmptyOrWildcard(effectiveEnvironment) && !isEmptyOrWildcard(environment) { - return nil, fmt.Errorf(errEnvironmentIsConstricted) + return nil, errors.New(errEnvironmentIsConstricted) } effectiveEnvironment = environment } if ref.Path != nil { - return nil, fmt.Errorf(errPathNotImplemented) + return nil, errors.New(errPathNotImplemented) } if ref.Name == nil { - return nil, fmt.Errorf(errNameNotDefined) + return nil, errors.New(errNameNotDefined) } var matcher *find.Matcher @@ -193,7 +194,7 @@ func ExtractTag(tags map[string]string) (string, error) { var environmentScope string for tag, value := range tags { if tag != "environment_scope" { - return "", fmt.Errorf(errTagsOnlyEnvironmentSupported) + return "", errors.New(errTagsOnlyEnvironmentSupported) } environmentScope = value } @@ -202,7 +203,7 @@ func ExtractTag(tags map[string]string) (string, error) { func (g *gitlabBase) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if utils.IsNil(g.projectVariablesClient) || utils.IsNil(g.groupVariablesClient) { - return nil, fmt.Errorf(errUninitializedGitlabProvider) + return nil, errors.New(errUninitializedGitlabProvider) } // Need to replace hyphens with underscores to work with GitLab API diff --git a/pkg/provider/gitlab/gitlab_test.go b/pkg/provider/gitlab/gitlab_test.go index 8930a93b59e..04a5e7921f5 100644 --- a/pkg/provider/gitlab/gitlab_test.go +++ b/pkg/provider/gitlab/gitlab_test.go @@ -17,6 +17,7 @@ package gitlab import ( "context" "encoding/json" + "errors" "fmt" "net/http" "reflect" @@ -256,14 +257,14 @@ func prepareMockGroupVarClient(smtc *secretManagerTestCase) { // This case can be shared by both GetSecret and GetSecretMap tests. // bad case: set apiErr. var setAPIErr = func(smtc *secretManagerTestCase) { - smtc.apiErr = fmt.Errorf("oh no") + smtc.apiErr = errors.New("oh no") smtc.expectError = "oh no" smtc.projectAPIResponse.Response.StatusCode = http.StatusInternalServerError smtc.expectedValidationResult = esv1beta1.ValidationResultError } var setListAPIErr = func(smtc *secretManagerTestCase) { - err := fmt.Errorf("oh no") + err := errors.New("oh no") smtc.apiErr = err smtc.expectError = fmt.Errorf(errList, err).Error() smtc.expectedValidationResult = esv1beta1.ValidationResultError @@ -845,23 +846,23 @@ func TestValidateStore(t *testing.T) { testCases := []ValidateStoreTestCase{ { store: makeSecretStore("", environment), - err: fmt.Errorf("projectID and groupIDs must not both be empty"), + err: errors.New("projectID and groupIDs must not both be empty"), }, { store: makeSecretStore(project, environment, withGroups([]string{"group1"}, true)), - err: fmt.Errorf("defining groupIDs and inheritFromGroups = true is not allowed"), + err: errors.New("defining groupIDs and inheritFromGroups = true is not allowed"), }, { store: makeSecretStore(project, environment, withAccessToken("", userkey, nil)), - err: fmt.Errorf("accessToken.name cannot be empty"), + err: errors.New("accessToken.name cannot be empty"), }, { store: makeSecretStore(project, environment, withAccessToken(username, "", nil)), - err: fmt.Errorf("accessToken.key cannot be empty"), + err: errors.New("accessToken.key cannot be empty"), }, { store: makeSecretStore(project, environment, withAccessToken("userName", "userKey", &namespace)), - err: fmt.Errorf("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), + err: errors.New("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), }, { store: makeSecretStore(project, environment, withAccessToken("userName", "userKey", nil)), diff --git a/pkg/provider/gitlab/provider.go b/pkg/provider/gitlab/provider.go index 1922d3a5347..fe06b22f38c 100644 --- a/pkg/provider/gitlab/provider.go +++ b/pkg/provider/gitlab/provider.go @@ -16,7 +16,7 @@ package gitlab import ( "context" - "fmt" + "errors" "github.com/xanzy/go-gitlab" kclient "sigs.k8s.io/controller-runtime/pkg/client" @@ -50,7 +50,7 @@ func (g *Provider) Capabilities() esv1beta1.SecretStoreCapabilities { func (g *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube kclient.Client, namespace string) (esv1beta1.SecretsClient, error) { storeSpec := store.GetSpec() if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.Gitlab == nil { - return nil, fmt.Errorf("no store type or wrong store type") + return nil, errors.New("no store type or wrong store type") } storeSpecGitlab := storeSpec.Provider.Gitlab @@ -106,19 +106,19 @@ func (g *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin } if gitlabSpec.ProjectID == "" && len(gitlabSpec.GroupIDs) == 0 { - return nil, fmt.Errorf("projectID and groupIDs must not both be empty") + return nil, errors.New("projectID and groupIDs must not both be empty") } if gitlabSpec.InheritFromGroups && len(gitlabSpec.GroupIDs) > 0 { - return nil, fmt.Errorf("defining groupIDs and inheritFromGroups = true is not allowed") + return nil, errors.New("defining groupIDs and inheritFromGroups = true is not allowed") } if accessToken.Key == "" { - return nil, fmt.Errorf("accessToken.key cannot be empty") + return nil, errors.New("accessToken.key cannot be empty") } if accessToken.Name == "" { - return nil, fmt.Errorf("accessToken.name cannot be empty") + return nil, errors.New("accessToken.name cannot be empty") } return nil, nil diff --git a/pkg/provider/ibm/provider.go b/pkg/provider/ibm/provider.go index fe662ffca19..98d5ba414bf 100644 --- a/pkg/provider/ibm/provider.go +++ b/pkg/provider/ibm/provider.go @@ -17,6 +17,7 @@ package ibm import ( "context" "encoding/json" + "errors" "fmt" "os" "strings" @@ -98,27 +99,27 @@ func (c *client) setAuth(ctx context.Context) error { } func (ibm *providerIBM) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (ibm *providerIBM) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf(errNotImplemented) + return false, errors.New(errNotImplemented) } // Not Implemented PushSecret. func (ibm *providerIBM) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } // Empty GetAllSecrets. func (ibm *providerIBM) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { // TO be implemented - return nil, fmt.Errorf(errNotImplemented) + return nil, errors.New(errNotImplemented) } func (ibm *providerIBM) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if utils.IsNil(ibm.IBMClient) { - return nil, fmt.Errorf(errUninitalizedIBMProvider) + return nil, errors.New(errUninitalizedIBMProvider) } var secretGroupName string @@ -143,7 +144,7 @@ func (ibm *providerIBM) GetSecret(_ context.Context, ref esv1beta1.ExternalSecre case sm.Secret_SecretType_UsernamePassword: if ref.Property == "" { - return nil, fmt.Errorf("remoteRef.property required for secret type username_password") + return nil, errors.New("remoteRef.property required for secret type username_password") } return getUsernamePasswordSecret(ibm, &secretName, ref, secretGroupName) @@ -158,7 +159,7 @@ func (ibm *providerIBM) GetSecret(_ context.Context, ref esv1beta1.ExternalSecre case sm.Secret_SecretType_ImportedCert: if ref.Property == "" { - return nil, fmt.Errorf("remoteRef.property required for secret type imported_cert") + return nil, errors.New("remoteRef.property required for secret type imported_cert") } return getImportCertSecret(ibm, &secretName, ref, secretGroupName) @@ -166,7 +167,7 @@ func (ibm *providerIBM) GetSecret(_ context.Context, ref esv1beta1.ExternalSecre case sm.Secret_SecretType_PublicCert: if ref.Property == "" { - return nil, fmt.Errorf("remoteRef.property required for secret type public_cert") + return nil, errors.New("remoteRef.property required for secret type public_cert") } return getPublicCertSecret(ibm, &secretName, ref, secretGroupName) @@ -174,7 +175,7 @@ func (ibm *providerIBM) GetSecret(_ context.Context, ref esv1beta1.ExternalSecre case sm.Secret_SecretType_PrivateCert: if ref.Property == "" { - return nil, fmt.Errorf("remoteRef.property required for secret type private_cert") + return nil, errors.New("remoteRef.property required for secret type private_cert") } return getPrivateCertSecret(ibm, &secretName, ref, secretGroupName) @@ -361,7 +362,7 @@ func getSecretData(ibm *providerIBM, secretName *string, secretType, secretGroup // secret name has been provided instead of id if secretGroupName == "" { // secret group name is not provided - return nil, fmt.Errorf("failed to fetch the secret, secret group name is missing") + return nil, errors.New("failed to fetch the secret, secret group name is missing") } // secret group name is provided along with secret name, @@ -398,7 +399,7 @@ func getSecretData(ibm *providerIBM, secretName *string, secretType, secretGroup func (ibm *providerIBM) GetSecretMap(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { if utils.IsNil(ibm.IBMClient) { - return nil, fmt.Errorf(errUninitalizedIBMProvider) + return nil, errors.New(errUninitalizedIBMProvider) } var secretGroupName string secretType := sm.Secret_SecretType_Arbitrary @@ -545,7 +546,7 @@ func (ibm *providerIBM) ValidateStore(store esv1beta1.GenericStore) (admission.W storeSpec := store.GetSpec() ibmSpec := storeSpec.Provider.IBM if ibmSpec.ServiceURL == nil { - return nil, fmt.Errorf("serviceURL is required") + return nil, errors.New("serviceURL is required") } containerRef := ibmSpec.Auth.ContainerAuth @@ -557,15 +558,15 @@ func (ibm *providerIBM) ValidateStore(store esv1beta1.GenericStore) (admission.W if missingContainerRef == missingSecretRef { // since both are equal, if one is missing assume both are missing if missingContainerRef { - return nil, fmt.Errorf("missing auth method") + return nil, errors.New("missing auth method") } - return nil, fmt.Errorf("too many auth methods defined") + return nil, errors.New("too many auth methods defined") } if !missingContainerRef { // catch undefined container auth profile if containerRef.Profile == "" { - return nil, fmt.Errorf("container auth profile cannot be empty") + return nil, errors.New("container auth profile cannot be empty") } // proceed with container auth @@ -585,10 +586,10 @@ func (ibm *providerIBM) ValidateStore(store esv1beta1.GenericStore) (admission.W return nil, err } if secretKeyRef.Name == "" { - return nil, fmt.Errorf("secretAPIKey.name cannot be empty") + return nil, errors.New("secretAPIKey.name cannot be empty") } if secretKeyRef.Key == "" { - return nil, fmt.Errorf("secretAPIKey.key cannot be empty") + return nil, errors.New("secretAPIKey.key cannot be empty") } return nil, nil diff --git a/pkg/provider/ibm/provider_test.go b/pkg/provider/ibm/provider_test.go index b9268ac5c83..22a9b4ec0af 100644 --- a/pkg/provider/ibm/provider_test.go +++ b/pkg/provider/ibm/provider_test.go @@ -17,6 +17,7 @@ package ibm import ( "context" "encoding/json" + "errors" "fmt" "reflect" "strconv" @@ -144,7 +145,7 @@ func makeValidSecretManagerTestCaseCustom(tweaks ...func(smtc *secretManagerTest // This case can be shared by both GetSecret and GetSecretMap tests. // bad case: set apiErr. var setAPIErr = func(smtc *secretManagerTestCase) { - smtc.apiErr = fmt.Errorf("oh no") + smtc.apiErr = errors.New("oh no") smtc.expectError = "oh no" } @@ -165,7 +166,7 @@ func TestValidateStore(t *testing.T) { } _, err := p.ValidateStore(store) if err == nil { - t.Errorf(errExpectedErr) + t.Error(errExpectedErr) } else if err.Error() != "serviceURL is required" { t.Errorf("service URL test failed") } @@ -173,7 +174,7 @@ func TestValidateStore(t *testing.T) { store.Spec.Provider.IBM.ServiceURL = &url _, err = p.ValidateStore(store) if err == nil { - t.Errorf(errExpectedErr) + t.Error(errExpectedErr) } else if err.Error() != "missing auth method" { t.Errorf("KeySelector test failed: expected missing auth method, got %v", err) } @@ -187,7 +188,7 @@ func TestValidateStore(t *testing.T) { } _, err = p.ValidateStore(store) if err == nil { - t.Errorf(errExpectedErr) + t.Error(errExpectedErr) } else if err.Error() != "namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore" { t.Errorf("KeySelector test failed: expected namespace not allowed, got %v", err) } diff --git a/pkg/provider/keepersecurity/client.go b/pkg/provider/keepersecurity/client.go index 518855537e3..5d4b11f5ac2 100644 --- a/pkg/provider/keepersecurity/client.go +++ b/pkg/provider/keepersecurity/client.go @@ -127,10 +127,10 @@ func (c *Client) GetSecretMap(_ context.Context, ref esv1beta1.ExternalSecretDat func (c *Client) GetAllSecrets(_ context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error) { if ref.Tags != nil { - return nil, fmt.Errorf(errTagsNotImplemented) + return nil, errors.New(errTagsNotImplemented) } if ref.Path != nil { - return nil, fmt.Errorf(errPathNotImplemented) + return nil, errors.New(errPathNotImplemented) } secretData := make(map[string][]byte) records, err := c.findSecrets() @@ -164,7 +164,7 @@ func (c *Client) Close(_ context.Context) error { func (c *Client) PushSecret(_ context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { if data.GetSecretKey() == "" { - return fmt.Errorf("pushing the whole secret is not yet implemented") + return errors.New("pushing the whole secret is not yet implemented") } value := secret.Data[data.GetSecretKey()] @@ -213,7 +213,7 @@ func (c *Client) DeleteSecret(_ context.Context, remoteRef esv1beta1.PushSecretR } func (c *Client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf("not implemented") + return false, errors.New("not implemented") } func (c *Client) buildSecretNameAndKey(remoteRef esv1beta1.PushSecretRemoteRef) ([]string, error) { diff --git a/pkg/provider/keepersecurity/provider.go b/pkg/provider/keepersecurity/provider.go index 4b4140de35f..271c6a81981 100644 --- a/pkg/provider/keepersecurity/provider.go +++ b/pkg/provider/keepersecurity/provider.go @@ -16,6 +16,7 @@ package keepersecurity import ( "context" + "errors" "fmt" ksm "github.com/keeper-security/secrets-manager-go/core" @@ -29,16 +30,13 @@ import ( ) const ( - errKeeperSecurityUnableToCreateConfig = "unable to create valid KeeperSecurity config: %w" - errKeeperSecurityStore = "received invalid KeeperSecurity SecretStore resource: %s" - errKeeperSecurityNilSpec = "nil spec" - errKeeperSecurityNilSpecProvider = "nil spec.provider" - errKeeperSecurityNilSpecProviderKeeperSecurity = "nil spec.provider.keepersecurity" - errKeeperSecurityStoreMissingAuth = "missing: spec.provider.keepersecurity.auth" - errKeeperSecurityStoreMissingFolderID = "missing: spec.provider.keepersecurity.folderID" - errInvalidClusterStoreMissingK8sSecretNamespace = "invalid ClusterSecretStore: missing KeeperSecurity k8s Auth Secret Namespace" - errFetchK8sSecret = "could not fetch k8s Secret: %w" - errMissingK8sSecretKey = "missing Secret key: %s" + errKeeperSecurityUnableToCreateConfig = "unable to create valid KeeperSecurity config: %w" + errKeeperSecurityStore = "received invalid KeeperSecurity SecretStore resource: %s" + errKeeperSecurityNilSpec = "nil spec" + errKeeperSecurityNilSpecProvider = "nil spec.provider" + errKeeperSecurityNilSpecProviderKeeperSecurity = "nil spec.provider.keepersecurity" + errKeeperSecurityStoreMissingAuth = "missing: spec.provider.keepersecurity.auth" + errKeeperSecurityStoreMissingFolderID = "missing: spec.provider.keepersecurity.folderID" ) // Provider implements the necessary NewClient() and ValidateStore() funcs. @@ -90,23 +88,23 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin } spc := store.GetSpec() if spc == nil { - return nil, fmt.Errorf(errKeeperSecurityNilSpec) + return nil, errors.New(errKeeperSecurityNilSpec) } if spc.Provider == nil { - return nil, fmt.Errorf(errKeeperSecurityNilSpecProvider) + return nil, errors.New(errKeeperSecurityNilSpecProvider) } if spc.Provider.KeeperSecurity == nil { - return nil, fmt.Errorf(errKeeperSecurityNilSpecProviderKeeperSecurity) + return nil, errors.New(errKeeperSecurityNilSpecProviderKeeperSecurity) } // check mandatory fields config := spc.Provider.KeeperSecurity if err := utils.ValidateSecretSelector(store, config.Auth); err != nil { - return nil, fmt.Errorf(errKeeperSecurityStoreMissingAuth) + return nil, errors.New(errKeeperSecurityStoreMissingAuth) } if config.FolderID == "" { - return nil, fmt.Errorf(errKeeperSecurityStoreMissingFolderID) + return nil, errors.New(errKeeperSecurityStoreMissingFolderID) } return nil, nil diff --git a/pkg/provider/kubernetes/auth.go b/pkg/provider/kubernetes/auth.go index 70e848399a8..d62b23cd182 100644 --- a/pkg/provider/kubernetes/auth.go +++ b/pkg/provider/kubernetes/auth.go @@ -16,6 +16,7 @@ package kubernetes import ( "context" + "errors" "fmt" authenticationv1 "k8s.io/api/authentication/v1" @@ -66,7 +67,7 @@ func (c *Client) getAuth(ctx context.Context) (*rest.Config, error) { return nil, fmt.Errorf("could not fetch Auth.ServiceAccount: %w", err) } } else { - return nil, fmt.Errorf("no auth provider given") + return nil, errors.New("no auth provider given") } var key, cert []byte @@ -78,7 +79,7 @@ func (c *Client) getAuth(ctx context.Context) (*rest.Config, error) { } if c.store.Server.URL == "" { - return nil, fmt.Errorf("no server URL provided") + return nil, errors.New("no server URL provided") } return &rest.Config{ diff --git a/pkg/provider/kubernetes/client.go b/pkg/provider/kubernetes/client.go index 662d506a2e2..957a8671d0d 100644 --- a/pkg/provider/kubernetes/client.go +++ b/pkg/provider/kubernetes/client.go @@ -19,6 +19,7 @@ import ( "context" "encoding/base64" "encoding/json" + "errors" "fmt" "reflect" "strings" @@ -77,7 +78,7 @@ func (c *Client) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretData func (c *Client) DeleteSecret(ctx context.Context, remoteRef esv1beta1.PushSecretRemoteRef) error { if remoteRef.GetProperty() == "" { - return fmt.Errorf("requires property in RemoteRef to delete secret value") + return errors.New("requires property in RemoteRef to delete secret value") } extSecret, getErr := c.userSecretClient.Get(ctx, remoteRef.GetRemoteKey(), metav1.GetOptions{}) @@ -101,12 +102,12 @@ func (c *Client) DeleteSecret(ctx context.Context, remoteRef esv1beta1.PushSecre } func (c *Client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf("not implemented") + return false, errors.New("not implemented") } func (c *Client) PushSecret(ctx context.Context, secret *v1.Secret, data esv1beta1.PushSecretData) error { if data.GetProperty() == "" && data.GetSecretKey() != "" { - return fmt.Errorf("requires property in RemoteRef to push secret value if secret key is defined") + return errors.New("requires property in RemoteRef to push secret value if secret key is defined") } extSecret, getErr := c.userSecretClient.Get(ctx, data.GetRemoteKey(), metav1.GetOptions{}) diff --git a/pkg/provider/kubernetes/provider.go b/pkg/provider/kubernetes/provider.go index 82fcecaac78..fbfd5ed30f7 100644 --- a/pkg/provider/kubernetes/provider.go +++ b/pkg/provider/kubernetes/provider.go @@ -16,6 +16,7 @@ package kubernetes import ( "context" + "errors" "fmt" authv1 "k8s.io/api/authorization/v1" @@ -101,7 +102,7 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, func (p *Provider) newClient(ctx context.Context, store esv1beta1.GenericStore, ctrlClient kclient.Client, ctrlClientset kubernetes.Interface, namespace string) (esv1beta1.SecretsClient, error) { storeSpec := store.GetSpec() if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.Kubernetes == nil { - return nil, fmt.Errorf("no store type or wrong store type") + return nil, errors.New("no store type or wrong store type") } storeSpecKubernetes := storeSpec.Provider.Kubernetes client := &Client{ diff --git a/pkg/provider/kubernetes/validate.go b/pkg/provider/kubernetes/validate.go index 11d1a6ef135..00f70607cc3 100644 --- a/pkg/provider/kubernetes/validate.go +++ b/pkg/provider/kubernetes/validate.go @@ -16,6 +16,7 @@ package kubernetes import ( "context" + "errors" "fmt" authv1 "k8s.io/api/authorization/v1" @@ -32,19 +33,19 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin storeSpec := store.GetSpec() k8sSpec := storeSpec.Provider.Kubernetes if k8sSpec.AuthRef == nil && k8sSpec.Server.CABundle == nil && k8sSpec.Server.CAProvider == nil { - return nil, fmt.Errorf("a CABundle or CAProvider is required") + return nil, errors.New("a CABundle or CAProvider is required") } if store.GetObjectKind().GroupVersionKind().Kind == esv1beta1.ClusterSecretStoreKind && k8sSpec.Server.CAProvider != nil && k8sSpec.Server.CAProvider.Namespace == nil { - return nil, fmt.Errorf("CAProvider.namespace must not be empty with ClusterSecretStore") + return nil, errors.New("CAProvider.namespace must not be empty with ClusterSecretStore") } if k8sSpec.Auth.Cert != nil { if k8sSpec.Auth.Cert.ClientCert.Name == "" { - return nil, fmt.Errorf("ClientCert.Name cannot be empty") + return nil, errors.New("ClientCert.Name cannot be empty") } if k8sSpec.Auth.Cert.ClientCert.Key == "" { - return nil, fmt.Errorf("ClientCert.Key cannot be empty") + return nil, errors.New("ClientCert.Key cannot be empty") } if err := utils.ValidateSecretSelector(store, k8sSpec.Auth.Cert.ClientCert); err != nil { return nil, err @@ -52,10 +53,10 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin } if k8sSpec.Auth.Token != nil { if k8sSpec.Auth.Token.BearerToken.Name == "" { - return nil, fmt.Errorf("BearerToken.Name cannot be empty") + return nil, errors.New("BearerToken.Name cannot be empty") } if k8sSpec.Auth.Token.BearerToken.Key == "" { - return nil, fmt.Errorf("BearerToken.Key cannot be empty") + return nil, errors.New("BearerToken.Key cannot be empty") } if err := utils.ValidateSecretSelector(store, k8sSpec.Auth.Token.BearerToken); err != nil { return nil, err @@ -94,7 +95,7 @@ func (c *Client) Validate() (esv1beta1.ValidationResult, error) { return esv1beta1.ValidationResultReady, nil } } - return esv1beta1.ValidationResultError, fmt.Errorf("client is not allowed to get secrets") + return esv1beta1.ValidationResultError, errors.New("client is not allowed to get secrets") } func contains(sub string, args []string) bool { diff --git a/pkg/provider/onboardbase/client.go b/pkg/provider/onboardbase/client.go index 195f19463b1..05ce8028fee 100644 --- a/pkg/provider/onboardbase/client.go +++ b/pkg/provider/onboardbase/client.go @@ -17,6 +17,7 @@ package onboardbase import ( "context" "encoding/json" + "errors" "fmt" "net/url" "strings" @@ -71,7 +72,7 @@ func (c *Client) setAuth(ctx context.Context) error { credentialsSecret := &corev1.Secret{} credentialsSecretName := c.store.Auth.OnboardbaseAPIKeyRef.Name if credentialsSecretName == "" { - return fmt.Errorf(errOnboardbaseAPIKeySecretName) + return errors.New(errOnboardbaseAPIKeySecretName) } objectKey := types.NamespacedName{ Name: credentialsSecretName, @@ -80,7 +81,7 @@ func (c *Client) setAuth(ctx context.Context) error { // only ClusterStore is allowed to set namespace (and then it's required) if c.storeKind == esv1beta1.ClusterSecretStoreKind { if c.store.Auth.OnboardbaseAPIKeyRef.Namespace == nil { - return fmt.Errorf(errInvalidClusterStoreMissingOnboardbaseAPIKeyNamespace) + return errors.New(errInvalidClusterStoreMissingOnboardbaseAPIKeyNamespace) } objectKey.Namespace = *c.store.Auth.OnboardbaseAPIKeyRef.Namespace } @@ -188,7 +189,7 @@ func (c *Client) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretD func (c *Client) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error) { if len(ref.Tags) > 0 { - return nil, fmt.Errorf("find by tags not supported") + return nil, errors.New("find by tags not supported") } secrets, err := c.getSecrets(ctx) diff --git a/pkg/provider/onboardbase/fake/fake.go b/pkg/provider/onboardbase/fake/fake.go index fe1e61be16d..5f73257e3e9 100644 --- a/pkg/provider/onboardbase/fake/fake.go +++ b/pkg/provider/onboardbase/fake/fake.go @@ -15,7 +15,7 @@ limitations under the License. package fake import ( - "fmt" + "errors" "net/url" "github.com/google/go-cmp/cmp" @@ -51,7 +51,7 @@ func (obbc *OnboardbaseClient) WithValue(request client.SecretRequest, response if obbc != nil { obbc.getSecret = func(requestIn client.SecretRequest) (*client.SecretResponse, error) { if !cmp.Equal(requestIn, request) { - return nil, fmt.Errorf("unexpected test argument") + return nil, errors.New("unexpected test argument") } return response, err } diff --git a/pkg/provider/onboardbase/onboardbase_test.go b/pkg/provider/onboardbase/onboardbase_test.go index 9c373d5deaa..82f2f46b30a 100644 --- a/pkg/provider/onboardbase/onboardbase_test.go +++ b/pkg/provider/onboardbase/onboardbase_test.go @@ -16,7 +16,7 @@ package onboardbase import ( "context" - "fmt" + "errors" "strings" "testing" @@ -128,7 +128,7 @@ func TestGetSecret(t *testing.T) { pstc.request.Name = missingSecret pstc.response = nil pstc.expectError = missingSecretErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } setInvalidSecret := func(pstc *onboardbaseTestCase) { @@ -137,14 +137,14 @@ func TestGetSecret(t *testing.T) { pstc.request.Name = invalidSecret pstc.response = nil pstc.expectError = missingSecretErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } setClientError := func(pstc *onboardbaseTestCase) { pstc.label = "invalid client error" pstc.response = &client.SecretResponse{} pstc.expectError = missingSecretErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } testCases := []*onboardbaseTestCase{ @@ -175,7 +175,7 @@ func TestDeleteSecret(t *testing.T) { pstc.request.Name = missingSecret pstc.response = nil pstc.expectError = missingSecretErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } setInvalidSecret := func(pstc *onboardbaseTestCase) { @@ -185,7 +185,7 @@ func TestDeleteSecret(t *testing.T) { pstc.request.Name = invalidSecret pstc.response = nil pstc.expectError = missingSecretErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } deleteSecret := func(pstc *onboardbaseTestCase) { @@ -237,7 +237,7 @@ func TestGetSecretMap(t *testing.T) { pstc.label = "client error" pstc.response = &client.SecretResponse{} pstc.expectError = missingSecretErr - pstc.apiErr = fmt.Errorf("") + pstc.apiErr = errors.New("") } testCases := []*onboardbaseTestCase{ @@ -319,17 +319,17 @@ func TestValidateStore(t *testing.T) { { label: "invalid store missing onboardbaseAPIKey.name", store: makeSecretStore(withAuth("", "", nil, "")), - err: fmt.Errorf("invalid store: onboardbaseAPIKey.name cannot be empty"), + err: errors.New("invalid store: onboardbaseAPIKey.name cannot be empty"), }, { label: "invalid store missing onboardbasePasscode.name", store: makeSecretStore(withAuth(secretName, "", nil, "")), - err: fmt.Errorf("invalid store: onboardbasePasscode.name cannot be empty"), + err: errors.New("invalid store: onboardbasePasscode.name cannot be empty"), }, { label: "invalid store namespace not allowed", store: makeSecretStore(withAuth(secretName, "", &namespace, "passcode")), - err: fmt.Errorf("invalid store: namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), + err: errors.New("invalid store: namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), }, { label: "valid provide optional onboardbaseAPIKey.key", diff --git a/pkg/provider/onboardbase/provider.go b/pkg/provider/onboardbase/provider.go index 915eb2c8ff9..d93cc2724fc 100644 --- a/pkg/provider/onboardbase/provider.go +++ b/pkg/provider/onboardbase/provider.go @@ -16,6 +16,7 @@ package onboardbase import ( "context" + "errors" "fmt" kclient "sigs.k8s.io/controller-runtime/pkg/client" @@ -53,7 +54,7 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, storeSpec := store.GetSpec() if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.Onboardbase == nil { - return nil, fmt.Errorf(errOnboardbaseStore) + return nil, errors.New(errOnboardbaseStore) } onboardbaseStoreSpec := storeSpec.Provider.Onboardbase diff --git a/pkg/provider/onepassword/onepassword.go b/pkg/provider/onepassword/onepassword.go index 256c3e70d1c..aa9aa32f991 100644 --- a/pkg/provider/onepassword/onepassword.go +++ b/pkg/provider/onepassword/onepassword.go @@ -121,22 +121,22 @@ func validateStore(store esv1beta1.GenericStore) error { // check nils storeSpec := store.GetSpec() if storeSpec == nil { - return fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreNilSpec)) + return fmt.Errorf(errOnePasswordStore, errors.New(errOnePasswordStoreNilSpec)) } if storeSpec.Provider == nil { - return fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreNilSpecProvider)) + return fmt.Errorf(errOnePasswordStore, errors.New(errOnePasswordStoreNilSpecProvider)) } if storeSpec.Provider.OnePassword == nil { - return fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreNilSpecProviderOnePassword)) + return fmt.Errorf(errOnePasswordStore, errors.New(errOnePasswordStoreNilSpecProviderOnePassword)) } // check mandatory fields config := storeSpec.Provider.OnePassword if config.Auth.SecretRef.ConnectToken.Name == "" { - return fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreMissingRefName)) + return fmt.Errorf(errOnePasswordStore, errors.New(errOnePasswordStoreMissingRefName)) } if config.Auth.SecretRef.ConnectToken.Key == "" { - return fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreMissingRefKey)) + return fmt.Errorf(errOnePasswordStore, errors.New(errOnePasswordStoreMissingRefKey)) } // check namespace compared to kind @@ -146,12 +146,12 @@ func validateStore(store esv1beta1.GenericStore) error { // check at least one vault if len(config.Vaults) == 0 { - return fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreAtLeastOneVault)) + return fmt.Errorf(errOnePasswordStore, errors.New(errOnePasswordStoreAtLeastOneVault)) } // ensure vault numbers are unique if !hasUniqueVaultNumbers(config.Vaults) { - return fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreNonUniqueVaultNumbers)) + return fmt.Errorf(errOnePasswordStore, errors.New(errOnePasswordStoreNonUniqueVaultNumbers)) } // check valid URL @@ -209,7 +209,7 @@ func (provider *ProviderOnePassword) DeleteSecret(_ context.Context, ref esv1bet } func (provider *ProviderOnePassword) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf("not implemented") + return false, errors.New("not implemented") } const ( @@ -332,7 +332,7 @@ func (provider *ProviderOnePassword) PushSecret(ctx context.Context, secret *cor // GetSecret returns a single secret from the provider. func (provider *ProviderOnePassword) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if ref.Version != "" { - return nil, fmt.Errorf(errVersionNotImplemented) + return nil, errors.New(errVersionNotImplemented) } item, err := provider.findItem(ref.Key) @@ -366,7 +366,7 @@ func (provider *ProviderOnePassword) Validate() (esv1beta1.ValidationResult, err // GetSecretMap returns multiple k/v pairs from the provider, for dataFrom.extract. func (provider *ProviderOnePassword) GetSecretMap(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { if ref.Version != "" { - return nil, fmt.Errorf(errVersionNotImplemented) + return nil, errors.New(errVersionNotImplemented) } item, err := provider.findItem(ref.Key) @@ -386,7 +386,7 @@ func (provider *ProviderOnePassword) GetSecretMap(_ context.Context, ref esv1bet // GetAllSecrets syncs multiple 1Password Items into a single Kubernetes Secret, for dataFrom.find. func (provider *ProviderOnePassword) GetAllSecrets(_ context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error) { if ref.Tags != nil { - return nil, fmt.Errorf(errTagsNotImplemented) + return nil, errors.New(errTagsNotImplemented) } secretData := make(map[string][]byte) diff --git a/pkg/provider/onepassword/onepassword_test.go b/pkg/provider/onepassword/onepassword_test.go index c0124cc90c8..f2daeb78a33 100644 --- a/pkg/provider/onepassword/onepassword_test.go +++ b/pkg/provider/onepassword/onepassword_test.go @@ -178,7 +178,7 @@ func TestFindItem(t *testing.T) { { checkNote: "two vaults", findItemName: myItem, - expectedErr: fmt.Errorf("key not found in 1Password Vaults: my-item in: map[my-shared-vault:2 my-vault:1]"), + expectedErr: errors.New("key not found in 1Password Vaults: my-item in: map[my-shared-vault:2 my-vault:1]"), }, }, }, @@ -371,7 +371,7 @@ func TestValidateStore(t *testing.T) { Provider: nil, }, }, - expectedErr: fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreNilSpecProvider)), + expectedErr: fmt.Errorf(errOnePasswordStore, errors.New(errOnePasswordStoreNilSpecProvider)), }, { checkNote: "invalid: nil OnePassword provider spec", @@ -385,7 +385,7 @@ func TestValidateStore(t *testing.T) { }, }, }, - expectedErr: fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreNilSpecProviderOnePassword)), + expectedErr: fmt.Errorf(errOnePasswordStore, errors.New(errOnePasswordStoreNilSpecProviderOnePassword)), }, { checkNote: "valid secretStore", @@ -441,7 +441,7 @@ func TestValidateStore(t *testing.T) { }, }, }, - expectedErr: fmt.Errorf(errOnePasswordStore, fmt.Errorf("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore")), + expectedErr: fmt.Errorf(errOnePasswordStore, errors.New("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore")), }, { checkNote: "invalid: more than one vault with the same number", @@ -469,7 +469,7 @@ func TestValidateStore(t *testing.T) { }, }, }, - expectedErr: fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreNonUniqueVaultNumbers)), + expectedErr: fmt.Errorf(errOnePasswordStore, errors.New(errOnePasswordStoreNonUniqueVaultNumbers)), }, { checkNote: "valid: clusterSecretStore", @@ -525,7 +525,7 @@ func TestValidateStore(t *testing.T) { }, }, }, - expectedErr: fmt.Errorf(errOnePasswordStore, fmt.Errorf("cluster scope requires namespace")), + expectedErr: fmt.Errorf(errOnePasswordStore, errors.New("cluster scope requires namespace")), }, { checkNote: "invalid: missing connectTokenSecretRef.name", @@ -552,7 +552,7 @@ func TestValidateStore(t *testing.T) { }, }, }, - expectedErr: fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreMissingRefName)), + expectedErr: fmt.Errorf(errOnePasswordStore, errors.New(errOnePasswordStoreMissingRefName)), }, { checkNote: "invalid: missing connectTokenSecretRef.key", @@ -579,7 +579,7 @@ func TestValidateStore(t *testing.T) { }, }, }, - expectedErr: fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreMissingRefKey)), + expectedErr: fmt.Errorf(errOnePasswordStore, errors.New(errOnePasswordStoreMissingRefKey)), }, { checkNote: "invalid: at least one vault", @@ -604,7 +604,7 @@ func TestValidateStore(t *testing.T) { }, }, }, - expectedErr: fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreAtLeastOneVault)), + expectedErr: fmt.Errorf(errOnePasswordStore, errors.New(errOnePasswordStoreAtLeastOneVault)), }, { checkNote: "invalid: url", @@ -631,7 +631,7 @@ func TestValidateStore(t *testing.T) { }, }, }, - expectedErr: fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreInvalidConnectHost, fmt.Errorf("parse \":/invalid.invalid\": missing protocol scheme"))), + expectedErr: fmt.Errorf(errOnePasswordStore, fmt.Errorf(errOnePasswordStoreInvalidConnectHost, errors.New("parse \":/invalid.invalid\": missing protocol scheme"))), }, } @@ -716,7 +716,7 @@ func TestGetSecret(t *testing.T) { Property: key1, Version: "123", }, - expectedErr: fmt.Errorf(errVersionNotImplemented), + expectedErr: errors.New(errVersionNotImplemented), }, }, }, @@ -764,7 +764,7 @@ func TestGetSecret(t *testing.T) { Key: myItem, Property: "you-cant-find-me.png", }, - expectedErr: fmt.Errorf(errDocumentNotFound, fmt.Errorf("'my-item', 'you-cant-find-me.png'")), + expectedErr: fmt.Errorf(errDocumentNotFound, errors.New("'my-item', 'you-cant-find-me.png'")), }, }, }, @@ -881,7 +881,7 @@ func TestGetSecretMap(t *testing.T) { Property: key1, Version: "123", }, - expectedErr: fmt.Errorf(errVersionNotImplemented), + expectedErr: errors.New(errVersionNotImplemented), }, }, }, @@ -1096,7 +1096,7 @@ func TestGetAllSecrets(t *testing.T) { "asdf": "fdas", }, }, - expectedErr: fmt.Errorf(errTagsNotImplemented), + expectedErr: errors.New(errTagsNotImplemented), }, }, }, diff --git a/pkg/provider/oracle/oracle.go b/pkg/provider/oracle/oracle.go index 2f4dfccbd7f..c2c455e0e73 100644 --- a/pkg/provider/oracle/oracle.go +++ b/pkg/provider/oracle/oracle.go @@ -97,7 +97,7 @@ const ( func (vms *VaultManagementService) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { if vms.encryptionKey == "" { - return fmt.Errorf("SecretStore must reference encryption key") + return errors.New("SecretStore must reference encryption key") } value := secret.Data[data.GetSecretKey()] if data.GetSecretKey() == "" { @@ -171,7 +171,7 @@ func (vms *VaultManagementService) DeleteSecret(ctx context.Context, remoteRef e } func (vms *VaultManagementService) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf("not implemented") + return false, errors.New("not implemented") } func (vms *VaultManagementService) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error) { @@ -198,7 +198,7 @@ func (vms *VaultManagementService) GetAllSecrets(ctx context.Context, ref esv1be func (vms *VaultManagementService) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if utils.IsNil(vms.Client) { - return nil, fmt.Errorf(errUninitalizedOracleProvider) + return nil, errors.New(errUninitalizedOracleProvider) } sec, err := vms.Client.GetSecretBundleByName(ctx, secrets.GetSecretBundleByNameRequest{ @@ -229,7 +229,7 @@ func (vms *VaultManagementService) GetSecret(ctx context.Context, ref esv1beta1. func decodeBundle(sec secrets.GetSecretBundleByNameResponse) ([]byte, error) { bt, ok := sec.SecretBundleContent.(secrets.Base64SecretBundleContentDetails) if !ok { - return nil, fmt.Errorf(errUnexpectedContent) + return nil, errors.New(errUnexpectedContent) } payload, err := base64.StdEncoding.DecodeString(*bt.Content) if err != nil { @@ -266,11 +266,11 @@ func (vms *VaultManagementService) NewClient(ctx context.Context, store esv1beta oracleSpec := storeSpec.Provider.Oracle if oracleSpec.Vault == "" { - return nil, fmt.Errorf(errMissingVault) + return nil, errors.New(errMissingVault) } if oracleSpec.Region == "" { - return nil, fmt.Errorf(errMissingRegion) + return nil, errors.New(errMissingRegion) } var ( @@ -412,7 +412,7 @@ func matchesRef(secretSummary vault.SecretSummary, ref esv1beta1.ExternalSecretF func getSecretData(ctx context.Context, kube kclient.Client, namespace, storeKind string, secretRef esmeta.SecretKeySelector) (string, error) { if secretRef.Name == "" { - return "", fmt.Errorf(errORACLECredSecretName) + return "", errors.New(errORACLECredSecretName) } secret, err := resolvers.SecretKeyRef( ctx, @@ -433,7 +433,7 @@ func getUserAuthConfigurationProvider(ctx context.Context, kube kclient.Client, return nil, err } if privateKey == "" { - return nil, fmt.Errorf(errMissingPK) + return nil, errors.New(errMissingPK) } fingerprint, err := getSecretData(ctx, kube, namespace, storeKind, store.Auth.SecretRef.Fingerprint) @@ -441,15 +441,15 @@ func getUserAuthConfigurationProvider(ctx context.Context, kube kclient.Client, return nil, err } if fingerprint == "" { - return nil, fmt.Errorf(errMissingFingerprint) + return nil, errors.New(errMissingFingerprint) } if store.Auth.User == "" { - return nil, fmt.Errorf(errMissingUser) + return nil, errors.New(errMissingUser) } if store.Auth.Tenancy == "" { - return nil, fmt.Errorf(errMissingTenancy) + return nil, errors.New(errMissingTenancy) } return common.NewRawConfigurationProvider(store.Auth.Tenancy, store.Auth.User, region, fingerprint, privateKey, nil), nil @@ -500,12 +500,12 @@ func (vms *VaultManagementService) ValidateStore(store esv1beta1.GenericStore) ( vault := oracleSpec.Vault if vault == "" { - return nil, fmt.Errorf("vault cannot be empty") + return nil, errors.New("vault cannot be empty") } region := oracleSpec.Region if region == "" { - return nil, fmt.Errorf("region cannot be empty") + return nil, errors.New("region cannot be empty") } auth := oracleSpec.Auth @@ -515,21 +515,21 @@ func (vms *VaultManagementService) ValidateStore(store esv1beta1.GenericStore) ( user := oracleSpec.Auth.User if user == "" { - return nil, fmt.Errorf("user cannot be empty") + return nil, errors.New("user cannot be empty") } tenant := oracleSpec.Auth.Tenancy if tenant == "" { - return nil, fmt.Errorf("tenant cannot be empty") + return nil, errors.New("tenant cannot be empty") } privateKey := oracleSpec.Auth.SecretRef.PrivateKey if privateKey.Name == "" { - return nil, fmt.Errorf("privateKey.name cannot be empty") + return nil, errors.New("privateKey.name cannot be empty") } if privateKey.Key == "" { - return nil, fmt.Errorf("privateKey.key cannot be empty") + return nil, errors.New("privateKey.key cannot be empty") } err := utils.ValidateSecretSelector(store, privateKey) @@ -540,11 +540,11 @@ func (vms *VaultManagementService) ValidateStore(store esv1beta1.GenericStore) ( fingerprint := oracleSpec.Auth.SecretRef.Fingerprint if fingerprint.Name == "" { - return nil, fmt.Errorf("fingerprint.name cannot be empty") + return nil, errors.New("fingerprint.name cannot be empty") } if fingerprint.Key == "" { - return nil, fmt.Errorf("fingerprint.key cannot be empty") + return nil, errors.New("fingerprint.key cannot be empty") } err = utils.ValidateSecretSelector(store, fingerprint) diff --git a/pkg/provider/oracle/oracle_test.go b/pkg/provider/oracle/oracle_test.go index 9885b551fc6..bc43acb54c5 100644 --- a/pkg/provider/oracle/oracle_test.go +++ b/pkg/provider/oracle/oracle_test.go @@ -21,6 +21,7 @@ import ( "crypto/x509" "encoding/base64" "encoding/pem" + "errors" "fmt" "reflect" "strings" @@ -112,7 +113,7 @@ func makeValidVaultTestCaseCustom(tweaks ...func(smtc *vaultTestCase)) *vaultTes // This case can be shared by both GetSecret and GetSecretMap tests. // bad case: set apiErr. var setAPIErr = func(smtc *vaultTestCase) { - smtc.apiErr = fmt.Errorf("oh no") + smtc.apiErr = errors.New("oh no") smtc.expectError = "oh no" } @@ -264,43 +265,43 @@ func TestValidateStore(t *testing.T) { testCases := []ValidateStoreTestCase{ { store: makeSecretStore("", region), - err: fmt.Errorf("vault cannot be empty"), + err: errors.New("vault cannot be empty"), }, { store: makeSecretStore(vaultOCID, ""), - err: fmt.Errorf("region cannot be empty"), + err: errors.New("region cannot be empty"), }, { store: makeSecretStore(vaultOCID, region, withSecretAuth("", tenant)), - err: fmt.Errorf("user cannot be empty"), + err: errors.New("user cannot be empty"), }, { store: makeSecretStore(vaultOCID, region, withSecretAuth(userOCID, "")), - err: fmt.Errorf("tenant cannot be empty"), + err: errors.New("tenant cannot be empty"), }, { store: makeSecretStore(vaultOCID, region, withSecretAuth(userOCID, tenant), withPrivateKey("", secretKey, nil)), - err: fmt.Errorf("privateKey.name cannot be empty"), + err: errors.New("privateKey.name cannot be empty"), }, { store: makeSecretStore(vaultOCID, region, withSecretAuth(userOCID, tenant), withPrivateKey(secretName, secretKey, &namespace)), - err: fmt.Errorf("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), + err: errors.New("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), }, { store: makeSecretStore(vaultOCID, region, withSecretAuth(userOCID, tenant), withPrivateKey(secretName, "", nil)), - err: fmt.Errorf("privateKey.key cannot be empty"), + err: errors.New("privateKey.key cannot be empty"), }, { store: makeSecretStore(vaultOCID, region, withSecretAuth(userOCID, tenant), withPrivateKey(secretName, secretKey, nil), withFingerprint("", secretKey, nil)), - err: fmt.Errorf("fingerprint.name cannot be empty"), + err: errors.New("fingerprint.name cannot be empty"), }, { store: makeSecretStore(vaultOCID, region, withSecretAuth(userOCID, tenant), withPrivateKey(secretName, secretKey, nil), withFingerprint(secretName, secretKey, &namespace)), - err: fmt.Errorf("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), + err: errors.New("namespace should either be empty or match the namespace of the SecretStore for a namespaced SecretStore"), }, { store: makeSecretStore(vaultOCID, region, withSecretAuth(userOCID, tenant), withPrivateKey(secretName, secretKey, nil), withFingerprint(secretName, "", nil)), - err: fmt.Errorf("fingerprint.key cannot be empty"), + err: errors.New("fingerprint.key cannot be empty"), }, { store: makeSecretStore(vaultOCID, region), diff --git a/pkg/provider/passbolt/passbolt.go b/pkg/provider/passbolt/passbolt.go index cb6418d79a2..293d33206d0 100644 --- a/pkg/provider/passbolt/passbolt.go +++ b/pkg/provider/passbolt/passbolt.go @@ -98,7 +98,7 @@ func (provider *ProviderPassbolt) NewClient(ctx context.Context, store esv1beta1 } func (provider *ProviderPassbolt) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf(errNotImplemented) + return false, errors.New(errNotImplemented) } func (provider *ProviderPassbolt) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { @@ -119,11 +119,11 @@ func (provider *ProviderPassbolt) GetSecret(ctx context.Context, ref esv1beta1.E } func (provider *ProviderPassbolt) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (provider *ProviderPassbolt) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (provider *ProviderPassbolt) Validate() (esv1beta1.ValidationResult, error) { @@ -131,7 +131,7 @@ func (provider *ProviderPassbolt) Validate() (esv1beta1.ValidationResult, error) } func (provider *ProviderPassbolt) GetSecretMap(_ context.Context, _ esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { - return nil, fmt.Errorf(errNotImplemented) + return nil, errors.New(errNotImplemented) } func (provider *ProviderPassbolt) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error) { diff --git a/pkg/provider/passbolt/passbolt_test.go b/pkg/provider/passbolt/passbolt_test.go index e2461cf9c2c..e343431a921 100644 --- a/pkg/provider/passbolt/passbolt_test.go +++ b/pkg/provider/passbolt/passbolt_test.go @@ -17,7 +17,6 @@ package passbolt import ( "context" "errors" - "fmt" "strings" "testing" @@ -100,21 +99,21 @@ func TestValidateStore(t *testing.T) { // missing auth _, err := p.ValidateStore(store) - g.Expect(err).To(g.BeEquivalentTo(fmt.Errorf(errPassboltStoreMissingAuth))) + g.Expect(err).To(g.BeEquivalentTo(errors.New(errPassboltStoreMissingAuth))) // missing password store.Spec.Provider.Passbolt.Auth = &esv1beta1.PassboltAuth{ PrivateKeySecretRef: &esmeta.SecretKeySelector{Key: "some-secret", Name: "privatekey"}, } _, err = p.ValidateStore(store) - g.Expect(err).To(g.BeEquivalentTo(fmt.Errorf(errPassboltStoreMissingAuthPassword))) + g.Expect(err).To(g.BeEquivalentTo(errors.New(errPassboltStoreMissingAuthPassword))) // missing privateKey store.Spec.Provider.Passbolt.Auth = &esv1beta1.PassboltAuth{ PasswordSecretRef: &esmeta.SecretKeySelector{Key: "some-secret", Name: "password"}, } _, err = p.ValidateStore(store) - g.Expect(err).To(g.BeEquivalentTo(fmt.Errorf(errPassboltStoreMissingAuthPrivateKey))) + g.Expect(err).To(g.BeEquivalentTo(errors.New(errPassboltStoreMissingAuthPrivateKey))) store.Spec.Provider.Passbolt.Auth = &esv1beta1.PassboltAuth{ @@ -124,12 +123,12 @@ func TestValidateStore(t *testing.T) { // missing host _, err = p.ValidateStore(store) - g.Expect(err).To(g.BeEquivalentTo(fmt.Errorf(errPassboltStoreMissingHost))) + g.Expect(err).To(g.BeEquivalentTo(errors.New(errPassboltStoreMissingHost))) // not https store.Spec.Provider.Passbolt.Host = "http://passbolt.test" _, err = p.ValidateStore(store) - g.Expect(err).To(g.BeEquivalentTo(fmt.Errorf(errPassboltStoreHostSchemeNotHTTPS))) + g.Expect(err).To(g.BeEquivalentTo(errors.New(errPassboltStoreHostSchemeNotHTTPS))) // spec ok store.Spec.Provider.Passbolt.Host = "https://passbolt.test" @@ -276,23 +275,23 @@ func TestSecretExists(t *testing.T) { p := &ProviderPassbolt{client: clientMock} g.RegisterTestingT(t) _, err := p.SecretExists(context.TODO(), nil) - g.Expect(err).To(g.BeEquivalentTo(fmt.Errorf(errNotImplemented))) + g.Expect(err).To(g.BeEquivalentTo(errors.New(errNotImplemented))) } func TestPushSecret(t *testing.T) { p := &ProviderPassbolt{client: clientMock} g.RegisterTestingT(t) err := p.PushSecret(context.TODO(), nil, nil) - g.Expect(err).To(g.BeEquivalentTo(fmt.Errorf(errNotImplemented))) + g.Expect(err).To(g.BeEquivalentTo(errors.New(errNotImplemented))) } func TestDeleteSecret(t *testing.T) { p := &ProviderPassbolt{client: clientMock} g.RegisterTestingT(t) err := p.DeleteSecret(context.TODO(), nil) - g.Expect(err).To(g.BeEquivalentTo(fmt.Errorf(errNotImplemented))) + g.Expect(err).To(g.BeEquivalentTo(errors.New(errNotImplemented))) } func TestGetSecretMap(t *testing.T) { p := &ProviderPassbolt{client: clientMock} g.RegisterTestingT(t) _, err := p.GetSecretMap(context.TODO(), esv1beta1.ExternalSecretDataRemoteRef{}) - g.Expect(err).To(g.BeEquivalentTo(fmt.Errorf(errNotImplemented))) + g.Expect(err).To(g.BeEquivalentTo(errors.New(errNotImplemented))) } diff --git a/pkg/provider/passworddepot/passworddepot.go b/pkg/provider/passworddepot/passworddepot.go index 7bcdcd9aef2..a8025b2aa4a 100644 --- a/pkg/provider/passworddepot/passworddepot.go +++ b/pkg/provider/passworddepot/passworddepot.go @@ -35,7 +35,7 @@ const ( errFetchSAKSecret = "couldn't find secret on cluster: %w" errMissingSAK = "missing credentials while setting auth" errUninitalizedPasswordDepotProvider = "provider passworddepot is not initialized" - errJSONSecretUnmarshal = "unable to unmarshal secret: %w" + errNotImplemented = "%s not implemented" ) type Client interface { @@ -69,7 +69,7 @@ func (c *passwordDepotClient) getAuth(ctx context.Context) (string, string, erro credentialsSecret := &corev1.Secret{} credentialsSecretName := c.store.Auth.SecretRef.Credentials.Name if credentialsSecretName == "" { - return "", "", fmt.Errorf(errPasswordDepotCredSecretName) + return "", "", errors.New(errPasswordDepotCredSecretName) } objectKey := types.NamespacedName{ Name: credentialsSecretName, @@ -78,7 +78,7 @@ func (c *passwordDepotClient) getAuth(ctx context.Context) (string, string, erro // only ClusterStore is allowed to set namespace (and then it's required) if c.storeKind == esv1beta1.ClusterSecretStoreKind { if c.store.Auth.SecretRef.Credentials.Namespace == nil { - return "", "", fmt.Errorf(errInvalidClusterStoreMissingSAKNamespace) + return "", "", errors.New(errInvalidClusterStoreMissingSAKNamespace) } objectKey.Namespace = *c.store.Auth.SecretRef.Credentials.Namespace } @@ -91,22 +91,17 @@ func (c *passwordDepotClient) getAuth(ctx context.Context) (string, string, erro username := credentialsSecret.Data["username"] password := credentialsSecret.Data["password"] if (username == nil) || (len(username) == 0 || password == nil) || (len(password) == 0) { - return "", "", fmt.Errorf(errMissingSAK) + return "", "", errors.New(errMissingSAK) } return string(username), string(password), nil } -// Function newPasswordDepotProvider returns a reference to a new instance of a 'PasswordDepot' struct. -func NewPasswordDepotProvider() *PasswordDepot { - return &PasswordDepot{} -} - -// Method on PasswordDepot Provider to set up client with credentials and populate projectID. +// NewClient Method on PasswordDepot Provider to set up client with credentials and populate projectID. func (p *PasswordDepot) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube kclient.Client, namespace string) (esv1beta1.SecretsClient, error) { storeSpec := store.GetSpec() if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.PasswordDepot == nil { - return nil, fmt.Errorf("no store type or wrong store type") + return nil, errors.New("no store type or wrong store type") } storeSpecPasswordDepot := storeSpec.Provider.PasswordDepot @@ -135,7 +130,7 @@ func (p *PasswordDepot) NewClient(ctx context.Context, store esv1beta1.GenericSt } func (p *PasswordDepot) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf("not implemented") + return false, fmt.Errorf(errNotImplemented, "SecretExists") } func (p *PasswordDepot) Validate() (esv1beta1.ValidationResult, error) { @@ -143,20 +138,20 @@ func (p *PasswordDepot) Validate() (esv1beta1.ValidationResult, error) { } func (p *PasswordDepot) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { - return fmt.Errorf("not implemented") + return fmt.Errorf(errNotImplemented, "PushSecret") } func (p *PasswordDepot) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { - return nil, fmt.Errorf("GetAllSecrets not implemented") + return nil, fmt.Errorf(errNotImplemented, "GetAllSecrets") } func (p *PasswordDepot) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { - return fmt.Errorf("not implemented") + return fmt.Errorf(errNotImplemented, "DeleteSecret") } func (p *PasswordDepot) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if utils.IsNil(p.client) { - return nil, fmt.Errorf(errUninitalizedPasswordDepotProvider) + return nil, errors.New(errUninitalizedPasswordDepotProvider) } data, err := p.client.GetSecret(p.database, ref.Key) diff --git a/pkg/provider/scaleway/client.go b/pkg/provider/scaleway/client.go index e8a8b52b346..c3eb8a3a1c9 100644 --- a/pkg/provider/scaleway/client.go +++ b/pkg/provider/scaleway/client.go @@ -59,7 +59,7 @@ func (r scwSecretRef) String() string { func decodeScwSecretRef(key string) (*scwSecretRef, error) { sepIndex := strings.IndexRune(key, ':') if sepIndex < 0 { - return nil, fmt.Errorf("invalid secret reference: missing colon ':'") + return nil, errors.New("invalid secret reference: missing colon ':'") } return &scwSecretRef{ @@ -104,7 +104,7 @@ func (c *client) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretData func (c *client) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { if data.GetSecretKey() == "" { - return fmt.Errorf("pushing the whole secret is not yet implemented") + return errors.New("pushing the whole secret is not yet implemented") } value := secret.Data[data.GetSecretKey()] @@ -128,14 +128,14 @@ func (c *client) PushSecret(ctx context.Context, secret *corev1.Secret, data esv case refTypePath: name, path, ok := splitNameAndPath(scwRef.Value) if !ok { - return fmt.Errorf("ref is not a path") + return errors.New("ref is not a path") } listSecretReq.Name = &name listSecretReq.Path = &path secretName = name secretPath = path default: - return fmt.Errorf("secrets can only be pushed by name or path") + return errors.New("secrets can only be pushed by name or path") } var secretID string @@ -234,13 +234,13 @@ func (c *client) DeleteSecret(ctx context.Context, remoteRef esv1beta1.PushSecre case refTypePath: name, path, ok := splitNameAndPath(scwRef.Value) if !ok { - return fmt.Errorf("ref is not a path") + return errors.New("ref is not a path") } listSecretReq.Name = &name listSecretReq.Path = &path default: - return fmt.Errorf("secrets can only be deleted by name or path") + return errors.New("secrets can only be deleted by name or path") } listSecrets, err := c.api.ListSecrets(listSecretReq, scw.WithContext(ctx)) @@ -265,7 +265,7 @@ func (c *client) DeleteSecret(ctx context.Context, remoteRef esv1beta1.PushSecre } func (c *client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf("not implemented") + return false, errors.New("not implemented") } func (c *client) Validate() (esv1beta1.ValidationResult, error) { @@ -408,7 +408,7 @@ func (c *client) accessSecretVersion(ctx context.Context, secretRef *scwSecretRe case refTypePath: name, path, ok := splitNameAndPath(secretRef.Value) if !ok { - return nil, fmt.Errorf("ref is not a path") + return nil, errors.New("ref is not a path") } request.Name = &name diff --git a/pkg/provider/scaleway/provider.go b/pkg/provider/scaleway/provider.go index f57df3a088f..5f8ef8bba3f 100644 --- a/pkg/provider/scaleway/provider.go +++ b/pkg/provider/scaleway/provider.go @@ -16,6 +16,7 @@ package scaleway import ( "context" + "errors" "fmt" smapi "github.com/scaleway/scaleway-sdk-go/api/secret/v1beta1" @@ -50,7 +51,7 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, if store.GetKind() == esv1beta1.ClusterSecretStoreKind && doesConfigDependOnNamespace(cfg) { // we are not attached to a specific namespace, but some config values are dependent on it - return nil, fmt.Errorf("when using a ClusterSecretStore, namespaces must be explicitly set") + return nil, errors.New("when using a ClusterSecretStore, namespaces must be explicitly set") } accessKey, err := loadConfigSecret(ctx, cfg.AccessKey, kube, namespace, store.GetKind()) @@ -97,14 +98,14 @@ func loadConfigSecret(ctx context.Context, ref *esv1beta1.ScalewayProviderSecret func validateSecretRef(store esv1beta1.GenericStore, ref *esv1beta1.ScalewayProviderSecretRef) error { if ref.SecretRef != nil { if ref.Value != "" { - return fmt.Errorf("cannot specify both secret reference and value") + return errors.New("cannot specify both secret reference and value") } err := utils.ValidateReferentSecretSelector(store, *ref.SecretRef) if err != nil { return err } } else if ref.Value == "" { - return fmt.Errorf("must specify either secret reference or direct value") + return errors.New("must specify either secret reference or direct value") } return nil @@ -124,12 +125,12 @@ func doesConfigDependOnNamespace(cfg *esv1beta1.ScalewayProvider) bool { func getConfig(store esv1beta1.GenericStore) (*esv1beta1.ScalewayProvider, error) { if store == nil { - return nil, fmt.Errorf("missing store specification") + return nil, errors.New("missing store specification") } storeSpec := store.GetSpec() if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.Scaleway == nil { - return nil, fmt.Errorf("invalid specification for scaleway provider") + return nil, errors.New("invalid specification for scaleway provider") } cfg := storeSpec.Provider.Scaleway diff --git a/pkg/provider/senhasegura/provider.go b/pkg/provider/senhasegura/provider.go index 67dd0a829e0..64d2a62e01c 100644 --- a/pkg/provider/senhasegura/provider.go +++ b/pkg/provider/senhasegura/provider.go @@ -16,6 +16,7 @@ package senhasegura import ( "context" + "errors" "fmt" "net/url" @@ -77,16 +78,16 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin func validateStore(store esv1beta1.GenericStore) error { if store == nil { - return fmt.Errorf(errNilStore) + return errors.New(errNilStore) } spec := store.GetSpec() if spec == nil { - return fmt.Errorf(errMissingStoreSpec) + return errors.New(errMissingStoreSpec) } if spec.Provider == nil { - return fmt.Errorf(errMissingProvider) + return errors.New(errMissingProvider) } provider := spec.Provider.Senhasegura @@ -96,21 +97,21 @@ func validateStore(store esv1beta1.GenericStore) error { url, err := url.Parse(provider.URL) if err != nil { - return fmt.Errorf(errInvalidSenhaseguraURL) + return errors.New(errInvalidSenhaseguraURL) } // senhasegura doesn't accept requests without SSL/TLS layer for security reasons // DSM doesn't provides gRPC schema, only HTTPS if url.Scheme != "https" { - return fmt.Errorf(errInvalidSenhaseguraURLHTTPS) + return errors.New(errInvalidSenhaseguraURLHTTPS) } if url.Host == "" { - return fmt.Errorf(errInvalidSenhaseguraURL) + return errors.New(errInvalidSenhaseguraURL) } if provider.Auth.ClientID == "" { - return fmt.Errorf(errMissingClientID) + return errors.New(errMissingClientID) } return nil diff --git a/pkg/provider/vault/auth.go b/pkg/provider/vault/auth.go index 7935cb9a276..e3be9abc023 100644 --- a/pkg/provider/vault/auth.go +++ b/pkg/provider/vault/auth.go @@ -155,11 +155,11 @@ func checkToken(ctx context.Context, token util.Token) (bool, error) { // LookupSelfWithContext() calls ParseSecret(), which has several places // that return no data and no error, including when a token is expired. if resp == nil { - return false, fmt.Errorf("no response nor error for token lookup") + return false, errors.New("no response nor error for token lookup") } t, ok := resp.Data["type"] if !ok { - return false, fmt.Errorf("could not assert token type") + return false, errors.New("could not assert token type") } tokenType := t.(string) if tokenType == "batch" { @@ -167,7 +167,7 @@ func checkToken(ctx context.Context, token util.Token) (bool, error) { } ttl, ok := resp.Data["ttl"] if !ok { - return false, fmt.Errorf("no TTL found in response") + return false, errors.New("no TTL found in response") } ttlInt, err := ttl.(json.Number).Int64() if err != nil { @@ -175,7 +175,7 @@ func checkToken(ctx context.Context, token util.Token) (bool, error) { } expireTime, ok := resp.Data["expire_time"] if !ok { - return false, fmt.Errorf("no expiration time found in response") + return false, errors.New("no expiration time found in response") } if ttlInt < 60 && expireTime != nil { // Treat expirable tokens that are about to expire as already expired. diff --git a/pkg/provider/vault/auth_approle.go b/pkg/provider/vault/auth_approle.go index adcf14dff63..3047dd6b329 100644 --- a/pkg/provider/vault/auth_approle.go +++ b/pkg/provider/vault/auth_approle.go @@ -16,7 +16,7 @@ package vault import ( "context" - "fmt" + "errors" "strings" "github.com/hashicorp/vault/api/auth/approle" @@ -56,7 +56,7 @@ func (c *client) requestTokenWithAppRoleRef(ctx context.Context, appRole *esv1be return err } } else { // we ran out of ways to get RoleID. return an appropriate error - return fmt.Errorf(errInvalidAppRoleID) + return errors.New(errInvalidAppRoleID) } secretID, err := resolvers.SecretKeyRef(ctx, c.kube, c.storeKind, c.namespace, &appRole.SecretRef) diff --git a/pkg/provider/vault/auth_jwt.go b/pkg/provider/vault/auth_jwt.go index bb531f6e809..aa5906c6764 100644 --- a/pkg/provider/vault/auth_jwt.go +++ b/pkg/provider/vault/auth_jwt.go @@ -16,6 +16,7 @@ package vault import ( "context" + "errors" "fmt" "strings" @@ -66,7 +67,7 @@ func (c *client) requestTokenWithJwtAuth(ctx context.Context, jwtAuth *esv1beta1 *audiences, *expirationSeconds) } else { - err = fmt.Errorf(errJwtNoTokenSource) + err = errors.New(errJwtNoTokenSource) } if err != nil { return err diff --git a/pkg/provider/vault/auth_test.go b/pkg/provider/vault/auth_test.go index af5dcc23dd1..1432806edaa 100644 --- a/pkg/provider/vault/auth_test.go +++ b/pkg/provider/vault/auth_test.go @@ -134,7 +134,7 @@ func TestSetAuthNamespace(t *testing.T) { c, cfg, err := prov.prepareConfig(context.Background(), kube, nil, tc.args.store.Spec.Provider.Vault, nil, "default", store.GetObjectKind().GroupVersionKind().Kind) if err != nil { - t.Errorf(err.Error()) + t.Error(err.Error()) } client, err := getVaultClient(prov, tc.args.store, cfg) diff --git a/pkg/provider/vault/client_get.go b/pkg/provider/vault/client_get.go index 8a8f307aa00..528b4a5a4ba 100644 --- a/pkg/provider/vault/client_get.go +++ b/pkg/provider/vault/client_get.go @@ -218,7 +218,7 @@ func (c *client) buildMetadataPath(path string) (string, error) { url = fmt.Sprintf("%s/%s", *c.store.Path, path) } else { // KV v2 is used if c.store.Path == nil && !strings.Contains(path, "data") { - return "", fmt.Errorf(errPathInvalid) + return "", errors.New(errPathInvalid) } if c.store.Path == nil { path = strings.Replace(path, "data", "metadata", 1) diff --git a/pkg/provider/vault/client_get_test.go b/pkg/provider/vault/client_get_test.go index b5b21ff6534..cec01117d67 100644 --- a/pkg/provider/vault/client_get_test.go +++ b/pkg/provider/vault/client_get_test.go @@ -309,7 +309,7 @@ func TestGetSecret(t *testing.T) { }, }, want: want{ - err: fmt.Errorf(errNotFound), + err: errors.New(errNotFound), }, }, "FailReadSecretMetadataWrongVersion": { @@ -324,7 +324,7 @@ func TestGetSecret(t *testing.T) { }, }, want: want{ - err: fmt.Errorf(errUnsupportedMetadataKvVersion), + err: errors.New(errUnsupportedMetadataKvVersion), }, }, } diff --git a/pkg/provider/vault/client_push.go b/pkg/provider/vault/client_push.go index 42830ad4375..0ed4422f301 100644 --- a/pkg/provider/vault/client_push.go +++ b/pkg/provider/vault/client_push.go @@ -74,7 +74,7 @@ func (c *client) PushSecret(ctx context.Context, secret *corev1.Secret, data esv } manager, ok := metadata["managed-by"] if !ok || manager != "external-secrets" { - return fmt.Errorf("secret not managed by external-secrets") + return errors.New("secret not managed by external-secrets") } } // Remove the metadata map to check the reconcile difference diff --git a/pkg/provider/vault/client_push_test.go b/pkg/provider/vault/client_push_test.go index 771ed6a1c80..420ed0e0ff4 100644 --- a/pkg/provider/vault/client_push_test.go +++ b/pkg/provider/vault/client_push_test.go @@ -85,13 +85,13 @@ func TestDeleteSecret(t *testing.T) { args: args{ store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV1).Spec.Provider.Vault, vLogical: &fake.Logical{ - ReadWithDataWithContextFn: fake.NewReadWithContextFn(nil, fmt.Errorf("failed to read")), + ReadWithDataWithContextFn: fake.NewReadWithContextFn(nil, errors.New("failed to read")), WriteWithContextFn: fake.ExpectWriteWithContextNoCall(), DeleteWithContextFn: fake.ExpectDeleteWithContextNoCall(), }, }, want: want{ - err: fmt.Errorf("failed to read"), + err: errors.New("failed to read"), }, }, "DeleteSecretFailIfErrorKV2": { @@ -99,13 +99,13 @@ func TestDeleteSecret(t *testing.T) { args: args{ store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV2).Spec.Provider.Vault, vLogical: &fake.Logical{ - ReadWithDataWithContextFn: fake.NewReadWithContextFn(nil, fmt.Errorf("failed to read")), + ReadWithDataWithContextFn: fake.NewReadWithContextFn(nil, errors.New("failed to read")), WriteWithContextFn: fake.ExpectWriteWithContextNoCall(), DeleteWithContextFn: fake.ExpectDeleteWithContextNoCall(), }, }, want: want{ - err: fmt.Errorf("failed to read"), + err: errors.New("failed to read"), }, }, "DeleteSecretNotManagedKV1": { @@ -200,11 +200,11 @@ func TestDeleteSecret(t *testing.T) { }, }, nil), WriteWithContextFn: fake.ExpectWriteWithContextNoCall(), - DeleteWithContextFn: fake.NewDeleteWithContextFn(nil, fmt.Errorf("failed to delete")), + DeleteWithContextFn: fake.NewDeleteWithContextFn(nil, errors.New("failed to delete")), }, }, want: want{ - err: fmt.Errorf("failed to delete"), + err: errors.New("failed to delete"), }, }, "DeleteSecretErrorKV2": { @@ -221,11 +221,11 @@ func TestDeleteSecret(t *testing.T) { }, }, nil), WriteWithContextFn: fake.ExpectWriteWithContextNoCall(), - DeleteWithContextFn: fake.NewDeleteWithContextFn(nil, fmt.Errorf("failed to delete")), + DeleteWithContextFn: fake.NewDeleteWithContextFn(nil, errors.New("failed to delete")), }, }, want: want{ - err: fmt.Errorf("failed to delete"), + err: errors.New("failed to delete"), }, }, "DeleteSecretUpdatePropertyKV1": { diff --git a/pkg/provider/vault/fake/vault.go b/pkg/provider/vault/fake/vault.go index d11fcce6b0c..c0a7ebc5071 100644 --- a/pkg/provider/vault/fake/vault.go +++ b/pkg/provider/vault/fake/vault.go @@ -16,6 +16,7 @@ package fake import ( "context" + "errors" "fmt" "reflect" "strings" @@ -104,13 +105,13 @@ func ExpectWriteWithContextValue(expected map[string]any) WriteWithContextFn { func ExpectWriteWithContextNoCall() WriteWithContextFn { return func(_ context.Context, path string, data map[string]any) (*vault.Secret, error) { - return nil, fmt.Errorf("fail") + return nil, errors.New("fail") } } func ExpectDeleteWithContextNoCall() DeleteWithContextFn { return func(ctx context.Context, path string) (*vault.Secret, error) { - return nil, fmt.Errorf("fail") + return nil, errors.New("fail") } } func WriteChangingReadContext(secret map[string]any, l Logical) WriteWithContextFn { diff --git a/pkg/provider/vault/validate.go b/pkg/provider/vault/validate.go index b21fee5aac2..8411fccfcd8 100644 --- a/pkg/provider/vault/validate.go +++ b/pkg/provider/vault/validate.go @@ -49,18 +49,18 @@ const ( func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error) { if store == nil { - return nil, fmt.Errorf(errInvalidStore) + return nil, errors.New(errInvalidStore) } spc := store.GetSpec() if spc == nil { - return nil, fmt.Errorf(errInvalidStoreSpec) + return nil, errors.New(errInvalidStoreSpec) } if spc.Provider == nil { - return nil, fmt.Errorf(errInvalidStoreProv) + return nil, errors.New(errInvalidStoreProv) } vaultProvider := spc.Provider.Vault if vaultProvider == nil { - return nil, fmt.Errorf(errInvalidVaultProv) + return nil, errors.New(errInvalidVaultProv) } if vaultProvider.Auth.AppRole != nil { // check SecretRef for valid configuration @@ -75,7 +75,7 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin return nil, fmt.Errorf(errInvalidAppRoleRef, err) } } else { // we ran out of ways to get RoleID. return an appropriate error - return nil, fmt.Errorf(errInvalidAppRoleID) + return nil, errors.New(errInvalidAppRoleID) } } } @@ -97,7 +97,7 @@ func (p *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnin return nil, fmt.Errorf(errInvalidJwtK8sSA, err) } } else { - return nil, fmt.Errorf(errJwtNoTokenSource) + return nil, errors.New(errJwtNoTokenSource) } } if vaultProvider.Auth.Kubernetes != nil { diff --git a/pkg/provider/webhook/webhook.go b/pkg/provider/webhook/webhook.go index 51e35a7355b..bec04ef1b8c 100644 --- a/pkg/provider/webhook/webhook.go +++ b/pkg/provider/webhook/webhook.go @@ -17,6 +17,7 @@ package webhook import ( "context" "encoding/json" + "errors" "fmt" "strconv" "time" @@ -94,7 +95,7 @@ func (p *Provider) ValidateStore(_ esv1beta1.GenericStore) (admission.Warnings, func getProvider(store esv1beta1.GenericStore) (*webhook.Spec, error) { spc := store.GetSpec() if spc == nil || spc.Provider == nil || spc.Provider.Webhook == nil { - return nil, fmt.Errorf("missing store provider webhook") + return nil, errors.New("missing store provider webhook") } out := webhook.Spec{} d, err := json.Marshal(spc.Provider.Webhook) @@ -106,22 +107,22 @@ func getProvider(store esv1beta1.GenericStore) (*webhook.Spec, error) { } func (w *WebHook) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (w *WebHook) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf(errNotImplemented) + return false, errors.New(errNotImplemented) } // PushSecret not implement. func (w *WebHook) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } // GetAllSecrets Empty . func (w *WebHook) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { // TO be implemented - return nil, fmt.Errorf(errNotImplemented) + return nil, errors.New(errNotImplemented) } func (w *WebHook) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { @@ -178,7 +179,7 @@ func extractSecretData(jsondata any) ([]byte, error) { // in case we see a []something we pick the first element and return it case []any: if len(val) == 0 { - return nil, fmt.Errorf("filter worked but didn't get any result") + return nil, errors.New("filter worked but didn't get any result") } return extractSecretData(val[0]) diff --git a/pkg/provider/yandex/certificatemanager/certificatemanager.go b/pkg/provider/yandex/certificatemanager/certificatemanager.go index bd9856a48cd..274564456f0 100644 --- a/pkg/provider/yandex/certificatemanager/certificatemanager.go +++ b/pkg/provider/yandex/certificatemanager/certificatemanager.go @@ -16,7 +16,7 @@ package certificatemanager import ( "context" - "fmt" + "errors" "time" "github.com/yandex-cloud/go-sdk/iamkey" @@ -34,12 +34,12 @@ var log = ctrl.Log.WithName("provider").WithName("yandex").WithName("certificate func adaptInput(store esv1beta1.GenericStore) (*common.SecretsClientInput, error) { storeSpec := store.GetSpec() if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.YandexCertificateManager == nil { - return nil, fmt.Errorf("received invalid Yandex Certificate Manager SecretStore resource") + return nil, errors.New("received invalid Yandex Certificate Manager SecretStore resource") } storeSpecYandexCertificateManager := storeSpec.Provider.YandexCertificateManager if storeSpecYandexCertificateManager.Auth.AuthorizedKey.Name == "" { - return nil, fmt.Errorf("invalid Yandex Certificate Manager SecretStore resource: missing AuthorizedKey Name") + return nil, errors.New("invalid Yandex Certificate Manager SecretStore resource: missing AuthorizedKey Name") } var caCertificate *esmeta.SecretKeySelector diff --git a/pkg/provider/yandex/certificatemanager/client/fakeclient.go b/pkg/provider/yandex/certificatemanager/client/fakeclient.go index c73fb6139b1..230cca97c6c 100644 --- a/pkg/provider/yandex/certificatemanager/client/fakeclient.go +++ b/pkg/provider/yandex/certificatemanager/client/fakeclient.go @@ -16,7 +16,7 @@ package client import ( "context" - "fmt" + "errors" "time" "github.com/google/go-cmp/cmp" @@ -117,20 +117,20 @@ func (s *FakeCertificateManagerServer) NewIamToken(authorizedKey *iamkey.Key) *c func (s *FakeCertificateManagerServer) getCertificateContent(iamToken, certificateID, versionID string) (*api.GetCertificateContentResponse, error) { if _, ok := s.certificateMap[certificateKey{certificateID}]; !ok { - return nil, fmt.Errorf("certificate not found") + return nil, errors.New("certificate not found") } if _, ok := s.versionMap[versionKey{certificateID, versionID}]; !ok { - return nil, fmt.Errorf("version not found") + return nil, errors.New("version not found") } if _, ok := s.tokenMap[tokenKey{iamToken}]; !ok { - return nil, fmt.Errorf("unauthenticated") + return nil, errors.New("unauthenticated") } if s.tokenMap[tokenKey{iamToken}].expiresAt.Before(s.clock.CurrentTime()) { - return nil, fmt.Errorf("iam token expired") + return nil, errors.New("iam token expired") } if !cmp.Equal(s.tokenMap[tokenKey{iamToken}].authorizedKey, s.certificateMap[certificateKey{certificateID}].expectedAuthorizedKey, cmpopts.IgnoreUnexported(iamkey.Key{})) { - return nil, fmt.Errorf("permission denied") + return nil, errors.New("permission denied") } return s.versionMap[versionKey{certificateID, versionID}].content, nil diff --git a/pkg/provider/yandex/common/secretsclient.go b/pkg/provider/yandex/common/secretsclient.go index 95f454735ad..f21cf9c1f5b 100644 --- a/pkg/provider/yandex/common/secretsclient.go +++ b/pkg/provider/yandex/common/secretsclient.go @@ -16,7 +16,7 @@ package common import ( "context" - "fmt" + "errors" corev1 "k8s.io/api/core/v1" @@ -42,15 +42,15 @@ func (c *yandexCloudSecretsClient) GetSecret(ctx context.Context, ref esv1beta1. } func (c *yandexCloudSecretsClient) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (c *yandexCloudSecretsClient) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, fmt.Errorf(errNotImplemented) + return false, errors.New(errNotImplemented) } func (c *yandexCloudSecretsClient) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { - return fmt.Errorf(errNotImplemented) + return errors.New(errNotImplemented) } func (c *yandexCloudSecretsClient) Validate() (esv1beta1.ValidationResult, error) { @@ -63,7 +63,7 @@ func (c *yandexCloudSecretsClient) GetSecretMap(ctx context.Context, ref esv1bet func (c *yandexCloudSecretsClient) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { // TO be implemented - return nil, fmt.Errorf(errNotImplemented) + return nil, errors.New(errNotImplemented) } func (c *yandexCloudSecretsClient) Close(_ context.Context) error { diff --git a/pkg/provider/yandex/lockbox/client/fakeclient.go b/pkg/provider/yandex/lockbox/client/fakeclient.go index 37e21ca77b1..7e1512f35ee 100644 --- a/pkg/provider/yandex/lockbox/client/fakeclient.go +++ b/pkg/provider/yandex/lockbox/client/fakeclient.go @@ -16,7 +16,7 @@ package client import ( "context" - "fmt" + "errors" "time" "github.com/google/go-cmp/cmp" @@ -117,20 +117,20 @@ func (s *FakeLockboxServer) NewIamToken(authorizedKey *iamkey.Key) *common.IamTo func (s *FakeLockboxServer) getEntries(iamToken, secretID, versionID string) ([]*api.Payload_Entry, error) { if _, ok := s.secretMap[secretKey{secretID}]; !ok { - return nil, fmt.Errorf("secret not found") + return nil, errors.New("secret not found") } if _, ok := s.versionMap[versionKey{secretID, versionID}]; !ok { - return nil, fmt.Errorf("version not found") + return nil, errors.New("version not found") } if _, ok := s.tokenMap[tokenKey{iamToken}]; !ok { - return nil, fmt.Errorf("unauthenticated") + return nil, errors.New("unauthenticated") } if s.tokenMap[tokenKey{iamToken}].expiresAt.Before(s.clock.CurrentTime()) { - return nil, fmt.Errorf("iam token expired") + return nil, errors.New("iam token expired") } if !cmp.Equal(s.tokenMap[tokenKey{iamToken}].authorizedKey, s.secretMap[secretKey{secretID}].expectedAuthorizedKey, cmpopts.IgnoreUnexported(iamkey.Key{})) { - return nil, fmt.Errorf("permission denied") + return nil, errors.New("permission denied") } return s.versionMap[versionKey{secretID, versionID}].entries, nil diff --git a/pkg/provider/yandex/lockbox/lockbox.go b/pkg/provider/yandex/lockbox/lockbox.go index b5ad2f71e98..48b548250e9 100644 --- a/pkg/provider/yandex/lockbox/lockbox.go +++ b/pkg/provider/yandex/lockbox/lockbox.go @@ -16,7 +16,7 @@ package lockbox import ( "context" - "fmt" + "errors" "time" "github.com/yandex-cloud/go-sdk/iamkey" @@ -34,12 +34,12 @@ var log = ctrl.Log.WithName("provider").WithName("yandex").WithName("lockbox") func adaptInput(store esv1beta1.GenericStore) (*common.SecretsClientInput, error) { storeSpec := store.GetSpec() if storeSpec == nil || storeSpec.Provider == nil || storeSpec.Provider.YandexLockbox == nil { - return nil, fmt.Errorf("received invalid Yandex Lockbox SecretStore resource") + return nil, errors.New("received invalid Yandex Lockbox SecretStore resource") } storeSpecYandexLockbox := storeSpec.Provider.YandexLockbox if storeSpecYandexLockbox.Auth.AuthorizedKey.Name == "" { - return nil, fmt.Errorf("invalid Yandex Lockbox SecretStore resource: missing AuthorizedKey Name") + return nil, errors.New("invalid Yandex Lockbox SecretStore resource: missing AuthorizedKey Name") } var caCertificate *esmeta.SecretKeySelector diff --git a/pkg/template/v2/pem_chain.go b/pkg/template/v2/pem_chain.go index b831c7367db..d1fc9c8f2db 100644 --- a/pkg/template/v2/pem_chain.go +++ b/pkg/template/v2/pem_chain.go @@ -31,7 +31,7 @@ import ( "bytes" "crypto/x509" "encoding/pem" - "fmt" + "errors" ) const ( @@ -80,7 +80,7 @@ func fetchCertChains(data []byte) ([]byte, error) { for i := range nodes { if !nodes[i].isParent { if foundLeaf { - return nil, fmt.Errorf(errFoundDisjunctCert) + return nil, errors.New(errFoundDisjunctCert) } // this is the leaf node as it's not a parent for any other node leaf = nodes[i] @@ -89,7 +89,7 @@ func fetchCertChains(data []byte) ([]byte, error) { } if leaf == nil { - return nil, fmt.Errorf(errNoLeafFound) + return nil, errors.New(errNoLeafFound) } processedNodes := 0 @@ -98,7 +98,7 @@ func fetchCertChains(data []byte) ([]byte, error) { processedNodes++ // ensure we aren't stuck in a cyclic loop if processedNodes > len(nodes) { - return pemData, fmt.Errorf(errChainCycle) + return pemData, errors.New(errChainCycle) } newCertChain = append(newCertChain, leaf.cert) leaf = leaf.parent @@ -131,7 +131,7 @@ func pemToNodes(data []byte) ([]*node, error) { // this should not be the case because ParseCertificate should return a non nil // certificate when there is no error. if cert == nil { - return nil, fmt.Errorf(errNilCert) + return nil, errors.New(errNilCert) } nodes = append(nodes, &node{ cert: cert, diff --git a/pkg/template/v2/pkcs12.go b/pkg/template/v2/pkcs12.go index d4cab3760dc..689f9a9c4aa 100644 --- a/pkg/template/v2/pkcs12.go +++ b/pkg/template/v2/pkcs12.go @@ -19,6 +19,7 @@ import ( "crypto/x509" "encoding/base64" "encoding/pem" + "errors" "fmt" gopkcs12 "software.sslmate.com/src/go-pkcs12" @@ -55,7 +56,7 @@ func parsePrivateKey(block []byte) (any, error) { if k, err := x509.ParseECPrivateKey(block); err == nil { return k, nil } - return nil, fmt.Errorf(errParsePrivKey) + return nil, errors.New(errParsePrivKey) } func pkcs12key(input string) (string, error) { diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 430e223fcd0..7a6485931cd 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -550,7 +550,7 @@ func FetchCACertFromSource(ctx context.Context, opts CreateCertOpts) ([]byte, er if opts.CAProvider != nil && opts.StoreKind == esv1beta1.ClusterSecretStoreKind && opts.CAProvider.Namespace == nil { - return nil, fmt.Errorf("missing namespace on caProvider secret") + return nil, errors.New("missing namespace on caProvider secret") } switch opts.CAProvider.Type { From 5e1934d284c7ecb9bdf025e61ed80e6cca6deeaa Mon Sep 17 00:00:00 2001 From: Tom Godkin Date: Mon, 26 Aug 2024 11:24:56 +0100 Subject: [PATCH 242/517] Use maps package from standard library (#3828) Signed-off-by: Tom Godkin Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- go.mod | 2 +- pkg/provider/keepersecurity/client.go | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/go.mod b/go.mod index 0868b988775..348230fb5a7 100644 --- a/go.mod +++ b/go.mod @@ -248,7 +248,7 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa + golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect golang.org/x/mod v0.20.0 // indirect golang.org/x/net v0.28.0 // indirect golang.org/x/sys v0.24.0 // indirect diff --git a/pkg/provider/keepersecurity/client.go b/pkg/provider/keepersecurity/client.go index 5d4b11f5ac2..ebb82119429 100644 --- a/pkg/provider/keepersecurity/client.go +++ b/pkg/provider/keepersecurity/client.go @@ -19,11 +19,11 @@ import ( "encoding/json" "errors" "fmt" + "maps" "regexp" "strings" ksm "github.com/keeper-security/secrets-manager-go/core" - "golang.org/x/exp/maps" corev1 "k8s.io/api/core/v1" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" From 233ede3e474b20a4f47ed23cf3fd611e3d24c2e4 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Tue, 27 Aug 2024 08:34:33 +0200 Subject: [PATCH 243/517] chore: update dependencies (#3836) * update dependencies Signed-off-by: External Secrets Operator * update gitlab provider interface Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: External Secrets Operator Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/go.mod | 38 ++++++------- e2e/go.sum | 80 +++++++++++++-------------- go.mod | 46 ++++++++-------- go.sum | 95 ++++++++++++++++---------------- pkg/provider/gitlab/fake/fake.go | 2 +- pkg/provider/gitlab/gitlab.go | 2 +- 6 files changed, 132 insertions(+), 131 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 767efe96001..779bb39c34b 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -39,7 +39,7 @@ replace ( ) require ( - cloud.google.com/go/secretmanager v1.13.6 + cloud.google.com/go/secretmanager v1.14.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 @@ -56,28 +56,28 @@ require ( github.com/fluxcd/source-controller/api v1.2.3 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/hashicorp/vault/api v1.14.0 - github.com/onsi/ginkgo/v2 v2.20.0 + github.com/onsi/ginkgo/v2 v2.20.1 github.com/onsi/gomega v1.34.1 - github.com/oracle/oci-go-sdk/v65 v65.71.1 + github.com/oracle/oci-go-sdk/v65 v65.72.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 - github.com/xanzy/go-gitlab v0.107.0 + github.com/xanzy/go-gitlab v0.108.0 golang.org/x/oauth2 v0.22.0 - google.golang.org/api v0.192.0 + google.golang.org/api v0.194.0 k8s.io/api v0.31.0 k8s.io/apiextensions-apiserver v0.31.0 k8s.io/apimachinery v0.31.0 k8s.io/client-go v1.5.2 - k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 + k8s.io/utils v0.0.0-20240821151609-f90d01438635 sigs.k8s.io/controller-runtime v0.19.0 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/auth v0.8.1 // indirect + cloud.google.com/go/auth v0.9.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect - cloud.google.com/go/iam v1.1.13 // indirect + cloud.google.com/go/iam v1.2.0 // indirect dario.cat/mergo v1.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect @@ -169,7 +169,7 @@ require ( github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.20.0 // indirect + github.com/prometheus/client_golang v1.20.2 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.55.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect @@ -187,13 +187,13 @@ require ( github.com/x448/float16 v0.8.4 // indirect github.com/zalando/go-keyring v0.2.5 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect - go.opentelemetry.io/otel v1.28.0 // indirect - go.opentelemetry.io/otel/metric v1.28.0 // indirect - go.opentelemetry.io/otel/trace v1.28.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect + go.opentelemetry.io/otel v1.29.0 // indirect + go.opentelemetry.io/otel/metric v1.29.0 // indirect + go.opentelemetry.io/otel/trace v1.29.0 // indirect golang.org/x/crypto v0.26.0 // indirect - golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect + golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 // indirect golang.org/x/net v0.28.0 // indirect golang.org/x/sync v0.8.0 // indirect golang.org/x/sys v0.24.0 // indirect @@ -202,9 +202,9 @@ require ( golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.24.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect + google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240823204242-4ba0660f739c // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c // indirect google.golang.org/grpc v1.65.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -213,7 +213,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240816214639-573285566f34 // indirect + k8s.io/kube-openapi v0.0.0-20240822171749-76de80e0abd9 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index 73a0def8eed..c7919201bf9 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -18,10 +18,10 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= -cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.8.1 h1:QZW9FjC5lZzN864p13YxvAtGUlQ+KgRL+8Sg45Z6vxo= -cloud.google.com/go/auth v0.8.1/go.mod h1:qGVp/Y3kDRSDZ5gFD/XPUfYQ9xW1iI7q8RIRoCyBbJc= +cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= +cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= +cloud.google.com/go/auth v0.9.1 h1:+pMtLEV2k0AXKvs/tGZojuj6QaioxfUjOpMsG5Gtx+w= +cloud.google.com/go/auth v0.9.1/go.mod h1:Sw8ocT5mhhXxFklyhT12Eiy0ed6tTrPMCJjSI8KhYLk= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -35,14 +35,14 @@ cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJ cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.13 h1:7zWBXG9ERbMLrzQBRhFliAV+kjcRToDTgQT3CTwYyv4= -cloud.google.com/go/iam v1.1.13/go.mod h1:K8mY0uSXwEXS30KrnVb+j54LB/ntfZu1dr+4zFMNbus= +cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= +cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.6 h1:0ZEl/LuoB4xQsjVfQt3Gi/dZfOv36n4JmdPrMargzYs= -cloud.google.com/go/secretmanager v1.13.6/go.mod h1:x2ySyOrqv3WGFRFn2Xk10iHmNmvmcEVSSqc30eb1bhw= +cloud.google.com/go/secretmanager v1.14.0 h1:P2RRu2NEsQyOjplhUPvWKqzDXUKzwejHLuSUBHI8c4w= +cloud.google.com/go/secretmanager v1.14.0/go.mod h1:q0hSFHzoW7eRgyYFH8trqEFavgrMeiJI4FETNN78vhM= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -411,14 +411,14 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.20.0 h1:PE84V2mHqoT1sglvHc8ZdQtPcwmvvt29WLEEO3xmdZw= -github.com/onsi/ginkgo/v2 v2.20.0/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= +github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo= +github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.71.1 h1:t1GpyLYaD/x2OrUoSyxNwBQaDaQP4F084FX8LQMXA/s= -github.com/oracle/oci-go-sdk/v65 v65.71.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.72.0 h1:gPCb5fBUsZMyafIilPPB2B36yqjkKnnwwiJT4xexUMg= +github.com/oracle/oci-go-sdk/v65 v65.72.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -427,8 +427,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.20.0 h1:jBzTZ7B099Rg24tny+qngoynol8LtVYlA2bqx3vEloI= -github.com/prometheus/client_golang v1.20.0/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg= +github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= @@ -492,8 +492,8 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= -github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/xanzy/go-gitlab v0.108.0 h1:IEvEUWFR5G1seslRhJ8gC//INiIUqYXuSUoBd7/gFKE= +github.com/xanzy/go-gitlab v0.108.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -510,18 +510,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= -go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= -go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= -go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= -go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= +go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= +go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= +go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= +go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= -go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= -go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= +go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= +go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= @@ -556,8 +556,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa h1:ELnwvuAXPNtPk1TJRuGkI9fDTwym6AYBu0qzT8AcHdI= -golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= +golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 h1:kx6Ds3MlpiUHKj7syVnbp57++8WpuKPcR5yjLBjvLEA= +golang.org/x/exp v0.0.0-20240823005443-9b4947da3948/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -820,8 +820,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.192.0 h1:PljqpNAfZaaSpS+TnANfnNAXKdzHM/B9bKhwRlo7JP0= -google.golang.org/api v0.192.0/go.mod h1:9VcphjvAxPKLmSxVSzPlSRXy/5ARMEw5bf58WoVXafQ= +google.golang.org/api v0.194.0 h1:dztZKG9HgtIpbI35FhfuSNR/zmaMVdxNlntHj1sIS4s= +google.golang.org/api v0.194.0/go.mod h1:AgvUFdojGANh3vI+P7EVnxj3AISHllxGCJSFmggmnd0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -869,12 +869,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142 h1:oLiyxGgE+rt22duwci1+TG7bg2/L1LQsXwfjPlmuJA0= -google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142/go.mod h1:G11eXq53iI5Q+kyNOmCvnzBaxEA2Q/Ik5Tj7nqBE8j4= -google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 h1:wKguEg1hsxI2/L3hUYrpo1RVi48K+uTyzKqprwLXsb8= -google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c h1:TYOEhrQMrNDTAd2rX9m+WgGr8Ku6YNuj1D7OX6rWSok= +google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c/go.mod h1:2rC5OendXvZ8wGEo/cSLheztrZDZaSoHanUcd1xtZnw= +google.golang.org/genproto/googleapis/api v0.0.0-20240823204242-4ba0660f739c h1:e0zB268kOca6FbuJkYUGxfwG4DKFZG/8DLyv9Zv66cE= +google.golang.org/genproto/googleapis/api v0.0.0-20240823204242-4ba0660f739c/go.mod h1:fO8wJzT2zbQbAjbIoos1285VfEIYKDDY+Dt+WpTkh6g= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c h1:Kqjm4WpoWvwhMPcrAczoTyMySQmYa9Wy2iL6Con4zn8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -951,10 +951,10 @@ k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240816214639-573285566f34 h1:/amS69DLm09mtbFtN3+LyygSFohnYGMseF8iv+2zulg= -k8s.io/kube-openapi v0.0.0-20240816214639-573285566f34/go.mod h1:G0W3eI9gG219NHRq3h5uQaRBl4pj4ZpwzRP5ti8y770= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20240822171749-76de80e0abd9 h1:y+4z/s0h3R97P/o/098DSjlpyNpHzGirNPlTL+GHdqY= +k8s.io/kube-openapi v0.0.0-20240822171749-76de80e0abd9/go.mod h1:s4yb9FXajAVNRnxSB5Ckpr/oq2LP4mKSMWeZDVppd30= +k8s.io/utils v0.0.0-20240821151609-f90d01438635 h1:2wThSvJoW/Ncn9TmQEYXRnevZXi2duqHWf5OX9S3zjI= +k8s.io/utils v0.0.0-20240821151609-f90d01438635/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/go.mod b/go.mod index 348230fb5a7..82a0d57f0e3 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,8 @@ go 1.23 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 require ( - cloud.google.com/go/iam v1.1.13 - cloud.google.com/go/secretmanager v1.13.6 + cloud.google.com/go/iam v1.2.0 + cloud.google.com/go/secretmanager v1.14.0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 @@ -30,23 +30,23 @@ require ( github.com/hashicorp/vault/api/auth/kubernetes v0.7.0 github.com/hashicorp/vault/api/auth/ldap v0.7.0 github.com/huandu/xstrings v1.5.0 // indirect - github.com/onsi/ginkgo/v2 v2.20.0 + github.com/onsi/ginkgo/v2 v2.20.1 github.com/onsi/gomega v1.34.1 - github.com/oracle/oci-go-sdk/v65 v65.71.1 - github.com/prometheus/client_golang v1.20.0 + github.com/oracle/oci-go-sdk/v65 v65.72.0 + github.com/prometheus/client_golang v1.20.2 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.3 - github.com/xanzy/go-gitlab v0.107.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240813143603-58770ef469b7 - github.com/yandex-cloud/go-sdk v0.0.0-20240813144531-905aa41b481f + github.com/xanzy/go-gitlab v0.108.0 + github.com/yandex-cloud/go-genproto v0.0.0-20240819112322-98a264d392f6 + github.com/yandex-cloud/go-sdk v0.0.0-20240819112606-8a626cdc403d github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.26.0 golang.org/x/oauth2 v0.22.0 - google.golang.org/api v0.192.0 - google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142 + google.golang.org/api v0.194.0 + google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c google.golang.org/grpc v1.65.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -54,7 +54,7 @@ require ( k8s.io/apiextensions-apiserver v0.31.0 k8s.io/apimachinery v0.31.0 k8s.io/client-go v0.31.0 - k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 + k8s.io/utils v0.0.0-20240821151609-f90d01438635 sigs.k8s.io/controller-runtime v0.19.0 sigs.k8s.io/controller-tools v0.16.1 ) @@ -75,7 +75,7 @@ require ( github.com/alibabacloud-go/openapi-util v0.1.1 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.6 - github.com/aliyun/credentials-go v1.3.7 + github.com/aliyun/credentials-go v1.3.8 github.com/avast/retry-go/v4 v4.6.0 github.com/cenkalti/backoff/v4 v4.3.0 github.com/cyberark/conjur-api-go v0.12.4 @@ -94,13 +94,13 @@ require ( github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - k8s.io/kube-openapi v0.0.0-20240816214639-573285566f34 + k8s.io/kube-openapi v0.0.0-20240822171749-76de80e0abd9 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/auth v0.8.1 // indirect + cloud.google.com/go/auth v0.9.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect @@ -114,12 +114,12 @@ require ( github.com/alibabacloud-go/darabonba-map v0.0.2 // indirect github.com/alibabacloud-go/darabonba-signature-util v0.0.7 // indirect github.com/alibabacloud-go/darabonba-string v1.0.2 // indirect - github.com/alibabacloud-go/debug v1.0.0 // indirect + github.com/alibabacloud-go/debug v1.0.1 // indirect github.com/alibabacloud-go/endpoint-util v1.1.1 // indirect github.com/alibabacloud-go/tea-xml v1.1.3 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect - github.com/cloudflare/circl v1.3.9 // indirect + github.com/cloudflare/circl v1.4.0 // indirect github.com/danieljoos/wincred v1.2.2 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect @@ -142,14 +142,14 @@ require ( github.com/tjfoc/gmsm v1.4.1 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/zalando/go-keyring v0.2.5 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect - go.opentelemetry.io/otel v1.28.0 // indirect - go.opentelemetry.io/otel/metric v1.28.0 // indirect - go.opentelemetry.io/otel/trace v1.28.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect + go.opentelemetry.io/otel v1.29.0 // indirect + go.opentelemetry.io/otel/metric v1.29.0 // indirect + go.opentelemetry.io/otel/trace v1.29.0 // indirect golang.org/x/sync v0.8.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240823204242-4ba0660f739c // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect diff --git a/go.sum b/go.sum index 5c9beec5fa3..b499c9ad0e9 100644 --- a/go.sum +++ b/go.sum @@ -18,10 +18,10 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= -cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= -cloud.google.com/go/auth v0.8.1 h1:QZW9FjC5lZzN864p13YxvAtGUlQ+KgRL+8Sg45Z6vxo= -cloud.google.com/go/auth v0.8.1/go.mod h1:qGVp/Y3kDRSDZ5gFD/XPUfYQ9xW1iI7q8RIRoCyBbJc= +cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= +cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= +cloud.google.com/go/auth v0.9.1 h1:+pMtLEV2k0AXKvs/tGZojuj6QaioxfUjOpMsG5Gtx+w= +cloud.google.com/go/auth v0.9.1/go.mod h1:Sw8ocT5mhhXxFklyhT12Eiy0ed6tTrPMCJjSI8KhYLk= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -35,14 +35,14 @@ cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJ cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.1.13 h1:7zWBXG9ERbMLrzQBRhFliAV+kjcRToDTgQT3CTwYyv4= -cloud.google.com/go/iam v1.1.13/go.mod h1:K8mY0uSXwEXS30KrnVb+j54LB/ntfZu1dr+4zFMNbus= +cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= +cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.13.6 h1:0ZEl/LuoB4xQsjVfQt3Gi/dZfOv36n4JmdPrMargzYs= -cloud.google.com/go/secretmanager v1.13.6/go.mod h1:x2ySyOrqv3WGFRFn2Xk10iHmNmvmcEVSSqc30eb1bhw= +cloud.google.com/go/secretmanager v1.14.0 h1:P2RRu2NEsQyOjplhUPvWKqzDXUKzwejHLuSUBHI8c4w= +cloud.google.com/go/secretmanager v1.14.0/go.mod h1:q0hSFHzoW7eRgyYFH8trqEFavgrMeiJI4FETNN78vhM= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -157,8 +157,9 @@ github.com/alibabacloud-go/darabonba-signature-util v0.0.7/go.mod h1:oUzCYV2fcCH github.com/alibabacloud-go/darabonba-string v1.0.2 h1:E714wms5ibdzCqGeYJ9JCFywE5nDyvIXIIQbZVFkkqo= github.com/alibabacloud-go/darabonba-string v1.0.2/go.mod h1:93cTfV3vuPhhEwGGpKKqhVW4jLe7tDpo3LUM0i0g6mA= github.com/alibabacloud-go/debug v0.0.0-20190504072949-9472017b5c68/go.mod h1:6pb/Qy8c+lqua8cFpEy7g39NRRqOWc3rOwAy8m5Y2BY= -github.com/alibabacloud-go/debug v1.0.0 h1:3eIEQWfay1fB24PQIEzXAswlVJtdQok8f3EVN5VrBnA= github.com/alibabacloud-go/debug v1.0.0/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc= +github.com/alibabacloud-go/debug v1.0.1 h1:MsW9SmUtbb1Fnt3ieC6NNZi6aEwrXfDksD4QA6GSbPg= +github.com/alibabacloud-go/debug v1.0.1/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/qlH6IHTI4QyICOc= github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9GQdZO3mcSUTUy8= github.com/alibabacloud-go/endpoint-util v1.1.1/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= @@ -185,8 +186,8 @@ github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCE github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= -github.com/aliyun/credentials-go v1.3.7 h1:f1XaxzMlyxvcRtHBWF6W3bWHWa2q26xNDjSnujXWgfM= -github.com/aliyun/credentials-go v1.3.7/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= +github.com/aliyun/credentials-go v1.3.8 h1:NYNdqSii0mesiq2cHrUHrKKB9qxYsaSPIwkRvHjXwPk= +github.com/aliyun/credentials-go v1.3.8/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= @@ -219,8 +220,8 @@ github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyM github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -github.com/cloudflare/circl v1.3.9 h1:QFrlgFYf2Qpi8bSpVPK1HBvWpx16v/1TZivyo7pGuBE= -github.com/cloudflare/circl v1.3.9/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= +github.com/cloudflare/circl v1.4.0 h1:BV7h5MgrktNzytKmWjpOtdYrf0lkkbF8YMlBGPhJQrY= +github.com/cloudflare/circl v1.4.0/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -568,14 +569,14 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.20.0 h1:PE84V2mHqoT1sglvHc8ZdQtPcwmvvt29WLEEO3xmdZw= -github.com/onsi/ginkgo/v2 v2.20.0/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= +github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo= +github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.71.1 h1:t1GpyLYaD/x2OrUoSyxNwBQaDaQP4F084FX8LQMXA/s= -github.com/oracle/oci-go-sdk/v65 v65.71.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.72.0 h1:gPCb5fBUsZMyafIilPPB2B36yqjkKnnwwiJT4xexUMg= +github.com/oracle/oci-go-sdk/v65 v65.72.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.1 h1:boNYHZmSnWl/3bKbUiaWgF/mELCtHfliGHzggf884GE= github.com/passbolt/go-passbolt v0.7.1/go.mod h1:if/jzzYYUjRtq/5h+l+J5Dka0f5dED67QM1lhpTx4pY= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -587,8 +588,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.20.0 h1:jBzTZ7B099Rg24tny+qngoynol8LtVYlA2bqx3vEloI= -github.com/prometheus/client_golang v1.20.0/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg= +github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= @@ -678,12 +679,12 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.107.0 h1:P2CT9Uy9yN9lJo3FLxpMZ4xj6uWcpnigXsjvqJ6nd2Y= -github.com/xanzy/go-gitlab v0.107.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20240813143603-58770ef469b7 h1:PSXr/xm10ZZ0f2pDWCX6wtY7EXfyBtoAGAD5Rzxstb0= -github.com/yandex-cloud/go-genproto v0.0.0-20240813143603-58770ef469b7/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240813144531-905aa41b481f h1:oetXcQPVH/CfyBD5MXnxOQY7IFvhTZpLLQKKLmTVRPM= -github.com/yandex-cloud/go-sdk v0.0.0-20240813144531-905aa41b481f/go.mod h1:9sGM6Epw7DGLLs57/XVQzzwY1ZRP3U5xyqg8j8wdn3M= +github.com/xanzy/go-gitlab v0.108.0 h1:IEvEUWFR5G1seslRhJ8gC//INiIUqYXuSUoBd7/gFKE= +github.com/xanzy/go-gitlab v0.108.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/yandex-cloud/go-genproto v0.0.0-20240819112322-98a264d392f6 h1:w57l27dDkJTVSi8hM3H/WVkiv+CsJwAIweqO6pFdljk= +github.com/yandex-cloud/go-genproto v0.0.0-20240819112322-98a264d392f6/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240819112606-8a626cdc403d h1:eYs6TKjvjzYgAar7n2Ic4a+jIP08IfswtvCZ8iJqdKk= +github.com/yandex-cloud/go-sdk v0.0.0-20240819112606-8a626cdc403d/go.mod h1:WYdfvXcvRn3kbVcwpav4J3jd1STOYtYvkTqx0wm4leM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -705,18 +706,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= -go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= -go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= -go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= -go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= +go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= +go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= +go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= +go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= -go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= -go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= +go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= +go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= @@ -1058,8 +1059,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.192.0 h1:PljqpNAfZaaSpS+TnANfnNAXKdzHM/B9bKhwRlo7JP0= -google.golang.org/api v0.192.0/go.mod h1:9VcphjvAxPKLmSxVSzPlSRXy/5ARMEw5bf58WoVXafQ= +google.golang.org/api v0.194.0 h1:dztZKG9HgtIpbI35FhfuSNR/zmaMVdxNlntHj1sIS4s= +google.golang.org/api v0.194.0/go.mod h1:AgvUFdojGANh3vI+P7EVnxj3AISHllxGCJSFmggmnd0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1109,12 +1110,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142 h1:oLiyxGgE+rt22duwci1+TG7bg2/L1LQsXwfjPlmuJA0= -google.golang.org/genproto v0.0.0-20240814211410-ddb44dafa142/go.mod h1:G11eXq53iI5Q+kyNOmCvnzBaxEA2Q/Ik5Tj7nqBE8j4= -google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 h1:wKguEg1hsxI2/L3hUYrpo1RVi48K+uTyzKqprwLXsb8= -google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c h1:TYOEhrQMrNDTAd2rX9m+WgGr8Ku6YNuj1D7OX6rWSok= +google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c/go.mod h1:2rC5OendXvZ8wGEo/cSLheztrZDZaSoHanUcd1xtZnw= +google.golang.org/genproto/googleapis/api v0.0.0-20240823204242-4ba0660f739c h1:e0zB268kOca6FbuJkYUGxfwG4DKFZG/8DLyv9Zv66cE= +google.golang.org/genproto/googleapis/api v0.0.0-20240823204242-4ba0660f739c/go.mod h1:fO8wJzT2zbQbAjbIoos1285VfEIYKDDY+Dt+WpTkh6g= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c h1:Kqjm4WpoWvwhMPcrAczoTyMySQmYa9Wy2iL6Con4zn8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1208,10 +1209,10 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240816214639-573285566f34 h1:/amS69DLm09mtbFtN3+LyygSFohnYGMseF8iv+2zulg= -k8s.io/kube-openapi v0.0.0-20240816214639-573285566f34/go.mod h1:G0W3eI9gG219NHRq3h5uQaRBl4pj4ZpwzRP5ti8y770= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8 h1:pUdcCO1Lk/tbT5ztQWOBi5HBgbBP1J8+AsQnQCKsi8A= -k8s.io/utils v0.0.0-20240711033017-18e509b52bc8/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20240822171749-76de80e0abd9 h1:y+4z/s0h3R97P/o/098DSjlpyNpHzGirNPlTL+GHdqY= +k8s.io/kube-openapi v0.0.0-20240822171749-76de80e0abd9/go.mod h1:s4yb9FXajAVNRnxSB5Ckpr/oq2LP4mKSMWeZDVppd30= +k8s.io/utils v0.0.0-20240821151609-f90d01438635 h1:2wThSvJoW/Ncn9TmQEYXRnevZXi2duqHWf5OX9S3zjI= +k8s.io/utils v0.0.0-20240821151609-f90d01438635/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/pkg/provider/gitlab/fake/fake.go b/pkg/provider/gitlab/fake/fake.go index 8a07b64e078..41817cc41d2 100644 --- a/pkg/provider/gitlab/fake/fake.go +++ b/pkg/provider/gitlab/fake/fake.go @@ -135,7 +135,7 @@ type GitlabMockGroupVariablesClient struct { listVariables func(gid any, options ...gitlab.RequestOptionFunc) ([]*gitlab.GroupVariable, *gitlab.Response, error) } -func (mc *GitlabMockGroupVariablesClient) GetVariable(gid any, key string, _ ...gitlab.RequestOptionFunc) (*gitlab.GroupVariable, *gitlab.Response, error) { +func (mc *GitlabMockGroupVariablesClient) GetVariable(gid any, key string, _ *gitlab.GetGroupVariableOptions, _ ...gitlab.RequestOptionFunc) (*gitlab.GroupVariable, *gitlab.Response, error) { return mc.getVariable(gid, key, nil) } diff --git a/pkg/provider/gitlab/gitlab.go b/pkg/provider/gitlab/gitlab.go index a7c226721e4..5f5c600e3fa 100644 --- a/pkg/provider/gitlab/gitlab.go +++ b/pkg/provider/gitlab/gitlab.go @@ -67,7 +67,7 @@ type ProjectVariablesClient interface { } type GroupVariablesClient interface { - GetVariable(gid any, key string, options ...gitlab.RequestOptionFunc) (*gitlab.GroupVariable, *gitlab.Response, error) + GetVariable(gid any, key string, opts *gitlab.GetGroupVariableOptions, options ...gitlab.RequestOptionFunc) (*gitlab.GroupVariable, *gitlab.Response, error) ListVariables(gid any, opt *gitlab.ListGroupVariablesOptions, options ...gitlab.RequestOptionFunc) ([]*gitlab.GroupVariable, *gitlab.Response, error) } From 428a452fd2ad45935312f2c2c0d40bc37ce6e67c Mon Sep 17 00:00:00 2001 From: younaman <52592519+younaman@users.noreply.github.com> Date: Tue, 27 Aug 2024 14:54:30 +0800 Subject: [PATCH 244/517] add the resourceNames(git commit -s) (#3822) * add the resourceNames Signed-off-by: younaman <952508578@qq.com> * fixed Signed-off-by: younaman <952508578@qq.com> * make helm.test.update Signed-off-by: younaman <952508578@qq.com> --------- Signed-off-by: younaman <952508578@qq.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .../templates/cert-controller-rbac.yaml | 10 +++++++++- .../tests/__snapshot__/crds_test.yaml.snap | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml b/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml index 43c2306a67d..83e49f0ae0e 100644 --- a/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml +++ b/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml @@ -21,8 +21,16 @@ rules: resources: - "validatingwebhookconfigurations" verbs: - - "get" - "list" + - apiGroups: + - "admissionregistration.k8s.io" + resources: + - "validatingwebhookconfigurations" + resourceNames: + - "secretstore-validate" + - "externalsecret-validate" + verbs: + - "get" - "watch" - "update" - "patch" diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 79d78ead32b..6c137c00fdf 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -4,7 +4,7 @@ should match snapshot of default values: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.15.0 + controller-gen.kubebuilder.io/version: v0.16.1 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io From 2e7fd7bf2effde66da90dcec507675e3468094d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Aug 2024 08:55:49 +0200 Subject: [PATCH 245/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3830) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.31 to 9.5.33. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.31...9.5.33) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 23300bab9c2..47db898a099 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.0 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.31 +mkdocs-material==9.5.33 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 From cadf0c77eebccce922945d5b413f0f7b35a25387 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Aug 2024 08:56:06 +0200 Subject: [PATCH 246/517] chore(deps): bump importlib-metadata in /hack/api-docs (#3831) Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 8.2.0 to 8.4.0. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](https://github.com/python/importlib_metadata/compare/v8.2.0...v8.4.0) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 47db898a099..798a60a1094 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -7,7 +7,7 @@ csscompressor==0.9.5 ghp-import==2.1.0 htmlmin==0.1.12 idna==3.7 -importlib-metadata==8.2.0 +importlib-metadata==8.4.0 importlib-resources==6.4.3 Jinja2==3.1.4 jsmin==3.0.1 From 48a51c8111b06bb60e081fd6dc85e9fa0af521e6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Aug 2024 08:56:16 +0200 Subject: [PATCH 247/517] chore(deps): bump paginate from 0.5.6 to 0.5.7 in /hack/api-docs (#3832) Bumps [paginate](https://github.com/Signum/paginate) from 0.5.6 to 0.5.7. - [Changelog](https://github.com/Pylons/paginate/blob/master/CHANGELOG.txt) - [Commits](https://github.com/Signum/paginate/compare/0.5.6...0.5.7) --- updated-dependencies: - dependency-name: paginate dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 798a60a1094..af2a93c8ff4 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -22,7 +22,7 @@ mkdocs-material==9.5.33 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 -paginate==0.5.6 +paginate==0.5.7 pathspec==0.12.1 pep562==1.1 platformdirs==4.2.2 From 219e1661cd1755ff867dc5cfa6a38792c0c75548 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Aug 2024 08:59:56 +0200 Subject: [PATCH 248/517] chore(deps): bump golang from 1.22.6 to 1.23.0 (#3814) Bumps golang from 1.22.6 to 1.23.0. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- tilt.debug.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 292b8a6bbee..4ea5c0abf71 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.22.6@sha256:2bd56f00ff47baf33e64eae7996b65846c7cb5e0a46e0a882ef179fd89654afa +FROM golang:1.23.0@sha256:613a108a4a4b1dfb6923305db791a19d088f77632317cfc3446825c54fb862cd WORKDIR / COPY ./bin/external-secrets /external-secrets From 51d8c90cecb93812ab18185523fa0be0e7eac972 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Aug 2024 09:07:19 +0200 Subject: [PATCH 249/517] chore(deps): bump github/codeql-action from 3.26.2 to 3.26.5 (#3835) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.2 to 3.26.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/429e1977040da7a23b6822b13c129cd1ba93dbb2...2c779ab0d087cd7fe7b826087247c2c81f27bfa6) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index f959acfb68c..08dc5024f8e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@429e1977040da7a23b6822b13c129cd1ba93dbb2 # v3.26.2 + uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 with: sarif_file: results.sarif From 50473338156fd92e128aa4cc3dfd6ab6d5aa8aee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Aug 2024 09:08:00 +0200 Subject: [PATCH 250/517] chore(deps): bump idna from 3.7 to 3.8 in /hack/api-docs (#3834) Bumps [idna](https://github.com/kjd/idna) from 3.7 to 3.8. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.7...v3.8) --- updated-dependencies: - dependency-name: idna dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index af2a93c8ff4..9fb3687c54e 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -6,7 +6,7 @@ colorama==0.4.6 csscompressor==0.9.5 ghp-import==2.1.0 htmlmin==0.1.12 -idna==3.7 +idna==3.8 importlib-metadata==8.4.0 importlib-resources==6.4.3 Jinja2==3.1.4 From 0959c7e1f442d6681c5bb95d9b8f669bdfcba6b6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 27 Aug 2024 09:08:22 +0200 Subject: [PATCH 251/517] chore(deps): bump importlib-resources in /hack/api-docs (#3833) Bumps [importlib-resources](https://github.com/python/importlib_resources) from 6.4.3 to 6.4.4. - [Release notes](https://github.com/python/importlib_resources/releases) - [Changelog](https://github.com/python/importlib_resources/blob/main/NEWS.rst) - [Commits](https://github.com/python/importlib_resources/compare/v6.4.3...v6.4.4) --- updated-dependencies: - dependency-name: importlib-resources dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 9fb3687c54e..afa24492fc7 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -8,7 +8,7 @@ ghp-import==2.1.0 htmlmin==0.1.12 idna==3.8 importlib-metadata==8.4.0 -importlib-resources==6.4.3 +importlib-resources==6.4.4 Jinja2==3.1.4 jsmin==3.0.1 livereload==2.7.0 From 34a1a50609d5d34983e654b6eccbeda8c025d2ad Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Tue, 27 Aug 2024 10:43:15 +0200 Subject: [PATCH 252/517] feat: implement GetSecretMap for Bitwarden provider (#3800) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/bitwarden/client.go | 25 ++++++- pkg/provider/bitwarden/client_test.go | 95 +++++++++++++++++++++++++++ 2 files changed, 119 insertions(+), 1 deletion(-) diff --git a/pkg/provider/bitwarden/client.go b/pkg/provider/bitwarden/client.go index b4a45c0d606..0c3f94207b6 100644 --- a/pkg/provider/bitwarden/client.go +++ b/pkg/provider/bitwarden/client.go @@ -16,6 +16,7 @@ package bitwarden import ( "context" + "encoding/json" "errors" "fmt" @@ -205,7 +206,29 @@ func (p *Provider) SecretExists(ctx context.Context, ref esv1beta1.PushSecretRem // GetSecretMap returns multiple k/v pairs from the provider. func (p *Provider) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { - return nil, errors.New("GetSecretMap() not implemented") + data, err := p.GetSecret(ctx, ref) + if err != nil { + return nil, err + } + + kv := make(map[string]json.RawMessage) + err = json.Unmarshal(data, &kv) + if err != nil { + return nil, fmt.Errorf("error unmarshalling secret: %w", err) + } + + secretData := make(map[string][]byte) + for k, v := range kv { + var strVal string + err = json.Unmarshal(v, &strVal) + if err == nil { + secretData[k] = []byte(strVal) + } else { + secretData[k] = v + } + } + + return secretData, nil } // GetAllSecrets gets multiple secrets from the provider and loads into a kubernetes secret. diff --git a/pkg/provider/bitwarden/client_test.go b/pkg/provider/bitwarden/client_test.go index 1630ddeb38a..470f92b66f2 100644 --- a/pkg/provider/bitwarden/client_test.go +++ b/pkg/provider/bitwarden/client_test.go @@ -823,3 +823,98 @@ func TestProviderSecretExists(t *testing.T) { }) } } + +func TestProviderGetSecretMap(t *testing.T) { + type fields struct { + kube func() client.Client + namespace string + store v1beta1.GenericStore + mock func(c *FakeClient) + } + type args struct { + ctx context.Context + ref v1beta1.ExternalSecretDataRemoteRef + key string + } + tests := []struct { + name string + fields fields + args args + want []byte + wantErr bool + }{ + { + name: "get secret map", + fields: fields{ + kube: func() client.Client { + return fake.NewFakeClient() + }, + namespace: "default", + store: &v1beta1.SecretStore{}, + mock: func(c *FakeClient) { + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "key", + Note: "note", + OrganizationID: "org", + Value: `{"key": "value"}`, + }) + }, + }, + args: args{ + ctx: context.Background(), + ref: v1beta1.ExternalSecretDataRemoteRef{ + Key: "d8f29773-3019-4973-9bbc-66327d077fe2", + Property: "key", + }, + key: "key", + }, + want: []byte("value"), + }, + { + name: "get secret map - missing key", + fields: fields{ + kube: func() client.Client { + return fake.NewFakeClient() + }, + namespace: "default", + store: &v1beta1.SecretStore{}, + mock: func(c *FakeClient) { + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "key", + Note: "note", + OrganizationID: "org", + Value: `{"key": "value"}`, + }) + }, + }, + args: args{ + ctx: context.Background(), + ref: v1beta1.ExternalSecretDataRemoteRef{ + Key: "d8f29773-3019-4973-9bbc-66327d077fe2", + Property: "nope", + }, + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + fakeClient := &FakeClient{} + tt.fields.mock(fakeClient) + + p := &Provider{ + kube: tt.fields.kube(), + namespace: tt.fields.namespace, + store: tt.fields.store, + bitwardenSdkClient: fakeClient, + } + got, err := p.GetSecretMap(tt.args.ctx, tt.args.ref) + if (err != nil) != tt.wantErr { + t.Errorf("GetSecret() error = %v, wantErr %v", err, tt.wantErr) + return + } + assert.Equal(t, tt.want, got[tt.args.key]) + }) + } +} From bc97ae06f669c17903ad3b170a71dd4fd47045c8 Mon Sep 17 00:00:00 2001 From: Tom Godkin Date: Tue, 27 Aug 2024 21:20:41 +0100 Subject: [PATCH 253/517] Demonstrate new slices/maps packages (#3839) --- pkg/controllers/crds/crds_controller.go | 12 ++---------- .../externalsecret_controller.go | 18 +++++++----------- .../externalsecret_controller_template.go | 5 ++--- .../pushsecret/pushsecret_controller.go | 5 ++--- .../aws/parameterstore/parameterstore.go | 10 ++++------ pkg/provider/kubernetes/validate.go | 16 ++++------------ pkg/provider/vault/client_push.go | 5 ++--- 7 files changed, 23 insertions(+), 48 deletions(-) diff --git a/pkg/controllers/crds/crds_controller.go b/pkg/controllers/crds/crds_controller.go index bd5ab895a98..a26e951234c 100644 --- a/pkg/controllers/crds/crds_controller.go +++ b/pkg/controllers/crds/crds_controller.go @@ -29,6 +29,7 @@ import ( "net/http" "os" "path/filepath" + "slices" "sync" "time" @@ -107,18 +108,9 @@ type CertInfo struct { CAName string } -func contains(s []string, e string) bool { - for _, a := range s { - if a == e { - return true - } - } - return false -} - func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { log := r.Log.WithValues("CustomResourceDefinition", req.NamespacedName) - if contains(r.CrdResources, req.NamespacedName.Name) { + if slices.Contains(r.CrdResources, req.NamespacedName.Name) { err := r.updateCRD(ctx, req) if err != nil { log.Error(err, "failed to inject conversion webhook") diff --git a/pkg/controllers/externalsecret/externalsecret_controller.go b/pkg/controllers/externalsecret/externalsecret_controller.go index 5ab1f989b50..9be861a25e2 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller.go +++ b/pkg/controllers/externalsecret/externalsecret_controller.go @@ -19,6 +19,8 @@ import ( "encoding/json" "errors" "fmt" + "maps" + "slices" "strings" "time" @@ -474,11 +476,8 @@ func getManagedDataKeys(secret *v1.Secret, fieldOwner string) ([]string, error) if !ok { return nil } - var keys []string - for k := range df { - keys = append(keys, k) - } - return keys + + return slices.Collect(maps.Keys(df)) }) } @@ -639,12 +638,9 @@ func isSecretValid(existingSecret v1.Secret) bool { // computeDataHashAnnotation generate a hash of the secret data combining the old key with the new keys to add or override. func (r *Reconciler) computeDataHashAnnotation(existing, secret *v1.Secret) string { data := make(map[string][]byte) - for k, v := range existing.Data { - data[k] = v - } - for k, v := range secret.Data { - data[k] = v - } + maps.Insert(data, maps.All(existing.Data)) + maps.Insert(data, maps.All(secret.Data)) + return utils.ObjectHash(data) } diff --git a/pkg/controllers/externalsecret/externalsecret_controller_template.go b/pkg/controllers/externalsecret/externalsecret_controller_template.go index fa540a64540..73fb35edd17 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_template.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_template.go @@ -17,6 +17,7 @@ package externalsecret import ( "context" "fmt" + "maps" v1 "k8s.io/api/core/v1" @@ -44,9 +45,7 @@ func (r *Reconciler) applyTemplate(ctx context.Context, es *esv1beta1.ExternalSe } // Merge Policy should merge secrets if es.Spec.Target.Template.MergePolicy == esv1beta1.MergePolicyMerge { - for k, v := range dataMap { - secret.Data[k] = v - } + maps.Insert(secret.Data, maps.All(dataMap)) } execute, err := template.EngineForVersion(es.Spec.Target.Template.EngineVersion) if err != nil { diff --git a/pkg/controllers/pushsecret/pushsecret_controller.go b/pkg/controllers/pushsecret/pushsecret_controller.go index 22822a78480..90db947264e 100644 --- a/pkg/controllers/pushsecret/pushsecret_controller.go +++ b/pkg/controllers/pushsecret/pushsecret_controller.go @@ -18,6 +18,7 @@ import ( "context" "errors" "fmt" + "maps" "strings" "time" @@ -235,9 +236,7 @@ func mergeSecretState(newMap, old esapi.SyncedPushSecretsMap) esapi.SyncedPushSe if !ok { out[k] = make(map[string]esapi.PushSecretData) } - for kk, vv := range v { - out[k][kk] = vv - } + maps.Insert(out[k], maps.All(v)) } return out } diff --git a/pkg/provider/aws/parameterstore/parameterstore.go b/pkg/provider/aws/parameterstore/parameterstore.go index 23d3f8f6f4a..842cc3e028f 100644 --- a/pkg/provider/aws/parameterstore/parameterstore.go +++ b/pkg/provider/aws/parameterstore/parameterstore.go @@ -19,6 +19,7 @@ import ( "encoding/json" "errors" "fmt" + "slices" "strings" "github.com/aws/aws-sdk-go/aws" @@ -239,12 +240,9 @@ func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, } func isManagedByESO(tags []*ssm.Tag) bool { - for _, tag := range tags { - if *tag.Key == managedBy && *tag.Value == externalSecrets { - return true - } - } - return false + return slices.ContainsFunc(tags, func(tag *ssm.Tag) bool { + return *tag.Key == managedBy && *tag.Value == externalSecrets + }) } func (pm *ParameterStore) setManagedRemoteParameter(ctx context.Context, secretRequest ssm.PutParameterInput, createManagedByTags bool) error { diff --git a/pkg/provider/kubernetes/validate.go b/pkg/provider/kubernetes/validate.go index 00f70607cc3..16c9cab21a3 100644 --- a/pkg/provider/kubernetes/validate.go +++ b/pkg/provider/kubernetes/validate.go @@ -18,6 +18,7 @@ import ( "context" "errors" "fmt" + "slices" authv1 "k8s.io/api/authorization/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -89,20 +90,11 @@ func (c *Client) Validate() (esv1beta1.ValidationResult, error) { return esv1beta1.ValidationResultUnknown, fmt.Errorf("could not verify if client is valid: %w", err) } for _, rev := range authReview.Status.ResourceRules { - if (contains("secrets", rev.Resources) || contains("*", rev.Resources)) && - (contains("get", rev.Verbs) || contains("*", rev.Verbs)) && - (len(rev.APIGroups) == 0 || (contains("", rev.APIGroups) || contains("*", rev.APIGroups))) { + if (slices.Contains(rev.Resources, "secrets") || slices.Contains(rev.Resources, "*")) && + (slices.Contains(rev.Verbs, "get") || slices.Contains(rev.Verbs, "*")) && + (len(rev.APIGroups) == 0 || (slices.Contains(rev.APIGroups, "") || slices.Contains(rev.APIGroups, "*"))) { return esv1beta1.ValidationResultReady, nil } } return esv1beta1.ValidationResultError, errors.New("client is not allowed to get secrets") } - -func contains(sub string, args []string) bool { - for _, k := range args { - if k == sub { - return true - } - } - return false -} diff --git a/pkg/provider/vault/client_push.go b/pkg/provider/vault/client_push.go index 0ed4422f301..d36b7204baf 100644 --- a/pkg/provider/vault/client_push.go +++ b/pkg/provider/vault/client_push.go @@ -20,6 +20,7 @@ import ( "encoding/json" "errors" "fmt" + "maps" corev1 "k8s.io/api/core/v1" @@ -107,9 +108,7 @@ func (c *client) PushSecret(ctx context.Context, secret *corev1.Secret, data esv return nil } } - for k, v := range vaultSecret { - secretVal[k] = v - } + maps.Insert(secretVal, maps.All(vaultSecret)) // Secret got from vault is already on map[string]string format secretVal[data.GetProperty()] = string(value) } else { From 6f32955fc52e651053a7991065e47540797818af Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Wed, 28 Aug 2024 09:19:13 +0200 Subject: [PATCH 254/517] release: update helm charts to version v0.10.1 (#3842) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- deploy/charts/external-secrets/Chart.yaml | 4 ++-- deploy/charts/external-secrets/README.md | 2 +- .../__snapshot__/cert_controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/webhook_test.yaml.snap | 14 +++++++------- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index 42d7fd8f0c8..db14f3b4d4b 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.10.0" -appVersion: "v0.10.0" +version: "0.10.1" +appVersion: "v0.10.1" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index 4af2b7c7085..0bf630d32ee 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.0](https://img.shields.io/badge/Version-0.10.0-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.1](https://img.shields.io/badge/Version-0.10.1-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 42ef77f87a0..4ca552a4f8a 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.0 - helm.sh/chart: external-secrets-0.10.0 + app.kubernetes.io/version: v0.10.1 + helm.sh/chart: external-secrets-0.10.1 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.0 - helm.sh/chart: external-secrets-0.10.0 + app.kubernetes.io/version: v0.10.1 + helm.sh/chart: external-secrets-0.10.1 spec: automountServiceAccountToken: true containers: @@ -41,7 +41,7 @@ should match snapshot of default values: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: ghcr.io/external-secrets/external-secrets:v0.10.0 + image: ghcr.io/external-secrets/external-secrets:v0.10.1 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index cd8fd494c19..0d2718716cb 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.0 - helm.sh/chart: external-secrets-0.10.0 + app.kubernetes.io/version: v0.10.1 + helm.sh/chart: external-secrets-0.10.1 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.0 - helm.sh/chart: external-secrets-0.10.0 + app.kubernetes.io/version: v0.10.1 + helm.sh/chart: external-secrets-0.10.1 spec: automountServiceAccountToken: true containers: @@ -34,7 +34,7 @@ should match snapshot of default values: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: ghcr.io/external-secrets/external-secrets:v0.10.0 + image: ghcr.io/external-secrets/external-secrets:v0.10.1 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index e7fa28f877b..2f10858f838 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.0 - helm.sh/chart: external-secrets-0.10.0 + app.kubernetes.io/version: v0.10.1 + helm.sh/chart: external-secrets-0.10.1 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.0 - helm.sh/chart: external-secrets-0.10.0 + app.kubernetes.io/version: v0.10.1 + helm.sh/chart: external-secrets-0.10.1 spec: automountServiceAccountToken: true containers: @@ -39,7 +39,7 @@ should match snapshot of default values: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: ghcr.io/external-secrets/external-secrets:v0.10.0 + image: ghcr.io/external-secrets/external-secrets:v0.10.1 imagePullPolicy: IfNotPresent name: webhook ports: @@ -83,8 +83,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.0 + app.kubernetes.io/version: v0.10.1 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.10.0 + helm.sh/chart: external-secrets-0.10.1 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From 0368b9806f660fa6bc52cbbf3c6ccdb27c58bb35 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Wed, 28 Aug 2024 11:48:21 -0300 Subject: [PATCH 255/517] fix: add watch to validatingwebhookconfigs (#3845) * fix: add watch to validatingwebhookconfigs Signed-off-by: Gustavo Carvalho * fix: only patch/update are resource-bound Signed-off-by: Gustavo Carvalho --------- Signed-off-by: Gustavo Carvalho --- .../external-secrets/templates/cert-controller-rbac.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml b/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml index 83e49f0ae0e..84a0c110bd0 100644 --- a/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml +++ b/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml @@ -22,6 +22,8 @@ rules: - "validatingwebhookconfigurations" verbs: - "list" + - "watch" + - "get" - apiGroups: - "admissionregistration.k8s.io" resources: @@ -30,8 +32,6 @@ rules: - "secretstore-validate" - "externalsecret-validate" verbs: - - "get" - - "watch" - "update" - "patch" - apiGroups: From 1707de3d5abc0197231faa928d829cf39fcfeb7f Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Wed, 28 Aug 2024 17:58:55 +0200 Subject: [PATCH 256/517] release: update helm charts to version v0.10.2 (#3846) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- deploy/charts/external-secrets/Chart.yaml | 4 ++-- deploy/charts/external-secrets/README.md | 2 +- .../__snapshot__/cert_controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/webhook_test.yaml.snap | 14 +++++++------- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index db14f3b4d4b..5ad4e0014b5 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.10.1" -appVersion: "v0.10.1" +version: "0.10.2" +appVersion: "v0.10.2" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index 0bf630d32ee..a1cd2a873a8 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.1](https://img.shields.io/badge/Version-0.10.1-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.2](https://img.shields.io/badge/Version-0.10.2-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 4ca552a4f8a..530cebf9440 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.1 - helm.sh/chart: external-secrets-0.10.1 + app.kubernetes.io/version: v0.10.2 + helm.sh/chart: external-secrets-0.10.2 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.1 - helm.sh/chart: external-secrets-0.10.1 + app.kubernetes.io/version: v0.10.2 + helm.sh/chart: external-secrets-0.10.2 spec: automountServiceAccountToken: true containers: @@ -41,7 +41,7 @@ should match snapshot of default values: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: ghcr.io/external-secrets/external-secrets:v0.10.1 + image: ghcr.io/external-secrets/external-secrets:v0.10.2 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 0d2718716cb..7138ca01dcb 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.1 - helm.sh/chart: external-secrets-0.10.1 + app.kubernetes.io/version: v0.10.2 + helm.sh/chart: external-secrets-0.10.2 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.1 - helm.sh/chart: external-secrets-0.10.1 + app.kubernetes.io/version: v0.10.2 + helm.sh/chart: external-secrets-0.10.2 spec: automountServiceAccountToken: true containers: @@ -34,7 +34,7 @@ should match snapshot of default values: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: ghcr.io/external-secrets/external-secrets:v0.10.1 + image: ghcr.io/external-secrets/external-secrets:v0.10.2 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 2f10858f838..1d8396ce84e 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.1 - helm.sh/chart: external-secrets-0.10.1 + app.kubernetes.io/version: v0.10.2 + helm.sh/chart: external-secrets-0.10.2 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.1 - helm.sh/chart: external-secrets-0.10.1 + app.kubernetes.io/version: v0.10.2 + helm.sh/chart: external-secrets-0.10.2 spec: automountServiceAccountToken: true containers: @@ -39,7 +39,7 @@ should match snapshot of default values: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: ghcr.io/external-secrets/external-secrets:v0.10.1 + image: ghcr.io/external-secrets/external-secrets:v0.10.2 imagePullPolicy: IfNotPresent name: webhook ports: @@ -83,8 +83,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.1 + app.kubernetes.io/version: v0.10.2 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.10.1 + helm.sh/chart: external-secrets-0.10.2 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From a1722cbfaa5620fdab3c71f2269e70525a4d989b Mon Sep 17 00:00:00 2001 From: Shlomo Zalman Heigh Date: Wed, 28 Aug 2024 15:54:04 -0400 Subject: [PATCH 257/517] Use Conjur API's built in JWT functions (#3771) * Use Conjur API's built in JWT functions Signed-off-by: Shlomo Heigh * docs: clarify that all Conjur types are supported Signed-off-by: Shlomo Heigh * docs: add link to Conjur blog post Signed-off-by: Shlomo Heigh --------- Signed-off-by: Shlomo Heigh --- docs/eso-blogs.md | 5 ++ docs/provider/conjur.md | 4 +- pkg/provider/conjur/auth_jwt.go | 33 ---------- pkg/provider/conjur/client.go | 99 ++++++++++++++++------------ pkg/provider/conjur/conjur_api.go | 56 +--------------- pkg/provider/conjur/provider_test.go | 2 +- 6 files changed, 70 insertions(+), 129 deletions(-) diff --git a/docs/eso-blogs.md b/docs/eso-blogs.md index 2c99407b563..52ea141e2d2 100644 --- a/docs/eso-blogs.md +++ b/docs/eso-blogs.md @@ -2,6 +2,11 @@ A list of blogs written by people all over the community. Feel free to let us know if you are writing about ESO at some place! We would be happy to mention you here! +## [Enhancing Kubernetes Security and Flexibility with the CyberArk Conjur and ESO Integration](https://developer.cyberark.com/blog/enhancing-kubernetes-security-and-flexibility-with-the-cyberark-conjur-and-eso-integration/) + +[@szh](https://github.com/szh) Writes about using ESO with CyberArk Conjur. He includes detailed steps on how to +set up a local environment with Docker Desktop and how to deploy ESO and Conjur OSS on it. + ## [Comparing External Secrets Operator with Secret Storage CSI as Kubernetes External Secrets is Deprecated](https://mixi-developers.mixi.co.jp/compare-eso-with-secret-csi-402bf37f20bc) @riddle writes about choosing ESO when comparing with Secret Store CSI Driver in their specific use case. They show us the relevant differences between the projects when looking at their scenario and requirements while integrating with ArgoCD. [Comparing External Secrets Operator with Secret Storage CSI as Kubernetes External Secrets is Deprecated](https://mixi-developers.mixi.co.jp/compare-eso-with-secret-csi-402bf37f20bc) diff --git a/docs/provider/conjur.md b/docs/provider/conjur.md index 931605a88c6..ad83076c43a 100644 --- a/docs/provider/conjur.md +++ b/docs/provider/conjur.md @@ -6,7 +6,9 @@ This section describes how to set up the Conjur provider for External Secrets Op Before installing the Conjur provider, you need: -* A running Conjur Server, with: +* A running Conjur Server ([OSS](https://github.com/cyberark/conjur), +[Enterprise](https://www.cyberark.com/products/secrets-manager-enterprise/), or +[Cloud](https://www.cyberark.com/products/multi-cloud-secrets/)), with: * An accessible Conjur endpoint (for example: `https://myapi.example.com`). * Your configured Conjur authentication info (such as `hostid`, `apikey`, or JWT service ID). For more information on configuring Conjur, see [Policy statement reference](https://docs.cyberark.com/conjur-open-source/Latest/en/Content/Operations/Policy/policy-statement-ref.htm). * Support for your authentication method (`apikey` is supported by default, `jwt` requires additional configuration). diff --git a/pkg/provider/conjur/auth_jwt.go b/pkg/provider/conjur/auth_jwt.go index f13e4539782..7bf16ecc142 100644 --- a/pkg/provider/conjur/auth_jwt.go +++ b/pkg/provider/conjur/auth_jwt.go @@ -16,14 +16,9 @@ package conjur import ( "context" - "crypto/tls" - "crypto/x509" "errors" "fmt" - "net/http" - "time" - "github.com/cyberark/conjur-api-go/conjurapi" authenticationv1 "k8s.io/api/authentication/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -88,31 +83,3 @@ func (c *Client) getJwtFromServiceAccountTokenRequest(ctx context.Context, servi } return tokenResponse.Status.Token, nil } - -// newClientFromJwt creates a new Conjur client using the given JWT Auth Config. -func (c *Client) newClientFromJwt(ctx context.Context, config conjurapi.Config, jwtAuth *esv1beta1.ConjurJWT) (SecretsClient, error) { - jwtToken, getJWTError := c.getJWTToken(ctx, jwtAuth) - if getJWTError != nil { - return nil, getJWTError - } - - client, clientError := c.clientAPI.NewClientFromJWT(config, jwtToken, jwtAuth.ServiceID, jwtAuth.HostID) - if clientError != nil { - return nil, clientError - } - - return client, nil -} - -// newHTTPSClient creates a new HTTPS client with the given cert. -func newHTTPSClient(cert []byte) (*http.Client, error) { - pool := x509.NewCertPool() - ok := pool.AppendCertsFromPEM(cert) - if !ok { - return nil, errors.New("can't append Conjur SSL cert") - } - tr := &http.Transport{ - TLSClientConfig: &tls.Config{RootCAs: pool, MinVersion: tls.VersionTLS12}, - } - return &http.Client{Transport: tr, Timeout: time.Second * 10}, nil -} diff --git a/pkg/provider/conjur/client.go b/pkg/provider/conjur/client.go index b18d21bc193..3dd0c929d35 100644 --- a/pkg/provider/conjur/client.go +++ b/pkg/provider/conjur/client.go @@ -78,48 +78,9 @@ func (c *Client) GetConjurClient(ctx context.Context) (SecretsClient, error) { } if prov.Auth.APIKey != nil { - config.Account = prov.Auth.APIKey.Account - conjUser, secErr := resolvers.SecretKeyRef( - ctx, - c.kube, - c.StoreKind, - c.namespace, prov.Auth.APIKey.UserRef) - if secErr != nil { - return nil, fmt.Errorf(errBadServiceUser, secErr) - } - conjAPIKey, secErr := resolvers.SecretKeyRef( - ctx, - c.kube, - c.StoreKind, - c.namespace, - prov.Auth.APIKey.APIKeyRef) - if secErr != nil { - return nil, fmt.Errorf(errBadServiceAPIKey, secErr) - } - - conjur, newClientFromKeyError := c.clientAPI.NewClientFromKey(config, - authn.LoginPair{ - Login: conjUser, - APIKey: conjAPIKey, - }, - ) - - if newClientFromKeyError != nil { - return nil, fmt.Errorf(errConjurClient, newClientFromKeyError) - } - c.client = conjur - return conjur, nil + return c.conjurClientFromAPIKey(ctx, config, prov) } else if prov.Auth.Jwt != nil { - config.Account = prov.Auth.Jwt.Account - - conjur, clientFromJwtError := c.newClientFromJwt(ctx, config, prov.Auth.Jwt) - if clientFromJwtError != nil { - return nil, fmt.Errorf(errConjurClient, clientFromJwtError) - } - - c.client = conjur - - return conjur, nil + return c.conjurClientFromJWT(ctx, config, prov) } else { // Should not happen because validate func should catch this return nil, errors.New("no authentication method provided") @@ -150,3 +111,59 @@ func (c *Client) Validate() (esv1beta1.ValidationResult, error) { func (c *Client) Close(_ context.Context) error { return nil } + +func (c *Client) conjurClientFromAPIKey(ctx context.Context, config conjurapi.Config, prov *esv1beta1.ConjurProvider) (SecretsClient, error) { + config.Account = prov.Auth.APIKey.Account + conjUser, secErr := resolvers.SecretKeyRef( + ctx, + c.kube, + c.StoreKind, + c.namespace, prov.Auth.APIKey.UserRef) + if secErr != nil { + return nil, fmt.Errorf(errBadServiceUser, secErr) + } + conjAPIKey, secErr := resolvers.SecretKeyRef( + ctx, + c.kube, + c.StoreKind, + c.namespace, + prov.Auth.APIKey.APIKeyRef) + if secErr != nil { + return nil, fmt.Errorf(errBadServiceAPIKey, secErr) + } + + conjur, newClientFromKeyError := c.clientAPI.NewClientFromKey(config, + authn.LoginPair{ + Login: conjUser, + APIKey: conjAPIKey, + }, + ) + + if newClientFromKeyError != nil { + return nil, fmt.Errorf(errConjurClient, newClientFromKeyError) + } + c.client = conjur + return conjur, nil +} + +func (c *Client) conjurClientFromJWT(ctx context.Context, config conjurapi.Config, prov *esv1beta1.ConjurProvider) (SecretsClient, error) { + config.AuthnType = "jwt" + config.Account = prov.Auth.Jwt.Account + config.JWTHostID = prov.Auth.Jwt.HostID + config.ServiceID = prov.Auth.Jwt.ServiceID + + jwtToken, getJWTError := c.getJWTToken(ctx, prov.Auth.Jwt) + if getJWTError != nil { + return nil, getJWTError + } + + config.JWTContent = jwtToken + + conjur, clientError := c.clientAPI.NewClientFromJWT(config) + if clientError != nil { + return nil, fmt.Errorf(errConjurClient, clientError) + } + + c.client = conjur + return conjur, nil +} diff --git a/pkg/provider/conjur/conjur_api.go b/pkg/provider/conjur/conjur_api.go index 4a0328361b3..c51ae4e8cf7 100644 --- a/pkg/provider/conjur/conjur_api.go +++ b/pkg/provider/conjur/conjur_api.go @@ -15,15 +15,8 @@ limitations under the License. package conjur import ( - "fmt" - "net/http" - "net/url" - "strings" - "time" - "github.com/cyberark/conjur-api-go/conjurapi" "github.com/cyberark/conjur-api-go/conjurapi/authn" - "github.com/cyberark/conjur-api-go/conjurapi/response" ) // SecretsClient is an interface for the Conjur client. @@ -36,7 +29,7 @@ type SecretsClient interface { // SecretsClientFactory is an interface for creating a Conjur client. type SecretsClientFactory interface { NewClientFromKey(config conjurapi.Config, loginPair authn.LoginPair) (SecretsClient, error) - NewClientFromJWT(config conjurapi.Config, jwtToken string, jwtServiceID, jwtHostID string) (SecretsClient, error) + NewClientFromJWT(config conjurapi.Config) (SecretsClient, error) } // ClientAPIImpl is an implementation of the ClientAPI interface. @@ -47,49 +40,6 @@ func (c *ClientAPIImpl) NewClientFromKey(config conjurapi.Config, loginPair auth } // NewClientFromJWT creates a new Conjur client from a JWT token. -// cannot use the built-in function "conjurapi.NewClientFromJwt" because it requires environment variables -// see: https://github.com/cyberark/conjur-api-go/blob/b698692392a38e5d38b8440f32ab74206544848a/conjurapi/client.go#L130 -func (c *ClientAPIImpl) NewClientFromJWT(config conjurapi.Config, jwtToken, jwtServiceID, jwtHostID string) (SecretsClient, error) { - jwtTokenString := fmt.Sprintf("jwt=%s", jwtToken) - - var httpClient *http.Client - if config.IsHttps() { - cert, err := config.ReadSSLCert() - if err != nil { - return nil, err - } - httpClient, err = newHTTPSClient(cert) - if err != nil { - return nil, err - } - } else { - httpClient = &http.Client{Timeout: time.Second * 10} - } - - var authnJwtURL string - // If a hostID is provided, it must be included in the URL - if jwtHostID != "" { - authnJwtURL = strings.Join([]string{config.ApplianceURL, "authn-jwt", jwtServiceID, config.Account, url.PathEscape(jwtHostID), "authenticate"}, "/") - } else { - authnJwtURL = strings.Join([]string{config.ApplianceURL, "authn-jwt", jwtServiceID, config.Account, "authenticate"}, "/") - } - - req, err := http.NewRequest("POST", authnJwtURL, strings.NewReader(jwtTokenString)) - if err != nil { - return nil, err - } - req.Header.Set("Content-Type", "application/x-www-form-urlencoded") - - resp, err := httpClient.Do(req) - if err != nil { - return nil, err - } - defer resp.Body.Close() - - tokenBytes, err := response.DataResponse(resp) - if err != nil { - return nil, err - } - - return conjurapi.NewClientFromToken(config, string(tokenBytes)) +func (c *ClientAPIImpl) NewClientFromJWT(config conjurapi.Config) (SecretsClient, error) { + return conjurapi.NewClientFromJwt(config) } diff --git a/pkg/provider/conjur/provider_test.go b/pkg/provider/conjur/provider_test.go index 7235a956028..1235ced3526 100644 --- a/pkg/provider/conjur/provider_test.go +++ b/pkg/provider/conjur/provider_test.go @@ -709,7 +709,7 @@ func (c *ConjurMockAPIClient) NewClientFromKey(_ conjurapi.Config, _ authn.Login return &fake.ConjurMockClient{}, nil } -func (c *ConjurMockAPIClient) NewClientFromJWT(_ conjurapi.Config, _, _, _ string) (SecretsClient, error) { +func (c *ConjurMockAPIClient) NewClientFromJWT(_ conjurapi.Config) (SecretsClient, error) { return &fake.ConjurMockClient{}, nil } From 267e5ea9f1b6bc270087ee2dc91745abaabb327a Mon Sep 17 00:00:00 2001 From: Viktor Oreshkin Date: Thu, 29 Aug 2024 17:21:08 +0300 Subject: [PATCH 258/517] fix: set grpc resolver explicitly in yandex (#3838) use passthrough resolver to be consistent with ycsdk library, and to work correctly in dual-stack environments until gRPC proposal A61 is fully implemented in grpc-go fixes #3837 Signed-off-by: Viktor Oreshkin Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/yandex/common/sdk.go | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/pkg/provider/yandex/common/sdk.go b/pkg/provider/yandex/common/sdk.go index 6720a6d0863..2d0b1532ba7 100644 --- a/pkg/provider/yandex/common/sdk.go +++ b/pkg/provider/yandex/common/sdk.go @@ -57,7 +57,16 @@ func NewGrpcConnection( return nil, err } - return grpc.NewClient(serviceAPIEndpoint.Address, + // Until gRPC proposal A61 is implemented in grpc-go, default gRPC name resolver (dns) + // is incompatible with dualstack backends, and YC API backends are dualstack. + // However, if passthrough resolver is used instead, grpc-go won't do any name resolution + // and will pass the endpoint to net.Dial as-is, which would utilize happy-eyeballs + // support in Go's net package. + // So we explicitly set gRPC resolver to `passthrough` to match `ycsdk`s behavior, + // which uses `passthrough` resolver implicitly by using deprecated grpc.DialContext + // instead of grpc.NewClient used here + target := "passthrough:///" + serviceAPIEndpoint.Address + return grpc.NewClient(target, grpc.WithTransportCredentials(credentials.NewTLS(tlsConfig)), grpc.WithKeepaliveParams(keepalive.ClientParameters{ Time: time.Second * 30, From a861de4f659160838fba43708215fe523c497e35 Mon Sep 17 00:00:00 2001 From: Prateek Kumar <85689959+PrateekKumar1709@users.noreply.github.com> Date: Fri, 30 Aug 2024 09:06:32 -0400 Subject: [PATCH 259/517] Add values.schema.json generation to Helm chart (#3774) * Add values.schema.json generation to Helm chart Signed-off-by: Prateek Kumar <85689959+PrateekKumar1709@users.noreply.github.com> * Reverted the changes to the worflow files as per the PR feedback Signed-off-by: Prateek Kumar <85689959+PrateekKumar1709@users.noreply.github.com> * Add helm.schema.update target to generate values.schema.json and integrate with check-diff Signed-off-by: Prateek Kumar <85689959+PrateekKumar1709@users.noreply.github.com> * Update Helm test snapshots Signed-off-by: Prateek Kumar <85689959+PrateekKumar1709@users.noreply.github.com> * Update helm test snapshots Signed-off-by: Prateek Kumar <85689959+PrateekKumar1709@users.noreply.github.com> * Update makefile Signed-off-by: Prateek Kumar <85689959+PrateekKumar1709@users.noreply.github.com> --------- Signed-off-by: Prateek Kumar <85689959+PrateekKumar1709@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/helm.yml | 2 +- Makefile | 12 +- .../external-secrets/values.schema.json | 905 ++++++++++++++++++ 3 files changed, 917 insertions(+), 2 deletions(-) create mode 100644 deploy/charts/external-secrets/values.schema.json diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 5283d3164e4..b6c713a5d96 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -133,4 +133,4 @@ jobs: break fi helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/charts" - done + done \ No newline at end of file diff --git a/Makefile b/Makefile index 45575acbce9..48f787ddfcc 100644 --- a/Makefile +++ b/Makefile @@ -72,7 +72,7 @@ FAIL = (echo ${TIME} ${RED}[FAIL]${CNone} && false) # ==================================================================================== # Conformance -reviewable: generate docs manifests helm.generate helm.docs lint ## Ensure a PR is ready for review. +reviewable: generate docs manifests helm.generate helm.schema.update helm.docs lint ## Ensure a PR is ready for review. @go mod tidy @cd e2e/ && go mod tidy @@ -173,6 +173,16 @@ helm.build: helm.generate ## Build helm chart @mv $(OUTPUT_DIR)/chart/external-secrets-$(HELM_VERSION).tgz $(OUTPUT_DIR)/chart/external-secrets.tgz @$(OK) helm package +helm.schema.plugin: + @$(INFO) Installing helm-values-schema-json plugin + @helm plugin install https://github.com/losisin/helm-values-schema-json.git || true + @$(OK) Installed helm-values-schema-json plugin + +helm.schema.update: helm.schema.plugin + @$(INFO) Generating values.schema.json + @helm schema -input $(HELM_DIR)/values.yaml -output $(HELM_DIR)/values.schema.json + @$(OK) Generated values.schema.json + helm.generate: ./hack/helm.generate.sh $(BUNDLE_DIR) $(HELM_DIR) @$(OK) Finished generating helm chart files diff --git a/deploy/charts/external-secrets/values.schema.json b/deploy/charts/external-secrets/values.schema.json new file mode 100644 index 00000000000..08cef96a31f --- /dev/null +++ b/deploy/charts/external-secrets/values.schema.json @@ -0,0 +1,905 @@ +{ + "$schema": "https://json-schema.org/draft/2020-12/schema", + "properties": { + "affinity": { + "properties": {}, + "type": "object" + }, + "bitwarden-sdk-server": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "certController": { + "properties": { + "affinity": { + "properties": {}, + "type": "object" + }, + "create": { + "type": "boolean" + }, + "deploymentAnnotations": { + "properties": {}, + "type": "object" + }, + "extraArgs": { + "properties": {}, + "type": "object" + }, + "extraEnv": { + "type": "array" + }, + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "fullnameOverride": { + "type": "string" + }, + "hostNetwork": { + "type": "boolean" + }, + "image": { + "properties": { + "flavour": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + }, + "type": "object" + }, + "imagePullSecrets": { + "type": "array" + }, + "log": { + "properties": { + "level": { + "type": "string" + }, + "timeEncoding": { + "type": "string" + } + }, + "type": "object" + }, + "metrics": { + "properties": { + "listen": { + "properties": { + "port": { + "type": "integer" + } + }, + "type": "object" + }, + "service": { + "properties": { + "annotations": { + "properties": {}, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "properties": {}, + "type": "object" + }, + "podAnnotations": { + "properties": {}, + "type": "object" + }, + "podDisruptionBudget": { + "properties": { + "enabled": { + "type": "boolean" + }, + "minAvailable": { + "type": "integer" + } + }, + "type": "object" + }, + "podLabels": { + "properties": {}, + "type": "object" + }, + "podSecurityContext": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "rbac": { + "properties": { + "create": { + "type": "boolean" + } + }, + "type": "object" + }, + "readinessProbe": { + "properties": { + "address": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "type": "object" + }, + "replicaCount": { + "type": "integer" + }, + "requeueInterval": { + "type": "string" + }, + "resources": { + "properties": {}, + "type": "object" + }, + "revisionHistoryLimit": { + "type": "integer" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "drop": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seccompProfile": { + "properties": { + "type": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccount": { + "properties": { + "annotations": { + "properties": {}, + "type": "object" + }, + "automount": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "extraLabels": { + "properties": {}, + "type": "object" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + } + }, + "type": "object" + }, + "commonLabels": { + "properties": {}, + "type": "object" + }, + "concurrent": { + "type": "integer" + }, + "controllerClass": { + "type": "string" + }, + "crds": { + "properties": { + "annotations": { + "properties": {}, + "type": "object" + }, + "conversion": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "createClusterExternalSecret": { + "type": "boolean" + }, + "createClusterSecretStore": { + "type": "boolean" + }, + "createPushSecret": { + "type": "boolean" + } + }, + "type": "object" + }, + "createOperator": { + "type": "boolean" + }, + "deploymentAnnotations": { + "properties": {}, + "type": "object" + }, + "dnsConfig": { + "properties": {}, + "type": "object" + }, + "dnsPolicy": { + "type": "string" + }, + "extendedMetricLabels": { + "type": "boolean" + }, + "extraArgs": { + "properties": {}, + "type": "object" + }, + "extraContainers": { + "type": "array" + }, + "extraEnv": { + "type": "array" + }, + "extraObjects": { + "type": "array" + }, + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "fullnameOverride": { + "type": "string" + }, + "global": { + "properties": { + "affinity": { + "properties": {}, + "type": "object" + }, + "compatibility": { + "properties": { + "openshift": { + "properties": { + "adaptSecurityContext": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "nodeSelector": { + "properties": {}, + "type": "object" + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + } + }, + "type": "object" + }, + "hostNetwork": { + "type": "boolean" + }, + "image": { + "properties": { + "flavour": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + }, + "type": "object" + }, + "imagePullSecrets": { + "type": "array" + }, + "installCRDs": { + "type": "boolean" + }, + "leaderElect": { + "type": "boolean" + }, + "log": { + "properties": { + "level": { + "type": "string" + }, + "timeEncoding": { + "type": "string" + } + }, + "type": "object" + }, + "metrics": { + "properties": { + "listen": { + "properties": { + "port": { + "type": "integer" + } + }, + "type": "object" + }, + "service": { + "properties": { + "annotations": { + "properties": {}, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "nameOverride": { + "type": "string" + }, + "namespaceOverride": { + "type": "string" + }, + "nodeSelector": { + "properties": {}, + "type": "object" + }, + "podAnnotations": { + "properties": {}, + "type": "object" + }, + "podDisruptionBudget": { + "properties": { + "enabled": { + "type": "boolean" + }, + "minAvailable": { + "type": "integer" + } + }, + "type": "object" + }, + "podLabels": { + "properties": {}, + "type": "object" + }, + "podSecurityContext": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "podSpecExtra": { + "properties": {}, + "type": "object" + }, + "priorityClassName": { + "type": "string" + }, + "processClusterExternalSecret": { + "type": "boolean" + }, + "processClusterStore": { + "type": "boolean" + }, + "processPushSecret": { + "type": "boolean" + }, + "rbac": { + "properties": { + "create": { + "type": "boolean" + }, + "servicebindings": { + "properties": { + "create": { + "type": "boolean" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "properties": {}, + "type": "object" + }, + "revisionHistoryLimit": { + "type": "integer" + }, + "scopedNamespace": { + "type": "string" + }, + "scopedRBAC": { + "type": "boolean" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "drop": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seccompProfile": { + "properties": { + "type": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "service": { + "properties": { + "ipFamilies": { + "type": "array" + }, + "ipFamilyPolicy": { + "type": "string" + } + }, + "type": "object" + }, + "serviceAccount": { + "properties": { + "annotations": { + "properties": {}, + "type": "object" + }, + "automount": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "extraLabels": { + "properties": {}, + "type": "object" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "serviceMonitor": { + "properties": { + "additionalLabels": { + "properties": {}, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "honorLabels": { + "type": "boolean" + }, + "interval": { + "type": "string" + }, + "metricRelabelings": { + "type": "array" + }, + "namespace": { + "type": "string" + }, + "relabelings": { + "type": "array" + }, + "scrapeTimeout": { + "type": "string" + } + }, + "type": "object" + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + }, + "webhook": { + "properties": { + "affinity": { + "properties": {}, + "type": "object" + }, + "certCheckInterval": { + "type": "string" + }, + "certDir": { + "type": "string" + }, + "certManager": { + "properties": { + "addInjectorAnnotations": { + "type": "boolean" + }, + "cert": { + "properties": { + "annotations": { + "properties": {}, + "type": "object" + }, + "create": { + "type": "boolean" + }, + "duration": { + "type": "string" + }, + "issuerRef": { + "properties": { + "group": { + "type": "string" + }, + "kind": { + "type": "string" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "renewBefore": { + "type": "string" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "create": { + "type": "boolean" + }, + "deploymentAnnotations": { + "properties": {}, + "type": "object" + }, + "extraArgs": { + "properties": {}, + "type": "object" + }, + "extraEnv": { + "type": "array" + }, + "extraVolumeMounts": { + "type": "array" + }, + "extraVolumes": { + "type": "array" + }, + "failurePolicy": { + "type": "string" + }, + "fullnameOverride": { + "type": "string" + }, + "hostNetwork": { + "type": "boolean" + }, + "image": { + "properties": { + "flavour": { + "type": "string" + }, + "pullPolicy": { + "type": "string" + }, + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + }, + "type": "object" + }, + "imagePullSecrets": { + "type": "array" + }, + "log": { + "properties": { + "level": { + "type": "string" + }, + "timeEncoding": { + "type": "string" + } + }, + "type": "object" + }, + "lookaheadInterval": { + "type": "string" + }, + "metrics": { + "properties": { + "listen": { + "properties": { + "port": { + "type": "integer" + } + }, + "type": "object" + }, + "service": { + "properties": { + "annotations": { + "properties": {}, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "port": { + "type": "integer" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "nameOverride": { + "type": "string" + }, + "nodeSelector": { + "properties": {}, + "type": "object" + }, + "podAnnotations": { + "properties": {}, + "type": "object" + }, + "podDisruptionBudget": { + "properties": { + "enabled": { + "type": "boolean" + }, + "minAvailable": { + "type": "integer" + } + }, + "type": "object" + }, + "podLabels": { + "properties": {}, + "type": "object" + }, + "podSecurityContext": { + "properties": { + "enabled": { + "type": "boolean" + } + }, + "type": "object" + }, + "port": { + "type": "integer" + }, + "priorityClassName": { + "type": "string" + }, + "rbac": { + "properties": { + "create": { + "type": "boolean" + } + }, + "type": "object" + }, + "readinessProbe": { + "properties": { + "address": { + "type": "string" + }, + "port": { + "type": "integer" + } + }, + "type": "object" + }, + "replicaCount": { + "type": "integer" + }, + "resources": { + "properties": {}, + "type": "object" + }, + "revisionHistoryLimit": { + "type": "integer" + }, + "secretAnnotations": { + "properties": {}, + "type": "object" + }, + "securityContext": { + "properties": { + "allowPrivilegeEscalation": { + "type": "boolean" + }, + "capabilities": { + "properties": { + "drop": { + "items": { + "type": "string" + }, + "type": "array" + } + }, + "type": "object" + }, + "enabled": { + "type": "boolean" + }, + "readOnlyRootFilesystem": { + "type": "boolean" + }, + "runAsNonRoot": { + "type": "boolean" + }, + "runAsUser": { + "type": "integer" + }, + "seccompProfile": { + "properties": { + "type": { + "type": "string" + } + }, + "type": "object" + } + }, + "type": "object" + }, + "serviceAccount": { + "properties": { + "annotations": { + "properties": {}, + "type": "object" + }, + "automount": { + "type": "boolean" + }, + "create": { + "type": "boolean" + }, + "extraLabels": { + "properties": {}, + "type": "object" + }, + "name": { + "type": "string" + } + }, + "type": "object" + }, + "tolerations": { + "type": "array" + }, + "topologySpreadConstraints": { + "type": "array" + } + }, + "type": "object" + } + }, + "type": "object" +} From 1309c2c41b6cdbe96aef590c9511d1fbbeab6d29 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 2 Sep 2024 06:53:04 +0200 Subject: [PATCH 260/517] fix: only replace data if it is in the middle of the path (#3852) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/vault/client_get.go | 2 +- pkg/provider/vault/client_get_test.go | 61 +++++++++++++++++++++++++++ 2 files changed, 62 insertions(+), 1 deletion(-) diff --git a/pkg/provider/vault/client_get.go b/pkg/provider/vault/client_get.go index 528b4a5a4ba..30e72c88a70 100644 --- a/pkg/provider/vault/client_get.go +++ b/pkg/provider/vault/client_get.go @@ -221,7 +221,7 @@ func (c *client) buildMetadataPath(path string) (string, error) { return "", errors.New(errPathInvalid) } if c.store.Path == nil { - path = strings.Replace(path, "data", "metadata", 1) + path = strings.Replace(path, "/data/", "/metadata/", 1) url = path } else { url = fmt.Sprintf("%s/metadata/%s", *c.store.Path, path) diff --git a/pkg/provider/vault/client_get_test.go b/pkg/provider/vault/client_get_test.go index cec01117d67..d197089e684 100644 --- a/pkg/provider/vault/client_get_test.go +++ b/pkg/provider/vault/client_get_test.go @@ -696,6 +696,67 @@ func TestGetSecretPath(t *testing.T) { } } +func TestGetSecretMetadataPath(t *testing.T) { + storeV2 := makeValidSecretStore() + storeV2NoPath := storeV2.DeepCopy() + multiPath := "secret/path" + storeV2.Spec.Provider.Vault.Path = &multiPath + storeV2NoPath.Spec.Provider.Vault.Path = nil + + storeV1 := makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV1) + storeV1NoPath := storeV1.DeepCopy() + storeV1.Spec.Provider.Vault.Path = &multiPath + storeV1NoPath.Spec.Provider.Vault.Path = nil + + type args struct { + store *esv1beta1.VaultProvider + path string + expected string + } + cases := map[string]struct { + reason string + args args + }{ + "PathForV1": { + reason: "path should compose with mount point if set", + args: args{ + store: storeV1.Spec.Provider.Vault, + path: "data/test", + expected: "secret/path/data/test", + }, + }, + "PathForV2": { + reason: "path should compose with mount point if set without data", + args: args{ + store: storeV2.Spec.Provider.Vault, + path: "secret/path/data/test", + expected: "secret/path/metadata/secret/path/data/test", + }, + }, + "PathForV2WithData": { + reason: "if data is in the path it shouldn't be changed", + args: args{ + store: storeV2NoPath.Spec.Provider.Vault, + path: "my_data/data/path", + expected: "my_data/metadata/path", + }, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + vStore := &client{ + store: tc.args.store, + } + + want, _ := vStore.buildMetadataPath(tc.args.path) + if diff := cmp.Diff(want, tc.args.expected); diff != "" { + t.Errorf("\n%s\nvault.buildPath(...): -want expected, +got error:\n%s", tc.reason, diff) + } + }) + } +} + func TestSecretExists(t *testing.T) { secret := map[string]any{ "foo": "bar", From c3dcd9adcdef1c0da7a9220c8b05cbbd16b4d8b8 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 2 Sep 2024 07:04:48 +0200 Subject: [PATCH 261/517] fix: bitwarden API url to point to the correct default location (#3848) * fix: bitwarden API url to point to the correct default location Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * explicitly remove trailing slashes to prevent not found error Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/snippets/bitwarden-secrets-manager-secret-store.yaml | 2 +- pkg/provider/bitwarden/bitwarden_sdk.go | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/snippets/bitwarden-secrets-manager-secret-store.yaml b/docs/snippets/bitwarden-secrets-manager-secret-store.yaml index 0b55da73592..91a01b641ba 100644 --- a/docs/snippets/bitwarden-secrets-manager-secret-store.yaml +++ b/docs/snippets/bitwarden-secrets-manager-secret-store.yaml @@ -5,7 +5,7 @@ metadata: spec: provider: bitwardensecretsmanager: - apiURL: https://vault.bitwarden.com + apiURL: https://api.bitwarden.com identityURL: https://identity.bitwarden.com auth: secretRef: diff --git a/pkg/provider/bitwarden/bitwarden_sdk.go b/pkg/provider/bitwarden/bitwarden_sdk.go index 1a50785f504..e661dfb0c32 100644 --- a/pkg/provider/bitwarden/bitwarden_sdk.go +++ b/pkg/provider/bitwarden/bitwarden_sdk.go @@ -21,6 +21,7 @@ import ( "fmt" "io" "net/http" + "strings" "sigs.k8s.io/controller-runtime/pkg/client" @@ -111,8 +112,8 @@ func NewSdkClient(ctx context.Context, c client.Client, storeKind, namespace str } return &SdkClient{ - apiURL: provider.APIURL, - identityURL: provider.IdentityURL, + apiURL: strings.TrimSuffix(provider.APIURL, "/"), + identityURL: strings.TrimSuffix(provider.IdentityURL, "/"), bitwardenSdkServerURL: provider.BitwardenServerSDKURL, token: token, client: httpsClient, From eb188ae1e36d00d000fd4001f6a9d61261d37293 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 2 Sep 2024 07:15:57 +0200 Subject: [PATCH 262/517] feat: update bitwarden server sdk chart version (#3850) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- deploy/charts/external-secrets/Chart.lock | 6 +++--- deploy/charts/external-secrets/Chart.yaml | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.lock b/deploy/charts/external-secrets/Chart.lock index 1d198fe7ce2..6f01c48745b 100644 --- a/deploy/charts/external-secrets/Chart.lock +++ b/deploy/charts/external-secrets/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: bitwarden-sdk-server repository: oci://ghcr.io/external-secrets/charts - version: v0.1.4 -digest: sha256:f60d5e4c6ad432fc7efdb0dad33774afaa88e02bd82eb9d5224372828f7d52be -generated: "2024-06-20T10:01:52.49841+02:00" + version: v0.3.1 +digest: sha256:2d01e9083fc32c18dca4f9614625e0172e338a663138c2670e5b911645b6b8ee +generated: "2024-08-29T06:56:01.838539+02:00" diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index 5ad4e0014b5..f25c530146d 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -16,6 +16,6 @@ maintainers: dependencies: - name: bitwarden-sdk-server - version: v0.1.4 + version: v0.3.1 repository: oci://ghcr.io/external-secrets/charts condition: bitwarden-sdk-server.enabled From 52ce9f5dc9a0df6007f577fdfc84047142153709 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 11:05:08 +0200 Subject: [PATCH 263/517] chore(deps): bump github/codeql-action from 3.26.5 to 3.26.6 (#3855) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.5 to 3.26.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/2c779ab0d087cd7fe7b826087247c2c81f27bfa6...4dd16135b69a43b6c8efb853346f8437d92d3c93) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 08dc5024f8e..2918a1aca2f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@2c779ab0d087cd7fe7b826087247c2c81f27bfa6 # v3.26.5 + uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 with: sarif_file: results.sarif From 173884271d8d3b36d06173c0ce5808840a6974a8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 11:26:01 +0200 Subject: [PATCH 264/517] chore(deps): bump actions/setup-python from 5.1.1 to 5.2.0 (#3856) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.1.1 to 5.2.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/39cd14951b08e74b54015e9e001cdefcf80e669f...f677139bbe7f9c59b41e40162b753c062f5d49a3) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/helm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index b6c713a5d96..64ad3552f5e 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -34,7 +34,7 @@ jobs: with: version: v3.14.2 # remember to also update for the second job (release) - - uses: actions/setup-python@39cd14951b08e74b54015e9e001cdefcf80e669f # v5.1.1 + - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 with: python-version: 3.7 From eae70186b8085127056bb8cd0ac228f263a4c15b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 11:27:45 +0200 Subject: [PATCH 265/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3857) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.33 to 9.5.34. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.33...9.5.34) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index afa24492fc7..e86a505d1d0 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.0 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.33 +mkdocs-material==9.5.34 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 From 85519583f78bf89ef697fcb00f9d5739b1ba60e2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 11:36:24 +0200 Subject: [PATCH 266/517] chore(deps): bump mkdocs from 1.6.0 to 1.6.1 in /hack/api-docs (#3858) Bumps [mkdocs](https://github.com/mkdocs/mkdocs) from 1.6.0 to 1.6.1. - [Release notes](https://github.com/mkdocs/mkdocs/releases) - [Commits](https://github.com/mkdocs/mkdocs/compare/1.6.0...1.6.1) --- updated-dependencies: - dependency-name: mkdocs dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index e86a505d1d0..847f3746c1f 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -16,7 +16,7 @@ Markdown==3.7 MarkupSafe==2.1.5 mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 -mkdocs==1.6.0 +mkdocs==1.6.1 mkdocs-macros-plugin==1.0.5 mkdocs-material==9.5.34 mkdocs-material-extensions==1.3.1 From d2c9784a2e9a4df0c8e0f1bf83df7effcc9211b7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 13:07:05 +0300 Subject: [PATCH 267/517] chore(deps): bump watchdog from 4.0.2 to 5.0.0 in /hack/api-docs (#3861) Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 4.0.2 to 5.0.0. - [Release notes](https://github.com/gorakhargosh/watchdog/releases) - [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst) - [Commits](https://github.com/gorakhargosh/watchdog/compare/v4.0.2...v5.0.0) --- updated-dependencies: - dependency-name: watchdog dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 847f3746c1f..a0fc2856e92 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -38,5 +38,5 @@ termcolor==2.4.0 tornado==6.4.1 urllib3==2.2.2 verspec==0.1.0 -watchdog==4.0.2 +watchdog==5.0.0 zipp==3.20.0 From 7900252ec737adee853d3b1757797cd3a94be0f8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 15:38:27 +0200 Subject: [PATCH 268/517] chore(deps): bump certifi from 2024.7.4 to 2024.8.30 in /hack/api-docs (#3859) Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.7.4 to 2024.8.30. - [Commits](https://github.com/certifi/python-certifi/compare/2024.07.04...2024.08.30) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index a0fc2856e92..0965ae43bc0 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -1,5 +1,5 @@ Babel==2.16.0 -certifi==2024.7.4 +certifi==2024.8.30 charset-normalizer==3.3.2 click==8.1.7 colorama==0.4.6 From 859ba536760ad659666525e2c316812635f3fd06 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 15:48:51 +0200 Subject: [PATCH 269/517] chore(deps): bump zipp from 3.20.0 to 3.20.1 in /hack/api-docs (#3860) Bumps [zipp](https://github.com/jaraco/zipp) from 3.20.0 to 3.20.1. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.20.0...v3.20.1) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 0965ae43bc0..76eb0600573 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -39,4 +39,4 @@ tornado==6.4.1 urllib3==2.2.2 verspec==0.1.0 watchdog==5.0.0 -zipp==3.20.0 +zipp==3.20.1 From 21f1dca82efdd7fcb65cf9676c6b31b99c80b486 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 2 Sep 2024 18:30:34 +0200 Subject: [PATCH 270/517] chore: update dependencies (#3862) * update dependencies Signed-off-by: External Secrets Operator * fix alibaba breaking things again Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * commit modified templates because of version increase Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: External Secrets Operator Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- ...nal-secrets.io_clusterexternalsecrets.yaml | 2 +- ...ternal-secrets.io_clustersecretstores.yaml | 2 +- .../external-secrets.io_externalsecrets.yaml | 2 +- .../external-secrets.io_pushsecrets.yaml | 2 +- .../external-secrets.io_secretstores.yaml | 2 +- ...s.external-secrets.io_acraccesstokens.yaml | 2 +- ...nal-secrets.io_ecrauthorizationtokens.yaml | 2 +- .../generators.external-secrets.io_fakes.yaml | 2 +- ...s.external-secrets.io_gcraccesstokens.yaml | 2 +- ...xternal-secrets.io_githubaccesstokens.yaml | 2 +- ...erators.external-secrets.io_passwords.yaml | 2 +- ...ternal-secrets.io_vaultdynamicsecrets.yaml | 2 +- ...nerators.external-secrets.io_webhooks.yaml | 2 +- deploy/crds/bundle.yaml | 26 +++--- e2e/go.mod | 28 +++---- e2e/go.sum | 52 ++++++------ go.mod | 42 +++++----- go.sum | 80 +++++++++---------- pkg/provider/alibaba/kms_test.go | 2 +- 19 files changed, 128 insertions(+), 128 deletions(-) diff --git a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml index 9bf15ee30ff..b643b97276c 100644 --- a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 5b9e828f79a..baf9eb458a1 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: clustersecretstores.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index 697d80ca891..af65f40d3e2 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: externalsecrets.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_pushsecrets.yaml b/config/crds/bases/external-secrets.io_pushsecrets.yaml index d6f173dff74..456f83429cb 100644 --- a/config/crds/bases/external-secrets.io_pushsecrets.yaml +++ b/config/crds/bases/external-secrets.io_pushsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 name: pushsecrets.external-secrets.io spec: group: external-secrets.io diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index b7fdee61a29..bf306b1e6d9 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml index 55df6220e35..ce959cee0c7 100644 --- a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml index 12808473572..d11cccdaf39 100644 --- a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_fakes.yaml b/config/crds/bases/generators.external-secrets.io_fakes.yaml index 06d6f2fe985..eff26a1a4f0 100644 --- a/config/crds/bases/generators.external-secrets.io_fakes.yaml +++ b/config/crds/bases/generators.external-secrets.io_fakes.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: fakes.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml index 28b826f4dcf..299ba93113a 100644 --- a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml index eb01493bd97..e2b0984a57a 100644 --- a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_passwords.yaml b/config/crds/bases/generators.external-secrets.io_passwords.yaml index 7ae401dd3f9..97ce4d45c6c 100644 --- a/config/crds/bases/generators.external-secrets.io_passwords.yaml +++ b/config/crds/bases/generators.external-secrets.io_passwords.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: passwords.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml index 52c9c0db65b..ea9123ec512 100644 --- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml +++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_webhooks.yaml b/config/crds/bases/generators.external-secrets.io_webhooks.yaml index 829ab05118e..73a76ea0e52 100644 --- a/config/crds/bases/generators.external-secrets.io_webhooks.yaml +++ b/config/crds/bases/generators.external-secrets.io_webhooks.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: webhooks.generators.external-secrets.io diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index e6622b41fe0..2471056ba66 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io @@ -659,7 +659,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: clustersecretstores.external-secrets.io @@ -5251,7 +5251,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: externalsecrets.external-secrets.io @@ -6062,7 +6062,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -6439,7 +6439,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io @@ -11031,7 +11031,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io @@ -11225,7 +11225,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io @@ -11393,7 +11393,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: fakes.generators.external-secrets.io @@ -11470,7 +11470,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io @@ -11599,7 +11599,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io @@ -11702,7 +11702,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: passwords.generators.external-secrets.io @@ -11801,7 +11801,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io @@ -12499,7 +12499,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: webhooks.generators.external-secrets.io diff --git a/e2e/go.mod b/e2e/go.mod index 779bb39c34b..96381cd9996 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -56,13 +56,13 @@ require ( github.com/fluxcd/source-controller/api v1.2.3 github.com/golang-jwt/jwt/v4 v4.5.0 github.com/hashicorp/vault/api v1.14.0 - github.com/onsi/ginkgo/v2 v2.20.1 + github.com/onsi/ginkgo/v2 v2.20.2 github.com/onsi/gomega v1.34.1 - github.com/oracle/oci-go-sdk/v65 v65.72.0 + github.com/oracle/oci-go-sdk/v65 v65.73.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 github.com/xanzy/go-gitlab v0.108.0 golang.org/x/oauth2 v0.22.0 - google.golang.org/api v0.194.0 + google.golang.org/api v0.195.0 k8s.io/api v0.31.0 k8s.io/apiextensions-apiserver v0.31.0 k8s.io/apimachinery v0.31.0 @@ -74,7 +74,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.9.1 // indirect + cloud.google.com/go/auth v0.9.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect cloud.google.com/go/iam v1.2.0 // indirect @@ -92,8 +92,8 @@ require ( github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.2.1 // indirect - github.com/Masterminds/sprig/v3 v3.2.3 // indirect + github.com/Masterminds/semver/v3 v3.3.0 // indirect + github.com/Masterminds/sprig/v3 v3.3.0 // indirect github.com/alessio/shellescape v1.4.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect @@ -128,10 +128,10 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect + github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25 // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.3 // indirect github.com/googleapis/gax-go/v2 v2.13.0 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect @@ -171,7 +171,7 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_golang v1.20.2 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/common v0.57.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/segmentio/asm v1.2.0 // indirect @@ -202,10 +202,10 @@ require ( golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.24.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240823204242-4ba0660f739c // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c // indirect - google.golang.org/grpc v1.65.0 // indirect + google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed // indirect + google.golang.org/grpc v1.66.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect @@ -213,7 +213,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240822171749-76de80e0abd9 // indirect + k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index c7919201bf9..00513c809b6 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.1 h1:+pMtLEV2k0AXKvs/tGZojuj6QaioxfUjOpMsG5Gtx+w= -cloud.google.com/go/auth v0.9.1/go.mod h1:Sw8ocT5mhhXxFklyhT12Eiy0ed6tTrPMCJjSI8KhYLk= +cloud.google.com/go/auth v0.9.2 h1:I+Rq388FYU8QdbVB1IiPd+6KNdrqtAPE/asiKHShBLM= +cloud.google.com/go/auth v0.9.2/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -103,8 +103,8 @@ github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1/go.mod h1:xz6FXP2Do88Vc5Hx7OamZgZC1W4 github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= -github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= +github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 h1:ly0WKARATneFzwBlTZ2lUyjtLqoOEYqt1vOlf89za/4= github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5/go.mod h1:W6DMNwPyIE3jpXDaJOvCKUT/kHPZrpl/BGiIVUILbMk= github.com/akeylesslabs/akeyless-go/v3 v3.6.3 h1:fMF8SMDiBL9CufVjLUyF1Z+Z04t5CC3KGOROSjaJ/eA= @@ -293,8 +293,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k= -github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25 h1:sEDPKUw6iPjczdu33njxFjO6tYa9bfc0z/QyB/zSsBw= +github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -304,8 +304,8 @@ github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= -github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= +github.com/googleapis/enterprise-certificate-proxy v0.3.3 h1:QRje2j5GZimBzlbhGA2V2QlGNgL8G6e+wGo/+/2bWI0= +github.com/googleapis/enterprise-certificate-proxy v0.3.3/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= @@ -411,14 +411,14 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo= -github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= +github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= +github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.72.0 h1:gPCb5fBUsZMyafIilPPB2B36yqjkKnnwwiJT4xexUMg= -github.com/oracle/oci-go-sdk/v65 v65.72.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.73.0 h1:C7uel6CoKk4A1KPkdhFBAyvVyFRTHAmX8m0o64RmfPg= +github.com/oracle/oci-go-sdk/v65 v65.73.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -432,8 +432,8 @@ github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/j github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= -github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/common v0.57.0 h1:Ro/rKjwdq9mZn1K5QPctzh+MA4Lp0BuYk5ZZEVhoNcY= +github.com/prometheus/common v0.57.0/go.mod h1:7uRPFSUTbfZWsJ7MHY56sqt7hLQu3bxXHDnNhl8E9qI= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -820,8 +820,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.194.0 h1:dztZKG9HgtIpbI35FhfuSNR/zmaMVdxNlntHj1sIS4s= -google.golang.org/api v0.194.0/go.mod h1:AgvUFdojGANh3vI+P7EVnxj3AISHllxGCJSFmggmnd0= +google.golang.org/api v0.195.0 h1:Ude4N8FvTKnnQJHU48RFI40jOBgIrL8Zqr3/QeST6yU= +google.golang.org/api v0.195.0/go.mod h1:DOGRWuv3P8TU8Lnz7uQc4hyNqrBpMtD9ppW3wBJurgc= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -869,12 +869,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c h1:TYOEhrQMrNDTAd2rX9m+WgGr8Ku6YNuj1D7OX6rWSok= -google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c/go.mod h1:2rC5OendXvZ8wGEo/cSLheztrZDZaSoHanUcd1xtZnw= -google.golang.org/genproto/googleapis/api v0.0.0-20240823204242-4ba0660f739c h1:e0zB268kOca6FbuJkYUGxfwG4DKFZG/8DLyv9Zv66cE= -google.golang.org/genproto/googleapis/api v0.0.0-20240823204242-4ba0660f739c/go.mod h1:fO8wJzT2zbQbAjbIoos1285VfEIYKDDY+Dt+WpTkh6g= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c h1:Kqjm4WpoWvwhMPcrAczoTyMySQmYa9Wy2iL6Con4zn8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed h1:4C4dbrVFtfIp3GXJdMX1Sj25mahfn5DywOo65/2ISQ8= +google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:ICjniACoWvcDz8c8bOsHVKuuSGDJy1z5M4G0DM3HzTc= +google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed h1:3RgNmBoI9MZhsj3QxC+AP/qQhNwpCLOvYDYYsFrhFt0= +google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed h1:J6izYgfBXAI3xTKLgxzTmUltdYaLsuBxFCgDHWJ/eXg= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -894,8 +894,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= -google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= +google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= +google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -951,8 +951,8 @@ k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240822171749-76de80e0abd9 h1:y+4z/s0h3R97P/o/098DSjlpyNpHzGirNPlTL+GHdqY= -k8s.io/kube-openapi v0.0.0-20240822171749-76de80e0abd9/go.mod h1:s4yb9FXajAVNRnxSB5Ckpr/oq2LP4mKSMWeZDVppd30= +k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2 h1:GKE9U8BH16uynoxQii0auTjmmmuZ3O0LFMN6S0lPPhI= +k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= k8s.io/utils v0.0.0-20240821151609-f90d01438635 h1:2wThSvJoW/Ncn9TmQEYXRnevZXi2duqHWf5OX9S3zjI= k8s.io/utils v0.0.0-20240821151609-f90d01438635/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/go.mod b/go.mod index 82a0d57f0e3..cdcdb702fd1 100644 --- a/go.mod +++ b/go.mod @@ -15,7 +15,7 @@ require ( github.com/IBM/go-sdk-core/v5 v5.17.4 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5 github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/sprig/v3 v3.2.3 + github.com/Masterminds/sprig/v3 v3.3.0 github.com/PaesslerAG/jsonpath v0.1.1 github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 @@ -30,24 +30,24 @@ require ( github.com/hashicorp/vault/api/auth/kubernetes v0.7.0 github.com/hashicorp/vault/api/auth/ldap v0.7.0 github.com/huandu/xstrings v1.5.0 // indirect - github.com/onsi/ginkgo/v2 v2.20.1 + github.com/onsi/ginkgo/v2 v2.20.2 github.com/onsi/gomega v1.34.1 - github.com/oracle/oci-go-sdk/v65 v65.72.0 + github.com/oracle/oci-go-sdk/v65 v65.73.0 github.com/prometheus/client_golang v1.20.2 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.3 github.com/xanzy/go-gitlab v0.108.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240819112322-98a264d392f6 - github.com/yandex-cloud/go-sdk v0.0.0-20240819112606-8a626cdc403d + github.com/yandex-cloud/go-genproto v0.0.0-20240829130658-0568052c5a6a + github.com/yandex-cloud/go-sdk v0.0.0-20240829131820-fa8ad79f88a4 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.26.0 golang.org/x/oauth2 v0.22.0 - google.golang.org/api v0.194.0 - google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c - google.golang.org/grpc v1.65.0 + google.golang.org/api v0.195.0 + google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed + google.golang.org/grpc v1.66.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 k8s.io/api v0.31.0 @@ -56,7 +56,7 @@ require ( k8s.io/client-go v0.31.0 k8s.io/utils v0.0.0-20240821151609-f90d01438635 sigs.k8s.io/controller-runtime v0.19.0 - sigs.k8s.io/controller-tools v0.16.1 + sigs.k8s.io/controller-tools v0.16.2 ) require github.com/1Password/connect-sdk-go v1.5.3 @@ -71,11 +71,11 @@ require ( github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9 - github.com/alibabacloud-go/kms-20160120/v3 v3.2.2 + github.com/alibabacloud-go/kms-20160120/v3 v3.2.3 github.com/alibabacloud-go/openapi-util v0.1.1 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.6 - github.com/aliyun/credentials-go v1.3.8 + github.com/aliyun/credentials-go v1.3.9 github.com/avast/retry-go/v4 v4.6.0 github.com/cenkalti/backoff/v4 v4.3.0 github.com/cyberark/conjur-api-go v0.12.4 @@ -94,13 +94,13 @@ require ( github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - k8s.io/kube-openapi v0.0.0-20240822171749-76de80e0abd9 + k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.4.0 ) require ( - cloud.google.com/go/auth v0.9.1 // indirect + cloud.google.com/go/auth v0.9.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect @@ -148,8 +148,8 @@ require ( go.opentelemetry.io/otel/metric v1.29.0 // indirect go.opentelemetry.io/otel/trace v1.29.0 // indirect golang.org/x/sync v0.8.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240823204242-4ba0660f739c // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect @@ -164,7 +164,7 @@ require ( github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/Masterminds/semver/v3 v3.2.1 // indirect + github.com/Masterminds/semver/v3 v3.3.0 // indirect github.com/PaesslerAG/gval v1.2.2 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect @@ -195,8 +195,8 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect + github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.3 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect @@ -233,7 +233,7 @@ require ( github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/common v0.55.0 // indirect + github.com/prometheus/common v0.57.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect @@ -248,7 +248,7 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect + golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 // indirect golang.org/x/mod v0.20.0 // indirect golang.org/x/net v0.28.0 // indirect golang.org/x/sys v0.24.0 // indirect @@ -261,7 +261,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/gengo v0.0.0-20240815230951-44b8d154562d // indirect + k8s.io/gengo v0.0.0-20240826214909-a7b603a56eb7 // indirect k8s.io/klog v1.0.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect diff --git a/go.sum b/go.sum index b499c9ad0e9..d65064c7f19 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.1 h1:+pMtLEV2k0AXKvs/tGZojuj6QaioxfUjOpMsG5Gtx+w= -cloud.google.com/go/auth v0.9.1/go.mod h1:Sw8ocT5mhhXxFklyhT12Eiy0ed6tTrPMCJjSI8KhYLk= +cloud.google.com/go/auth v0.9.2 h1:I+Rq388FYU8QdbVB1IiPd+6KNdrqtAPE/asiKHShBLM= +cloud.google.com/go/auth v0.9.2/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -113,8 +113,8 @@ github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5/go.mod h1:5kUgJ1dG9cdiAcPDqVz46m github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/semver/v3 v3.2.1 h1:RN9w6+7QoMeJVGyfmbcgs28Br8cvmnucEXnY0rYXWg0= -github.com/Masterminds/semver/v3 v3.2.1/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= +github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= +github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d h1:V7xPdg5XgCcUJgL57zfZSNOIvrDPWA4SpWuRJ0UVwKs= github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d/go.mod h1:WI6HYqD62DSW+C0gMS0zHe/vXhZVCUg2ecVosnglPNc= github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= @@ -163,8 +163,8 @@ github.com/alibabacloud-go/debug v1.0.1/go.mod h1:8gfgZCCAC3+SCzjWtY053FrOcd4/ql github.com/alibabacloud-go/endpoint-util v1.1.0/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= github.com/alibabacloud-go/endpoint-util v1.1.1 h1:ZkBv2/jnghxtU0p+upSU0GGzW1VL9GQdZO3mcSUTUy8= github.com/alibabacloud-go/endpoint-util v1.1.1/go.mod h1:O5FuCALmCKs2Ff7JFJMudHs0I5EBgecXXxZRyswlEjE= -github.com/alibabacloud-go/kms-20160120/v3 v3.2.2 h1:eXky+IaKIX52b5y2IVS71DJAAkEIOX6QVR03QhAO8ow= -github.com/alibabacloud-go/kms-20160120/v3 v3.2.2/go.mod h1:3rIyughsFDLie1ut9gQJXkWkMg/NfXBCk+OtXnPu3lw= +github.com/alibabacloud-go/kms-20160120/v3 v3.2.3 h1:vamGcYQFwXVqR6RWcrVTTqlIXZVsYjaA7pZbx+Xw6zw= +github.com/alibabacloud-go/kms-20160120/v3 v3.2.3/go.mod h1:3rIyughsFDLie1ut9gQJXkWkMg/NfXBCk+OtXnPu3lw= github.com/alibabacloud-go/openapi-util v0.1.0/go.mod h1:sQuElr4ywwFRlCCberQwKRFhRzIyG4QTP/P4y1CJ6Ws= github.com/alibabacloud-go/openapi-util v0.1.1 h1:ujGErJjG8ncRW6XtBBMphzHTvCxn4DjrVw4m04HsS28= github.com/alibabacloud-go/openapi-util v0.1.1/go.mod h1:/UehBSE2cf1gYT43GV4E+RxTdLRzURImCYY0aRmlXpw= @@ -186,8 +186,8 @@ github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCE github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= -github.com/aliyun/credentials-go v1.3.8 h1:NYNdqSii0mesiq2cHrUHrKKB9qxYsaSPIwkRvHjXwPk= -github.com/aliyun/credentials-go v1.3.8/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= +github.com/aliyun/credentials-go v1.3.9 h1:xz4W+ebo2xlq5LXshm4YLz7P7ZfmQaNYGTx+Lm0HbQ4= +github.com/aliyun/credentials-go v1.3.9/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= @@ -410,8 +410,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8 h1:FKHo8hFI3A+7w0aUQuYXQ+6EN5stWmeY/AZqtM8xk9k= -github.com/google/pprof v0.0.0-20240727154555-813a5fbdbec8/go.mod h1:K1liHPHnj73Fdn/EKuT8nrFqBihUSKXoLYU0BuatOYo= +github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25 h1:sEDPKUw6iPjczdu33njxFjO6tYa9bfc0z/QyB/zSsBw= +github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -421,8 +421,8 @@ github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.2 h1:Vie5ybvEvT75RniqhfFxPRy3Bf7vr3h0cechB90XaQs= -github.com/googleapis/enterprise-certificate-proxy v0.3.2/go.mod h1:VLSiSSBs/ksPL8kq3OBOQ6WRI2QnaFynd1DCjZ62+V0= +github.com/googleapis/enterprise-certificate-proxy v0.3.3 h1:QRje2j5GZimBzlbhGA2V2QlGNgL8G6e+wGo/+/2bWI0= +github.com/googleapis/enterprise-certificate-proxy v0.3.3/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= @@ -569,14 +569,14 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.20.1 h1:YlVIbqct+ZmnEph770q9Q7NVAz4wwIiVNahee6JyUzo= -github.com/onsi/ginkgo/v2 v2.20.1/go.mod h1:lG9ey2Z29hR41WMVthyJBGUBcBhGOtoPF2VFMvBXFCI= +github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= +github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.72.0 h1:gPCb5fBUsZMyafIilPPB2B36yqjkKnnwwiJT4xexUMg= -github.com/oracle/oci-go-sdk/v65 v65.72.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.73.0 h1:C7uel6CoKk4A1KPkdhFBAyvVyFRTHAmX8m0o64RmfPg= +github.com/oracle/oci-go-sdk/v65 v65.73.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.1 h1:boNYHZmSnWl/3bKbUiaWgF/mELCtHfliGHzggf884GE= github.com/passbolt/go-passbolt v0.7.1/go.mod h1:if/jzzYYUjRtq/5h+l+J5Dka0f5dED67QM1lhpTx4pY= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -593,8 +593,8 @@ github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/j github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.55.0 h1:KEi6DK7lXW/m7Ig5i47x0vRzuBsHuvJdi5ee6Y3G1dc= -github.com/prometheus/common v0.55.0/go.mod h1:2SECS4xJG1kd8XF9IcM1gMX6510RAEL65zxzNImwdc8= +github.com/prometheus/common v0.57.0 h1:Ro/rKjwdq9mZn1K5QPctzh+MA4Lp0BuYk5ZZEVhoNcY= +github.com/prometheus/common v0.57.0/go.mod h1:7uRPFSUTbfZWsJ7MHY56sqt7hLQu3bxXHDnNhl8E9qI= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/pulumi/esc-sdk/sdk v0.9.2 h1:I+kKa7F/gY9lUiHEYuczHyrYB299CavG7rAB1yXybSw= @@ -681,10 +681,10 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.108.0 h1:IEvEUWFR5G1seslRhJ8gC//INiIUqYXuSUoBd7/gFKE= github.com/xanzy/go-gitlab v0.108.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20240819112322-98a264d392f6 h1:w57l27dDkJTVSi8hM3H/WVkiv+CsJwAIweqO6pFdljk= -github.com/yandex-cloud/go-genproto v0.0.0-20240819112322-98a264d392f6/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240819112606-8a626cdc403d h1:eYs6TKjvjzYgAar7n2Ic4a+jIP08IfswtvCZ8iJqdKk= -github.com/yandex-cloud/go-sdk v0.0.0-20240819112606-8a626cdc403d/go.mod h1:WYdfvXcvRn3kbVcwpav4J3jd1STOYtYvkTqx0wm4leM= +github.com/yandex-cloud/go-genproto v0.0.0-20240829130658-0568052c5a6a h1:GCVnt5H4CB4np3ReSNH0GpBg5HDaLz1rZKnjhQjQGL4= +github.com/yandex-cloud/go-genproto v0.0.0-20240829130658-0568052c5a6a/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240829131820-fa8ad79f88a4 h1:l9x2SuRwFBvCTZvIlr8JqnjrHlr0a2UF/m/zdGnl+cs= +github.com/yandex-cloud/go-sdk v0.0.0-20240829131820-fa8ad79f88a4/go.mod h1:/kMfiARiUXWqYG9EX1g5cZuvW+vY5M/oFROiUg0na+0= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -761,8 +761,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa h1:ELnwvuAXPNtPk1TJRuGkI9fDTwym6AYBu0qzT8AcHdI= -golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= +golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 h1:kx6Ds3MlpiUHKj7syVnbp57++8WpuKPcR5yjLBjvLEA= +golang.org/x/exp v0.0.0-20240823005443-9b4947da3948/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1059,8 +1059,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.194.0 h1:dztZKG9HgtIpbI35FhfuSNR/zmaMVdxNlntHj1sIS4s= -google.golang.org/api v0.194.0/go.mod h1:AgvUFdojGANh3vI+P7EVnxj3AISHllxGCJSFmggmnd0= +google.golang.org/api v0.195.0 h1:Ude4N8FvTKnnQJHU48RFI40jOBgIrL8Zqr3/QeST6yU= +google.golang.org/api v0.195.0/go.mod h1:DOGRWuv3P8TU8Lnz7uQc4hyNqrBpMtD9ppW3wBJurgc= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1110,12 +1110,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c h1:TYOEhrQMrNDTAd2rX9m+WgGr8Ku6YNuj1D7OX6rWSok= -google.golang.org/genproto v0.0.0-20240823204242-4ba0660f739c/go.mod h1:2rC5OendXvZ8wGEo/cSLheztrZDZaSoHanUcd1xtZnw= -google.golang.org/genproto/googleapis/api v0.0.0-20240823204242-4ba0660f739c h1:e0zB268kOca6FbuJkYUGxfwG4DKFZG/8DLyv9Zv66cE= -google.golang.org/genproto/googleapis/api v0.0.0-20240823204242-4ba0660f739c/go.mod h1:fO8wJzT2zbQbAjbIoos1285VfEIYKDDY+Dt+WpTkh6g= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c h1:Kqjm4WpoWvwhMPcrAczoTyMySQmYa9Wy2iL6Con4zn8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240823204242-4ba0660f739c/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed h1:4C4dbrVFtfIp3GXJdMX1Sj25mahfn5DywOo65/2ISQ8= +google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:ICjniACoWvcDz8c8bOsHVKuuSGDJy1z5M4G0DM3HzTc= +google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed h1:3RgNmBoI9MZhsj3QxC+AP/qQhNwpCLOvYDYYsFrhFt0= +google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed h1:J6izYgfBXAI3xTKLgxzTmUltdYaLsuBxFCgDHWJ/eXg= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1138,8 +1138,8 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= -google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= -google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= +google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= +google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1201,16 +1201,16 @@ k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsM k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/gengo v0.0.0-20240815230951-44b8d154562d h1:k9+VnMFK87/cliLr/mdSWNKKI7KXQEnk9bqZLgeMSIc= -k8s.io/gengo v0.0.0-20240815230951-44b8d154562d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/gengo v0.0.0-20240826214909-a7b603a56eb7 h1:HCbtr1pVu/ElMcTTs18KdMtH5y6f7PQvrjh1QZj3qCI= +k8s.io/gengo v0.0.0-20240826214909-a7b603a56eb7/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240822171749-76de80e0abd9 h1:y+4z/s0h3R97P/o/098DSjlpyNpHzGirNPlTL+GHdqY= -k8s.io/kube-openapi v0.0.0-20240822171749-76de80e0abd9/go.mod h1:s4yb9FXajAVNRnxSB5Ckpr/oq2LP4mKSMWeZDVppd30= +k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2 h1:GKE9U8BH16uynoxQii0auTjmmmuZ3O0LFMN6S0lPPhI= +k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= k8s.io/utils v0.0.0-20240821151609-f90d01438635 h1:2wThSvJoW/Ncn9TmQEYXRnevZXi2duqHWf5OX9S3zjI= k8s.io/utils v0.0.0-20240821151609-f90d01438635/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= @@ -1218,8 +1218,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= -sigs.k8s.io/controller-tools v0.16.1 h1:gvIsZm+2aimFDIBiDKumR7EBkc+oLxljoUVfRbDI6RI= -sigs.k8s.io/controller-tools v0.16.1/go.mod h1:0I0xqjR65YTfoO12iR+mZR6s6UAVcUARgXRlsu0ljB0= +sigs.k8s.io/controller-tools v0.16.2 h1:uUFF/AW3phBWPiERvkSNOVct//L427bPS7xGfKi6Tz4= +sigs.k8s.io/controller-tools v0.16.2/go.mod h1:0I0xqjR65YTfoO12iR+mZR6s6UAVcUARgXRlsu0ljB0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= diff --git a/pkg/provider/alibaba/kms_test.go b/pkg/provider/alibaba/kms_test.go index af12eb25656..ea988b72636 100644 --- a/pkg/provider/alibaba/kms_test.go +++ b/pkg/provider/alibaba/kms_test.go @@ -77,7 +77,7 @@ func makeValidAPIOutput() *kmssdk.GetSecretValueResponseBody { response := &kmssdk.GetSecretValueResponseBody{ SecretName: utils.Ptr(secretName), SecretData: utils.Ptr(secretValue), - VersionStages: []*string{}, + VersionStages: &kmssdk.GetSecretValueResponseBodyVersionStages{}, } return response } From 103af073a8ea8cf195876d7ff089757cc4199a50 Mon Sep 17 00:00:00 2001 From: saliha mallem Date: Wed, 4 Sep 2024 08:30:57 -0700 Subject: [PATCH 271/517] add saliha mallem blog (#3867) Co-authored-by: Saliha Mallem --- docs/eso-blogs.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/docs/eso-blogs.md b/docs/eso-blogs.md index 52ea141e2d2..e3f8ee60328 100644 --- a/docs/eso-blogs.md +++ b/docs/eso-blogs.md @@ -2,6 +2,11 @@ A list of blogs written by people all over the community. Feel free to let us know if you are writing about ESO at some place! We would be happy to mention you here! + +## [From vulnerable to unhackable: secrets management in cloud-native environments](https://medium.com/@as_mallem/from-vulnerable-to-unhackable-secrets-management-in-cloud-native-environments-cb341bd97869/) + +[@Saliha Mallem](https://www.linkedin.com/in/saliha-mallem/) writes about integrating ESO with IBM Cloud Secrets Manager. In her blog, she outlines the steps to deploy ESO and demonstrates how to use both the Secrets Manager API and the Vault API for seamless integration. The blog is user-friendly and easy to follow. + ## [Enhancing Kubernetes Security and Flexibility with the CyberArk Conjur and ESO Integration](https://developer.cyberark.com/blog/enhancing-kubernetes-security-and-flexibility-with-the-cyberark-conjur-and-eso-integration/) [@szh](https://github.com/szh) Writes about using ESO with CyberArk Conjur. He includes detailed steps on how to From b479f7d4ce9f53fe012824ee3b065c058a4cc6ff Mon Sep 17 00:00:00 2001 From: Orad Segal <124451776+7Pawns@users.noreply.github.com> Date: Thu, 5 Sep 2024 09:06:41 +0300 Subject: [PATCH 272/517] removed deprecated spec file (#3868) Signed-off-by: Orad Segal <124451776+7Pawns@users.noreply.github.com> --- docs/spec.md | 6721 -------------------------------------- hack/api-docs/mkdocs.yml | 2 - 2 files changed, 6723 deletions(-) delete mode 100644 docs/spec.md diff --git a/docs/spec.md b/docs/spec.md deleted file mode 100644 index 08a0ce49598..00000000000 --- a/docs/spec.md +++ /dev/null @@ -1,6721 +0,0 @@ -

Packages:

- -

external-secrets.io/v1beta1

-

-

Package v1beta1 contains resources for external-secrets

-

-Resource Types: -
    -

    AWSAuth -

    -

    -(Appears on: -AWSProvider) -

    -

    -

    AWSAuth tells the controller how to do authentication with aws. -Only one of secretRef or jwt can be specified. -if none is specified the controller will load credentials using the aws sdk defaults.

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -secretRef
    - - -AWSAuthSecretRef - - -    		 -(Optional) -
    -jwt
    - - -AWSJWTAuth - - -    		 -(Optional) -
    -

    AWSAuthSecretRef -

    -

    -(Appears on: -AWSAuth) -

    -

    -

    AWSAuthSecretRef holds secret references for AWS credentials -both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -accessKeyIDSecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    The AccessKeyID is used for authentication

    -
    -secretAccessKeySecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    The SecretAccessKey is used for authentication

    -
    -sessionTokenSecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    The SessionToken used for authentication -This must be defined if AccessKeyID and SecretAccessKey are temporary credentials -see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html

    -
    -

    AWSJWTAuth -

    -

    -(Appears on: -AWSAuth) -

    -

    -

    Authenticate against AWS using service account tokens.

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -serviceAccountRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector - -    		 -
    -

    AWSProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    AWSProvider configures a store to sync secrets with AWS.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -service
    - - -AWSServiceType - - -    		 -

    Service defines which service should be used to fetch the secrets

    -
    -auth
    - - -AWSAuth - - -    		 -(Optional) -

    Auth defines the information necessary to authenticate against AWS -if not set aws sdk will infer credentials from your environment -see: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials

    -
    -role
    - -string - -    		 -(Optional) -

    Role is a Role ARN which the SecretManager provider will assume

    -
    -region
    - -string - -    		 -

    AWS Region to be used for the provider

    -
    -

    AWSServiceType -(string alias)

    -

    -(Appears on: -AWSProvider) -

    -

    -

    AWSServiceType is a enum that defines the service/API that is used to fetch the secrets.

    -

    - - - - - - - - - - - - -
    ValueDescription

    "ParameterStore"

    AWSServiceParameterStore is the AWS SystemsManager ParameterStore. -see: https://docs.aws.amazon.com/systems-manager/latest/userguide/systems-manager-parameter-store.html

    -

    "SecretsManager"

    AWSServiceSecretsManager is the AWS SecretsManager. -see: https://docs.aws.amazon.com/secretsmanager/latest/userguide/intro.html

    -
    -

    AlibabaAuth -

    -

    -(Appears on: -AlibabaProvider) -

    -

    -

    AlibabaAuth contains a secretRef for credentials.

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -secretRef
    - - -AlibabaAuthSecretRef - - -    		 -
    -

    AlibabaAuthSecretRef -

    -

    -(Appears on: -AlibabaAuth) -

    -

    -

    AlibabaAuthSecretRef holds secret references for Alibaba credentials.

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -accessKeyIDSecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    The AccessKeyID is used for authentication

    -
    -accessKeySecretSecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    The AccessKeySecret is used for authentication

    -
    -

    AlibabaProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    AlibabaProvider configures a store to sync secrets using the Alibaba Secret Manager provider.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -auth
    - - -AlibabaAuth - - -    		 -
    -endpoint
    - -string - -    		 -(Optional) -
    -regionID
    - -string - -    		 -

    Alibaba Region to be used for the provider

    -
    -

    AzureKVAuth -

    -

    -(Appears on: -AkeylessProvider) -

    -

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -secretRef
    - - -AkeylessAuthSecretRef - - -    		 -(Optional) -

    Reference to a Secret that contains the details -to authenticate with Akeyless.

    -
    -kubernetesAuth
    - - -AkeylessKubernetesAuth - - -    		 -(Optional) -

    Kubernetes authenticates with Akeyless by passing the ServiceAccount -token stored in the named Secret resource.

    -
    -

    AkeylessAuthSecretRef -

    -

    -(Appears on: -AkeylessAuth) -

    -

    -

    AkeylessAuthSecretRef -AKEYLESS_ACCESS_TYPE_PARAM: AZURE_OBJ_ID OR GCP_AUDIENCE OR ACCESS_KEY OR KUB_CONFIG_NAME.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -accessID
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    The SecretAccessID is used for authentication

    -
    -accessType
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -
    -accessTypeParam
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -
    -

    CAProvider -

    -

    -(Appears on: -VaultProvider) -

    -

    -

    Defines a location to fetch the cert for the vault provider from.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -type
    - - -CAProviderType - - -    		 -

    The type of provider to use such as “Secret”, or “ConfigMap”.

    -
    -name
    - -string - -    		 -

    The name of the object located at the provider type.

    -
    -key
    - -string - -    		 -

    The key the value inside of the provider type to use, only used with “Secret” type

    -
    -namespace
    - -string - -    		 -

    The namespace the Provider type is in.

    -
    -

    CAProviderType -(string alias)

    -

    -(Appears on: -CAProvider) -

    -

    -

    - - - - - - - - - - - - -
    ValueDescription

    "ConfigMap"

    "Secret"

    -

    ClusterSecretStore -

    -

    -(Appears on: -AkeylessAuth) -

    -

    -

    Authenticate with Kubernetes ServiceAccount token stored.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -accessID
    - -string - -    		 -

    the Akeyless Kubernetes auth-method access-id

    -
    -k8sConfName
    - -string - -    		 -

    Kubernetes-auth configuration name in Akeyless-Gateway

    -
    -serviceAccountRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector - -    		 -(Optional) -

    Optional service account field containing the name of a kubernetes ServiceAccount. -If the service account is specified, the service account secret token JWT will be used -for authenticating with Akeyless. If the service account selector is not supplied, -the secretRef will be used instead.

    -
    -secretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -(Optional) -

    Optional secret field containing a Kubernetes ServiceAccount JWT used -for authenticating with Akeyless. If a name is specified without a key, -token is the default. If one is not specified, the one bound to -the controller will be used.

    -
    -

    AkeylessProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    AkeylessProvider Configures an store to sync secrets using Akeyless KV.

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -akeylessGWApiURL
    - -string - -    		 -

    Akeyless GW API Url from which the secrets to be fetched from.

    -
    -authSecretRef
    - - -AkeylessAuth - - -    		 -

    Auth configures how the operator authenticates with Akeyless.

    -
    -

    AlibabaAuth -

    -

    -(Appears on: -AlibabaProvider) -

    -

    -

    AlibabaAuth contains a secretRef for credentials.

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -secretRef
    - - -AlibabaAuthSecretRef - - -    		 -
    -

    AlibabaAuthSecretRef -

    -

    -(Appears on: -AlibabaAuth) -

    -

    -

    AlibabaAuthSecretRef holds secret references for Alibaba credentials.

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -accessKeyIDSecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    The AccessKeyID is used for authentication

    -
    -accessKeySecretSecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    The AccessKeySecret is used for authentication

    -
    -

    AlibabaProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    AlibabaProvider configures a store to sync secrets using the Alibaba Secret Manager provider.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -auth
    - - -AlibabaAuth - - -    		 -
    -endpoint
    - -string - -    		 -(Optional) -
    -regionID
    - -string - -    		 -

    Alibaba Region to be used for the provider

    -
    -

    AzureAuthType -(string alias)

    -

    -(Appears on: -AzureKVProvider) -

    -

    -

    AuthType describes how to authenticate to the Azure Keyvault -Only one of the following auth types may be specified. -If none of the following auth type is specified, the default one -is ServicePrincipal.

    -

    - - - - - - - - - - - - - - -
    ValueDescription

    "ManagedIdentity"

    Using Managed Identity to authenticate. Used with aad-pod-identity installed in the cluster.

    -

    "ServicePrincipal"

    Using service principal to authenticate, which needs a tenantId, a clientId and a clientSecret.

    -

    "WorkloadIdentity"

    Using Workload Identity service accounts to authenticate.

    -
    -

    AzureEnvironmentType -(string alias)

    -

    -(Appears on: -AzureKVProvider) -

    -

    -

    AzureEnvironmentType specifies the Azure cloud environment endpoints to use for -connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. -The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 -PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud

    -

    - - - - - - - - - - - - - - - - -
    ValueDescription

    "ChinaCloud"

    "GermanCloud"

    "PublicCloud"

    "USGovernmentCloud"

    -

    AzureKVAuth -

    -

    -(Appears on: -AzureKVProvider) -

    -

    -

    Configuration used to authenticate with Azure.

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -clientId
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -(Optional) -

    The Azure clientId of the service principle used for authentication.

    -
    -clientSecret
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -(Optional) -

    The Azure ClientSecret of the service principle used for authentication.

    -
    -

    AzureKVProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    Configures an store to sync secrets using Azure KV.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -authType
    - - -AzureAuthType - - -    		 -(Optional) -

    Auth type defines how to authenticate to the keyvault service. -Valid values are: -- “ServicePrincipal” (default): Using a service principal (tenantId, clientId, clientSecret) -- “ManagedIdentity”: Using Managed Identity assigned to the pod (see aad-pod-identity)

    -
    -vaultUrl
    - -string - -    		 -

    Vault Url from which the secrets to be fetched from.

    -
    -tenantId
    - -string - -    		 -(Optional) -

    TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type.

    -
    -environmentType
    - - -AzureEnvironmentType - - -    		 -

    EnvironmentType specifies the Azure cloud environment endpoints to use for -connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. -The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 -PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud

    -
    -authSecretRef
    - - -AzureKVAuth - - -    		 -(Optional) -

    Auth configures how the operator authenticates with Azure. Required for ServicePrincipal auth type.

    -
    -serviceAccountRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector - -    		 -(Optional) -

    ServiceAccountRef specified the service account -that should be used when authenticating with WorkloadIdentity.

    -
    -identityId
    - -string - -    		 -(Optional) -

    If multiple Managed Identity is assigned to the pod, you can select the one to be used

    -
    -

    CAProvider -

    -

    -(Appears on: -KubernetesServer, -VaultProvider) -

    -

    -

    Used to provide custom certificate authority (CA) certificates -for a secret store. The CAProvider points to a Secret or ConfigMap resource -that contains a PEM-encoded certificate.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -type
    - - -CAProviderType - - -    		 -

    The type of provider to use such as “Secret”, or “ConfigMap”.

    -
    -name
    - -string - -    		 -

    The name of the object located at the provider type.

    -
    -key
    - -string - -    		 -

    The key where the CA certificate can be found in the Secret or ConfigMap.

    -
    -namespace
    - -string - -    		 -(Optional) -

    The namespace the Provider type is in. -Can only be defined when used in a ClusterSecretStore.

    -
    -

    CAProviderType -(string alias)

    -

    -(Appears on: -CAProvider) -

    -

    -

    - - - - - - - - - - - - -
    ValueDescription

    "ConfigMap"

    "Secret"

    -

    CertAuth -

    -

    -(Appears on: -KubernetesAuth) -

    -

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -clientCert
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -
    -clientKey
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -
    -

    ClusterExternalSecret -

    -

    -

    ClusterExternalSecret is the Schema for the clusterexternalsecrets API.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -metadata
    - - -Kubernetes meta/v1.ObjectMeta - - -    		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
    -spec
    - - -ClusterExternalSecretSpec - - -    		 -
    -
    - - - - - - - - - - - - - - - - - -
    -externalSecretSpec
    - - -ExternalSecretSpec - - -    		 -

    The spec for the ExternalSecrets to be created

    -
    -externalSecretName
    - -string - -    		 -(Optional) -

    The name of the external secrets to be created defaults to the name of the ClusterExternalSecret

    -
    -namespaceSelector
    - - -Kubernetes meta/v1.LabelSelector - - -    		 -

    The labels to select by to find the Namespaces to create the ExternalSecrets in.

    -
    -refreshTime
    - - -Kubernetes meta/v1.Duration - - -    		 -

    The time in which the controller should reconcile it’s objects and recheck namespaces for labels.

    -
    -
    -status
    - - -ClusterExternalSecretStatus - - -    		 -
    -

    ClusterExternalSecretConditionType -(string alias)

    -

    -(Appears on: -ClusterExternalSecretStatusCondition) -

    -

    -

    - - - - - - - - - - - - - - -
    ValueDescription

    "NotReady"

    "PartiallyReady"

    "Ready"

    -

    ClusterExternalSecretNamespaceFailure -

    -

    -(Appears on: -ClusterExternalSecretStatus) -

    -

    -

    ClusterExternalSecretNamespaceFailure represents a failed namespace deployment and it’s reason.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -namespace
    - -string - -    		 -

    Namespace is the namespace that failed when trying to apply an ExternalSecret

    -
    -reason
    - -string - -    		 -(Optional) -

    Reason is why the ExternalSecret failed to apply to the namespace

    -
    -immutable
    - -bool - -    		 -(Optional) -

    Immutable defines if the final secret will be immutable

    -
    -

    ClusterExternalSecretSpec -

    -

    -(Appears on: -ClusterExternalSecret) -

    -

    -

    ClusterExternalSecretSpec defines the desired state of ClusterExternalSecret.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -externalSecretSpec
    - - -ExternalSecretSpec - - -    		 -

    The spec for the ExternalSecrets to be created

    -
    -externalSecretName
    - -string - -    		 -(Optional) -

    The name of the external secrets to be created defaults to the name of the ClusterExternalSecret

    -
    -namespaceSelector
    - - -Kubernetes meta/v1.LabelSelector - - -    		 -

    The labels to select by to find the Namespaces to create the ExternalSecrets in.

    -
    -refreshTime
    - - -Kubernetes meta/v1.Duration - - -    		 -

    The time in which the controller should reconcile it’s objects and recheck namespaces for labels.

    -
    -

    ClusterExternalSecretStatus -

    -

    -(Appears on: -ClusterExternalSecret) -

    -

    -

    ClusterExternalSecretStatus defines the observed state of ClusterExternalSecret.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -failedNamespaces
    - - -[]ClusterExternalSecretNamespaceFailure - - -    		 -(Optional) -

    Failed namespaces are the namespaces that failed to apply an ExternalSecret

    -
    -provisionedNamespaces
    - -[]string - -    		 -(Optional) -

    ProvisionedNamespaces are the namespaces where the ClusterExternalSecret has secrets

    -
    -conditions
    - - -[]ClusterExternalSecretStatusCondition - - -    		 -(Optional) -
    -

    ClusterExternalSecretStatusCondition -

    -

    -(Appears on: -ClusterExternalSecretStatus) -

    -

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -type
    - - -ClusterExternalSecretConditionType - - -    		 -
    -status
    - - -Kubernetes core/v1.ConditionStatus - - -    		 -
    -message
    - -string - -    		 -(Optional) -
    -

    ClusterSecretStore -

    -

    -

    ClusterSecretStore represents a secure external location for storing secrets, which can be referenced as part of storeRef fields.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -metadata
    - - -Kubernetes meta/v1.ObjectMeta - - -    		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
    -spec
    - - -SecretStoreSpec - - -    		 -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -controller
    - -string - -    		 -(Optional) -

    Used to select the correct KES controller (think: ingress.ingressClassName) -The KES controller is instantiated with a specific controller name and filters ES based on this property

    -
    -provider
    - - -SecretStoreProvider - - -    		 -

    Used to configure the provider. Only one provider may be set

    -
    -retrySettings
    - - -SecretStoreRetrySettings - - -    		 -(Optional) -

    Used to configure http retries if failed

    -
    -refreshInterval
    - -int - -    		 -(Optional) -

    Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.

    -
    -conditions
    - - -[]ClusterSecretStoreCondition - - -    		 -(Optional) -

    Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore

    -
    -
    -status
    - - -SecretStoreStatus - - -    		 -
    -

    ClusterSecretStoreCondition -

    -

    -(Appears on: -SecretStoreSpec) -

    -

    -

    ClusterSecretStoreCondition describes a condition by which to choose namespaces to process ExternalSecrets in -for a ClusterSecretStore instance.

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -namespaceSelector
    - - -Kubernetes meta/v1.LabelSelector - - -    		 -(Optional) -

    Choose namespace using a labelSelector

    -
    -namespaces
    - -[]string - -    		 -

    Choose namespaces by name

    -
    -

    DopplerAuth -

    -

    -(Appears on: -DopplerProvider) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -secretRef
    - - -DopplerAuthSecretRef - - -    		 -
    -

    DopplerAuthSecretRef -

    -

    -(Appears on: -DopplerAuth) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -dopplerToken
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    The DopplerToken is used for authentication. -See https://docs.doppler.com/reference/api#authentication for auth token types. -The Key attribute defaults to dopplerToken if not specified.

    -
    -

    DopplerProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    DopplerProvider configures a store to sync secrets using the Doppler provider. -Project and Config are required if not using a Service Token.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -auth
    - - -DopplerAuth - - -    		 -

    Auth configures how the Operator authenticates with the Doppler API

    -
    -project
    - -string - -    		 -(Optional) -

    Doppler project (required if not using a Service Token)

    -
    -config
    - -string - -    		 -(Optional) -

    Doppler config (required if not using a Service Token)

    -
    -nameTransformer
    - -string - -    		 -(Optional) -

    Environment variable compatible name transforms that change secret names to a different format

    -
    -format
    - -string - -    		 -(Optional) -

    Format enables the downloading of secrets as a file (string)

    -
    -

    OracleAuth -

    -

    -(Appears on: -OracleProvider) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -secretRef
    - - -OracleSecretRef - - -    		 -

    SecretRef to pass through sensitive information.

    -
    -

    OracleProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    Configures an store to sync secrets using a Oracle Vault -backend.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -auth
    - - -OracleAuth - - -    		 -

    Auth configures how secret-manager authenticates with the Oracle Vault.

    -
    -user
    - -string - -    		 -

    User is an access OCID specific to the account.

    -
    -tenancy
    - -string - -    		 -

    projectID is an access token specific to the secret.

    -
    -region
    - -string - -    		 -

    projectID is an access token specific to the secret.

    -
    -

    OracleSecretRef -

    -

    -(Appears on: -OracleAuth) -

    -

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -privatekey
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    The Access Token is used for authentication

    -
    -fingerprint
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    projectID is an access token specific to the secret.

    -
    -

    PasswordDepotAuth -

    -

    -(Appears on: -PasswordDepotProvider) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -SecretRef
    - - -PasswordDepotSecretRef - - -    		 -
    -

    PasswordDepotProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    Configures a store to sync secrets with a Password Depot instance.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -host
    - -string - -    		 -

    URL configures the Password Depot instance URL.

    -
    -database
    - -string - -    		 -

    Database to use as source

    -
    -auth
    - - -PasswordDepotAuth - - -    		 -

    Auth configures how secret-manager authenticates with a Password Depot instance.

    -
    -

    PasswordDepotSecretRef -

    -

    -(Appears on: -PasswordDepotAuth) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -credentials
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    Username / Password is used for authentication.

    -
    -

    SecretStore -

    -

    -

    ExternalSecret is the Schema for the external-secrets API.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -metadata
    - - -Kubernetes meta/v1.ObjectMeta - - -    		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
    -spec
    - - -ExternalSecretSpec - - -    		 -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -secretStoreRef
    - - -SecretStoreRef - - -    		 -(Optional) -
    -target
    - - -ExternalSecretTarget - - -    		 -(Optional) -
    -refreshInterval
    - - -Kubernetes meta/v1.Duration - - -    		 -

    RefreshInterval is the amount of time before the values are read again from the SecretStore provider -Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” -May be set to zero to fetch and create it once. Defaults to 1h.

    -
    -data
    - - -[]ExternalSecretData - - -    		 -(Optional) -

    Data defines the connection between the Kubernetes Secret keys and the Provider data

    -
    -dataFrom
    - - -[]ExternalSecretDataFromRemoteRef - - -    		 -(Optional) -

    DataFrom is used to fetch all properties from a specific Provider data -If multiple entries are specified, the Secret keys are merged in the specified order

    -
    -
    -status
    - - -ExternalSecretStatus - - -    		 -
    -

    ExternalSecretConditionType -(string alias)

    -

    -(Appears on: -ExternalSecretStatusCondition) -

    -

    -

    - - - - - - - - - - - - -
    ValueDescription

    "Deleted"

    "Ready"

    -

    ExternalSecretConversionStrategy -(string alias)

    -

    -(Appears on: -ExternalSecretDataRemoteRef, -ExternalSecretFind) -

    -

    -

    - - - - - - - - - - - - -
    ValueDescription

    "Default"

    "Unicode"

    -

    ExternalSecretCreationPolicy -(string alias)

    -

    -(Appears on: -ExternalSecretTarget) -

    -

    -

    ExternalSecretCreationPolicy defines rules on how to create the resulting Secret.

    -

    - - - - - - - - - - - - - - - - -
    ValueDescription

    "Merge"

    Merge does not create the Secret, but merges the data fields to the Secret.

    -

    "None"

    None does not create a Secret (future use with injector).

    -

    "Orphan"

    Orphan creates the Secret and does not set the ownerReference. -I.e. it will be orphaned after the deletion of the ExternalSecret.

    -

    "Owner"

    Owner creates the Secret and sets .metadata.ownerReferences to the ExternalSecret resource.

    -
    -

    ExternalSecretData -

    -

    -(Appears on: -ExternalSecretSpec) -

    -

    -

    ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.) and the Provider data.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -secretKey
    - -string - -    		 -

    SecretKey defines the key in which the controller stores -the value. This is the key in the Kind=Secret

    -
    -remoteRef
    - - -ExternalSecretDataRemoteRef - - -    		 -

    RemoteRef points to the remote secret and defines -which secret (version/property/..) to fetch.

    -
    -sourceRef
    - - -SourceRef - - -    		 -

    SourceRef allows you to override the source -from which the value will pulled from.

    -
    -

    ExternalSecretDataFromRemoteRef -

    -

    -(Appears on: -ExternalSecretSpec) -

    -

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -extract
    - - -ExternalSecretDataRemoteRef - - -    		 -(Optional) -

    Used to extract multiple key/value pairs from one secret -Note: Extract does not support sourceRef.Generator or sourceRef.GeneratorRef.

    -
    -find
    - - -ExternalSecretFind - - -    		 -(Optional) -

    Used to find secrets based on tags or regular expressions -Note: Find does not support sourceRef.Generator or sourceRef.GeneratorRef.

    -
    -rewrite
    - - -[]ExternalSecretRewrite - - -    		 -(Optional) -

    Used to rewrite secret Keys after getting them from the secret Provider -Multiple Rewrite operations can be provided. They are applied in a layered order (first to last)

    -
    -sourceRef
    - - -SourceRef - - -    		 -

    SourceRef points to a store or generator -which contains secret values ready to use. -Use this in combination with Extract or Find pull values out of -a specific SecretStore. -When sourceRef points to a generator Extract or Find is not supported. -The generator returns a static map of values

    -
    -

    ExternalSecretDataRemoteRef -

    -

    -(Appears on: -ExternalSecretData, -ExternalSecretDataFromRemoteRef) -

    -

    -

    ExternalSecretDataRemoteRef defines Provider data location.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -key
    - -string - -    		 -

    Key is the key used in the Provider, mandatory

    -
    -metadataPolicy
    - - -ExternalSecretMetadataPolicy - - -    		 -(Optional) -

    Policy for fetching tags/labels from provider secrets, possible options are Fetch, None. Defaults to None

    -
    -property
    - -string - -    		 -(Optional) -

    Used to select a specific property of the Provider value (if a map), if supported

    -
    -version
    - -string - -    		 -(Optional) -

    Used to select a specific version of the Provider value, if supported

    -
    -conversionStrategy
    - - -ExternalSecretConversionStrategy - - -    		 -(Optional) -

    Used to define a conversion Strategy

    -
    -decodingStrategy
    - - -ExternalSecretDecodingStrategy - - -    		 -(Optional) -

    Used to define a decoding Strategy

    -
    -

    ExternalSecretDecodingStrategy -(string alias)

    -

    -(Appears on: -ExternalSecretDataRemoteRef, -ExternalSecretFind) -

    -

    -

    - - - - - - - - - - - - - - - - -
    ValueDescription

    "Auto"

    "Base64"

    "Base64URL"

    "None"

    -

    ExternalSecretDeletionPolicy -(string alias)

    -

    -(Appears on: -ExternalSecretTarget) -

    -

    -

    ExternalSecretDeletionPolicy defines rules on how to delete the resulting Secret.

    -

    - - - - - - - - - - - - - - -
    ValueDescription

    "Delete"

    Delete deletes the secret if all provider secrets are deleted. -If a secret gets deleted on the provider side and is not accessible -anymore this is not considered an error and the ExternalSecret -does not go into SecretSyncedError status.

    -

    "Merge"

    Merge removes keys in the secret, but not the secret itself. -If a secret gets deleted on the provider side and is not accessible -anymore this is not considered an error and the ExternalSecret -does not go into SecretSyncedError status.

    -

    "Retain"

    Retain will retain the secret if all provider secrets have been deleted. -If a provider secret does not exist the ExternalSecret gets into the -SecretSyncedError status.

    -
    -

    ExternalSecretFind -

    -

    -(Appears on: -ExternalSecretDataFromRemoteRef) -

    -

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -path
    - -string - -    		 -(Optional) -

    A root path to start the find operations.

    -
    -name
    - - -FindName - - -    		 -(Optional) -

    Finds secrets based on the name.

    -
    -tags
    - -map[string]string - -    		 -(Optional) -

    Find secrets based on tags.

    -
    -conversionStrategy
    - - -ExternalSecretConversionStrategy - - -    		 -(Optional) -

    Used to define a conversion Strategy

    -
    -decodingStrategy
    - - -ExternalSecretDecodingStrategy - - -    		 -(Optional) -

    Used to define a decoding Strategy

    -
    -

    ExternalSecretMetadataPolicy -(string alias)

    -

    -(Appears on: -ExternalSecretDataRemoteRef) -

    -

    -

    - - - - - - - - - - - - -
    ValueDescription

    "Fetch"

    "None"

    -

    ExternalSecretRewrite -

    -

    -(Appears on: -ExternalSecretDataFromRemoteRef) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -regexp
    - - -ExternalSecretRewriteRegexp - - -    		 -(Optional) -

    Used to rewrite with regular expressions. -The resulting key will be the output of a regexp.ReplaceAll operation.

    -
    -

    ExternalSecretRewriteRegexp -

    -

    -(Appears on: -ExternalSecretRewrite) -

    -

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -source
    - -string - -    		 -

    Used to define the regular expression of a re.Compiler.

    -
    -target
    - -string - -    		 -

    Used to define the target pattern of a ReplaceAll operation.

    -
    -

    ExternalSecretSpec -

    -

    -(Appears on: -ClusterExternalSecretSpec, -ExternalSecret) -

    -

    -

    ExternalSecretSpec defines the desired state of ExternalSecret.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -secretStoreRef
    - - -SecretStoreRef - - -    		 -(Optional) -
    -target
    - - -ExternalSecretTarget - - -    		 -(Optional) -
    -refreshInterval
    - - -Kubernetes meta/v1.Duration - - -    		 -

    RefreshInterval is the amount of time before the values are read again from the SecretStore provider -Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” -May be set to zero to fetch and create it once. Defaults to 1h.

    -
    -data
    - - -[]ExternalSecretData - - -    		 -(Optional) -

    Data defines the connection between the Kubernetes Secret keys and the Provider data

    -
    -dataFrom
    - - -[]ExternalSecretDataFromRemoteRef - - -    		 -(Optional) -

    DataFrom is used to fetch all properties from a specific Provider data -If multiple entries are specified, the Secret keys are merged in the specified order

    -
    -

    ExternalSecretStatus -

    -

    -(Appears on: -ExternalSecret) -

    -

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -refreshTime
    - - -Kubernetes meta/v1.Time - - -    		 -

    refreshTime is the time and date the external secret was fetched and -the target secret updated

    -
    -syncedResourceVersion
    - -string - -    		 -

    SyncedResourceVersion keeps track of the last synced version

    -
    -conditions
    - - -[]ExternalSecretStatusCondition - - -    		 -(Optional) -
    -

    ExternalSecretStatusCondition -

    -

    -(Appears on: -ExternalSecretStatus) -

    -

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -type
    - - -ExternalSecretConditionType - - -    		 -
    -status
    - - -Kubernetes core/v1.ConditionStatus - - -    		 -
    -reason
    - -string - -    		 -(Optional) -
    -message
    - -string - -    		 -(Optional) -
    -lastTransitionTime
    - - -Kubernetes meta/v1.Time - - -    		 -(Optional) -
    -

    ExternalSecretTarget -

    -

    -(Appears on: -ExternalSecretSpec) -

    -

    -

    ExternalSecretTarget defines the Kubernetes Secret to be created -There can be only one target per ExternalSecret.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -name
    - -string - -    		 -(Optional) -

    Name defines the name of the Secret resource to be managed -This field is immutable -Defaults to the .metadata.name of the ExternalSecret resource

    -
    -creationPolicy
    - - -ExternalSecretCreationPolicy - - -    		 -(Optional) -

    CreationPolicy defines rules on how to create the resulting Secret -Defaults to ‘Owner’

    -
    -deletionPolicy
    - - -ExternalSecretDeletionPolicy - - -    		 -(Optional) -

    DeletionPolicy defines rules on how to delete the resulting Secret -Defaults to ‘Retain’

    -
    -template
    - - -ExternalSecretTemplate - - -    		 -(Optional) -

    Template defines a blueprint for the created Secret resource.

    -
    -immutable
    - -bool - -    		 -(Optional) -

    Immutable defines if the final secret will be immutable

    -
    -

    ExternalSecretTemplate -

    -

    -(Appears on: -ExternalSecretTarget) -

    -

    -

    ExternalSecretTemplate defines a blueprint for the created Secret resource. -we can not use native corev1.Secret, it will have empty ObjectMeta values: https://github.com/kubernetes-sigs/controller-tools/issues/448

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -type
    - - -Kubernetes core/v1.SecretType - - -    		 -(Optional) -
    -engineVersion
    - - -TemplateEngineVersion - - -    		 -
    -metadata
    - - -ExternalSecretTemplateMetadata - - -    		 -(Optional) -
    -data
    - -map[string]string - -    		 -(Optional) -
    -templateFrom
    - - -[]TemplateFrom - - -    		 -(Optional) -
    -

    ExternalSecretTemplateMetadata -

    -

    -(Appears on: -ExternalSecretTemplate) -

    -

    -

    ExternalSecretTemplateMetadata defines metadata fields for the Secret blueprint.

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -annotations
    - -map[string]string - -    		 -(Optional) -
    -labels
    - -map[string]string - -    		 -(Optional) -
    -

    ExternalSecretValidator -

    -

    -

    -

    FakeProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    FakeProvider configures a fake provider that returns static values.

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -data
    - - -[]FakeProviderData - - -    		 -
    -

    FakeProviderData -

    -

    -(Appears on: -FakeProvider) -

    -

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -key
    - -string - -    		 -
    -value
    - -string - -    		 -
    -valueMap
    - -map[string]string - -    		 -
    -version
    - -string - -    		 -
    -

    FindName -

    -

    -(Appears on: -ExternalSecretFind) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -regexp
    - -string - -    		 -(Optional) -

    Finds secrets base

    -
    -

    GCPSMAuth -

    -

    -(Appears on: -GCPSMProvider) -

    -

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -secretRef
    - - -GCPSMAuthSecretRef - - -    		 -(Optional) -
    -workloadIdentity
    - - -GCPWorkloadIdentity - - -    		 -(Optional) -
    -

    GCPSMAuthSecretRef -

    -

    -(Appears on: -GCPSMAuth) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -secretAccessKeySecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -(Optional) -

    The SecretAccessKey is used for authentication

    -
    -

    GCPSMProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    GCPSMProvider Configures a store to sync secrets using the GCP Secret Manager provider.

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -auth
    - - -GCPSMAuth - - -    		 -(Optional) -

    Auth defines the information necessary to authenticate against GCP

    -
    -projectID
    - -string - -    		 -

    ProjectID project where secret is located

    -
    -

    GCPWorkloadIdentity -

    -

    -(Appears on: -GCPSMAuth) -

    -

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -serviceAccountRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector - -    		 -
    -clusterLocation
    - -string - -    		 -
    -clusterName
    - -string - -    		 -
    -clusterProjectID
    - -string - -    		 -
    -

    GeneratorRef -

    -

    -(Appears on: -SourceRef) -

    -

    -

    GeneratorRef points to a generator custom resource.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -apiVersion
    - -string - -    		 -

    Specify the apiVersion of the generator resource

    -
    -kind
    - -string - -    		 -

    Specify the Kind of the resource, e.g. Password, ACRAccessToken etc.

    -
    -name
    - -string - -    		 -

    Specify the name of the generator resource

    -
    -

    GenericStore -

    -

    -

    GenericStore is a common interface for interacting with ClusterSecretStore -or a namespaced SecretStore.

    -

    -

    GenericStoreValidator -

    -

    -

    -

    GitlabAuth -

    -

    -(Appears on: -GitlabProvider) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -SecretRef
    - - -GitlabSecretRef - - -    		 -
    -

    GitlabProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    Configures a store to sync secrets with a GitLab instance.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -url
    - -string - -    		 -

    URL configures the GitLab instance URL. Defaults to https://gitlab.com/.

    -
    -auth
    - - -GitlabAuth - - -    		 -

    Auth configures how secret-manager authenticates with a GitLab instance.

    -
    -projectID
    - -string - -    		 -

    ProjectID specifies a project where secrets are located.

    -
    -inheritFromGroups
    - -bool - -    		 -

    InheritFromGroups specifies whether parent groups should be discovered and checked for secrets.

    -
    -groupIDs
    - -[]string - -    		 -

    GroupIDs specify, which gitlab groups to pull secrets from. Group secrets are read from left to right followed by the project variables.

    -
    -environment
    - -string - -    		 -

    Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments)

    -
    -

    GitlabSecretRef -

    -

    -(Appears on: -GitlabAuth) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -accessToken
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    AccessToken is used for authentication.

    -
    -

    IBMAuth -

    -

    -(Appears on: -IBMProvider) -

    -

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -secretRef
    - - -IBMAuthSecretRef - - -    		 -
    -containerAuth
    - - -IBMAuthContainerAuth - - -    		 -
    -

    IBMAuthContainerAuth -

    -

    -(Appears on: -IBMAuth) -

    -

    -

    IBM Container-based auth with IAM Trusted Profile.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -profile
    - -string - -    		 -

    the IBM Trusted Profile

    -
    -tokenLocation
    - -string - -    		 -

    Location the token is mounted on the pod

    -
    -iamEndpoint
    - -string - -    		 -
    -

    IBMAuthSecretRef -

    -

    -(Appears on: -IBMAuth) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -secretApiKeySecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    The SecretAccessKey is used for authentication

    -
    -

    IBMProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    Configures an store to sync secrets using a IBM Cloud Secrets Manager -backend.

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -auth
    - - -IBMAuth - - -    		 -

    Auth configures how secret-manager authenticates with the IBM secrets manager.

    -
    -serviceUrl
    - -string - -    		 -

    ServiceURL is the Endpoint URL that is specific to the Secrets Manager service instance

    -
    -

    KubernetesAuth -

    -

    -(Appears on: -KubernetesProvider) -

    -

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -cert
    - - -CertAuth - - -    		 -(Optional) -

    has both clientCert and clientKey as secretKeySelector

    -
    -token
    - - -TokenAuth - - -    		 -(Optional) -

    use static token to authenticate with

    -
    -serviceAccount
    - -github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector - -    		 -(Optional) -

    points to a service account that should be used for authentication

    -
    -

    KubernetesProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    Configures a store to sync secrets with a Kubernetes instance.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -server
    - - -KubernetesServer - - -    		 -

    configures the Kubernetes server Address.

    -
    -auth
    - - -KubernetesAuth - - -    		 -

    Auth configures how secret-manager authenticates with a Kubernetes instance.

    -
    -remoteNamespace
    - -string - -    		 -(Optional) -

    Remote namespace to fetch the secrets from

    -
    -

    KubernetesServer -

    -

    -(Appears on: -KubernetesProvider) -

    -

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -url
    - -string - -    		 -(Optional) -

    configures the Kubernetes server Address.

    -
    -caBundle
    - -[]byte - -    		 -(Optional) -

    CABundle is a base64-encoded CA certificate

    -
    -caProvider
    - - -CAProvider - - -    		 -(Optional) -

    see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider

    -
    -

    NoSecretError -

    -

    -

    NoSecretError shall be returned when a GetSecret can not find the -desired secret. This is used for deletionPolicy.

    -

    -

    OnePasswordAuth -

    -

    -(Appears on: -OnePasswordProvider) -

    -

    -

    OnePasswordAuth contains a secretRef for credentials.

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -secretRef
    - - -OnePasswordAuthSecretRef - - -    		 -
    -

    OnePasswordAuthSecretRef -

    -

    -(Appears on: -OnePasswordAuth) -

    -

    -

    OnePasswordAuthSecretRef holds secret references for 1Password credentials.

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -connectTokenSecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    The ConnectToken is used for authentication to a 1Password Connect Server.

    -
    -

    OnePasswordProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    OnePasswordProvider configures a store to sync secrets using the 1Password Secret Manager provider.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -auth
    - - -OnePasswordAuth - - -    		 -

    Auth defines the information necessary to authenticate against OnePassword Connect Server

    -
    -connectHost
    - -string - -    		 -

    ConnectHost defines the OnePassword Connect Server to connect to

    -
    -vaults
    - -map[string]int - -    		 -

    Vaults defines which OnePassword vaults to search in which order

    -
    -

    OracleAuth -

    -

    -(Appears on: -OracleProvider) -

    -

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -tenancy
    - -string - -    		 -

    Tenancy is the tenancy OCID where user is located.

    -
    -user
    - -string - -    		 -

    User is an access OCID specific to the account.

    -
    -secretRef
    - - -OracleSecretRef - - -    		 -

    SecretRef to pass through sensitive information.

    -
    -

    OracleProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    Configures an store to sync secrets using a Oracle Vault -backend.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -region
    - -string - -    		 -

    Region is the region where vault is located.

    -
    -vault
    - -string - -    		 -

    Vault is the vault’s OCID of the specific vault where secret is located.

    -
    -auth
    - - -OracleAuth - - -    		 -(Optional) -

    Auth configures how secret-manager authenticates with the Oracle Vault. -If empty, use the instance principal, otherwise the user credentials specified in Auth.

    -
    -

    OracleSecretRef -

    -

    -(Appears on: -OracleAuth) -

    -

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -privatekey
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    PrivateKey is the user’s API Signing Key in PEM format, used for authentication.

    -
    -fingerprint
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    Fingerprint is the fingerprint of the API private key.

    -
    -

    Provider -

    -

    -

    Provider is a common interface for interacting with secret backends.

    -

    -

    SecretStore -

    -

    -

    SecretStore represents a secure external location for storing secrets, which can be referenced as part of storeRef fields.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -metadata
    - - -Kubernetes meta/v1.ObjectMeta - - -    		 -Refer to the Kubernetes API documentation for the fields of the -metadata field. -
    -spec
    - - -SecretStoreSpec - - -    		 -
    -
    - - - - - - - - - - - - - - - - - - - - - -
    -controller
    - -string - -    		 -(Optional) -

    Used to select the correct KES controller (think: ingress.ingressClassName) -The KES controller is instantiated with a specific controller name and filters ES based on this property

    -
    -provider
    - - -SecretStoreProvider - - -    		 -

    Used to configure the provider. Only one provider may be set

    -
    -retrySettings
    - - -SecretStoreRetrySettings - - -    		 -(Optional) -

    Used to configure http retries if failed

    -
    -refreshInterval
    - -int - -    		 -(Optional) -

    Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.

    -
    -conditions
    - - -[]ClusterSecretStoreCondition - - -    		 -(Optional) -

    Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore

    -
    -
    -status
    - - -SecretStoreStatus - - -    		 -
    -

    SecretStoreConditionType -(string alias)

    -

    -(Appears on: -SecretStoreStatusCondition) -

    -

    -

    - - - - - - - - - - -
    ValueDescription

    "Ready"

    -

    SecretStoreProvider -

    -

    -(Appears on: -SecretStoreSpec) -

    -

    -

    SecretStoreProvider contains the provider-specific configuration.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -aws
    - - -AWSProvider - - -    		 -(Optional) -

    AWS configures this store to sync secrets using AWS Secret Manager provider

    -
    -azurekv
    - - -AzureKVProvider - - -    		 -(Optional) -

    AzureKV configures this store to sync secrets using Azure Key Vault provider

    -
    -akeyless
    - - -AkeylessProvider - - -    		 -(Optional) -

    Akeyless configures this store to sync secrets using Akeyless Vault provider

    -
    -vault
    - - -VaultProvider - - -    		 -(Optional) -

    Vault configures this store to sync secrets using Hashi provider

    -
    -gcpsm
    - - -GCPSMProvider - - -    		 -(Optional) -

    GCPSM configures this store to sync secrets using Google Cloud Platform Secret Manager provider

    -
    -oracle
    - - -OracleProvider - - -    		 -(Optional) -

    Oracle configures this store to sync secrets using Oracle Vault provider

    -
    -ibm
    - - -IBMProvider - - -    		 -(Optional) -

    IBM configures this store to sync secrets using IBM Cloud provider

    -
    -yandexcertificatemanager
    - - -YandexCertificateManagerProvider - - -    		 -(Optional) -

    YandexCertificateManager configures this store to sync secrets using Yandex Certificate Manager provider

    -
    -yandexlockbox
    - - -YandexLockboxProvider - - -    		 -(Optional) -

    YandexLockbox configures this store to sync secrets using Yandex Lockbox provider

    -
    -gitlab
    - - -GitlabProvider - - -    		 -(Optional) -

    GitLab configures this store to sync secrets using GitLab Variables provider

    -
    -alibaba
    - - -AlibabaProvider - - -    		 -(Optional) -

    Alibaba configures this store to sync secrets using Alibaba Cloud provider

    -
    -onepassword
    - - -OnePasswordProvider - - -    		 -(Optional) -

    OnePassword configures this store to sync secrets using the 1Password Cloud provider

    -
    -webhook
    - - -WebhookProvider - - -    		 -(Optional) -

    Webhook configures this store to sync secrets using a generic templated webhook

    -
    -kubernetes
    - - -KubernetesProvider - - -    		 -(Optional) -

    Kubernetes configures this store to sync secrets using a Kubernetes cluster provider

    -
    -fake
    - - -FakeProvider - - -    		 -(Optional) -

    Fake configures a store with static key/value pairs

    -
    -senhasegura
    - - -SenhaseguraProvider - - -    		 -(Optional) -

    Senhasegura configures this store to sync secrets using senhasegura provider

    -
    -doppler
    - - -DopplerProvider - - -    		 -(Optional) -

    Doppler configures this store to sync secrets using the Doppler provider

    -
    -

    SecretStoreRef -

    -

    -(Appears on: -ExternalSecretSpec, -SourceRef) -

    -

    -

    SecretStoreRef defines which SecretStore to fetch the ExternalSecret data.

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -name
    - -string - -    		 -

    Name of the SecretStore resource

    -
    -kind
    - -string - -    		 -(Optional) -

    Kind of the SecretStore resource (SecretStore or ClusterSecretStore) -Defaults to SecretStore

    -
    -

    SecretStoreRetrySettings -

    -

    -(Appears on: -SecretStoreSpec) -

    -

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -maxRetries
    - -int32 - -    		 -
    -retryInterval
    - -string - -    		 -
    -

    SecretStoreSpec -

    -

    -(Appears on: -ClusterSecretStore, -SecretStore) -

    -

    -

    SecretStoreSpec defines the desired state of SecretStore.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -controller
    - -string - -    		 -(Optional) -

    Used to select the correct KES controller (think: ingress.ingressClassName) -The KES controller is instantiated with a specific controller name and filters ES based on this property

    -
    -provider
    - - -SecretStoreProvider - - -    		 -

    Used to configure the provider. Only one provider may be set

    -
    -retrySettings
    - - -SecretStoreRetrySettings - - -    		 -(Optional) -

    Used to configure http retries if failed

    -
    -refreshInterval
    - -int - -    		 -(Optional) -

    Used to configure store refresh interval in seconds. Empty or 0 will default to the controller config.

    -
    -conditions
    - - -[]ClusterSecretStoreCondition - - -    		 -(Optional) -

    Used to constraint a ClusterSecretStore to specific namespaces. Relevant only to ClusterSecretStore

    -
    -

    SecretStoreStatus -

    -

    -(Appears on: -ClusterSecretStore, -SecretStore) -

    -

    -

    SecretStoreStatus defines the observed state of the SecretStore.

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -conditions
    - - -[]SecretStoreStatusCondition - - -    		 -(Optional) -
    -

    SecretStoreStatusCondition -

    -

    -(Appears on: -SecretStoreStatus) -

    -

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -type
    - - -SecretStoreConditionType - - -    		 -
    -status
    - - -Kubernetes core/v1.ConditionStatus - - -    		 -
    -reason
    - -string - -    		 -(Optional) -
    -message
    - -string - -    		 -(Optional) -
    -lastTransitionTime
    - - -Kubernetes meta/v1.Time - - -    		 -(Optional) -
    -

    SecretsClient -

    -

    -

    SecretsClient provides access to secrets.

    -

    -

    SenhaseguraAuth -

    -

    -(Appears on: -SenhaseguraProvider) -

    -

    -

    SenhaseguraAuth tells the controller how to do auth in senhasegura.

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -clientId
    - -string - -    		 -
    -clientSecretSecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -
    -

    SenhaseguraModuleType -(string alias)

    -

    -(Appears on: -SenhaseguraProvider) -

    -

    -

    SenhaseguraModuleType enum defines senhasegura target module to fetch secrets

    -

    - - - - - - - - - - -
    ValueDescription

    "DSM"

    	SenhaseguraModuleDSM is the senhasegura DevOps Secrets Management module
-see: https://senhasegura.com/devops
-
    -
    -

    SenhaseguraProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    SenhaseguraProvider setup a store to sync secrets with senhasegura.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -url
    - -string - -    		 -

    URL of senhasegura

    -
    -module
    - - -SenhaseguraModuleType - - -    		 -

    Module defines which senhasegura module should be used to get secrets

    -
    -auth
    - - -SenhaseguraAuth - - -    		 -

    Auth defines parameters to authenticate in senhasegura

    -
    -ignoreSslCertificate
    - -bool - -    		 -

    IgnoreSslCertificate defines if SSL certificate must be ignored

    -
    -

    SourceRef -

    -

    -(Appears on: -ExternalSecretData, -ExternalSecretDataFromRemoteRef) -

    -

    -

    SourceRef allows you to override the source -from which the secret will be pulled from. -You can define at maximum one property.

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -storeRef
    - - -SecretStoreRef - - -    		 -(Optional) -
    -generatorRef
    - - -GeneratorRef - - -    		 -(Optional) -

    GeneratorRef points to a generator custom resource in

    -
    -

    TemplateEngineVersion -(string alias)

    -

    -(Appears on: -ExternalSecretTemplate) -

    -

    -

    - - - - - - - - - - - - -
    ValueDescription

    "v1"

    "v2"

    -

    TemplateFrom -

    -

    -(Appears on: -ExternalSecretTemplate) -

    -

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -configMap
    - - -TemplateRef - - -    		 -
    -secret
    - - -TemplateRef - - -    		 -
    -scope
    - - -TemplateScope - - -    		 -(Optional) -
    -target
    - - -TemplateTarget - - -    		 -(Optional) -
    -literal
    - -string - -    		 -(Optional) -
    -

    TemplateRef -

    -

    -(Appears on: -TemplateFrom) -

    -

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -name
    - -string - -    		 -
    -items
    - - -[]TemplateRefItem - - -    		 -
    -

    TemplateRefItem -

    -

    -(Appears on: -TemplateRef) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -key
    - -string - -    		 -
    -

    TemplateScope -(string alias)

    -

    -(Appears on: -TemplateFrom) -

    -

    -

    - - - - - - - - - - - - -
    ValueDescription

    "KeysAndValues"

    "Values"

    -

    TemplateTarget -(string alias)

    -

    -(Appears on: -TemplateFrom) -

    -

    -

    - - - - - - - - - - - - - - - - -
    ValueDescription

    "Annotations"

    "Data"

    "Labels"

    "StringData"

    -

    TokenAuth -

    -

    -(Appears on: -KubernetesAuth) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -bearerToken
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -
    -

    ValidationResult -(byte alias)

    -

    -

    - - - - - - - - - - - - - - -
    ValueDescription

    2

    Error indicates that there is a misconfiguration.

    -

    0

    Ready indicates that the client is configured correctly -and can be used.

    -

    1

    Unknown indicates that the client can be used -but information is missing and it can not be validated.

    -
    -

    VaultAppRole -

    -

    -(Appears on: -VaultAuth) -

    -

    -

    VaultAppRole authenticates with Vault using the App Role auth mechanism, -with the role and secret stored in a Kubernetes Secret resource.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -path
    - -string - -    		 -

    Path where the App Role authentication backend is mounted -in Vault, e.g: “approle”

    -
    -roleId
    - -string - -    		 -

    RoleID configured in the App Role authentication backend when setting -up the authentication backend in Vault.

    -
    -secretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    Reference to a key in a Secret that contains the App Role secret used -to authenticate with Vault. -The key field must be specified and denotes which entry within the Secret -resource is used as the app role secret.

    -
    -

    VaultAuth -

    -

    -(Appears on: -VaultProvider) -

    -

    -

    VaultAuth is the configuration used to authenticate with a Vault server. -Only one of tokenSecretRef, appRole, kubernetes, ldap, userPass, jwt or cert -can be specified.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -tokenSecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -(Optional) -

    TokenSecretRef authenticates with Vault by presenting a token.

    -
    -appRole
    - - -VaultAppRole - - -    		 -(Optional) -

    AppRole authenticates with Vault using the App Role auth mechanism, -with the role and secret stored in a Kubernetes Secret resource.

    -
    -kubernetes
    - - -VaultKubernetesAuth - - -    		 -(Optional) -

    Kubernetes authenticates with Vault by passing the ServiceAccount -token stored in the named Secret resource to the Vault server.

    -
    -ldap
    - - -VaultLdapAuth - - -    		 -(Optional) -

    Ldap authenticates with Vault by passing username/password pair using -the LDAP authentication method

    -
    -userPass
    - - -VaultUserPassAuth - - -    		 -(Optional) -

    UserPass authenticates with Vault by passing username/password pair using -the userPass authentication method

    -
    -jwt
    - - -VaultJwtAuth - - -    		 -(Optional) -

    Jwt authenticates with Vault by passing role and JWT token using the -JWT/OIDC authentication method

    -
    -cert
    - - -VaultCertAuth - - -    		 -(Optional) -

    Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate -Cert authentication method

    -
    -

    VaultCertAuth -

    -

    -(Appears on: -VaultAuth) -

    -

    -

    VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication -method, with the role name and token stored in a Kubernetes Secret resource.

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -clientCert
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -(Optional) -

    ClientCert is a certificate to authenticate using the Cert Vault -authentication method

    -
    -secretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    SecretRef to a key in a Secret resource containing client private key to -authenticate with Vault using the Cert authentication method

    -
    -

    VaultJwtAuth -

    -

    -(Appears on: -VaultAuth) -

    -

    -

    VaultJwtAuth authenticates with Vault using the JWT/OIDC authentication -method, with the role name and a token stored in a Kubernetes Secret resource or -a Kubernetes service account token retrieved via TokenRequest.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -path
    - -string - -    		 -

    Path where the JWT authentication backend is mounted -in Vault, e.g: “jwt”

    -
    -role
    - -string - -    		 -(Optional) -

    Role is a JWT role to authenticate using the JWT/OIDC Vault -authentication method

    -
    -secretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -(Optional) -

    Optional SecretRef that refers to a key in a Secret resource containing JWT token to -authenticate with Vault using the JWT/OIDC authentication method.

    -
    -kubernetesServiceAccountToken
    - - -VaultKubernetesServiceAccountTokenAuth - - -    		 -(Optional) -

    Optional ServiceAccountToken specifies the Kubernetes service account for which to request -a token for with the TokenRequest API.

    -
    -

    VaultKVStoreVersion -(string alias)

    -

    -(Appears on: -VaultProvider) -

    -

    -

    - - - - - - - - - - - - -
    ValueDescription

    "v1"

    "v2"

    -

    VaultKubernetesAuth -

    -

    -(Appears on: -VaultAuth) -

    -

    -

    Authenticate against Vault using a Kubernetes ServiceAccount token stored in -a Secret.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -mountPath
    - -string - -    		 -

    Path where the Kubernetes authentication backend is mounted in Vault, e.g: -“kubernetes”

    -
    -serviceAccountRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector - -    		 -(Optional) -

    Optional service account field containing the name of a kubernetes ServiceAccount. -If the service account is specified, the service account secret token JWT will be used -for authenticating with Vault. If the service account selector is not supplied, -the secretRef will be used instead.

    -
    -secretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -(Optional) -

    Optional secret field containing a Kubernetes ServiceAccount JWT used -for authenticating with Vault. If a name is specified without a key, -token is the default. If one is not specified, the one bound to -the controller will be used.

    -
    -role
    - -string - -    		 -

    A required field containing the Vault Role to assume. A Role binds a -Kubernetes ServiceAccount with a set of Vault policies.

    -
    -

    VaultKubernetesServiceAccountTokenAuth -

    -

    -(Appears on: -VaultJwtAuth) -

    -

    -

    VaultKubernetesServiceAccountTokenAuth authenticates with Vault using a temporary -Kubernetes service account token retrieved by the TokenRequest API.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -oracle
    - - -OracleProvider - - -    		 -(Optional) -

    Oracle configures this store to sync secrets using Oracle Vault provider

    -
    -ibm
    - -github.com/external-secrets/external-secrets/apis/meta/v1.ServiceAccountSelector - -    		 -

    Service account field containing the name of a kubernetes ServiceAccount.

    -
    -audiences
    - -[]string - -    		 -(Optional) -

    Optional audiences field that will be used to request a temporary Kubernetes service -account token for the service account referenced by serviceAccountRef. -Defaults to a single audience vault it not specified. -Deprecated: use serviceAccountRef.Audiences instead

    -
    -expirationSeconds
    - -int64 - -    		 -(Optional) -

    Optional expiration time in seconds that will be used to request a temporary -Kubernetes service account token for the service account referenced by -serviceAccountRef. -Deprecated: this will be removed in the future. -Defaults to 10 minutes.

    -
    -alibaba
    - - -AlibabaProvider - - -    		 -(Optional) -

    Alibaba configures this store to sync secrets using Alibaba Cloud provider

    -
    -passworddepot
    - - -PasswordDepotProvider - - -    		 -(Optional) -

    PasswordDepot configures this store to sync secrets using PasswordDepot provider

    -
    -

    VaultLdapAuth -

    -

    -(Appears on: -VaultAuth) -

    -

    -

    VaultLdapAuth authenticates with Vault using the LDAP authentication method, -with the username and password stored in a Kubernetes Secret resource.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -path
    - -string - -    		 -

    Path where the LDAP authentication backend is mounted -in Vault, e.g: “ldap”

    -
    -username
    - -string - -    		 -

    Username is a LDAP user name used to authenticate using the LDAP Vault -authentication method

    -
    -secretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    SecretRef to a key in a Secret resource containing password for the LDAP -user used to authenticate with Vault using the LDAP authentication -method

    -
    -

    VaultUserPassAuth -

    -

    -(Appears on: -VaultAuth) -

    -

    -

    VaultUserPassAuth authenticates with Vault using the UserPass authentication method, -with the username and password stored in a Kubernetes Secret resource.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -path
    - -string - -    		 -

    Path where the UserPass authentication backend is mounted -in Vault, e.g: “userpass”

    -
    -username
    - -string - -    		 -

    Username is a user name used to authenticate using the UserPass Vault -authentication method

    -
    -secretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    SecretRef to a key in a Secret resource containing password for the -user used to authenticate with Vault using the UserPass authentication -method

    -
    -

    VaultProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    Configures an store to sync secrets using a HashiCorp Vault -KV backend.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -auth
    - - -VaultAuth - - -    		 -

    Auth configures how secret-manager authenticates with the Vault server.

    -
    -server
    - -string - -    		 -

    Server is the connection address for the Vault server, e.g: “https://vault.example.com:8200”.

    -
    -path
    - -string - -    		 -(Optional) -

    Path is the mount path of the Vault KV backend endpoint, e.g: -“secret”. The v2 KV secret engine version specific “/data” path suffix -for fetching secrets from Vault is optional and will be appended -if not present in specified path.

    -
    -version
    - - -VaultKVStoreVersion - - -    		 -

    Version is the Vault KV secret engine version. This can be either “v1” or -“v2”. Version defaults to “v2”.

    -
    -namespace
    - -string - -    		 -(Optional) -

    Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows -Vault environments to support Secure Multi-tenancy. e.g: “ns1”. -More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces

    -
    -caBundle
    - -[]byte - -    		 -(Optional) -

    PEM encoded CA bundle used to validate Vault server certificate. Only used -if the Server URL is using HTTPS protocol. This parameter is ignored for -plain HTTP protocol connection. If not set the system root certificates -are used to validate the TLS connection.

    -
    -caProvider
    - - -CAProvider - - -    		 -(Optional) -

    The provider for the CA bundle to use to validate Vault server certificate.

    -
    -readYourWrites
    - -bool - -    		 -(Optional) -

    ReadYourWrites ensures isolated read-after-write semantics by -providing discovered cluster replication states in each request. -More information about eventual consistency in Vault can be found here -https://www.vaultproject.io/docs/enterprise/consistency

    -
    -forwardInconsistent
    - -bool - -    		 -(Optional) -

    ForwardInconsistent tells Vault to forward read-after-write requests to the Vault -leader instead of simply retrying within a loop. This can increase performance if -the option is enabled serverside. -https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header

    -
    -

    WebhookCAProvider -

    -

    -(Appears on: -WebhookProvider) -

    -

    -

    Defines a location to fetch the cert for the webhook provider from.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -type
    - - -WebhookCAProviderType - - -    		 -

    The type of provider to use such as “Secret”, or “ConfigMap”.

    -
    -name
    - -string - -    		 -

    The name of the object located at the provider type.

    -
    -key
    - -string - -    		 -

    The key the value inside of the provider type to use, only used with “Secret” type

    -
    -namespace
    - -string - -    		 -(Optional) -

    The namespace the Provider type is in.

    -
    -

    WebhookCAProviderType -(string alias)

    -

    -(Appears on: -WebhookCAProvider) -

    -

    -

    - - - - - - - - - - - - -
    ValueDescription

    "ConfigMap"

    "Secret"

    -

    WebhookProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    AkeylessProvider Configures an store to sync secrets using Akeyless KV.

    -

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -method
    - -string - -    		 -

    Webhook Method

    -
    -url
    - -string - -    		 -

    Webhook url to call

    -
    -headers
    - -map[string]string - -    		 -(Optional) -

    Headers

    -
    -body
    - -string - -    		 -(Optional) -

    Body

    -
    -timeout
    - - -Kubernetes meta/v1.Duration - - -    		 -(Optional) -

    Timeout

    -
    -result
    - - -WebhookResult - - -    		 -

    Result formatting

    -
    -secrets
    - - -[]WebhookSecret - - -    		 -(Optional) -

    Secrets to fill in templates -These secrets will be passed to the templating function as key value pairs under the given name

    -
    -caBundle
    - -[]byte - -    		 -(Optional) -

    PEM encoded CA bundle used to validate webhook server certificate. Only used -if the Server URL is using HTTPS protocol. This parameter is ignored for -plain HTTP protocol connection. If not set the system root certificates -are used to validate the TLS connection.

    -
    -caProvider
    - - -WebhookCAProvider - - -    		 -(Optional) -

    The provider for the CA bundle to use to validate webhook server certificate.

    -
    -

    WebhookResult -

    -

    -(Appears on: -WebhookProvider) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -jsonPath
    - -string - -    		 -(Optional) -

    Json path of return value

    -
    -

    WebhookSecret -

    -

    -(Appears on: -WebhookProvider) -

    -

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -name
    - -string - -    		 -

    Name of this secret in templates

    -
    -secretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -

    Secret ref to fill in credentials

    -
    -

    YandexCertificateManagerAuth -

    -

    -(Appears on: -YandexCertificateManagerProvider) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -authorizedKeySecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -(Optional) -

    The authorized key used for authentication

    -
    -

    YandexCertificateManagerCAProvider -

    -

    -(Appears on: -YandexCertificateManagerProvider) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -certSecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -
    -

    YandexCertificateManagerProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    YandexCertificateManagerProvider Configures a store to sync secrets using the Yandex Certificate Manager provider.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -apiEndpoint
    - -string - -    		 -(Optional) -

    Yandex.Cloud API endpoint (e.g. ‘api.cloud.yandex.net:443’)

    -
    -auth
    - - -YandexCertificateManagerAuth - - -    		 -

    Auth defines the information necessary to authenticate against Yandex Certificate Manager

    -
    -caProvider
    - - -YandexCertificateManagerCAProvider - - -    		 -(Optional) -

    The provider for the CA bundle to use to validate Yandex.Cloud server certificate.

    -
    -

    YandexLockboxAuth -

    -

    -(Appears on: -YandexLockboxProvider) -

    -

    -

    - - - - - - - - - - - - - - - - - -
    FieldDescription
    -authorizedKeySecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -(Optional) -

    The authorized key used for authentication

    -
    -caProvider
    - - -CAProvider - - -    		 -(Optional) -

    The provider for the CA bundle to use to validate Vault server certificate.

    -
    -

    YandexLockboxCAProvider -

    -

    -(Appears on: -YandexLockboxProvider) -

    -

    -

    - - - - - - - - - - - - - -
    FieldDescription
    -certSecretRef
    - -github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector - -    		 -
    -

    YandexLockboxProvider -

    -

    -(Appears on: -SecretStoreProvider) -

    -

    -

    YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.

    -

    - - - - - - - - - - - - - - - - - - - - - -
    FieldDescription
    -apiEndpoint
    - -string - -    		 -(Optional) -

    Yandex.Cloud API endpoint (e.g. ‘api.cloud.yandex.net:443’)

    -
    -auth
    - - -YandexLockboxAuth - - -    		 -

    Auth defines the information necessary to authenticate against Yandex Lockbox

    -
    -caProvider
    - - -YandexLockboxCAProvider - - -    		 -(Optional) -

    The provider for the CA bundle to use to validate Yandex.Cloud server certificate.

    -
    -
    -

    -Generated with gen-crd-api-reference-docs. -

    diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index 2d5d8bffac8..e1c2227569d 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -139,5 +139,3 @@ nav: - Talks: eso-talks.md - Demos: eso-demos.md - Blogs: eso-blogs.md - - References: - - API specification: spec.md From 0ff4cd76d9e6ac004270d64dd38e00d18eda9006 Mon Sep 17 00:00:00 2001 From: Andrea Cosentino Date: Fri, 6 Sep 2024 10:11:12 +0200 Subject: [PATCH 273/517] Delinea provider is listed twice on the documentation page, and Delinea Secret Server is missing (#3874) Signed-off-by: Andrea Cosentino --- hack/api-docs/mkdocs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index e1c2227569d..a2e5fe5a834 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -116,7 +116,7 @@ nav: - Cloak End 2 End Encrypted Secrets: provider/cloak.md - Scaleway: provider/scaleway.md - Delinea: provider/delinea.md - - Secret Server: provider/delinea.md + - Secret Server: provider/secretserver.md - Passbolt: provider/passbolt.md - Pulumi ESC: provider/pulumi.md - Onboardbase: provider/onboardbase.md From adf4da46ac8351adaf48d6aa260ab80519a52923 Mon Sep 17 00:00:00 2001 From: shazib Date: Fri, 6 Sep 2024 13:41:11 +0500 Subject: [PATCH 274/517] Updated supported versions table for release 0.10 (#3873) Signed-off-by: Shazib Summar Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/introduction/stability-support.md | 36 +++++++++++++------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/docs/introduction/stability-support.md b/docs/introduction/stability-support.md index 93af218e024..d89ab0142ec 100644 --- a/docs/introduction/stability-support.md +++ b/docs/introduction/stability-support.md @@ -17,16 +17,16 @@ We want to cover the following cases: - regular go dependency updates - backport bug fixes on demand -| ESO Version | Kubernetes Version | Release Date | End of Life | -|-------------|--------------------|--------------| -------------- | -| 0.10.x | 1.19 → 1.31 | Aug 3, 2024 | Release of 1.1 | -| 0.9.x | 1.19 → 1.30 | Jun 22, 2023 | Release of 1.1 | -| 0.8.x | 1.19 → 1.28 | Mar 16, 2023 | Release of 1.0 | -| 0.7.x | 1.19 → 1.26 | Dec 11, 2022 | Jun 22, 2023 | -| 0.6.x | 1.19 → 1.24 | Oct 9, 2022 | Mar 16, 2023 | -| 0.5.x | 1.19 → 1.24 | Apr 6, 2022 | Dec 11, 2022 | -| 0.4.x | 1.16 → 1.24 | Feb 2, 2022 | Oct 9, 2022 | -| 0.3.x | 1.16 → 1.24 | Jul 25, 2021 | Apr 6, 2022 | +| ESO Version | Kubernetes Version | Release Date | End of Life | +| ----------- | ------------------ | ------------ | --------------- | +| 0.10.x | 1.19 → 1.31 | Aug 3, 2024 | Release of 0.12 | +| 0.9.x | 1.19 → 1.30 | Jun 22, 2023 | Release of 0.11 | +| 0.8.x | 1.19 → 1.28 | Mar 16, 2023 | Aug 3, 2024 | +| 0.7.x | 1.19 → 1.26 | Dec 11, 2022 | Jun 22, 2023 | +| 0.6.x | 1.19 → 1.24 | Oct 9, 2022 | Mar 16, 2023 | +| 0.5.x | 1.19 → 1.24 | Apr 6, 2022 | Dec 11, 2022 | +| 0.4.x | 1.16 → 1.24 | Feb 2, 2022 | Oct 9, 2022 | +| 0.3.x | 1.16 → 1.24 | Jul 25, 2021 | Apr 6, 2022 | ## Provider Stability and Support Level @@ -52,22 +52,22 @@ The following table describes the stability level of each provider and who's res | [Doppler SecretOps Platform](https://external-secrets.io/latest/provider/doppler) | alpha | [@ryan-blunden](https://github.com/ryan-blunden/) [@nmanoogian](https://github.com/nmanoogian/) | | [Keeper Security](https://www.keepersecurity.com/) | alpha | [@ppodevlab](https://github.com/ppodevlab) | | [Scaleway](https://external-secrets.io/latest/provider/scaleway) | alpha | [@azert9](https://github.com/azert9/) | -| [Conjur](https://external-secrets.io/latest/provider/conjur) | stable | [@davidh-cyberark](https://github.com/davidh-cyberark/) [@szh](https://github.com/szh) | +| [Conjur](https://external-secrets.io/latest/provider/conjur) | stable | [@davidh-cyberark](https://github.com/davidh-cyberark/) [@szh](https://github.com/szh) | | [Delinea](https://external-secrets.io/latest/provider/delinea) | alpha | [@michaelsauter](https://github.com/michaelsauter/) | | [Beyondtrust](https://external-secrets.io/latest/provider/beyondtrust) | alpha | [@btfhernandez](https://github.com/btfhernandez/) | -| [SecretServer](https://external-secrets.io/latest/provider/secretserver) | alpha | [@billhamilton](https://github.com/pacificcode/) | -| [Pulumi ESC](https://external-secrets.io/latest/provider/pulumi) | alpha | [@dirien](https://github.com/dirien) | -| [Passbolt](https://external-secrets.io/latest/provider/passbolt) | alpha | | -| [Infisical](https://external-secrets.io/latest/provider/infisical) | alpha | [@akhilmhdh](https://github.com/akhilmhdh) | -| [Device42](https://external-secrets.io/latest/provider/device42) | alpha | | -| [Bitwarden Secrets Manager](https://external-secrets.io/latest/provider/bitwarden-secrets-manager) | alpha | [@skarlso](https://github.com/Skarlso) | +| [SecretServer](https://external-secrets.io/latest/provider/secretserver) | alpha | [@billhamilton](https://github.com/pacificcode/) | +| [Pulumi ESC](https://external-secrets.io/latest/provider/pulumi) | alpha | [@dirien](https://github.com/dirien) | +| [Passbolt](https://external-secrets.io/latest/provider/passbolt) | alpha | | +| [Infisical](https://external-secrets.io/latest/provider/infisical) | alpha | [@akhilmhdh](https://github.com/akhilmhdh) | +| [Device42](https://external-secrets.io/latest/provider/device42) | alpha | | +| [Bitwarden Secrets Manager](https://external-secrets.io/latest/provider/bitwarden-secrets-manager) | alpha | [@skarlso](https://github.com/Skarlso) | ## Provider Feature Support The following table show the support for features across different providers. | Provider | find by name | find by tags | metadataPolicy Fetch | referent authentication | store validation | push secret | DeletionPolicy Merge/Delete | -|---------------------------|:------------:| :----------: | :------------------: | :---------------------: | :--------------: |:-----------:|:---------------------------:| +| ------------------------- | :----------: | :----------: | :------------------: | :---------------------: | :--------------: | :---------: | :-------------------------: | | AWS Secrets Manager | x | x | x | x | x | x | x | | AWS Parameter Store | x | x | x | x | x | x | x | | Hashicorp Vault | x | x | x | x | x | x | x | From c0b8e540a61f1e70c7a01b6b87d0243e2d917657 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Fri, 6 Sep 2024 09:22:39 -0300 Subject: [PATCH 275/517] feat: adds scarf to docs (#3876) Signed-off-by: Gustavo Carvalho --- overrides/main.html | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/overrides/main.html b/overrides/main.html index 35591d61c3c..50fcb81ac18 100644 --- a/overrides/main.html +++ b/overrides/main.html @@ -1,8 +1,12 @@ {% extends "base.html" %} - {% block outdated %} You're not viewing the latest version. Click here to go to latest. -{% endblock %} \ No newline at end of file +{% endblock %} + +{% block footer %} + + {{ super() }} +{% endblock %} From e96b15ba391c6af026c9da68d4b7a495795513d3 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Fri, 6 Sep 2024 10:12:14 -0300 Subject: [PATCH 276/517] chore: update docs sponsors & broken links (#3877) Signed-off-by: Gustavo Carvalho --- README.md | 7 ++++--- assets/ESI_Logo.svg | 25 +++++++++++++++++++++++++ docs/index.md | 12 +++++++----- docs/pictures/ESI_Logo.svg | 25 +++++++++++++++++++++++++ hack/api-docs/mkdocs.yml | 1 + 5 files changed, 62 insertions(+), 8 deletions(-) create mode 100755 assets/ESI_Logo.svg create mode 100755 docs/pictures/ESI_Logo.svg diff --git a/README.md b/README.md index cca2f17d282..a32d224c7e7 100644 --- a/README.md +++ b/README.md @@ -64,9 +64,10 @@ You can find the roadmap in our documentation: https://external-secrets.io/main/ ## Sponsored by -![](assets/CS_logo_1.png) -![](assets/form3_logo.png) -![](assets/pento_logo.png) +![External Secrets Inc.](assets/ESI_Logo.svg) +![Container Solutions](assets/CS_logo_1.png) +![Form 3](assets/form3_logo.png) +![Pento ](assets/pento_logo.png) ## License diff --git a/assets/ESI_Logo.svg b/assets/ESI_Logo.svg new file mode 100755 index 00000000000..94886090400 --- /dev/null +++ b/assets/ESI_Logo.svg @@ -0,0 +1,25 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/index.md b/docs/index.md index 0f99806cea1..79296b393cb 100644 --- a/docs/index.md +++ b/docs/index.md @@ -1,3 +1,10 @@ +# [Sponsored by](https://opencollective.com/external-secrets-org) + +[![cs-logo](./pictures/cs_logo.png)](https://container-solutions.com) +[![External Secrets inc.](./pictures/ESI_Logo.svg)](https://externalsecrets.com) +[![Form3](./pictures/form3_logo.png)](https://www.form3.tech/) +[![Pento](./pictures/pento_logo.png)](https://pento.io) + # Introduction ![high-level](./pictures/diagrams-high-level-simple.png) @@ -50,8 +57,3 @@ How to get involved: ![godaddy-logo](./pictures/godaddy_logo.png) -### Sponsored by - -![cs-logo](./pictures/cs_logo.png) -![Form3](./pictures/form3_logo.png) -![Pento](./pictures/pento_logo.png) diff --git a/docs/pictures/ESI_Logo.svg b/docs/pictures/ESI_Logo.svg new file mode 100755 index 00000000000..94886090400 --- /dev/null +++ b/docs/pictures/ESI_Logo.svg @@ -0,0 +1,25 @@ + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index a2e5fe5a834..4fa5da33d95 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -93,6 +93,7 @@ nav: - AWS Secrets Manager: provider/aws-secrets-manager.md - AWS Parameter Store: provider/aws-parameter-store.md - Azure Key Vault: provider/azure-key-vault.md + - BeyoundTrust: provider/beyondtrust.md - Bitwarden Secrets Manager: provider/bitwarden-secrets-manager.md - Chef: provider/chef.md - CyberArk Conjur: provider/conjur.md From 117056d5570010208f45a29f91dc989df3212f98 Mon Sep 17 00:00:00 2001 From: Sn0rt Date: Sun, 8 Sep 2024 04:32:29 +0800 Subject: [PATCH 277/517] chore: add eso tools page (#3870) Signed-off-by: Sn0rt Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> --- docs/eso-tools.md | 7 +++++++ hack/api-docs/mkdocs.yml | 1 + 2 files changed, 8 insertions(+) create mode 100644 docs/eso-tools.md diff --git a/docs/eso-tools.md b/docs/eso-tools.md new file mode 100644 index 00000000000..642ba737de1 --- /dev/null +++ b/docs/eso-tools.md @@ -0,0 +1,7 @@ +# ESO Tools + +This page lists tools that are useful for working with External Secrets Operator. help you work with External Secrets Operator better. + +## [secret2es](https://github.com/Sn0rt/secret2es) + +This tool allows administrators to migrate secrets originally created by argocd-vault-plugin to external-secrets ES object. diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index 4fa5da33d95..5f63f7e6989 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -140,3 +140,4 @@ nav: - Talks: eso-talks.md - Demos: eso-demos.md - Blogs: eso-blogs.md + - Tools: eso-tools.md From f73187dabb278e72787146b574a012d756d54765 Mon Sep 17 00:00:00 2001 From: Alexander Schaber Date: Sun, 8 Sep 2024 19:54:47 +0200 Subject: [PATCH 278/517] New Generator for UUIDs (#3296) * feat(generator/uuid): initial version Signed-off-by: Alexander Schaber * fix(generator/uuid): rename symbols in compliance with lint Signed-off-by: Alexander Schaber * fix(generator/uuid): rename unused vars to `_` to fix lint Signed-off-by: Alexander Schaber * docs(generator/uuid): initial documentation for uuid generator Signed-off-by: Alexander Schaber --------- Signed-off-by: Alexander Schaber --- apis/generators/v1alpha1/generator_uuid.go | 46 ++++++++++++ apis/generators/v1alpha1/register.go | 8 ++ .../v1alpha1/zz_generated.deepcopy.go | 73 +++++++++++++++++++ .../generators.external-secrets.io_uuids.yaml | 52 +++++++++++++ config/crds/bases/kustomization.yaml | 1 + deploy/crds/bundle.yaml | 63 ++++++++++++++++ docs/api/generator/uuid.md | 35 +++++++++ docs/snippets/generator-uuid-example.yaml | 14 ++++ docs/snippets/generator-uuid.yaml | 5 ++ hack/api-docs/mkdocs.yml | 1 + pkg/generator/uuid/uuid.go | 56 ++++++++++++++ pkg/generator/uuid/uuid_test.go | 63 ++++++++++++++++ 12 files changed, 417 insertions(+) create mode 100644 apis/generators/v1alpha1/generator_uuid.go create mode 100644 config/crds/bases/generators.external-secrets.io_uuids.yaml create mode 100644 docs/api/generator/uuid.md create mode 100644 docs/snippets/generator-uuid-example.yaml create mode 100644 docs/snippets/generator-uuid.yaml create mode 100644 pkg/generator/uuid/uuid.go create mode 100644 pkg/generator/uuid/uuid_test.go diff --git a/apis/generators/v1alpha1/generator_uuid.go b/apis/generators/v1alpha1/generator_uuid.go new file mode 100644 index 00000000000..161729f5f24 --- /dev/null +++ b/apis/generators/v1alpha1/generator_uuid.go @@ -0,0 +1,46 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// UUIDSpec controls the behavior of the uuid generator. +type UUIDSpec struct { +} + +// Password generates a random password based on the +// configuration parameters in spec. +// You can specify the length, characterset and other attributes. +// +kubebuilder:object:root=true +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:resource:scope=Namespaced,categories={password},shortName=password +type UUID struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec UUIDSpec `json:"spec,omitempty"` +} + +// +kubebuilder:object:root=true + +// UUIDList contains a list of ExternalSecret resources. +type UUIDList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []Password `json:"items"` +} diff --git a/apis/generators/v1alpha1/register.go b/apis/generators/v1alpha1/register.go index f3896fe359d..0290c6d710c 100644 --- a/apis/generators/v1alpha1/register.go +++ b/apis/generators/v1alpha1/register.go @@ -100,6 +100,14 @@ var ( GithubAccessTokenGroupVersionKind = SchemeGroupVersion.WithKind(GithubAccessTokenKind) ) +// Uuid type metadata. +var ( + UUIDKind = reflect.TypeOf(UUID{}).Name() + UUIDGroupKind = schema.GroupKind{Group: Group, Kind: UUIDKind}.String() + UUIDKindAPIVersion = UUIDKind + "." + SchemeGroupVersion.String() + UUIDGroupVersionKind = SchemeGroupVersion.WithKind(UUIDKind) +) + func init() { SchemeBuilder.Register(&ECRAuthorizationToken{}, &ECRAuthorizationToken{}) SchemeBuilder.Register(&GCRAccessToken{}, &GCRAccessTokenList{}) diff --git a/apis/generators/v1alpha1/zz_generated.deepcopy.go b/apis/generators/v1alpha1/zz_generated.deepcopy.go index 02e592913cc..4d83badbe0f 100644 --- a/apis/generators/v1alpha1/zz_generated.deepcopy.go +++ b/apis/generators/v1alpha1/zz_generated.deepcopy.go @@ -775,6 +775,79 @@ func (in *SecretKeySelector) DeepCopy() *SecretKeySelector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UUID) DeepCopyInto(out *UUID) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + out.Spec = in.Spec +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UUID. +func (in *UUID) DeepCopy() *UUID { + if in == nil { + return nil + } + out := new(UUID) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *UUID) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UUIDList) DeepCopyInto(out *UUIDList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Password, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UUIDList. +func (in *UUIDList) DeepCopy() *UUIDList { + if in == nil { + return nil + } + out := new(UUIDList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *UUIDList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *UUIDSpec) DeepCopyInto(out *UUIDSpec) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new UUIDSpec. +func (in *UUIDSpec) DeepCopy() *UUIDSpec { + if in == nil { + return nil + } + out := new(UUIDSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VaultDynamicSecret) DeepCopyInto(out *VaultDynamicSecret) { *out = *in diff --git a/config/crds/bases/generators.external-secrets.io_uuids.yaml b/config/crds/bases/generators.external-secrets.io_uuids.yaml new file mode 100644 index 00000000000..90defa923a3 --- /dev/null +++ b/config/crds/bases/generators.external-secrets.io_uuids.yaml @@ -0,0 +1,52 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + name: uuids.generators.external-secrets.io +spec: + group: generators.external-secrets.io + names: + categories: + - password + kind: UUID + listKind: UUIDList + plural: uuids + shortNames: + - password + singular: uuid + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + Password generates a random password based on the + configuration parameters in spec. + You can specify the length, characterset and other attributes. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: UUIDSpec controls the behavior of the uuid generator. + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crds/bases/kustomization.yaml b/config/crds/bases/kustomization.yaml index fdbf1dcbd76..b626ca6cc6a 100644 --- a/config/crds/bases/kustomization.yaml +++ b/config/crds/bases/kustomization.yaml @@ -13,5 +13,6 @@ resources: - generators.external-secrets.io_gcraccesstokens.yaml - generators.external-secrets.io_githubaccesstokens.yaml - generators.external-secrets.io_passwords.yaml + - generators.external-secrets.io_uuids.yaml - generators.external-secrets.io_vaultdynamicsecrets.yaml - generators.external-secrets.io_webhooks.yaml diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 2471056ba66..3a8f75e2b70 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -11799,6 +11799,69 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.2 + name: uuids.generators.external-secrets.io +spec: + group: generators.external-secrets.io + names: + categories: + - password + kind: UUID + listKind: UUIDList + plural: uuids + shortNames: + - password + singular: uuid + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + Password generates a random password based on the + configuration parameters in spec. + You can specify the length, characterset and other attributes. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: UUIDSpec controls the behavior of the uuid generator. + type: object + type: object + served: true + storage: true + subresources: + status: {} + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: + - v1 + clientConfig: + service: + name: kubernetes + namespace: default + path: /convert +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.2 diff --git a/docs/api/generator/uuid.md b/docs/api/generator/uuid.md new file mode 100644 index 00000000000..0808b82c933 --- /dev/null +++ b/docs/api/generator/uuid.md @@ -0,0 +1,35 @@ +The UUID generator provides random UUIDs that you can feed into your applications. A UUID (Universally Unique Identifier) is a 128-bit label used for information in computer systems. Please see below for the format in use. + +## Output Keys and Values + +| Key | Description | +| ---- | ------------------ | +| uuid | the generated UUID | + +## Parameters + +The UUID generator does not require any additional parameters. + +## Example Manifest + +```yaml +{ % include 'generator-uuid.yaml' % } +``` + +Example `ExternalSecret` that references the UUID generator: + +```yaml +{ % include 'generator-uuid-example.yaml' % } +``` + +Which will generate a `Kind=Secret` with a key called 'uuid' that may look like: + +``` +EA111697-E7D0-452C-A24C-8E396947E865 +``` + +With default values you would get something like: + +``` +4BEE258F-64C9-4755-92DC-AFF76451471B +``` diff --git a/docs/snippets/generator-uuid-example.yaml b/docs/snippets/generator-uuid-example.yaml new file mode 100644 index 00000000000..ffee45d60f4 --- /dev/null +++ b/docs/snippets/generator-uuid-example.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: "uuid" +spec: + refreshInterval: "30m" + target: + name: uuid-secret + dataFrom: + - sourceRef: + generatorRef: + apiVersion: generators.external-secrets.io/v1alpha1 + kind: Uuid + name: "my-uuid" diff --git a/docs/snippets/generator-uuid.yaml b/docs/snippets/generator-uuid.yaml new file mode 100644 index 00000000000..d7528b20a5b --- /dev/null +++ b/docs/snippets/generator-uuid.yaml @@ -0,0 +1,5 @@ +apiVersion: generators.external-secrets.io/v1alpha1 +kind: Uuid +metadata: + name: my-uuid +spec: {} diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index 5f63f7e6989..ba7acadaf5f 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -63,6 +63,7 @@ nav: - Fake: api/generator/fake.md - Webhook: api/generator/webhook.md - Github: api/generator/github.md + - UUID: api/generator/uuid.md - Reference Docs: - API specification: api/spec.md - Controller Options: api/controller-options.md diff --git a/pkg/generator/uuid/uuid.go b/pkg/generator/uuid/uuid.go new file mode 100644 index 00000000000..e8b455e28ec --- /dev/null +++ b/pkg/generator/uuid/uuid.go @@ -0,0 +1,56 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package uuid + +import ( + "context" + "fmt" + + "github.com/google/uuid" + apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + + genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1" +) + +type Generator struct{} + +type generateFunc func() (string, error) + +func (g *Generator) Generate(_ context.Context, jsonSpec *apiextensions.JSON, _ client.Client, _ string) (map[string][]byte, error) { + return g.generate( + jsonSpec, + generateUUID, + ) +} + +func (g *Generator) generate(_ *apiextensions.JSON, uuidGen generateFunc) (map[string][]byte, error) { + uuid, err := uuidGen() + if err != nil { + return nil, fmt.Errorf("unable to generate UUID: %w", err) + } + return map[string][]byte{ + "uuid": []byte(uuid), + }, nil +} + +func generateUUID() (string, error) { + uuid := uuid.New() + return uuid.String(), nil +} + +func init() { + genv1alpha1.Register(genv1alpha1.UUIDKind, &Generator{}) +} diff --git a/pkg/generator/uuid/uuid_test.go b/pkg/generator/uuid/uuid_test.go new file mode 100644 index 00000000000..5fe9db162f0 --- /dev/null +++ b/pkg/generator/uuid/uuid_test.go @@ -0,0 +1,63 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package uuid + +import ( + "testing" + + "github.com/stretchr/testify/assert" + apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" +) + +func TestGenerate(t *testing.T) { + type args struct { + jsonSpec *apiextensions.JSON + } + tests := []struct { + name string + g *Generator + args args + wantErr bool + }{ + { + name: "generate UUID successfully", + args: args{ + jsonSpec: &apiextensions.JSON{Raw: []byte(`{}`)}, + }, + wantErr: false, + }, + { + name: "no json spec should not result in error", + args: args{ + jsonSpec: nil, + }, + wantErr: false, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := &Generator{} + got, err := g.generate(tt.args.jsonSpec, generateUUID) + if (err != nil) != tt.wantErr { + t.Errorf("Generator.Generate() error = %v, wantErr %v", err, tt.wantErr) + return + } + if err == nil { + // Basic validation that the generated string looks like a UUID + assert.Regexp(t, `[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}`, string(got["uuid"]), "Generated string must be a valid UUID") + } + }) + } +} From e2a8750f44dde2b5dee17c94bfa97495cbaede17 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 9 Sep 2024 08:42:10 +0200 Subject: [PATCH 279/517] fix: update uuids.generator shortname (#3883) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- apis/generators/v1alpha1/generator_uuid.go | 5 ++--- config/crds/bases/generators.external-secrets.io_uuids.yaml | 2 +- .../external-secrets/tests/__snapshot__/crds_test.yaml.snap | 2 +- deploy/crds/bundle.yaml | 2 +- 4 files changed, 5 insertions(+), 6 deletions(-) diff --git a/apis/generators/v1alpha1/generator_uuid.go b/apis/generators/v1alpha1/generator_uuid.go index 161729f5f24..d9d5973cbf9 100644 --- a/apis/generators/v1alpha1/generator_uuid.go +++ b/apis/generators/v1alpha1/generator_uuid.go @@ -19,8 +19,7 @@ import ( ) // UUIDSpec controls the behavior of the uuid generator. -type UUIDSpec struct { -} +type UUIDSpec struct{} // Password generates a random password based on the // configuration parameters in spec. @@ -28,7 +27,7 @@ type UUIDSpec struct { // +kubebuilder:object:root=true // +kubebuilder:storageversion // +kubebuilder:subresource:status -// +kubebuilder:resource:scope=Namespaced,categories={password},shortName=password +// +kubebuilder:resource:scope=Namespaced,categories={password},shortName=uuids type UUID struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/config/crds/bases/generators.external-secrets.io_uuids.yaml b/config/crds/bases/generators.external-secrets.io_uuids.yaml index 90defa923a3..0bc73b91687 100644 --- a/config/crds/bases/generators.external-secrets.io_uuids.yaml +++ b/config/crds/bases/generators.external-secrets.io_uuids.yaml @@ -13,7 +13,7 @@ spec: listKind: UUIDList plural: uuids shortNames: - - password + - uuids singular: uuid scope: Namespaced versions: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 6c137c00fdf..148eb5dd986 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -4,7 +4,7 @@ should match snapshot of default values: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.1 + controller-gen.kubebuilder.io/version: v0.16.2 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 3a8f75e2b70..f8f9e8ea54e 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -11812,7 +11812,7 @@ spec: listKind: UUIDList plural: uuids shortNames: - - password + - uuids singular: uuid scope: Namespaced versions: From 61e30f2b7c1d5affd858a78af352d3ee7aa19d55 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 15:05:30 +0200 Subject: [PATCH 280/517] chore(deps): bump alpine from `0a4eaa0` to `beefdbd` in /hack/api-docs (#3884) Bumps alpine from `0a4eaa0` to `beefdbd`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/Dockerfile b/hack/api-docs/Dockerfile index e8e6d034054..7e64ee27910 100644 --- a/hack/api-docs/Dockerfile +++ b/hack/api-docs/Dockerfile @@ -11,7 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.20@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 +FROM alpine:3.20@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d RUN apk add -U --no-cache \ python3 \ python3-dev \ From fda54f7373df15b54efffdbfd1b1767f971f8024 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 15:14:37 +0200 Subject: [PATCH 281/517] chore(deps): bump alpine from `0a4eaa0` to `beefdbd` (#3886) Bumps alpine from `0a4eaa0` to `beefdbd`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- tilt.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.dockerfile b/tilt.dockerfile index e644d9f67d0..f0fc0c1fbf1 100644 --- a/tilt.dockerfile +++ b/tilt.dockerfile @@ -1,4 +1,4 @@ -FROM alpine@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 +FROM alpine@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d WORKDIR / COPY ./bin/external-secrets /external-secrets From 236e132d60149f08b3533d4679bc2be68e6f666d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 15:15:23 +0200 Subject: [PATCH 282/517] chore(deps): bump distroless/static from `ce46866` to `95eb83a` (#3887) Bumps distroless/static from `ce46866` to `95eb83a`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- Dockerfile | 2 +- Dockerfile.standalone | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 4d474a551e5..0033d54497a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM gcr.io/distroless/static@sha256:ce46866b3a5170db3b49364900fb3168dc0833dfb46c26da5c77f22abb01d8c3 +FROM gcr.io/distroless/static@sha256:95eb83a44a62c1c27e5f0b38d26085c486d71ece83dd64540b7209536bb13f6d ARG TARGETOS ARG TARGETARCH COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets diff --git a/Dockerfile.standalone b/Dockerfile.standalone index dfa6c8a7207..b5bfe438fbb 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -12,7 +12,7 @@ COPY . /app/ RUN go build -o external-secrets main.go -FROM gcr.io/distroless/static@sha256:ce46866b3a5170db3b49364900fb3168dc0833dfb46c26da5c77f22abb01d8c3 AS app +FROM gcr.io/distroless/static@sha256:95eb83a44a62c1c27e5f0b38d26085c486d71ece83dd64540b7209536bb13f6d AS app COPY --from=builder /app/external-secrets /bin/external-secrets # Run as UID for nobody From 568b92b009f624ec6d1bdc76a6d7d440c07d71e7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 15:15:50 +0200 Subject: [PATCH 283/517] chore(deps): bump golang from 1.23.0 to 1.23.1 (#3888) Bumps golang from 1.23.0 to 1.23.1. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- Dockerfile.standalone | 2 +- tilt.debug.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index b5bfe438fbb..755124f90cb 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.23.0-alpine@sha256:d0b31558e6b3e4cc59f6011d79905835108c919143ebecc58f35965bf79948f4 AS builder +FROM golang:1.23.1-alpine@sha256:ac67716dd016429be8d4c2c53a248d7bcdf06d34127d3dc451bda6aa5a87bc06 AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 4ea5c0abf71..e023aa6aeea 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.0@sha256:613a108a4a4b1dfb6923305db791a19d088f77632317cfc3446825c54fb862cd +FROM golang:1.23.1@sha256:4a3c2bcd243d3dbb7b15237eecb0792db3614900037998c2cd6a579c46888c1e WORKDIR / COPY ./bin/external-secrets /external-secrets From 872d8b356065b94d866a24aad9700d78fddde98c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 15:17:49 +0200 Subject: [PATCH 284/517] chore(deps): bump golang from 1.23.0-bookworm to 1.23.1-bookworm in /e2e (#3889) Bumps golang from 1.23.0-bookworm to 1.23.1-bookworm. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 55ff2238af4..6fc75e3cb0c 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.0-bookworm@sha256:31dc846dd1bcca84d2fa231bcd16c09ff271bcc1a5ae2c48ff10f13b039688f3 as builder +FROM golang:1.23.1-bookworm@sha256:1a5326b07cbab12f4fd7800425f2cf25ff2bd62c404ef41b56cb99669a710a83 as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From 1290cf8171ac7efe739ea2fbe2bfee6e36b0c536 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 15:19:22 +0200 Subject: [PATCH 285/517] chore(deps): bump alpine from 3.20.2 to 3.20.3 in /e2e (#3890) Bumps alpine from 3.20.2 to 3.20.3. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 6fc75e3cb0c..d6e9a1823f2 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -16,7 +16,7 @@ COPY . . WORKDIR /usr/src/app/e2e RUN make e2e-bin -FROM alpine:3.20.2@sha256:0a4eaa0eecf5f8c050e5bba433f58c052be7587ee8af3e8b3910ef9ab5fbe9f5 +FROM alpine:3.20.3@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d RUN apk add -U --no-cache \ ca-certificates \ bash \ From 5d93eb20ee583a3c642ebc990d28242353c148ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 15:20:16 +0200 Subject: [PATCH 286/517] chore(deps): bump watchdog from 5.0.0 to 5.0.2 in /hack/api-docs (#3891) Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 5.0.0 to 5.0.2. - [Release notes](https://github.com/gorakhargosh/watchdog/releases) - [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst) - [Commits](https://github.com/gorakhargosh/watchdog/compare/v5.0.0...v5.0.2) --- updated-dependencies: - dependency-name: watchdog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 76eb0600573..62c85c8a963 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -38,5 +38,5 @@ termcolor==2.4.0 tornado==6.4.1 urllib3==2.2.2 verspec==0.1.0 -watchdog==5.0.0 +watchdog==5.0.2 zipp==3.20.1 From 3d3cf7380b27876f16506d5af599b22be5dd51c5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 15:20:32 +0200 Subject: [PATCH 287/517] chore(deps): bump platformdirs from 4.2.2 to 4.3.2 in /hack/api-docs (#3892) Bumps [platformdirs](https://github.com/platformdirs/platformdirs) from 4.2.2 to 4.3.2. - [Release notes](https://github.com/platformdirs/platformdirs/releases) - [Changelog](https://github.com/tox-dev/platformdirs/blob/main/CHANGES.rst) - [Commits](https://github.com/platformdirs/platformdirs/compare/4.2.2...4.3.2) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 62c85c8a963..bda7744c74b 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -25,7 +25,7 @@ packaging==24.1 paginate==0.5.7 pathspec==0.12.1 pep562==1.1 -platformdirs==4.2.2 +platformdirs==4.3.2 Pygments==2.18.0 pymdown-extensions==10.9 python-dateutil==2.9.0.post0 From 1475363b19997f320c9f089aed2f4e02ac7c29e8 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 9 Sep 2024 16:41:29 +0200 Subject: [PATCH 288/517] update dependencies (#3893) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/go.mod | 40 ++++++++++---------- e2e/go.sum | 80 +++++++++++++++++++-------------------- go.mod | 54 +++++++++++++-------------- go.sum | 108 ++++++++++++++++++++++++++--------------------------- 4 files changed, 141 insertions(+), 141 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 96381cd9996..6e1f84a4ec7 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -59,22 +59,22 @@ require ( github.com/onsi/ginkgo/v2 v2.20.2 github.com/onsi/gomega v1.34.1 github.com/oracle/oci-go-sdk/v65 v65.73.0 - github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 - github.com/xanzy/go-gitlab v0.108.0 - golang.org/x/oauth2 v0.22.0 - google.golang.org/api v0.195.0 + github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 + github.com/xanzy/go-gitlab v0.109.0 + golang.org/x/oauth2 v0.23.0 + google.golang.org/api v0.196.0 k8s.io/api v0.31.0 k8s.io/apiextensions-apiserver v0.31.0 k8s.io/apimachinery v0.31.0 k8s.io/client-go v1.5.2 - k8s.io/utils v0.0.0-20240821151609-f90d01438635 + k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 sigs.k8s.io/controller-runtime v0.19.0 sigs.k8s.io/yaml v1.4.0 - software.sslmate.com/src/go-pkcs12 v0.4.0 + software.sslmate.com/src/go-pkcs12 v0.5.0 ) require ( - cloud.google.com/go/auth v0.9.2 // indirect + cloud.google.com/go/auth v0.9.3 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect cloud.google.com/go/iam v1.2.0 // indirect @@ -128,7 +128,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25 // indirect + github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9 // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.3 // indirect @@ -169,9 +169,9 @@ require ( github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.20.2 // indirect + github.com/prometheus/client_golang v1.20.3 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.57.0 // indirect + github.com/prometheus/common v0.59.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/segmentio/asm v1.2.0 // indirect @@ -192,19 +192,19 @@ require ( go.opentelemetry.io/otel v1.29.0 // indirect go.opentelemetry.io/otel/metric v1.29.0 // indirect go.opentelemetry.io/otel/trace v1.29.0 // indirect - golang.org/x/crypto v0.26.0 // indirect - golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 // indirect - golang.org/x/net v0.28.0 // indirect + golang.org/x/crypto v0.27.0 // indirect + golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e // indirect + golang.org/x/net v0.29.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.24.0 // indirect - golang.org/x/term v0.23.0 // indirect - golang.org/x/text v0.17.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/term v0.24.0 // indirect + golang.org/x/text v0.18.0 // indirect golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.24.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed // indirect + google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/grpc v1.66.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect @@ -213,7 +213,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2 // indirect + k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index 00513c809b6..06e5d508478 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.2 h1:I+Rq388FYU8QdbVB1IiPd+6KNdrqtAPE/asiKHShBLM= -cloud.google.com/go/auth v0.9.2/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= +cloud.google.com/go/auth v0.9.3 h1:VOEUIAADkkLtyfr3BLa3R8Ed/j6w1jTBmARx+wb5w5U= +cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -293,8 +293,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25 h1:sEDPKUw6iPjczdu33njxFjO6tYa9bfc0z/QyB/zSsBw= -github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9 h1:q5g0N9eal4bmJwXHC5z0QCKs8qhS35hFfq0BAYsIwZI= +github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -427,13 +427,13 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg= -github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.3 h1:oPksm4K8B+Vt35tUhw6GbSNSgVlVSBH0qELP/7u83l4= +github.com/prometheus/client_golang v1.20.3/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.57.0 h1:Ro/rKjwdq9mZn1K5QPctzh+MA4Lp0BuYk5ZZEVhoNcY= -github.com/prometheus/common v0.57.0/go.mod h1:7uRPFSUTbfZWsJ7MHY56sqt7hLQu3bxXHDnNhl8E9qI= +github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJoX0= +github.com/prometheus/common v0.59.1/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -441,8 +441,8 @@ github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 h1:BkTk4gynLjguayxrYxZoMZjBnAOh7ntQvUkOFmkMqPU= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 h1:yoKAVkEVwAqbGbR8n87rHQ1dulL25rKloGadb3vm770= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30/go.mod h1:sH0u6fq6x4R5M7WxkoQFY/o7UaiItec0o1LinLCJNq8= github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= github.com/segmentio/asm v1.2.0/go.mod h1:BqMnlJP91P8d+4ibuonYZw9mfnzI9HfxselHZr5aAcs= github.com/shopspring/decimal v1.2.0/go.mod h1:DKyhrW/HYNuLGql+MJL6WCR6knT2jwCFRcu2hWCYk4o= @@ -492,8 +492,8 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.108.0 h1:IEvEUWFR5G1seslRhJ8gC//INiIUqYXuSUoBd7/gFKE= -github.com/xanzy/go-gitlab v0.108.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/xanzy/go-gitlab v0.109.0 h1:RcRme5w8VpLXTSTTMZdVoQWY37qTJWg+gwdQl4aAttE= +github.com/xanzy/go-gitlab v0.109.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -544,8 +544,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -556,8 +556,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 h1:kx6Ds3MlpiUHKj7syVnbp57++8WpuKPcR5yjLBjvLEA= -golang.org/x/exp v0.0.0-20240823005443-9b4947da3948/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= +golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e h1:I88y4caeGeuDQxgdoFPUq097j7kNfw6uvuiNxUBfcBk= +golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -626,8 +626,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -641,8 +641,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= -golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -707,8 +707,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -717,8 +717,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= -golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= +golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -733,8 +733,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -820,8 +820,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.195.0 h1:Ude4N8FvTKnnQJHU48RFI40jOBgIrL8Zqr3/QeST6yU= -google.golang.org/api v0.195.0/go.mod h1:DOGRWuv3P8TU8Lnz7uQc4hyNqrBpMtD9ppW3wBJurgc= +google.golang.org/api v0.196.0 h1:k/RafYqebaIJBO3+SMnfEGtFVlvp5vSgqTUF54UN/zg= +google.golang.org/api v0.196.0/go.mod h1:g9IL21uGkYgvQ5BZg6BAtoGJQIm8r6EgaAbpNey5wBE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -869,12 +869,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed h1:4C4dbrVFtfIp3GXJdMX1Sj25mahfn5DywOo65/2ISQ8= -google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:ICjniACoWvcDz8c8bOsHVKuuSGDJy1z5M4G0DM3HzTc= -google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed h1:3RgNmBoI9MZhsj3QxC+AP/qQhNwpCLOvYDYYsFrhFt0= -google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed h1:J6izYgfBXAI3xTKLgxzTmUltdYaLsuBxFCgDHWJ/eXg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= +google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= +google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= +google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -951,10 +951,10 @@ k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2 h1:GKE9U8BH16uynoxQii0auTjmmmuZ3O0LFMN6S0lPPhI= -k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= -k8s.io/utils v0.0.0-20240821151609-f90d01438635 h1:2wThSvJoW/Ncn9TmQEYXRnevZXi2duqHWf5OX9S3zjI= -k8s.io/utils v0.0.0-20240821151609-f90d01438635/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 h1:1dWzkmJrrprYvjGwh9kEUxmcUV/CtNU8QM7h1FLWQOo= +k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= +k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 h1:b2FmK8YH+QEwq/Sy2uAEhmqL5nPfGYbJOcaqjeYYZoA= +k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= @@ -966,5 +966,5 @@ sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+s sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= -software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k= -software.sslmate.com/src/go-pkcs12 v0.4.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI= +software.sslmate.com/src/go-pkcs12 v0.5.0 h1:EC6R394xgENTpZ4RltKydeDUjtlM5drOYIG9c6TVj2M= +software.sslmate.com/src/go-pkcs12 v0.5.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI= diff --git a/go.mod b/go.mod index cdcdb702fd1..2cefd5fc6a9 100644 --- a/go.mod +++ b/go.mod @@ -12,8 +12,8 @@ require ( github.com/Azure/go-autorest/autorest/adal v0.9.24 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 - github.com/IBM/go-sdk-core/v5 v5.17.4 - github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5 + github.com/IBM/go-sdk-core/v5 v5.17.5 + github.com/IBM/secrets-manager-go-sdk/v2 v2.0.6 github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/sprig/v3 v3.3.0 github.com/PaesslerAG/jsonpath v0.1.1 @@ -33,20 +33,20 @@ require ( github.com/onsi/ginkgo/v2 v2.20.2 github.com/onsi/gomega v1.34.1 github.com/oracle/oci-go-sdk/v65 v65.73.0 - github.com/prometheus/client_golang v1.20.2 + github.com/prometheus/client_golang v1.20.3 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.3 - github.com/xanzy/go-gitlab v0.108.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240829130658-0568052c5a6a - github.com/yandex-cloud/go-sdk v0.0.0-20240829131820-fa8ad79f88a4 + github.com/xanzy/go-gitlab v0.109.0 + github.com/yandex-cloud/go-genproto v0.0.0-20240903084352-17cc86ae897b + github.com/yandex-cloud/go-sdk v0.0.0-20240903084847-3bcbded5869d github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.26.0 - golang.org/x/oauth2 v0.22.0 - google.golang.org/api v0.195.0 - google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed + golang.org/x/crypto v0.27.0 + golang.org/x/oauth2 v0.23.0 + google.golang.org/api v0.196.0 + google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 google.golang.org/grpc v1.66.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -54,7 +54,7 @@ require ( k8s.io/apiextensions-apiserver v0.31.0 k8s.io/apimachinery v0.31.0 k8s.io/client-go v0.31.0 - k8s.io/utils v0.0.0-20240821151609-f90d01438635 + k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 sigs.k8s.io/controller-runtime v0.19.0 sigs.k8s.io/controller-tools v0.16.2 ) @@ -90,17 +90,17 @@ require ( github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 github.com/passbolt/go-passbolt v0.7.1 github.com/pulumi/esc-sdk/sdk v0.9.2 - github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 + github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2 + k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 sigs.k8s.io/yaml v1.4.0 - software.sslmate.com/src/go-pkcs12 v0.4.0 + software.sslmate.com/src/go-pkcs12 v0.5.0 ) require ( - cloud.google.com/go/auth v0.9.2 // indirect + cloud.google.com/go/auth v0.9.3 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.0 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect @@ -126,7 +126,7 @@ require ( github.com/gabriel-vasile/mimetype v1.4.5 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-playground/validator/v10 v10.22.0 // indirect + github.com/go-playground/validator/v10 v10.22.1 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.12.1 // indirect @@ -148,8 +148,8 @@ require ( go.opentelemetry.io/otel/metric v1.29.0 // indirect go.opentelemetry.io/otel/trace v1.29.0 // indirect golang.org/x/sync v0.8.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect @@ -195,7 +195,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25 // indirect + github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.3 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -233,7 +233,7 @@ require ( github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/common v0.57.0 // indirect + github.com/prometheus/common v0.59.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect @@ -248,12 +248,12 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 // indirect - golang.org/x/mod v0.20.0 // indirect - golang.org/x/net v0.28.0 // indirect - golang.org/x/sys v0.24.0 // indirect - golang.org/x/term v0.23.0 // indirect - golang.org/x/text v0.17.0 // indirect + golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e // indirect + golang.org/x/mod v0.21.0 // indirect + golang.org/x/net v0.29.0 // indirect + golang.org/x/sys v0.25.0 // indirect + golang.org/x/term v0.24.0 // indirect + golang.org/x/text v0.18.0 // indirect golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.24.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect @@ -261,7 +261,7 @@ require ( gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/gengo v0.0.0-20240826214909-a7b603a56eb7 // indirect + k8s.io/gengo v0.0.0-20240904190049-f173c7c23b06 // indirect k8s.io/klog v1.0.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect diff --git a/go.sum b/go.sum index d65064c7f19..e56bef5edf1 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.2 h1:I+Rq388FYU8QdbVB1IiPd+6KNdrqtAPE/asiKHShBLM= -cloud.google.com/go/auth v0.9.2/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= +cloud.google.com/go/auth v0.9.3 h1:VOEUIAADkkLtyfr3BLa3R8Ed/j6w1jTBmARx+wb5w5U= +cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -106,10 +106,10 @@ github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 h1:/rzzzaBuj/FYTcbt8sYZ9IzlnENqcgh5zK github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1/go.mod h1:xz6FXP2Do88Vc5Hx7OamZgZC1W45yfmLy4+iDKxlGXo= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= -github.com/IBM/go-sdk-core/v5 v5.17.4 h1:VGb9+mRrnS2HpHZFM5hy4J6ppIWnwNrw0G+tLSgcJLc= -github.com/IBM/go-sdk-core/v5 v5.17.4/go.mod h1:KsAAI7eStAWwQa4F96MLy+whYSh39JzNjklZRbN/8ns= -github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5 h1:VMc/Zd6RzB8j60CqZekkwYT2wQsCfrkGV2n01Gviuaw= -github.com/IBM/secrets-manager-go-sdk/v2 v2.0.5/go.mod h1:5kUgJ1dG9cdiAcPDqVz46m362bPnoqZQSth24NiowSg= +github.com/IBM/go-sdk-core/v5 v5.17.5 h1:AjGC7xNee5tgDIjndekBDW5AbypdERHSgib3EZ1KNsA= +github.com/IBM/go-sdk-core/v5 v5.17.5/go.mod h1:KsAAI7eStAWwQa4F96MLy+whYSh39JzNjklZRbN/8ns= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.6 h1:bF6bAdI4wDZSje6+Yx1mJxvirboxO+uMuKhzgfRCNxE= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.6/go.mod h1:XWYnbcc5vN1RnKwk/fCzfD8aZd7At/Y1/b6c+oDyliU= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= @@ -312,8 +312,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.22.0 h1:k6HsTZ0sTnROkhS//R0O+55JgM8C4Bx7ia+JlgcnOao= -github.com/go-playground/validator/v10 v10.22.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= +github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA= +github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= @@ -410,8 +410,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25 h1:sEDPKUw6iPjczdu33njxFjO6tYa9bfc0z/QyB/zSsBw= -github.com/google/pprof v0.0.0-20240829160300-da1f7e9f2b25/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9 h1:q5g0N9eal4bmJwXHC5z0QCKs8qhS35hFfq0BAYsIwZI= +github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -588,13 +588,13 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.20.2 h1:5ctymQzZlyOON1666svgwn3s6IKWgfbjsejTMiXIyjg= -github.com/prometheus/client_golang v1.20.2/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.3 h1:oPksm4K8B+Vt35tUhw6GbSNSgVlVSBH0qELP/7u83l4= +github.com/prometheus/client_golang v1.20.3/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.57.0 h1:Ro/rKjwdq9mZn1K5QPctzh+MA4Lp0BuYk5ZZEVhoNcY= -github.com/prometheus/common v0.57.0/go.mod h1:7uRPFSUTbfZWsJ7MHY56sqt7hLQu3bxXHDnNhl8E9qI= +github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJoX0= +github.com/prometheus/common v0.59.1/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/pulumi/esc-sdk/sdk v0.9.2 h1:I+kKa7F/gY9lUiHEYuczHyrYB299CavG7rAB1yXybSw= @@ -611,8 +611,8 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29 h1:BkTk4gynLjguayxrYxZoMZjBnAOh7ntQvUkOFmkMqPU= -github.com/scaleway/scaleway-sdk-go v1.0.0-beta.29/go.mod h1:fCa7OJZ/9DRTnOKmxvT6pn+LPWUptQAmHF/SBJUGEcg= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 h1:yoKAVkEVwAqbGbR8n87rHQ1dulL25rKloGadb3vm770= +github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30/go.mod h1:sH0u6fq6x4R5M7WxkoQFY/o7UaiItec0o1LinLCJNq8= github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8= github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM= github.com/segmentio/asm v1.2.0 h1:9BQrFxC+YOHJlTlHGkTrFWf59nbL3XnCoFLTwDCI7ys= @@ -679,12 +679,12 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.108.0 h1:IEvEUWFR5G1seslRhJ8gC//INiIUqYXuSUoBd7/gFKE= -github.com/xanzy/go-gitlab v0.108.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20240829130658-0568052c5a6a h1:GCVnt5H4CB4np3ReSNH0GpBg5HDaLz1rZKnjhQjQGL4= -github.com/yandex-cloud/go-genproto v0.0.0-20240829130658-0568052c5a6a/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240829131820-fa8ad79f88a4 h1:l9x2SuRwFBvCTZvIlr8JqnjrHlr0a2UF/m/zdGnl+cs= -github.com/yandex-cloud/go-sdk v0.0.0-20240829131820-fa8ad79f88a4/go.mod h1:/kMfiARiUXWqYG9EX1g5cZuvW+vY5M/oFROiUg0na+0= +github.com/xanzy/go-gitlab v0.109.0 h1:RcRme5w8VpLXTSTTMZdVoQWY37qTJWg+gwdQl4aAttE= +github.com/xanzy/go-gitlab v0.109.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/yandex-cloud/go-genproto v0.0.0-20240903084352-17cc86ae897b h1:GWeoo4cXvvvFLjucwVBgg4qOabn9eRx0QVpjDLlRsWM= +github.com/yandex-cloud/go-genproto v0.0.0-20240903084352-17cc86ae897b/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240903084847-3bcbded5869d h1:xAMjEx40CaEpMyAFUszL4QFgOl0liemz1WZXgurXk9M= +github.com/yandex-cloud/go-sdk v0.0.0-20240903084847-3bcbded5869d/go.mod h1:iY2LYZnWSIgN30Jyqz1OlG5LyTjwQXGEPu2IoIQeP/8= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -749,8 +749,8 @@ golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.26.0 h1:RrRspgV4mU+YwB4FYnuBoKsUapNIL5cohGAmSH3azsw= -golang.org/x/crypto v0.26.0/go.mod h1:GY7jblb9wI+FOo5y8/S2oY4zWP07AkOJ4+jxCqdqn54= +golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= +golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -761,8 +761,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240823005443-9b4947da3948 h1:kx6Ds3MlpiUHKj7syVnbp57++8WpuKPcR5yjLBjvLEA= -golang.org/x/exp v0.0.0-20240823005443-9b4947da3948/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= +golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e h1:I88y4caeGeuDQxgdoFPUq097j7kNfw6uvuiNxUBfcBk= +golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -788,8 +788,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.20.0 h1:utOm6MM3R3dnawAiJgn0y+xvuYRsm1RKM/4giyfDgV0= -golang.org/x/mod v0.20.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= +golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -840,8 +840,8 @@ golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -855,8 +855,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.22.0 h1:BzDx2FehcG7jJwgWLELCdmLuxk2i+x9UDpSiss2u0ZA= -golang.org/x/oauth2 v0.22.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= +golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -936,8 +936,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.24.0 h1:Twjiwq9dn6R1fQcyiK+wQyHWfaz/BJB+YIpzU/Cv3Xg= -golang.org/x/sys v0.24.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= +golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -951,8 +951,8 @@ golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.23.0 h1:F6D4vR+EHoL9/sWAWgAR1H2DcHr4PareCbAaCo1RpuU= -golang.org/x/term v0.23.0/go.mod h1:DgV24QBUrK6jhZXl+20l6UWznPlwAHm1Q1mGHtydmSk= +golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= +golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -969,8 +969,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.17.0 h1:XtiM5bkSOt+ewxlOE/aE/AKEHibwj/6gvWMl9Rsh0Qc= -golang.org/x/text v0.17.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= +golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1059,8 +1059,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.195.0 h1:Ude4N8FvTKnnQJHU48RFI40jOBgIrL8Zqr3/QeST6yU= -google.golang.org/api v0.195.0/go.mod h1:DOGRWuv3P8TU8Lnz7uQc4hyNqrBpMtD9ppW3wBJurgc= +google.golang.org/api v0.196.0 h1:k/RafYqebaIJBO3+SMnfEGtFVlvp5vSgqTUF54UN/zg= +google.golang.org/api v0.196.0/go.mod h1:g9IL21uGkYgvQ5BZg6BAtoGJQIm8r6EgaAbpNey5wBE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1110,12 +1110,12 @@ google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed h1:4C4dbrVFtfIp3GXJdMX1Sj25mahfn5DywOo65/2ISQ8= -google.golang.org/genproto v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:ICjniACoWvcDz8c8bOsHVKuuSGDJy1z5M4G0DM3HzTc= -google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed h1:3RgNmBoI9MZhsj3QxC+AP/qQhNwpCLOvYDYYsFrhFt0= -google.golang.org/genproto/googleapis/api v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:OCdP9MfskevB/rbYvHTsXTtKC+3bHWajPdoKgjcYkfo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed h1:J6izYgfBXAI3xTKLgxzTmUltdYaLsuBxFCgDHWJ/eXg= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240827150818-7e3bb234dfed/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= +google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= +google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= +google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1201,18 +1201,18 @@ k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsM k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/gengo v0.0.0-20240826214909-a7b603a56eb7 h1:HCbtr1pVu/ElMcTTs18KdMtH5y6f7PQvrjh1QZj3qCI= -k8s.io/gengo v0.0.0-20240826214909-a7b603a56eb7/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/gengo v0.0.0-20240904190049-f173c7c23b06 h1:nOLHQ014rUc6MverFvifFBCKw28JbWcNFfzjG0KZUCE= +k8s.io/gengo v0.0.0-20240904190049-f173c7c23b06/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2 h1:GKE9U8BH16uynoxQii0auTjmmmuZ3O0LFMN6S0lPPhI= -k8s.io/kube-openapi v0.0.0-20240827152857-f7e401e7b4c2/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= -k8s.io/utils v0.0.0-20240821151609-f90d01438635 h1:2wThSvJoW/Ncn9TmQEYXRnevZXi2duqHWf5OX9S3zjI= -k8s.io/utils v0.0.0-20240821151609-f90d01438635/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 h1:1dWzkmJrrprYvjGwh9kEUxmcUV/CtNU8QM7h1FLWQOo= +k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= +k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 h1:b2FmK8YH+QEwq/Sy2uAEhmqL5nPfGYbJOcaqjeYYZoA= +k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= @@ -1227,5 +1227,5 @@ sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77Vzej sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= -software.sslmate.com/src/go-pkcs12 v0.4.0 h1:H2g08FrTvSFKUj+D309j1DPfk5APnIdAQAB8aEykJ5k= -software.sslmate.com/src/go-pkcs12 v0.4.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI= +software.sslmate.com/src/go-pkcs12 v0.5.0 h1:EC6R394xgENTpZ4RltKydeDUjtlM5drOYIG9c6TVj2M= +software.sslmate.com/src/go-pkcs12 v0.5.0/go.mod h1:Qiz0EyvDRJjjxGyUQa2cCNZn/wMyzrRJ/qcDXOQazLI= From 93a3ed3abc293731c4142d7cf90d734ba38807ec Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 9 Sep 2024 18:26:39 +0200 Subject: [PATCH 289/517] chore: bump helm chart version v0.10.3 (#3896) --- deploy/charts/external-secrets/Chart.yaml | 4 ++-- deploy/charts/external-secrets/README.md | 2 +- .../__snapshot__/cert_controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/webhook_test.yaml.snap | 14 +++++++------- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index f25c530146d..c07ae03ce93 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.10.2" -appVersion: "v0.10.2" +version: "0.10.3" +appVersion: "v0.10.3" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index a1cd2a873a8..24cda8292e1 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.2](https://img.shields.io/badge/Version-0.10.2-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.3](https://img.shields.io/badge/Version-0.10.3-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 530cebf9440..435b91ef156 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.2 - helm.sh/chart: external-secrets-0.10.2 + app.kubernetes.io/version: v0.10.3 + helm.sh/chart: external-secrets-0.10.3 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.2 - helm.sh/chart: external-secrets-0.10.2 + app.kubernetes.io/version: v0.10.3 + helm.sh/chart: external-secrets-0.10.3 spec: automountServiceAccountToken: true containers: @@ -41,7 +41,7 @@ should match snapshot of default values: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: ghcr.io/external-secrets/external-secrets:v0.10.2 + image: ghcr.io/external-secrets/external-secrets:v0.10.3 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 7138ca01dcb..0cfe15861cf 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.2 - helm.sh/chart: external-secrets-0.10.2 + app.kubernetes.io/version: v0.10.3 + helm.sh/chart: external-secrets-0.10.3 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.2 - helm.sh/chart: external-secrets-0.10.2 + app.kubernetes.io/version: v0.10.3 + helm.sh/chart: external-secrets-0.10.3 spec: automountServiceAccountToken: true containers: @@ -34,7 +34,7 @@ should match snapshot of default values: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: ghcr.io/external-secrets/external-secrets:v0.10.2 + image: ghcr.io/external-secrets/external-secrets:v0.10.3 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 1d8396ce84e..0506b8860ca 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.2 - helm.sh/chart: external-secrets-0.10.2 + app.kubernetes.io/version: v0.10.3 + helm.sh/chart: external-secrets-0.10.3 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.2 - helm.sh/chart: external-secrets-0.10.2 + app.kubernetes.io/version: v0.10.3 + helm.sh/chart: external-secrets-0.10.3 spec: automountServiceAccountToken: true containers: @@ -39,7 +39,7 @@ should match snapshot of default values: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: ghcr.io/external-secrets/external-secrets:v0.10.2 + image: ghcr.io/external-secrets/external-secrets:v0.10.3 imagePullPolicy: IfNotPresent name: webhook ports: @@ -83,8 +83,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.2 + app.kubernetes.io/version: v0.10.3 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.10.2 + helm.sh/chart: external-secrets-0.10.3 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From edb50666ff58f55b2644a02a62d98c445d369963 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Tue, 10 Sep 2024 20:32:12 +0200 Subject: [PATCH 290/517] fix: remove unnecessary nil check (#3899) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- cmd/webhook.go | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cmd/webhook.go b/cmd/webhook.go index 9f78baa3cfe..ea718117a4c 100644 --- a/cmd/webhook.go +++ b/cmd/webhook.go @@ -211,10 +211,10 @@ func waitForCerts(c crds.CertInfo, timeout time.Duration) error { if err == nil { return nil } - if err != nil { - setupLog.Error(err, "invalid certs. retrying...") - <-time.After(time.Second * 10) - } + + setupLog.Error(err, "invalid certs. retrying...") + <-time.After(time.Second * 10) + if ctx.Err() != nil { return ctx.Err() } From 7bf0cf2e79b9b7030733c0eb9b5d0a84c21038fb Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Fri, 13 Sep 2024 06:39:48 -0300 Subject: [PATCH 291/517] chore: updates default oci (#3903) * chore: updates default oci Signed-off-by: Gustavo Carvalho * fix: make e2e use old repo Signed-off-by: Gustavo Carvalho --------- Signed-off-by: Gustavo Carvalho --- deploy/charts/external-secrets/README.md | 6 +++--- .../__snapshot__/cert_controller_test.yaml.snap | 2 +- .../tests/__snapshot__/controller_test.yaml.snap | 2 +- .../tests/__snapshot__/webhook_test.yaml.snap | 2 +- deploy/charts/external-secrets/values.yaml | 6 +++--- e2e/framework/addon/eso.go | 12 ++++++++++++ 6 files changed, 21 insertions(+), 9 deletions(-) diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index 24cda8292e1..d52afe16bf6 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -47,7 +47,7 @@ The command removes all the Kubernetes components associated with the chart and | certController.hostNetwork | bool | `false` | Run the certController on the host network | | certController.image.flavour | string | `""` | | | certController.image.pullPolicy | string | `"IfNotPresent"` | | -| certController.image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | +| certController.image.repository | string | `"oci.external-secrets.io/external-secrets/external-secrets"` | | | certController.image.tag | string | `""` | | | certController.imagePullSecrets | list | `[]` | | | certController.log | object | `{"level":"info","timeEncoding":"epoch"}` | Specifices Log Params to the Webhook | @@ -111,7 +111,7 @@ The command removes all the Kubernetes components associated with the chart and | hostNetwork | bool | `false` | Run the controller on the host network | | image.flavour | string | `""` | The flavour of tag you want to use There are different image flavours available, like distroless and ubi. Please see GitHub release notes for image tags for these flavors. By default, the distroless image is used. | | image.pullPolicy | string | `"IfNotPresent"` | | -| image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | +| image.repository | string | `"oci.external-secrets.io/external-secrets/external-secrets"` | | | image.tag | string | `""` | The image tag to use. The default is the chart appVersion. | | imagePullSecrets | list | `[]` | | | installCRDs | bool | `true` | If set, install and upgrade CRDs through helm chart. | @@ -185,7 +185,7 @@ The command removes all the Kubernetes components associated with the chart and | webhook.hostNetwork | bool | `false` | Specifies if webhook pod should use hostNetwork or not. | | webhook.image.flavour | string | `""` | The flavour of tag you want to use | | webhook.image.pullPolicy | string | `"IfNotPresent"` | | -| webhook.image.repository | string | `"ghcr.io/external-secrets/external-secrets"` | | +| webhook.image.repository | string | `"oci.external-secrets.io/external-secrets/external-secrets"` | | | webhook.image.tag | string | `""` | The image tag to use. The default is the chart appVersion. | | webhook.imagePullSecrets | list | `[]` | | | webhook.log | object | `{"level":"info","timeEncoding":"epoch"}` | Specifices Log Params to the Webhook | diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 435b91ef156..3c40f7d71f2 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -41,7 +41,7 @@ should match snapshot of default values: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: ghcr.io/external-secrets/external-secrets:v0.10.3 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.3 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 0cfe15861cf..186a53420c4 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -34,7 +34,7 @@ should match snapshot of default values: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: ghcr.io/external-secrets/external-secrets:v0.10.3 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.3 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 0506b8860ca..962ca144989 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -39,7 +39,7 @@ should match snapshot of default values: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: ghcr.io/external-secrets/external-secrets:v0.10.3 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.3 imagePullPolicy: IfNotPresent name: webhook ports: diff --git a/deploy/charts/external-secrets/values.yaml b/deploy/charts/external-secrets/values.yaml index 19525ad8ad6..21f4a94c394 100644 --- a/deploy/charts/external-secrets/values.yaml +++ b/deploy/charts/external-secrets/values.yaml @@ -21,7 +21,7 @@ bitwarden-sdk-server: revisionHistoryLimit: 10 image: - repository: ghcr.io/external-secrets/external-secrets + repository: oci.external-secrets.io/external-secrets/external-secrets pullPolicy: IfNotPresent # -- The image tag to use. The default is the chart appVersion. tag: "" @@ -259,7 +259,7 @@ webhook: # -- Specifies if webhook pod should use hostNetwork or not. hostNetwork: false image: - repository: ghcr.io/external-secrets/external-secrets + repository: oci.external-secrets.io/external-secrets/external-secrets pullPolicy: IfNotPresent # -- The image tag to use. The default is the chart appVersion. tag: "" @@ -417,7 +417,7 @@ certController: revisionHistoryLimit: 10 image: - repository: ghcr.io/external-secrets/external-secrets + repository: oci.external-secrets.io/external-secrets/external-secrets pullPolicy: IfNotPresent tag: "" flavour: "" diff --git a/e2e/framework/addon/eso.go b/e2e/framework/addon/eso.go index 48e6fe83646..d432fc55f53 100644 --- a/e2e/framework/addon/eso.go +++ b/e2e/framework/addon/eso.go @@ -42,14 +42,26 @@ func NewESO(mutators ...MutationFunc) *ESO { Key: "webhook.image.tag", Value: os.Getenv("VERSION"), }, + { + Key: "webhook.image.repository", + Value: "ghcr.io/external-secrets/external-secrets", + }, { Key: "certController.image.tag", Value: os.Getenv("VERSION"), }, + { + Key: "certController.image.repository", + Value: "ghcr.io/external-secrets/external-secrets", + }, { Key: "image.tag", Value: os.Getenv("VERSION"), }, + { + Key: "image.repository", + Value: "ghcr.io/external-secrets/external-secrets", + }, { Key: "extraArgs.loglevel", Value: "debug", From cdb0bde42998663d490d51962504e48bde078a17 Mon Sep 17 00:00:00 2001 From: btfhernandez <133419363+btfhernandez@users.noreply.github.com> Date: Fri, 13 Sep 2024 04:47:19 -0500 Subject: [PATCH 292/517] fix: fix typo in provider name (#3900) Signed-off-by: Felipe Hernandez --- hack/api-docs/mkdocs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index ba7acadaf5f..b6ec96bc126 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -94,7 +94,7 @@ nav: - AWS Secrets Manager: provider/aws-secrets-manager.md - AWS Parameter Store: provider/aws-parameter-store.md - Azure Key Vault: provider/azure-key-vault.md - - BeyoundTrust: provider/beyondtrust.md + - BeyondTrust: provider/beyondtrust.md - Bitwarden Secrets Manager: provider/bitwarden-secrets-manager.md - Chef: provider/chef.md - CyberArk Conjur: provider/conjur.md From 13738abaf769440c9c15cad100274b6f3c763372 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 11:00:45 +0200 Subject: [PATCH 293/517] chore(deps): bump regex from 2024.7.24 to 2024.9.11 in /hack/api-docs (#3908) Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2024.7.24 to 2024.9.11. - [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt) - [Commits](https://github.com/mrabarnett/mrab-regex/compare/2024.7.24...2024.9.11) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index bda7744c74b..4c1ec6d7d6f 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -31,7 +31,7 @@ pymdown-extensions==10.9 python-dateutil==2.9.0.post0 PyYAML==6.0.2 pyyaml_env_tag==0.1 -regex==2024.7.24 +regex==2024.9.11 requests==2.32.3 six==1.16.0 termcolor==2.4.0 From d89e302c19e4850ce2e80b649b534444218ca7c8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 11:01:40 +0200 Subject: [PATCH 294/517] chore(deps): bump urllib3 from 2.2.2 to 2.2.3 in /hack/api-docs (#3909) Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.2 to 2.2.3. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.2.2...2.2.3) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 4c1ec6d7d6f..4935e9e64f1 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -36,7 +36,7 @@ requests==2.32.3 six==1.16.0 termcolor==2.4.0 tornado==6.4.1 -urllib3==2.2.2 +urllib3==2.2.3 verspec==0.1.0 watchdog==5.0.2 zipp==3.20.1 From 0b700dbc945bf4d2fb8b8b2c7ec29ba313fa9633 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 11:33:46 +0200 Subject: [PATCH 295/517] chore(deps): bump zipp from 3.20.1 to 3.20.2 in /hack/api-docs (#3910) Bumps [zipp](https://github.com/jaraco/zipp) from 3.20.1 to 3.20.2. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.20.1...v3.20.2) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 4935e9e64f1..1ab50e66973 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -39,4 +39,4 @@ tornado==6.4.1 urllib3==2.2.3 verspec==0.1.0 watchdog==5.0.2 -zipp==3.20.1 +zipp==3.20.2 From 5b170458ee856f4e965fe7e422aecdaf89b26d9d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 11:34:01 +0200 Subject: [PATCH 296/517] chore(deps): bump idna from 3.8 to 3.10 in /hack/api-docs (#3911) Bumps [idna](https://github.com/kjd/idna) from 3.8 to 3.10. - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](https://github.com/kjd/idna/compare/v3.8...v3.10) --- updated-dependencies: - dependency-name: idna dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 1ab50e66973..450589b92ec 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -6,7 +6,7 @@ colorama==0.4.6 csscompressor==0.9.5 ghp-import==2.1.0 htmlmin==0.1.12 -idna==3.8 +idna==3.10 importlib-metadata==8.4.0 importlib-resources==6.4.4 Jinja2==3.1.4 From 341eb6fc58ae1b82a2aad10f9a32769240c47dfb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 11:34:14 +0200 Subject: [PATCH 297/517] chore(deps): bump platformdirs from 4.3.2 to 4.3.3 in /hack/api-docs (#3912) Bumps [platformdirs](https://github.com/tox-dev/platformdirs) from 4.3.2 to 4.3.3. - [Release notes](https://github.com/tox-dev/platformdirs/releases) - [Changelog](https://github.com/tox-dev/platformdirs/blob/main/CHANGES.rst) - [Commits](https://github.com/tox-dev/platformdirs/compare/4.3.2...4.3.3) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 450589b92ec..b63f51e2dba 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -25,7 +25,7 @@ packaging==24.1 paginate==0.5.7 pathspec==0.12.1 pep562==1.1 -platformdirs==4.3.2 +platformdirs==4.3.3 Pygments==2.18.0 pymdown-extensions==10.9 python-dateutil==2.9.0.post0 From 24d6114a5b39e179630f7c8f2f55c63e169d5ae0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 11:34:29 +0200 Subject: [PATCH 298/517] chore(deps): bump github/codeql-action from 3.26.6 to 3.26.7 (#3913) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.6 to 3.26.7. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4dd16135b69a43b6c8efb853346f8437d92d3c93...8214744c546c1e5c8f03dde8fab3a7353211988d) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 2918a1aca2f..489f5028d48 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4dd16135b69a43b6c8efb853346f8437d92d3c93 # v3.26.6 + uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 with: sarif_file: results.sarif From c1268645557d37241b350d0db41c903833673e77 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 13:22:13 +0200 Subject: [PATCH 299/517] chore(deps): bump golang from `ac67716` to `ac67716` (#3914) Bumps golang from `ac67716` to `ac67716`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- tilt.debug.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index e023aa6aeea..f548975fd49 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.1@sha256:4a3c2bcd243d3dbb7b15237eecb0792db3614900037998c2cd6a579c46888c1e +FROM golang:1.23.1@sha256:2fe82a3f3e006b4f2a316c6a21f62b66e1330ae211d039bb8d1128e12ed57bf1 WORKDIR / COPY ./bin/external-secrets /external-secrets From 665f112570a69b46429d9f388698222dc0e18291 Mon Sep 17 00:00:00 2001 From: KAZY Date: Mon, 16 Sep 2024 20:43:29 +0900 Subject: [PATCH 300/517] update label (#3898) Signed-off-by: KAZYPinkSaurus Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/snippets/generator-webhook.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/snippets/generator-webhook.yaml b/docs/snippets/generator-webhook.yaml index eb8352de7fe..ede098a36fc 100644 --- a/docs/snippets/generator-webhook.yaml +++ b/docs/snippets/generator-webhook.yaml @@ -20,7 +20,7 @@ kind: Secret metadata: name: webhook-credentials labels: - generators.external-secrets.io/type: webhook #Needed to allow webhook to use this secret + external-secrets.io/type: webhook #Needed to allow webhook to use this secret data: username: dGVzdA== # "test" password: dGVzdA== # "test" From f76be9fa780815bdbfbd9f546fa4374d273da062 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 16 Sep 2024 16:23:11 +0200 Subject: [PATCH 301/517] chore: update dependencies (#3915) * update dependencies Signed-off-by: External Secrets Operator * revert pulumi update Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * updated controller runtime Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: External Secrets Operator Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- ...nal-secrets.io_clusterexternalsecrets.yaml | 2 +- ...ternal-secrets.io_clustersecretstores.yaml | 2 +- .../external-secrets.io_externalsecrets.yaml | 2 +- .../external-secrets.io_pushsecrets.yaml | 2 +- .../external-secrets.io_secretstores.yaml | 2 +- ...s.external-secrets.io_acraccesstokens.yaml | 2 +- ...nal-secrets.io_ecrauthorizationtokens.yaml | 2 +- .../generators.external-secrets.io_fakes.yaml | 2 +- ...s.external-secrets.io_gcraccesstokens.yaml | 2 +- ...xternal-secrets.io_githubaccesstokens.yaml | 2 +- ...erators.external-secrets.io_passwords.yaml | 2 +- .../generators.external-secrets.io_uuids.yaml | 2 +- ...ternal-secrets.io_vaultdynamicsecrets.yaml | 2 +- ...nerators.external-secrets.io_webhooks.yaml | 2 +- deploy/crds/bundle.yaml | 28 ++-- e2e/go.mod | 42 +++--- e2e/go.sum | 76 +++++----- go.mod | 67 +++++---- go.sum | 137 +++++++++--------- 19 files changed, 188 insertions(+), 190 deletions(-) diff --git a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml index b643b97276c..c38d5a747f1 100644 --- a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index baf9eb458a1..97e9df4e600 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: clustersecretstores.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index af65f40d3e2..ddb24969b8c 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: externalsecrets.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_pushsecrets.yaml b/config/crds/bases/external-secrets.io_pushsecrets.yaml index 456f83429cb..16494411cef 100644 --- a/config/crds/bases/external-secrets.io_pushsecrets.yaml +++ b/config/crds/bases/external-secrets.io_pushsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 name: pushsecrets.external-secrets.io spec: group: external-secrets.io diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index bf306b1e6d9..fde12c88c9e 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml index ce959cee0c7..9d6b4a98cf8 100644 --- a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml index d11cccdaf39..7953bdcacd3 100644 --- a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_fakes.yaml b/config/crds/bases/generators.external-secrets.io_fakes.yaml index eff26a1a4f0..6896c2576b5 100644 --- a/config/crds/bases/generators.external-secrets.io_fakes.yaml +++ b/config/crds/bases/generators.external-secrets.io_fakes.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: fakes.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml index 299ba93113a..828ffce07c1 100644 --- a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml index e2b0984a57a..537cf323ebf 100644 --- a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_passwords.yaml b/config/crds/bases/generators.external-secrets.io_passwords.yaml index 97ce4d45c6c..23a1b10bcd5 100644 --- a/config/crds/bases/generators.external-secrets.io_passwords.yaml +++ b/config/crds/bases/generators.external-secrets.io_passwords.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: passwords.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_uuids.yaml b/config/crds/bases/generators.external-secrets.io_uuids.yaml index 0bc73b91687..fd37057316e 100644 --- a/config/crds/bases/generators.external-secrets.io_uuids.yaml +++ b/config/crds/bases/generators.external-secrets.io_uuids.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 name: uuids.generators.external-secrets.io spec: group: generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml index ea9123ec512..ea9d1adcfc4 100644 --- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml +++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_webhooks.yaml b/config/crds/bases/generators.external-secrets.io_webhooks.yaml index 73a76ea0e52..b9d60284733 100644 --- a/config/crds/bases/generators.external-secrets.io_webhooks.yaml +++ b/config/crds/bases/generators.external-secrets.io_webhooks.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: webhooks.generators.external-secrets.io diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index f8f9e8ea54e..e2fe9ba155e 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io @@ -659,7 +659,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: clustersecretstores.external-secrets.io @@ -5251,7 +5251,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: externalsecrets.external-secrets.io @@ -6062,7 +6062,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 name: pushsecrets.external-secrets.io spec: group: external-secrets.io @@ -6439,7 +6439,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io @@ -11031,7 +11031,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io @@ -11225,7 +11225,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io @@ -11393,7 +11393,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: fakes.generators.external-secrets.io @@ -11470,7 +11470,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io @@ -11599,7 +11599,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io @@ -11702,7 +11702,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: passwords.generators.external-secrets.io @@ -11801,7 +11801,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 name: uuids.generators.external-secrets.io spec: group: generators.external-secrets.io @@ -11864,7 +11864,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io @@ -12562,7 +12562,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: webhooks.generators.external-secrets.io diff --git a/e2e/go.mod b/e2e/go.mod index 6e1f84a4ec7..f2a9401826c 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -39,7 +39,7 @@ replace ( ) require ( - cloud.google.com/go/secretmanager v1.14.0 + cloud.google.com/go/secretmanager v1.14.1 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 @@ -55,17 +55,17 @@ require ( github.com/fluxcd/pkg/apis/meta v1.2.0 github.com/fluxcd/source-controller/api v1.2.3 github.com/golang-jwt/jwt/v4 v4.5.0 - github.com/hashicorp/vault/api v1.14.0 + github.com/hashicorp/vault/api v1.15.0 github.com/onsi/ginkgo/v2 v2.20.2 - github.com/onsi/gomega v1.34.1 + github.com/onsi/gomega v1.34.2 github.com/oracle/oci-go-sdk/v65 v65.73.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 github.com/xanzy/go-gitlab v0.109.0 golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.196.0 - k8s.io/api v0.31.0 - k8s.io/apiextensions-apiserver v0.31.0 - k8s.io/apimachinery v0.31.0 + google.golang.org/api v0.197.0 + k8s.io/api v0.31.1 + k8s.io/apiextensions-apiserver v0.31.1 + k8s.io/apimachinery v0.31.1 k8s.io/client-go v1.5.2 k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 sigs.k8s.io/controller-runtime v0.19.0 @@ -74,10 +74,10 @@ require ( ) require ( - cloud.google.com/go/auth v0.9.3 // indirect + cloud.google.com/go/auth v0.9.4 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect - cloud.google.com/go/compute/metadata v0.5.0 // indirect - cloud.google.com/go/iam v1.2.0 // indirect + cloud.google.com/go/compute/metadata v0.5.1 // indirect + cloud.google.com/go/iam v1.2.1 // indirect dario.cat/mergo v1.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect @@ -97,7 +97,7 @@ require ( github.com/alessio/shellescape v1.4.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect - github.com/cenkalti/backoff/v3 v3.2.2 // indirect + github.com/cenkalti/backoff/v4 v4.3.0 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/danieljoos/wincred v1.2.2 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect @@ -128,10 +128,10 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9 // indirect + github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134 // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.3 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/googleapis/gax-go/v2 v2.13.0 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect @@ -187,25 +187,25 @@ require ( github.com/x448/float16 v0.8.4 // indirect github.com/zalando/go-keyring v0.2.5 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect - go.opentelemetry.io/otel v1.29.0 // indirect - go.opentelemetry.io/otel/metric v1.29.0 // indirect - go.opentelemetry.io/otel/trace v1.29.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 // indirect + go.opentelemetry.io/otel v1.30.0 // indirect + go.opentelemetry.io/otel/metric v1.30.0 // indirect + go.opentelemetry.io/otel/trace v1.30.0 // indirect golang.org/x/crypto v0.27.0 // indirect - golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e // indirect + golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect golang.org/x/net v0.29.0 // indirect golang.org/x/sync v0.8.0 // indirect golang.org/x/sys v0.25.0 // indirect golang.org/x/term v0.24.0 // indirect golang.org/x/text v0.18.0 // indirect golang.org/x/time v0.6.0 // indirect - golang.org/x/tools v0.24.0 // indirect + golang.org/x/tools v0.25.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/grpc v1.66.0 // indirect + google.golang.org/grpc v1.66.2 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 06e5d508478..bd29c44ebde 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.3 h1:VOEUIAADkkLtyfr3BLa3R8Ed/j6w1jTBmARx+wb5w5U= -cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= +cloud.google.com/go/auth v0.9.4 h1:DxF7imbEbiFu9+zdKC6cKBko1e8XeJnipNqIbWZ+kDI= +cloud.google.com/go/auth v0.9.4/go.mod h1:SHia8n6//Ya940F1rLimhJCjjx7KE17t0ctFEci3HkA= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -31,18 +31,18 @@ cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUM cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= -cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= +cloud.google.com/go/compute/metadata v0.5.1 h1:NM6oZeZNlYjiwYje+sYFjEpP0Q0zCan1bmQW/KmIrGs= +cloud.google.com/go/compute/metadata v0.5.1/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= -cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= +cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU= +cloud.google.com/go/iam v1.2.1/go.mod h1:3VUIJDPpwT6p/amXRC5GY8fCCh70lxPygguVtI0Z4/g= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.14.0 h1:P2RRu2NEsQyOjplhUPvWKqzDXUKzwejHLuSUBHI8c4w= -cloud.google.com/go/secretmanager v1.14.0/go.mod h1:q0hSFHzoW7eRgyYFH8trqEFavgrMeiJI4FETNN78vhM= +cloud.google.com/go/secretmanager v1.14.1 h1:xlWSIg8rtBn5qCr2f3XtQP19+5COyf/ll49SEvi/0vM= +cloud.google.com/go/secretmanager v1.14.1/go.mod h1:L+gO+u2JA9CCyXpSR8gDH0o8EV7i/f0jdBOrUXcIV0U= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -122,8 +122,8 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= -github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= -github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= +github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= +github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -293,8 +293,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9 h1:q5g0N9eal4bmJwXHC5z0QCKs8qhS35hFfq0BAYsIwZI= -github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134 h1:c5FlPPgxOn7kJz3VoPLkQYQXGBS3EklQ4Zfi57uOuqQ= +github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -304,8 +304,8 @@ github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.3 h1:QRje2j5GZimBzlbhGA2V2QlGNgL8G6e+wGo/+/2bWI0= -github.com/googleapis/enterprise-certificate-proxy v0.3.3/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= +github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= +github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= @@ -335,8 +335,8 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= -github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU= -github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk= +github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA= +github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= @@ -413,8 +413,8 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= -github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= -github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= +github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= +github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= github.com/oracle/oci-go-sdk/v65 v65.73.0 h1:C7uel6CoKk4A1KPkdhFBAyvVyFRTHAmX8m0o64RmfPg= @@ -510,18 +510,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= -go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= -go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= -go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= -go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= -go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= -go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= -go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= -go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 h1:hCq2hNMwsegUvPzI7sPOvtO9cqyy5GbWt/Ybp2xrx8Q= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0/go.mod h1:LqaApwGx/oUmzsbqxkzuBvyoPpkxk3JQWnqfVrJ3wCA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 h1:ZIg3ZT/aQ7AfKqdwp7ECpOK6vHqquXXuyTjIO8ZdmPs= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0/go.mod h1:DQAwmETtZV00skUwgD6+0U89g80NKsJE3DCKeLLPQMI= +go.opentelemetry.io/otel v1.30.0 h1:F2t8sK4qf1fAmY9ua4ohFS/K+FUuOPemHUIXHtktrts= +go.opentelemetry.io/otel v1.30.0/go.mod h1:tFw4Br9b7fOS+uEao81PJjVMjW/5fvNCbpsDIXqP0pc= +go.opentelemetry.io/otel/metric v1.30.0 h1:4xNulvn9gjzo4hjg+wzIKG7iNFEaBMX00Qd4QIZs7+w= +go.opentelemetry.io/otel/metric v1.30.0/go.mod h1:aXTfST94tswhWEb+5QjlSqG+cZlmyXy/u8jFpor3WqQ= +go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= +go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= +go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8dQ9wmc= +go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= @@ -556,8 +556,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e h1:I88y4caeGeuDQxgdoFPUq097j7kNfw6uvuiNxUBfcBk= -golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -790,8 +790,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= -golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= +golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE= +golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -820,8 +820,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.196.0 h1:k/RafYqebaIJBO3+SMnfEGtFVlvp5vSgqTUF54UN/zg= -google.golang.org/api v0.196.0/go.mod h1:g9IL21uGkYgvQ5BZg6BAtoGJQIm8r6EgaAbpNey5wBE= +google.golang.org/api v0.197.0 h1:x6CwqQLsFiA5JKAiGyGBjc2bNtHtLddhJCE2IKuhhcQ= +google.golang.org/api v0.197.0/go.mod h1:AuOuo20GoQ331nq7DquGHlU6d+2wN2fZ8O0ta60nRNw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -894,8 +894,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= -google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo= +google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/go.mod b/go.mod index 2cefd5fc6a9..a051d296112 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,8 @@ go 1.23 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 require ( - cloud.google.com/go/iam v1.2.0 - cloud.google.com/go/secretmanager v1.14.0 + cloud.google.com/go/iam v1.2.1 + cloud.google.com/go/secretmanager v1.14.1 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 @@ -25,13 +25,13 @@ require ( github.com/google/go-cmp v0.6.0 github.com/google/uuid v1.6.0 github.com/googleapis/gax-go/v2 v2.13.0 - github.com/hashicorp/vault/api v1.14.0 - github.com/hashicorp/vault/api/auth/approle v0.7.0 - github.com/hashicorp/vault/api/auth/kubernetes v0.7.0 - github.com/hashicorp/vault/api/auth/ldap v0.7.0 + github.com/hashicorp/vault/api v1.15.0 + github.com/hashicorp/vault/api/auth/approle v0.8.0 + github.com/hashicorp/vault/api/auth/kubernetes v0.8.0 + github.com/hashicorp/vault/api/auth/ldap v0.8.0 github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.20.2 - github.com/onsi/gomega v1.34.1 + github.com/onsi/gomega v1.34.2 github.com/oracle/oci-go-sdk/v65 v65.73.0 github.com/prometheus/client_golang v1.20.3 github.com/prometheus/client_model v0.6.1 @@ -39,24 +39,24 @@ require ( github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.3 github.com/xanzy/go-gitlab v0.109.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240903084352-17cc86ae897b - github.com/yandex-cloud/go-sdk v0.0.0-20240903084847-3bcbded5869d + github.com/yandex-cloud/go-genproto v0.0.0-20240911120709-1fa0cb6f47c2 + github.com/yandex-cloud/go-sdk v0.0.0-20240911121212-e4e74d0d02f5 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.27.0 golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.196.0 + google.golang.org/api v0.197.0 google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 - google.golang.org/grpc v1.66.0 + google.golang.org/grpc v1.66.2 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 - k8s.io/api v0.31.0 - k8s.io/apiextensions-apiserver v0.31.0 - k8s.io/apimachinery v0.31.0 - k8s.io/client-go v0.31.0 + k8s.io/api v0.31.1 + k8s.io/apiextensions-apiserver v0.31.1 + k8s.io/apimachinery v0.31.1 + k8s.io/client-go v0.31.1 k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 sigs.k8s.io/controller-runtime v0.19.0 - sigs.k8s.io/controller-tools v0.16.2 + sigs.k8s.io/controller-tools v0.16.3 ) require github.com/1Password/connect-sdk-go v1.5.3 @@ -74,8 +74,8 @@ require ( github.com/alibabacloud-go/kms-20160120/v3 v3.2.3 github.com/alibabacloud-go/openapi-util v0.1.1 github.com/alibabacloud-go/tea v1.2.2 - github.com/alibabacloud-go/tea-utils/v2 v2.0.6 - github.com/aliyun/credentials-go v1.3.9 + github.com/alibabacloud-go/tea-utils/v2 v2.0.7 + github.com/aliyun/credentials-go v1.3.10 github.com/avast/retry-go/v4 v4.6.0 github.com/cenkalti/backoff/v4 v4.3.0 github.com/cyberark/conjur-api-go v0.12.4 @@ -83,11 +83,11 @@ require ( github.com/go-openapi/strfmt v0.23.0 github.com/golang-jwt/jwt/v5 v5.2.1 github.com/hashicorp/golang-lru v1.0.2 - github.com/hashicorp/vault/api/auth/aws v0.7.0 - github.com/hashicorp/vault/api/auth/userpass v0.7.0 + github.com/hashicorp/vault/api/auth/aws v0.8.0 + github.com/hashicorp/vault/api/auth/userpass v0.8.0 github.com/keeper-security/secrets-manager-go/core v1.6.3 github.com/lestrrat-go/jwx/v2 v2.1.1 - github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 + github.com/maxbrunsfeld/counterfeiter/v6 v6.9.0 github.com/passbolt/go-passbolt v0.7.1 github.com/pulumi/esc-sdk/sdk v0.9.2 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 @@ -100,9 +100,9 @@ require ( ) require ( - cloud.google.com/go/auth v0.9.3 // indirect + cloud.google.com/go/auth v0.9.4 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect - cloud.google.com/go/compute/metadata v0.5.0 // indirect + cloud.google.com/go/compute/metadata v0.5.1 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/ProtonMail/gopenpgp/v2 v2.7.5 // indirect @@ -142,11 +142,11 @@ require ( github.com/tjfoc/gmsm v1.4.1 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/zalando/go-keyring v0.2.5 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 // indirect - go.opentelemetry.io/otel v1.29.0 // indirect - go.opentelemetry.io/otel/metric v1.29.0 // indirect - go.opentelemetry.io/otel/trace v1.29.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 // indirect + go.opentelemetry.io/otel v1.30.0 // indirect + go.opentelemetry.io/otel/metric v1.30.0 // indirect + go.opentelemetry.io/otel/trace v1.30.0 // indirect golang.org/x/sync v0.8.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect @@ -168,7 +168,6 @@ require ( github.com/PaesslerAG/gval v1.2.2 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect - github.com/cenkalti/backoff/v3 v3.2.2 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 // indirect @@ -195,8 +194,8 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9 // indirect - github.com/googleapis/enterprise-certificate-proxy v0.3.3 // indirect + github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134 // indirect + github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-hclog v1.6.3 // indirect @@ -248,20 +247,20 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e // indirect + golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect golang.org/x/mod v0.21.0 // indirect golang.org/x/net v0.29.0 // indirect golang.org/x/sys v0.25.0 // indirect golang.org/x/term v0.24.0 // indirect golang.org/x/text v0.18.0 // indirect golang.org/x/time v0.6.0 // indirect - golang.org/x/tools v0.24.0 // indirect + golang.org/x/tools v0.25.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect - k8s.io/gengo v0.0.0-20240904190049-f173c7c23b06 // indirect + k8s.io/gengo v0.0.0-20240911193312-2b36238f13e9 // indirect k8s.io/klog v1.0.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect diff --git a/go.sum b/go.sum index e56bef5edf1..829c5202924 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.3 h1:VOEUIAADkkLtyfr3BLa3R8Ed/j6w1jTBmARx+wb5w5U= -cloud.google.com/go/auth v0.9.3/go.mod h1:7z6VY+7h3KUdRov5F1i8NDP5ZzWKYmEPO842BgCsmTk= +cloud.google.com/go/auth v0.9.4 h1:DxF7imbEbiFu9+zdKC6cKBko1e8XeJnipNqIbWZ+kDI= +cloud.google.com/go/auth v0.9.4/go.mod h1:SHia8n6//Ya940F1rLimhJCjjx7KE17t0ctFEci3HkA= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -31,18 +31,18 @@ cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUM cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.5.0 h1:Zr0eK8JbFv6+Wi4ilXAR8FJ3wyNdpxHKJNPos6LTZOY= -cloud.google.com/go/compute/metadata v0.5.0/go.mod h1:aHnloV2TPI38yx4s9+wAZhHykWvVCfu7hQbF+9CWoiY= +cloud.google.com/go/compute/metadata v0.5.1 h1:NM6oZeZNlYjiwYje+sYFjEpP0Q0zCan1bmQW/KmIrGs= +cloud.google.com/go/compute/metadata v0.5.1/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.2.0 h1:kZKMKVNk/IsSSc/udOb83K0hL/Yh/Gcqpz+oAkoIFN8= -cloud.google.com/go/iam v1.2.0/go.mod h1:zITGuWgsLZxd8OwAlX+eMFgZDXzBm7icj1PVTYG766Q= +cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU= +cloud.google.com/go/iam v1.2.1/go.mod h1:3VUIJDPpwT6p/amXRC5GY8fCCh70lxPygguVtI0Z4/g= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.14.0 h1:P2RRu2NEsQyOjplhUPvWKqzDXUKzwejHLuSUBHI8c4w= -cloud.google.com/go/secretmanager v1.14.0/go.mod h1:q0hSFHzoW7eRgyYFH8trqEFavgrMeiJI4FETNN78vhM= +cloud.google.com/go/secretmanager v1.14.1 h1:xlWSIg8rtBn5qCr2f3XtQP19+5COyf/ll49SEvi/0vM= +cloud.google.com/go/secretmanager v1.14.1/go.mod h1:L+gO+u2JA9CCyXpSR8gDH0o8EV7i/f0jdBOrUXcIV0U= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -179,15 +179,16 @@ github.com/alibabacloud-go/tea v1.2.2 h1:aTsR6Rl3ANWPfqeQugPglfurloyBJY85eFy7Gc1 github.com/alibabacloud-go/tea v1.2.2/go.mod h1:CF3vOzEMAG+bR4WOql8gc2G9H3EkH3ZLAQdpmpXMgwk= github.com/alibabacloud-go/tea-utils v1.3.1/go.mod h1:EI/o33aBfj3hETm4RLiAxF/ThQdSngxrpF8rKUDJjPE= github.com/alibabacloud-go/tea-utils/v2 v2.0.5/go.mod h1:dL6vbUT35E4F4bFTHL845eUloqaerYBYPsdWR2/jhe4= -github.com/alibabacloud-go/tea-utils/v2 v2.0.6 h1:ZkmUlhlQbaDC+Eba/GARMPy6hKdCLiSke5RsN5LcyQ0= github.com/alibabacloud-go/tea-utils/v2 v2.0.6/go.mod h1:qxn986l+q33J5VkialKMqT/TTs3E+U9MJpd001iWQ9I= +github.com/alibabacloud-go/tea-utils/v2 v2.0.7 h1:WDx5qW3Xa5ZgJ1c8NfqJkF6w+AU5wB8835UdhPr6Ax0= +github.com/alibabacloud-go/tea-utils/v2 v2.0.7/go.mod h1:qxn986l+q33J5VkialKMqT/TTs3E+U9MJpd001iWQ9I= github.com/alibabacloud-go/tea-xml v1.1.3 h1:7LYnm+JbOq2B+T/B0fHC4Ies4/FofC4zHzYtqw7dgt0= github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCEtyBy9+DPF6GgEu8= github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= -github.com/aliyun/credentials-go v1.3.9 h1:xz4W+ebo2xlq5LXshm4YLz7P7ZfmQaNYGTx+Lm0HbQ4= -github.com/aliyun/credentials-go v1.3.9/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= +github.com/aliyun/credentials-go v1.3.10 h1:45Xxrae/evfzQL9V10zL3xX31eqgLWEaIdCoPipOEQA= +github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= @@ -203,8 +204,6 @@ github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1U github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M= -github.com/cenkalti/backoff/v3 v3.2.2 h1:cfUAAO3yvKMYKPrvhDuHSwQnhZNk/RMHKdZqKTxfm6M= -github.com/cenkalti/backoff/v3 v3.2.2/go.mod h1:cIeZDE3IrqwwJl6VUwCN6trj1oXrTS4rc0ij+ULvLYs= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -410,8 +409,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9 h1:q5g0N9eal4bmJwXHC5z0QCKs8qhS35hFfq0BAYsIwZI= -github.com/google/pprof v0.0.0-20240903155634-a8630aee4ab9/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134 h1:c5FlPPgxOn7kJz3VoPLkQYQXGBS3EklQ4Zfi57uOuqQ= +github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -421,8 +420,8 @@ github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+ github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/googleapis/enterprise-certificate-proxy v0.3.3 h1:QRje2j5GZimBzlbhGA2V2QlGNgL8G6e+wGo/+/2bWI0= -github.com/googleapis/enterprise-certificate-proxy v0.3.3/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= +github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gTgghdIA6Stxb52D5RnLI1SLyw= +github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= @@ -461,18 +460,18 @@ github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iP github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= -github.com/hashicorp/vault/api v1.14.0 h1:Ah3CFLixD5jmjusOgm8grfN9M0d+Y8fVR2SW0K6pJLU= -github.com/hashicorp/vault/api v1.14.0/go.mod h1:pV9YLxBGSz+cItFDd8Ii4G17waWOQ32zVjMWHe/cOqk= -github.com/hashicorp/vault/api/auth/approle v0.7.0 h1:R5IRVuFA5JSdG3UdGVcGysi0StrL1lPmyJnrawiV0Ss= -github.com/hashicorp/vault/api/auth/approle v0.7.0/go.mod h1:B+WaC6VR+aSXiUxykpaPUoFiiZAhic53tDLbGjWZmRA= -github.com/hashicorp/vault/api/auth/aws v0.7.0 h1:ArviNMpI3wbqGw2lEz04+NiqWl0p8QPX+HRX+S9uQCQ= -github.com/hashicorp/vault/api/auth/aws v0.7.0/go.mod h1:o89djEokWKGIjf5FkcaA//4RBwvrDDIXqVINMdBNAzw= -github.com/hashicorp/vault/api/auth/kubernetes v0.7.0 h1:pHCbeeyD6E5KmMMCc9vwwZZ5OVlM6yFayxFHWodiOUU= -github.com/hashicorp/vault/api/auth/kubernetes v0.7.0/go.mod h1:Eey0x0X2g+b2LYWgBrQFyf5W0fp+Y1HGrEckP8Q0wns= -github.com/hashicorp/vault/api/auth/ldap v0.7.0 h1:SO11117ziPSxsvY6NzindNgspKWvzzITTTf0o6AQ+6E= -github.com/hashicorp/vault/api/auth/ldap v0.7.0/go.mod h1:pzTe33By6QLpjbofi4I2q9U6T4ZmTSJyk9cdlvRPHJk= -github.com/hashicorp/vault/api/auth/userpass v0.7.0 h1:7Fk0qtF2NYSJyQ6EOO+Kt93dEobI30AqBrrC5wE6e+8= -github.com/hashicorp/vault/api/auth/userpass v0.7.0/go.mod h1:3tZ2KAAui23OKlo5PZ+sBycoJ4wdurY6oZdQWJ0UStg= +github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA= +github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8= +github.com/hashicorp/vault/api/auth/approle v0.8.0 h1:FuVtWZ0xD6+wz1x0l5s0b4852RmVXQNEiKhVXt6lfQY= +github.com/hashicorp/vault/api/auth/approle v0.8.0/go.mod h1:NV7O9r5JUtNdVnqVZeMHva81AIdpG0WoIQohNt1VCPM= +github.com/hashicorp/vault/api/auth/aws v0.8.0 h1:6E14D7eHjV+Ytk8HmKLbTGS/LaXD9hP2FXe7IIKCrHc= +github.com/hashicorp/vault/api/auth/aws v0.8.0/go.mod h1:SweK5366gCeO5krBk6Fpjz/MX2oa+iiIZz/Nu8/nMZw= +github.com/hashicorp/vault/api/auth/kubernetes v0.8.0 h1:6jPcORq7OHwf+MCbaaUmiBvMhETAaZ7+i97WfZtF5kc= +github.com/hashicorp/vault/api/auth/kubernetes v0.8.0/go.mod h1:nfl5sRUUork0ZSfV3xf+pgAFQSD5kSkL0k9axg523DM= +github.com/hashicorp/vault/api/auth/ldap v0.8.0 h1:rMd27r3VplnE7NXOpxJTge8wJf3tnXK6Q46Drq54vSQ= +github.com/hashicorp/vault/api/auth/ldap v0.8.0/go.mod h1:01zeaPvJUIGmMWEyEfQAiborO/ajDR1PIh5j/yym+QM= +github.com/hashicorp/vault/api/auth/userpass v0.8.0 h1:JFFzMld+VO/S1v8HQNJzcy+3o+xfx/iH49dsiQ1G5jk= +github.com/hashicorp/vault/api/auth/userpass v0.8.0/go.mod h1:+XbsSnbbyo+yjySfKcIsyl28kO4C/c4Czo7og0XCtUo= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI= github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= @@ -537,8 +536,8 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 h1:NicmruxkeqHjDv03SfSxqmaLuisddudfP3h5wdXFbhM= -github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1/go.mod h1:eyp4DdUJAKkr9tvxR3jWhw2mDK7CWABMG5r9uyaKC7I= +github.com/maxbrunsfeld/counterfeiter/v6 v6.9.0 h1:ERhc+PJKEyqWQnKu7/K0frSVGFihYYImqNdqP5r0cN0= +github.com/maxbrunsfeld/counterfeiter/v6 v6.9.0/go.mod h1:tU2wQdIyJ7fib/YXxFR0dgLlFz3yl4p275UfUKmDFjk= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= @@ -571,8 +570,8 @@ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= -github.com/onsi/gomega v1.34.1 h1:EUMJIKUjM8sKjYbtxQI9A4z2o+rruxnzNvpknOXie6k= -github.com/onsi/gomega v1.34.1/go.mod h1:kU1QgUvBDLXBJq618Xvm2LUX6rSAfRaFRTcdOeDLwwY= +github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= +github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= github.com/oracle/oci-go-sdk/v65 v65.73.0 h1:C7uel6CoKk4A1KPkdhFBAyvVyFRTHAmX8m0o64RmfPg= @@ -681,10 +680,10 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.109.0 h1:RcRme5w8VpLXTSTTMZdVoQWY37qTJWg+gwdQl4aAttE= github.com/xanzy/go-gitlab v0.109.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20240903084352-17cc86ae897b h1:GWeoo4cXvvvFLjucwVBgg4qOabn9eRx0QVpjDLlRsWM= -github.com/yandex-cloud/go-genproto v0.0.0-20240903084352-17cc86ae897b/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240903084847-3bcbded5869d h1:xAMjEx40CaEpMyAFUszL4QFgOl0liemz1WZXgurXk9M= -github.com/yandex-cloud/go-sdk v0.0.0-20240903084847-3bcbded5869d/go.mod h1:iY2LYZnWSIgN30Jyqz1OlG5LyTjwQXGEPu2IoIQeP/8= +github.com/yandex-cloud/go-genproto v0.0.0-20240911120709-1fa0cb6f47c2 h1:WgeEP+8WizCQyccJNHOMLONq23qVAzYHtyg5qTdUWmg= +github.com/yandex-cloud/go-genproto v0.0.0-20240911120709-1fa0cb6f47c2/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= +github.com/yandex-cloud/go-sdk v0.0.0-20240911121212-e4e74d0d02f5 h1:Q4LvUMF4kzaGtopoIdXReL9/qGtmzOewBhF3dQvuHMU= +github.com/yandex-cloud/go-sdk v0.0.0-20240911121212-e4e74d0d02f5/go.mod h1:9dt2V80cfJGRZA+5SKP3Ky+R/DxH02XfKObi2Uy2uPc= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -706,18 +705,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0 h1:r6I7RJCN86bpD/FQwedZ0vSixDpwuWREjW9oRMsmqDc= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.54.0/go.mod h1:B9yO6b04uB80CzjedvewuqDhxJxi11s7/GtiGa8bAjI= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0 h1:TT4fX+nBOA/+LUkobKGW1ydGcn+G3vRw9+g5HwCphpk= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.54.0/go.mod h1:L7UH0GbB0p47T4Rri3uHjbpCFYrVrwc1I25QhNPiGK8= -go.opentelemetry.io/otel v1.29.0 h1:PdomN/Al4q/lN6iBJEN3AwPvUiHPMlt93c8bqTG5Llw= -go.opentelemetry.io/otel v1.29.0/go.mod h1:N/WtXPs1CNCUEx+Agz5uouwCba+i+bJGFicT8SR4NP8= -go.opentelemetry.io/otel/metric v1.29.0 h1:vPf/HFWTNkPu1aYeIsc98l4ktOQaL6LeSoeV2g+8YLc= -go.opentelemetry.io/otel/metric v1.29.0/go.mod h1:auu/QWieFVWx+DmQOUMgj0F8LHWdgalxXqvp7BII/W8= -go.opentelemetry.io/otel/sdk v1.28.0 h1:b9d7hIry8yZsgtbmM0DKyPWMMUMlK9NEKuIG4aBqWyE= -go.opentelemetry.io/otel/sdk v1.28.0/go.mod h1:oYj7ClPUA7Iw3m+r7GeEjz0qckQRJK2B8zjcZEfu7Pg= -go.opentelemetry.io/otel/trace v1.29.0 h1:J/8ZNK4XgR7a21DZUAsbF8pZ5Jcw1VhACmnYt39JTi4= -go.opentelemetry.io/otel/trace v1.29.0/go.mod h1:eHl3w0sp3paPkYstJOmAimxhiFXPg+MMTlEh3nsQgWQ= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 h1:hCq2hNMwsegUvPzI7sPOvtO9cqyy5GbWt/Ybp2xrx8Q= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0/go.mod h1:LqaApwGx/oUmzsbqxkzuBvyoPpkxk3JQWnqfVrJ3wCA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 h1:ZIg3ZT/aQ7AfKqdwp7ECpOK6vHqquXXuyTjIO8ZdmPs= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0/go.mod h1:DQAwmETtZV00skUwgD6+0U89g80NKsJE3DCKeLLPQMI= +go.opentelemetry.io/otel v1.30.0 h1:F2t8sK4qf1fAmY9ua4ohFS/K+FUuOPemHUIXHtktrts= +go.opentelemetry.io/otel v1.30.0/go.mod h1:tFw4Br9b7fOS+uEao81PJjVMjW/5fvNCbpsDIXqP0pc= +go.opentelemetry.io/otel/metric v1.30.0 h1:4xNulvn9gjzo4hjg+wzIKG7iNFEaBMX00Qd4QIZs7+w= +go.opentelemetry.io/otel/metric v1.30.0/go.mod h1:aXTfST94tswhWEb+5QjlSqG+cZlmyXy/u8jFpor3WqQ= +go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= +go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= +go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8dQ9wmc= +go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= @@ -761,8 +760,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e h1:I88y4caeGeuDQxgdoFPUq097j7kNfw6uvuiNxUBfcBk= -golang.org/x/exp v0.0.0-20240904232852-e7e105dedf7e/go.mod h1:akd2r19cwCdwSwWeIdzYQGa/EZZyqcOdwWiwj5L5eKQ= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= +golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1029,8 +1028,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.24.0 h1:J1shsA93PJUEVaUSaay7UXAyE8aimq3GW0pjlolpa24= -golang.org/x/tools v0.24.0/go.mod h1:YhNqVBIfWHdzvTLs0d8LCuMhkKUgSUKldakyV7W/WDQ= +golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE= +golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1059,8 +1058,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.196.0 h1:k/RafYqebaIJBO3+SMnfEGtFVlvp5vSgqTUF54UN/zg= -google.golang.org/api v0.196.0/go.mod h1:g9IL21uGkYgvQ5BZg6BAtoGJQIm8r6EgaAbpNey5wBE= +google.golang.org/api v0.197.0 h1:x6CwqQLsFiA5JKAiGyGBjc2bNtHtLddhJCE2IKuhhcQ= +google.golang.org/api v0.197.0/go.mod h1:AuOuo20GoQ331nq7DquGHlU6d+2wN2fZ8O0ta60nRNw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1138,8 +1137,8 @@ google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= -google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= -google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo= +google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1192,17 +1191,17 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.31.0 h1:b9LiSjR2ym/SzTOlfMHm1tr7/21aD7fSkqgD/CVJBCo= -k8s.io/api v0.31.0/go.mod h1:0YiFF+JfFxMM6+1hQei8FY8M7s1Mth+z/q7eF1aJkTE= -k8s.io/apiextensions-apiserver v0.31.0 h1:fZgCVhGwsclj3qCw1buVXCV6khjRzKC5eCFt24kyLSk= -k8s.io/apiextensions-apiserver v0.31.0/go.mod h1:b9aMDEYaEe5sdK+1T0KU78ApR/5ZVp4i56VacZYEHxk= -k8s.io/apimachinery v0.31.0 h1:m9jOiSr3FoSSL5WO9bjm1n6B9KROYYgNZOb4tyZ1lBc= -k8s.io/apimachinery v0.31.0/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= -k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= +k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= +k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= +k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40= +k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ= +k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= +k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= +k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= -k8s.io/gengo v0.0.0-20240904190049-f173c7c23b06 h1:nOLHQ014rUc6MverFvifFBCKw28JbWcNFfzjG0KZUCE= -k8s.io/gengo v0.0.0-20240904190049-f173c7c23b06/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= +k8s.io/gengo v0.0.0-20240911193312-2b36238f13e9 h1:B0l8GxRsVc/tP/uCLBQdAjf2nBARx6u/r2OGuL/CyXQ= +k8s.io/gengo v0.0.0-20240911193312-2b36238f13e9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog v0.2.0/go.mod h1:Gq+BEi5rUBO/HRz0bTSXDUcqjScdoY3a9IHpCEIOOfk= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= @@ -1218,8 +1217,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= -sigs.k8s.io/controller-tools v0.16.2 h1:uUFF/AW3phBWPiERvkSNOVct//L427bPS7xGfKi6Tz4= -sigs.k8s.io/controller-tools v0.16.2/go.mod h1:0I0xqjR65YTfoO12iR+mZR6s6UAVcUARgXRlsu0ljB0= +sigs.k8s.io/controller-tools v0.16.3 h1:z48C5/d4jCVQQvtiSBL5MYyZ3EO2eFIOXrIKMgHVhFY= +sigs.k8s.io/controller-tools v0.16.3/go.mod h1:AEj6k+w1kYpLZv2einOH3mj52ips4W/6FUjnB5tkJGs= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= From 5c22447c13bfd888c86f85e619e58ab542f19ce2 Mon Sep 17 00:00:00 2001 From: Nick Knowlson <61719291+nick-knowlson-alayacare@users.noreply.github.com> Date: Tue, 17 Sep 2024 13:57:08 -0700 Subject: [PATCH 302/517] Add support for Vault kvv1 (#3790) * Squash changes to prep for manual testing Signed-off-by: Nick Knowlson * remove commented out test data Signed-off-by: Nick Knowlson * update e2e test file Signed-off-by: Nick Knowlson --------- Signed-off-by: Nick Knowlson Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> --- .gitattributes | 4 + e2e/suites/provider/cases/vault/vault.go | 2 + pkg/provider/vault/client_get_all_secrets.go | 4 +- .../vault/client_get_all_secrets_test.go | 178 +++++++++++++++--- 4 files changed, 159 insertions(+), 29 deletions(-) create mode 100644 .gitattributes diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 00000000000..df6ae9a1c1f --- /dev/null +++ b/.gitattributes @@ -0,0 +1,4 @@ +* text eol=lf +*.png binary +*.jpg binary +*.pfx binary \ No newline at end of file diff --git a/e2e/suites/provider/cases/vault/vault.go b/e2e/suites/provider/cases/vault/vault.go index cb20978da60..ce16025fe84 100644 --- a/e2e/suites/provider/cases/vault/vault.go +++ b/e2e/suites/provider/cases/vault/vault.go @@ -82,6 +82,8 @@ var _ = Describe("[vault]", Label("vault"), func() { framework.Compose(withApprole, f, common.DataPropertyDockerconfigJSON, useApproleAuth), framework.Compose(withApprole, f, common.JSONDataWithoutTargetName, useApproleAuth), // use v1 provider + framework.Compose(withV1, f, common.FindByName, useV1Provider), + framework.Compose(withV1, f, common.FindByNameAndRewrite, useV1Provider), framework.Compose(withV1, f, common.JSONDataFromSync, useV1Provider), framework.Compose(withV1, f, common.JSONDataFromRewrite, useV1Provider), framework.Compose(withV1, f, common.JSONDataWithProperty, useV1Provider), diff --git a/pkg/provider/vault/client_get_all_secrets.go b/pkg/provider/vault/client_get_all_secrets.go index b28d09754e3..7540348d218 100644 --- a/pkg/provider/vault/client_get_all_secrets.go +++ b/pkg/provider/vault/client_get_all_secrets.go @@ -27,14 +27,14 @@ import ( ) const ( - errUnsupportedKvVersion = "cannot perform find operations with kv version v1" + errUnsupportedKvVersion = "cannot perform find by tag operations with kv version v1" ) // GetAllSecrets gets multiple secrets from the provider and loads into a kubernetes secret. // First load all secrets from secretStore path configuration // Then, gets secrets from a matching name or matching custom_metadata. func (c *client) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error) { - if c.store.Version == esv1beta1.VaultKVStoreV1 { + if c.store.Version == esv1beta1.VaultKVStoreV1 && ref.Tags != nil { return nil, errors.New(errUnsupportedKvVersion) } searchPath := "" diff --git a/pkg/provider/vault/client_get_all_secrets_test.go b/pkg/provider/vault/client_get_all_secrets_test.go index b4b5afe8f76..34ccf3ba615 100644 --- a/pkg/provider/vault/client_get_all_secrets_test.go +++ b/pkg/provider/vault/client_get_all_secrets_test.go @@ -35,7 +35,7 @@ func TestGetAllSecrets(t *testing.T) { path2Bytes := []byte("{\"access_key\":\"path2\",\"access_secret\":\"path2\"}") tagBytes := []byte("{\"access_key\":\"unfetched\",\"access_secret\":\"unfetched\"}") path := "path" - secret := map[string]any{ + kv2secret := map[string]any{ "secret1": map[string]any{ "metadata": map[string]any{ "custom_metadata": map[string]any{ @@ -116,6 +116,28 @@ func TestGetAllSecrets(t *testing.T) { }, }, } + kv1secret := map[string]any{ + "secret1": map[string]any{ + "access_key": "access_key", + "access_secret": "access_secret", + }, + "secret2": map[string]any{ + "access_key": "access_key2", + "access_secret": "access_secret2", + }, + "tag": map[string]any{ + "access_key": "unfetched", + "access_secret": "unfetched", + }, + "path/1": map[string]any{ + "access_key": "path1", + "access_secret": "path1", + }, + "path/2": map[string]any{ + "access_key": "path2", + "access_secret": "path2", + }, + } type args struct { store *esv1beta1.VaultProvider kube kclient.Client @@ -134,13 +156,35 @@ func TestGetAllSecrets(t *testing.T) { args args want want }{ - "FindByName": { - reason: "should map multiple secrets matching name", + "FindByNameKv2": { + reason: "should map multiple secrets matching name for kv2", args: args{ store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV2).Spec.Provider.Vault, vLogical: &fake.Logical{ - ListWithContextFn: newListWithContextFn(secret), - ReadWithDataWithContextFn: newReadtWithContextFn(secret), + ListWithContextFn: newListWithContextFn(kv2secret), + ReadWithDataWithContextFn: newReadtWithContextFn(kv2secret), + }, + data: esv1beta1.ExternalSecretFind{ + Name: &esv1beta1.FindName{ + RegExp: "secret.*", + }, + }, + }, + want: want{ + err: nil, + val: map[string][]byte{ + "secret1": secret1Bytes, + "secret2": secret2Bytes, + }, + }, + }, + "FindByNameKv1": { + reason: "should map multiple secrets matching name for kv1", + args: args{ + store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV1).Spec.Provider.Vault, + vLogical: &fake.Logical{ + ListWithContextFn: newListWithContextKvv1Fn(kv1secret), + ReadWithDataWithContextFn: newReadtWithContextKvv1Fn(kv1secret), }, data: esv1beta1.ExternalSecretFind{ Name: &esv1beta1.FindName{ @@ -156,13 +200,13 @@ func TestGetAllSecrets(t *testing.T) { }, }, }, - "FindByTag": { + "FindByTagKv2": { reason: "should map multiple secrets matching tags", args: args{ store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV2).Spec.Provider.Vault, vLogical: &fake.Logical{ - ListWithContextFn: newListWithContextFn(secret), - ReadWithDataWithContextFn: newReadtWithContextFn(secret), + ListWithContextFn: newListWithContextFn(kv2secret), + ReadWithDataWithContextFn: newReadtWithContextFn(kv2secret), }, data: esv1beta1.ExternalSecretFind{ Tags: map[string]string{ @@ -178,13 +222,31 @@ func TestGetAllSecrets(t *testing.T) { }, }, }, - "FilterByPath": { - reason: "should filter secrets based on path", + "FindByTagKv1": { + reason: "find by tag should not work if using kv1 store", + args: args{ + store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV1).Spec.Provider.Vault, + vLogical: &fake.Logical{ + ListWithContextFn: newListWithContextKvv1Fn(kv1secret), + ReadWithDataWithContextFn: newReadtWithContextKvv1Fn(kv1secret), + }, + data: esv1beta1.ExternalSecretFind{ + Tags: map[string]string{ + "foo": "baz", + }, + }, + }, + want: want{ + err: errors.New(errUnsupportedKvVersion), + }, + }, + "FilterByPathKv2WithTags": { + reason: "should filter secrets based on path for kv2 with tags", args: args{ store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV2).Spec.Provider.Vault, vLogical: &fake.Logical{ - ListWithContextFn: newListWithContextFn(secret), - ReadWithDataWithContextFn: newReadtWithContextFn(secret), + ListWithContextFn: newListWithContextFn(kv2secret), + ReadWithDataWithContextFn: newReadtWithContextFn(kv2secret), }, data: esv1beta1.ExternalSecretFind{ Path: &path, @@ -201,22 +263,44 @@ func TestGetAllSecrets(t *testing.T) { }, }, }, - "FailIfKv1": { - reason: "should not work if using kv1 store", + "FilterByPathKv2WithoutTags": { + reason: "should filter secrets based on path for kv2 without tags", + args: args{ + store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV2).Spec.Provider.Vault, + vLogical: &fake.Logical{ + ListWithContextFn: newListWithContextFn(kv2secret), + ReadWithDataWithContextFn: newReadtWithContextFn(kv2secret), + }, + data: esv1beta1.ExternalSecretFind{ + Path: &path, + }, + }, + want: want{ + err: nil, + val: map[string][]byte{ + "path/1": path1Bytes, + "path/2": path2Bytes, + }, + }, + }, + "FilterByPathKv1": { + reason: "should filter secrets based on path for kv1", args: args{ store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV1).Spec.Provider.Vault, vLogical: &fake.Logical{ - ListWithContextFn: newListWithContextFn(secret), - ReadWithDataWithContextFn: newReadtWithContextFn(secret), + ListWithContextFn: newListWithContextKvv1Fn(kv1secret), + ReadWithDataWithContextFn: newReadtWithContextKvv1Fn(kv1secret), }, data: esv1beta1.ExternalSecretFind{ - Tags: map[string]string{ - "foo": "baz", - }, + Path: &path, }, }, want: want{ - err: errors.New(errUnsupportedKvVersion), + err: nil, + val: map[string][]byte{ + "path/1": path1Bytes, + "path/2": path2Bytes, + }, }, }, "MetadataNotFound": { @@ -224,7 +308,7 @@ func TestGetAllSecrets(t *testing.T) { args: args{ store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV2).Spec.Provider.Vault, vLogical: &fake.Logical{ - ListWithContextFn: newListWithContextFn(secret), + ListWithContextFn: newListWithContextFn(kv2secret), ReadWithDataWithContextFn: func(ctx context.Context, path string, d map[string][]string) (*vault.Secret, error) { return nil, nil }, @@ -251,10 +335,10 @@ func TestGetAllSecrets(t *testing.T) { } val, err := vStore.GetAllSecrets(context.Background(), tc.args.data) if diff := cmp.Diff(tc.want.err, err, EquateErrors()); diff != "" { - t.Errorf("\n%s\nvault.GetSecretMap(...): -want error, +got error:\n%s", tc.reason, diff) + t.Errorf("\n%s\nvault.GetAllSecrets(...): -want error, +got error:\n%s", tc.reason, diff) } if diff := cmp.Diff(tc.want.val, val); diff != "" { - t.Errorf("\n%s\nvault.GetSecretMap(...): -want val, +got val:\n%s", tc.reason, diff) + t.Errorf("\n%s\nvault.GetAllSecrets(...): -want val, +got val:\n%s", tc.reason, diff) } }) } @@ -262,10 +346,11 @@ func TestGetAllSecrets(t *testing.T) { func newListWithContextFn(secrets map[string]any) func(ctx context.Context, path string) (*vault.Secret, error) { return func(ctx context.Context, path string) (*vault.Secret, error) { - path = strings.TrimPrefix(path, "secret/metadata/") + path = strings.TrimPrefix(path, "secret/metadata/") // kvv2 if path == "" { path = "default" } + data, ok := secrets[path] if !ok { return nil, errors.New("Secret not found") @@ -281,13 +366,35 @@ func newListWithContextFn(secrets map[string]any) func(ctx context.Context, path } } +func newListWithContextKvv1Fn(secrets map[string]any) func(ctx context.Context, path string) (*vault.Secret, error) { + return func(ctx context.Context, path string) (*vault.Secret, error) { + path = strings.TrimPrefix(path, "secret/") + + keys := make([]any, 0, len(secrets)) + for k := range secrets { + if strings.HasPrefix(k, path) { + uniqueSuffix := strings.TrimPrefix(k, path) + keys = append(keys, uniqueSuffix) + } + } + if len(keys) == 0 { + return nil, errors.New("Secret not found") + } + + secret := &vault.Secret{ + Data: map[string]any{ + "keys": keys, + }, + } + return secret, nil + } +} + func newReadtWithContextFn(secrets map[string]any) func(ctx context.Context, path string, data map[string][]string) (*vault.Secret, error) { return func(ctx context.Context, path string, d map[string][]string) (*vault.Secret, error) { path = strings.TrimPrefix(path, "secret/data/") path = strings.TrimPrefix(path, "secret/metadata/") - if path == "" { - path = "default" - } + data, ok := secrets[path] if !ok { return nil, errors.New("Secret not found") @@ -304,3 +411,20 @@ func newReadtWithContextFn(secrets map[string]any) func(ctx context.Context, pat return secret, nil } } + +func newReadtWithContextKvv1Fn(secrets map[string]any) func(ctx context.Context, path string, data map[string][]string) (*vault.Secret, error) { + return func(ctx context.Context, path string, d map[string][]string) (*vault.Secret, error) { + path = strings.TrimPrefix(path, "secret/") + + data, ok := secrets[path] + if !ok { + return nil, errors.New("Secret not found") + } + + dataAsMap := data.(map[string]any) + secret := &vault.Secret{ + Data: dataAsMap, + } + return secret, nil + } +} From c0930f56ddab813e5863ef7d801cf6c20e870897 Mon Sep 17 00:00:00 2001 From: Andy Lim <34812910+andylim0221@users.noreply.github.com> Date: Wed, 18 Sep 2024 13:28:04 +0800 Subject: [PATCH 303/517] enable dark theme (#3061) * enable dark theme Signed-off-by: Andy Lim * add the theme features Signed-off-by: Andy Lim --------- Signed-off-by: Andy Lim Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/mkdocs.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index b6ec96bc126..0c5dd37f7af 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -7,6 +7,17 @@ edit_uri: ./edit/main/docs/ remote_branch: gh-pages theme: name: material + palette: + - scheme: default + media: "(prefers-color-scheme: light)" + toggle: + icon: material/brightness-7 + name: Switch to dark mode + - scheme: slate + media: "(prefers-color-scheme: dark)" + toggle: + icon: material/brightness-4 + name: Switch to light mode features: - navigation.tabs - navigation.indexes From 092481919786b3e959b9553e2783929eb4292a98 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Thu, 19 Sep 2024 12:52:08 +0200 Subject: [PATCH 304/517] RELEASE BLOCKER: fix: flux and e2e tests not using the right image names for caching on local kind cluster (#3923) * feat: just run the e2e test on main Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * overwrite the used image repository Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- README.md | 1 + e2e/Makefile | 7 +++++++ 2 files changed, 8 insertions(+) diff --git a/README.md b/README.md index a32d224c7e7..dda34b6eeea 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ external-secrets

    + # External Secrets ![ci](https://github.com/external-secrets/external-secrets/actions/workflows/ci.yml/badge.svg?branch=main) diff --git a/e2e/Makefile b/e2e/Makefile index f6b6028f848..b812500fd2e 100644 --- a/e2e/Makefile +++ b/e2e/Makefile @@ -9,6 +9,13 @@ export E2E_IMAGE_NAME ?= ghcr.io/external-secrets/external-secrets-e2e export GINKGO_LABELS ?= !managed export TEST_SUITES ?= provider generator flux argocd +# Image registry for build/push image targets +# Overwrite what is being set in the main Makeilfe because +# this is what the Helm chart is using. +export IMAGE_REGISTRY = oci.external-secrets.io +export IMAGE_REPO = external-secrets/external-secrets +export IMAGE_NAME = $(IMAGE_REGISTRY)/$(IMAGE_REPO) + start-kind: ## Start kind cluster kind create cluster \ --name external-secrets \ From 3c2246b6f1c7ca07c19698215fd451e916561379 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Fri, 20 Sep 2024 14:08:29 +0200 Subject: [PATCH 305/517] fix: build a second image to fix the flux managed and unmanaged test (#3931) * testing no fork e2e run Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * adding a login step to check if it is required Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * changing the other github action instead Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * using a different approach and log in in this action instead of the callling one Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * adding an input instead Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * add bitwarden as a hard dependency Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * trying to add the whole chart to avoid dep update Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * remove bitwarden chart and build both domains for e2e tests Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/actions/e2e/action.yml | 1 - README.md | 1 - deploy/charts/external-secrets/Chart.lock | 2 +- .../tests/__snapshot__/crds_test.yaml.snap | 2 +- e2e/Makefile | 21 +++++++++++++------ 5 files changed, 17 insertions(+), 10 deletions(-) diff --git a/.github/actions/e2e/action.yml b/.github/actions/e2e/action.yml index 7d794c8dd42..08c1a3278d4 100644 --- a/.github/actions/e2e/action.yml +++ b/.github/actions/e2e/action.yml @@ -58,7 +58,6 @@ runs: go version ginkgo version cd e2e && go mod tidy && git status && git diff - - name: Run e2e Tests shell: bash env: diff --git a/README.md b/README.md index dda34b6eeea..a32d224c7e7 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,6 @@ external-secrets

    - # External Secrets ![ci](https://github.com/external-secrets/external-secrets/actions/workflows/ci.yml/badge.svg?branch=main) diff --git a/deploy/charts/external-secrets/Chart.lock b/deploy/charts/external-secrets/Chart.lock index 6f01c48745b..f9abae8c125 100644 --- a/deploy/charts/external-secrets/Chart.lock +++ b/deploy/charts/external-secrets/Chart.lock @@ -3,4 +3,4 @@ dependencies: repository: oci://ghcr.io/external-secrets/charts version: v0.3.1 digest: sha256:2d01e9083fc32c18dca4f9614625e0172e338a663138c2670e5b911645b6b8ee -generated: "2024-08-29T06:56:01.838539+02:00" +generated: "2024-09-20T12:57:07.63511+02:00" diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 148eb5dd986..dffcf49e2bb 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -4,7 +4,7 @@ should match snapshot of default values: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.2 + controller-gen.kubebuilder.io/version: v0.16.3 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io diff --git a/e2e/Makefile b/e2e/Makefile index b812500fd2e..c3d3692fe5e 100644 --- a/e2e/Makefile +++ b/e2e/Makefile @@ -9,12 +9,7 @@ export E2E_IMAGE_NAME ?= ghcr.io/external-secrets/external-secrets-e2e export GINKGO_LABELS ?= !managed export TEST_SUITES ?= provider generator flux argocd -# Image registry for build/push image targets -# Overwrite what is being set in the main Makeilfe because -# this is what the Helm chart is using. -export IMAGE_REGISTRY = oci.external-secrets.io -export IMAGE_REPO = external-secrets/external-secrets -export IMAGE_NAME = $(IMAGE_REGISTRY)/$(IMAGE_REPO) +export OCI_IMAGE_NAME = oci.external-secrets.io/external-secrets/external-secrets start-kind: ## Start kind cluster kind create cluster \ @@ -29,7 +24,13 @@ test: e2e-image ## Run e2e tests against current kube context VERSION=$(VERSION) \ ARCH=amd64 \ DOCKER_BUILD_ARGS="${DOCKER_BUILD_ARGS} --build-arg TARGETARCH=amd64 --build-arg TARGETOS=linux" + $(MAKE) -C ../ docker.build \ + IMAGE_NAME=$(OCI_IMAGE_NAME) \ + VERSION=$(VERSION) \ + ARCH=amd64 \ + DOCKER_BUILD_ARGS="${DOCKER_BUILD_ARGS} --build-arg TARGETARCH=amd64 --build-arg TARGETOS=linux" kind load docker-image --name="external-secrets" $(IMAGE_NAME):$(VERSION) + kind load docker-image --name="external-secrets" $(OCI_IMAGE_NAME):$(VERSION) kind load docker-image --name="external-secrets" $(E2E_IMAGE_NAME):$(VERSION) ./run.sh @@ -38,7 +39,15 @@ test.managed: e2e-image ## Run e2e tests against current kube context VERSION=$(VERSION) \ ARCH=amd64 \ DOCKER_BUILD_ARGS="${DOCKER_BUILD_ARGS} --build-arg TARGETARCH=amd64 --build-arg TARGETOS=linux" + $(MAKE) -C ../ docker.build \ + IMAGE_NAME=$(OCI_IMAGE_NAME) \ + VERSION=$(VERSION) \ + ARCH=amd64 \ + DOCKER_BUILD_ARGS="${DOCKER_BUILD_ARGS} --build-arg TARGETARCH=amd64 --build-arg TARGETOS=linux" + $(MAKE) -C ../ docker.push \ + VERSION=$(VERSION) $(MAKE) -C ../ docker.push \ + IMAGE_NAME=$(OCI_IMAGE_NAME) \ VERSION=$(VERSION) $(MAKE) -C ../ docker.push \ IMAGE_NAME=$(E2E_IMAGE_NAME) \ From f4fc3b3a0d1e5604b6ecb8b8115b286b0aca6995 Mon Sep 17 00:00:00 2001 From: Thibault Cohen <47721+titilambert@users.noreply.github.com> Date: Fri, 20 Sep 2024 13:17:09 -0400 Subject: [PATCH 306/517] Add attached file support to all onepassword secrets (#3901) * Add attached file support to all onepassword secrets Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Small clean up Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Fix PR comments Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Fix sonarcloud issues Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Fix PR comments Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> * Fix PR comments Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> --------- Signed-off-by: Thibault Cohen <47721+titilambert@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/onepassword/onepassword.go | 51 +++++--- pkg/provider/onepassword/onepassword_test.go | 129 ++++++++++++++++++- 2 files changed, 156 insertions(+), 24 deletions(-) diff --git a/pkg/provider/onepassword/onepassword.go b/pkg/provider/onepassword/onepassword.go index aa9aa32f991..e74e5392fec 100644 --- a/pkg/provider/onepassword/onepassword.go +++ b/pkg/provider/onepassword/onepassword.go @@ -20,6 +20,7 @@ import ( "fmt" "net/url" "sort" + "strings" "time" "github.com/1Password/connect-sdk-go/connect" @@ -63,6 +64,9 @@ const ( errExpectedOneFieldMsgF = "%w: '%s' in '%s', got %d" documentCategory = "DOCUMENT" + fieldPrefix = "field" + filePrefix = "file" + prefixSplitter = "/" ) // Custom Errors //. @@ -329,6 +333,22 @@ func (provider *ProviderOnePassword) PushSecret(ctx context.Context, secret *cor return nil } +// Clean property string by removing property prefix if needed. +func getObjType(documentType onepassword.ItemCategory, property string) (string, string) { + if strings.HasPrefix(property, fieldPrefix+prefixSplitter) { + return fieldPrefix, property[6:] + } + if strings.HasPrefix(property, filePrefix+prefixSplitter) { + return filePrefix, property[5:] + } + + if documentType == documentCategory { + return filePrefix, property + } + + return fieldPrefix, property +} + // GetSecret returns a single secret from the provider. func (provider *ProviderOnePassword) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if ref.Version != "" { @@ -340,14 +360,11 @@ func (provider *ProviderOnePassword) GetSecret(_ context.Context, ref esv1beta1. return nil, err } - // handle files - if item.Category == documentCategory { - // default to the first file when ref.Property is empty - return provider.getFile(item, ref.Property) + propertyType, property := getObjType(item.Category, ref.Property) + if propertyType == filePrefix { + return provider.getFile(item, property) } - - // handle fields - return provider.getField(item, ref.Property) + return provider.getField(item, property) } // Validate checks if the client is configured correctly @@ -374,13 +391,11 @@ func (provider *ProviderOnePassword) GetSecretMap(_ context.Context, ref esv1bet return nil, err } - // handle files - if item.Category == documentCategory { - return provider.getFiles(item, ref.Property) + propertyType, property := getObjType(item.Category, ref.Property) + if propertyType == filePrefix { + return provider.getFiles(item, property) } - - // handle fields - return provider.getFields(item, ref.Property) + return provider.getFields(item, property) } // GetAllSecrets syncs multiple 1Password Items into a single Kubernetes Secret, for dataFrom.find. @@ -568,13 +583,9 @@ func (provider *ProviderOnePassword) getAllForVault(vaultID string, ref esv1beta } // handle files - if item.Category == documentCategory { - err = provider.getAllFiles(item, ref, secretData) - if err != nil { - return err - } - - continue + err = provider.getAllFiles(item, ref, secretData) + if err != nil { + return err } // handle fields diff --git a/pkg/provider/onepassword/onepassword_test.go b/pkg/provider/onepassword/onepassword_test.go index f2daeb78a33..37abe9d2b16 100644 --- a/pkg/provider/onepassword/onepassword_test.go +++ b/pkg/provider/onepassword/onepassword_test.go @@ -685,11 +685,26 @@ func TestGetSecret(t *testing.T) { vaults: map[string]int{myVault: 1}, client: fake.NewMockClient(). AddPredictableVault(myVault). - AddPredictableItemWithField(myVault, myItem, key1, value1). + AppendItem(myVaultID, onepassword.Item{ + ID: myItemID, + Title: myItem, + Vault: onepassword.ItemVault{ID: myVaultID}, + Files: []*onepassword.File{ + { + ID: myFilePNGID, + Name: myFilePNG, + }, + }, + }). AppendItemField(myVaultID, myItemID, onepassword.ItemField{ Label: password, Value: value2, - }), + }). + AppendItemField(myVaultID, myItemID, onepassword.ItemField{ + Label: key1, + Value: value1, + }). + SetFileContents(myFilePNG, []byte(myContents)), }, checks: []check{ { @@ -701,6 +716,15 @@ func TestGetSecret(t *testing.T) { expectedValue: value1, expectedErr: nil, }, + { + checkNote: key1 + " with prefix", + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: myItem, + Property: fieldPrefix + prefixSplitter + key1, + }, + expectedValue: value1, + expectedErr: nil, + }, { checkNote: "'password' (defaulted property)", ref: esv1beta1.ExternalSecretDataRemoteRef{ @@ -718,6 +742,15 @@ func TestGetSecret(t *testing.T) { }, expectedErr: errors.New(errVersionNotImplemented), }, + { + checkNote: "file named my-file.png with prefix", + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: myItem, + Property: filePrefix + prefixSplitter + myFilePNG, + }, + expectedValue: myContents, + expectedErr: nil, + }, }, }, { @@ -738,9 +771,22 @@ func TestGetSecret(t *testing.T) { }, }, }). + AppendItemField(myVaultID, myItemID, onepassword.ItemField{ + Label: key1, + Value: value2, + }). SetFileContents(myFilePNG, []byte(myContents)), }, checks: []check{ + { + checkNote: "field named password", + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: myItem, + Property: fieldPrefix + prefixSplitter + key1, + }, + expectedValue: value2, + expectedErr: nil, + }, { checkNote: "file named my-file.png", ref: esv1beta1.ExternalSecretDataRemoteRef{ @@ -750,6 +796,15 @@ func TestGetSecret(t *testing.T) { expectedValue: myContents, expectedErr: nil, }, + { + checkNote: "file named my-file.png with prefix", + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: myItem, + Property: filePrefix + prefixSplitter + myFilePNG, + }, + expectedValue: myContents, + expectedErr: nil, + }, { checkNote: "empty ref.Property", ref: esv1beta1.ExternalSecretDataRemoteRef{ @@ -766,8 +821,17 @@ func TestGetSecret(t *testing.T) { }, expectedErr: fmt.Errorf(errDocumentNotFound, errors.New("'my-item', 'you-cant-find-me.png'")), }, + { + checkNote: "file non existent with prefix", + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: myItem, + Property: "file/you-cant-find-me.png", + }, + expectedErr: fmt.Errorf(errDocumentNotFound, errors.New("'my-item', 'you-cant-find-me.png'")), + }, }, }, + { setupNote: "one vault, one item, two fields w/ same Label", provider: &ProviderOnePassword{ @@ -845,11 +909,31 @@ func TestGetSecretMap(t *testing.T) { vaults: map[string]int{myVault: 1}, client: fake.NewMockClient(). AddPredictableVault(myVault). - AddPredictableItemWithField(myVault, myItem, key1, value1). + AppendItem(myVaultID, onepassword.Item{ + ID: myItemID, + Title: myItem, + Vault: onepassword.ItemVault{ID: myVaultID}, + Files: []*onepassword.File{ + { + ID: myFilePNGID, + Name: myFilePNG, + }, + { + ID: myFile2ID, + Name: myFile2PNG, + }, + }, + }). + AppendItemField(myVaultID, myItemID, onepassword.ItemField{ + Label: key1, + Value: value1, + }). AppendItemField(myVaultID, myItemID, onepassword.ItemField{ Label: password, Value: value2, - }), + }). + SetFileContents(myFilePNG, []byte(myContents)). + SetFileContents(myFile2PNG, []byte(myContents2)), }, checks: []check{ { @@ -883,6 +967,17 @@ func TestGetSecretMap(t *testing.T) { }, expectedErr: errors.New(errVersionNotImplemented), }, + { + checkNote: "limit by Property with prefix", + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: myItem, + Property: filePrefix + prefixSplitter + myFilePNG, + }, + expectedMap: map[string][]byte{ + myFilePNG: []byte(myContents), + }, + expectedErr: nil, + }, }, }, { @@ -907,6 +1002,10 @@ func TestGetSecretMap(t *testing.T) { }, }, }). + AppendItemField(myVaultID, myItemID, onepassword.ItemField{ + Label: key1, + Value: value2, + }). SetFileContents(myFilePNG, []byte(myContents)). SetFileContents(myFile2PNG, []byte(myContents2)), }, @@ -933,6 +1032,28 @@ func TestGetSecretMap(t *testing.T) { }, expectedErr: nil, }, + { + checkNote: "limit by Property with prefix", + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: myItem, + Property: filePrefix + prefixSplitter + myFilePNG, + }, + expectedMap: map[string][]byte{ + myFilePNG: []byte(myContents), + }, + expectedErr: nil, + }, + { + checkNote: "get field limit by Property", + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: myItem, + Property: fieldPrefix + prefixSplitter + key1, + }, + expectedMap: map[string][]byte{ + key1: []byte(value2), + }, + expectedErr: nil, + }, }, }, { From 680a3a4b8db0e3e7839c5cb1911763b62171178e Mon Sep 17 00:00:00 2001 From: dan-akeyless <166374952+dan-akeyless@users.noreply.github.com> Date: Fri, 20 Sep 2024 22:14:03 +0300 Subject: [PATCH 307/517] Feature/asm 11630 akeyless push secret (#3907) * feat[ASM-11630]- Akeyless PushSecret: implement push, delete, exists Signed-off-by: Dan Barak * feat[ASM-11630]- Akeyless PushSecret: contextualise token, add metrics, make new function interface friendly Signed-off-by: Dan Barak * feat[ASM-11630]- Akeyless PushSecret: add test on SecretExists, PushSecret, DeleteSecret Signed-off-by: Dan Barak * feat[ASM-11630]- Akeyless PushSecret: update documentations Signed-off-by: Dan Barak * feat[ASM-11630]- Akeyless PushSecret: refactor metrics func names Signed-off-by: Dan Barak * feat[ASM-11630]- Akeyless PushSecret: linting Signed-off-by: Dan Barak * feat[ASM-11630]- Akeyless PushSecret: simplify push Signed-off-by: Dan Barak * feat[ASM-11630]- Akeyless PushSecret: decrease code complexity and deduplicate Signed-off-by: Dan Barak * feat[ASM-11630]- Akeyless PushSecret: check for token type assertion and decrease PushSecret complexity Signed-off-by: Dan Barak --------- Signed-off-by: Dan Barak Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/provider/akeyless.md | 32 ++- docs/snippets/akeyless-push-secret.yaml | 18 ++ .../provider/cases/akeyless/provider.go | 6 +- pkg/constants/constants.go | 3 + pkg/provider/akeyless/akeyless.go | 188 +++++++++++--- pkg/provider/akeyless/akeyless_api.go | 222 +++++++++------- pkg/provider/akeyless/akeyless_test.go | 244 +++++++++++++++--- pkg/provider/akeyless/auth.go | 4 +- pkg/provider/akeyless/fake/fake.go | 61 ++++- 9 files changed, 599 insertions(+), 179 deletions(-) create mode 100644 docs/snippets/akeyless-push-secret.yaml diff --git a/docs/provider/akeyless.md b/docs/provider/akeyless.md index 2dfe9ef3de3..b10616df1fb 100644 --- a/docs/provider/akeyless.md +++ b/docs/provider/akeyless.md @@ -1,7 +1,9 @@ ## Akeyless Secrets Management Platform External Secrets Operator integrates with the [Akeyless Secrets Management Platform](https://www.akeyless.io/). -### Create Secret Store: + +### Create Secret Store + SecretStore resource specifies how to access Akeyless. This resource is namespaced. **NOTE:** Make sure the Akeyless provider is listed in the Kind=SecretStore. @@ -9,7 +11,7 @@ If you use a customer fragment, define the value of akeylessGWApiURL as the URL Akeyelss provide several Authentication Methods: -### Authentication with Kubernetes: +### Authentication with Kubernetes Options for obtaining Kubernetes credentials include: @@ -18,11 +20,12 @@ Options for obtaining Kubernetes credentials include: 3. Using transient credentials from the mounted service account token within the external-secrets operator #### Create the Akeyless Secret Store Provider with Kubernetes Auth-Method + ```yaml {% include 'akeyless-secret-store-k8s-auth.yaml' %} ``` -**NOTE:** In case of a `ClusterSecretStore`, Be sure to provide `namespace` for `serviceAccountRef` and `secretRef` according to the namespaces where the secrets reside. +**NOTE:** In case of a `ClusterSecretStore`, Be sure to provide `namespace` for `serviceAccountRef` and `secretRef` according to the namespaces where the secrets reside. ### Authentication With Cloud-Identity or Api-Access-Key @@ -38,6 +41,7 @@ The supported auth-methods and their parameters are: | `azure_ad` | azure object id (optional) | | `api_key` | The access key. | | `k8s` | The k8s configuration name | + For more information see [Akeyless Authentication Methods](https://docs.akeyless.io/docs/access-and-authentication-methods) #### Creating an Akeyless Credentials Secret @@ -61,9 +65,11 @@ stringData: ```yaml {% include 'akeyless-secret-store.yaml' %} ``` + **NOTE:** In case of a `ClusterSecretStore`, be sure to provide `namespace` for `accessID`, `accessType` and `accessTypeParam` according to the namespaces where the secrets reside. #### Create the Akeyless Secret Store With CAs for TLS handshake + ```yaml .... spec: @@ -103,11 +109,27 @@ DataFrom can be used to get a secret as a JSON string and attempt to parse it. ``` ### Getting the Kubernetes Secret + The operator will fetch the secret and inject it as a `Kind=Secret`. -``` + +```bash kubectl get secret database-credentials -o jsonpath='{.data.db-password}' | base64 -d ``` -``` +```bash kubectl get secret database-credentials-json -o jsonpath='{.data}' ``` + +### Pushing a secret + +To push a secret from Kubernetes cluster and create it as a secret to Akeyless, a `Kind=PushSecret` resource is needed. + +{% include 'akeyless-push-secret.yaml' %} + +Then when you create a matching secret as follows: + +```bash +kubectl create secret generic --from-literal=cache-pass=mypassword k8s-created-secret +``` + +Then it will create a secret in akeyless `eso-created/my-secret` with value `{"cache-pass":"mypassword"}` diff --git a/docs/snippets/akeyless-push-secret.yaml b/docs/snippets/akeyless-push-secret.yaml new file mode 100644 index 00000000000..673b25a71b0 --- /dev/null +++ b/docs/snippets/akeyless-push-secret.yaml @@ -0,0 +1,18 @@ +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: push-secret +spec: + refreshInterval: 5s + updatePolicy: Replace + deletionPolicy: Delete + secretStoreRefs: + - name: akeyless-secret-store + kind: SecretStore + selector: + secret: + name: k8s-created-secret + data: + - match: + remoteRef: + remoteKey: eso-created/my-secret diff --git a/e2e/suites/provider/cases/akeyless/provider.go b/e2e/suites/provider/cases/akeyless/provider.go index c1bdb5c3f09..1117b10d242 100644 --- a/e2e/suites/provider/cases/akeyless/provider.go +++ b/e2e/suites/provider/cases/akeyless/provider.go @@ -187,10 +187,10 @@ func (a *akeylessProvider) GetToken() (string, error) { } authOut, _, err := a.restAPIClient.Auth(ctx).Body(*authBody).Execute() + if errors.As(err, &apiErr) { + return "", fmt.Errorf("authentication failed: %v", string(apiErr.Body())) + } if err != nil { - if errors.As(err, &apiErr) { - return "", fmt.Errorf("authentication failed: %v", string(apiErr.Body())) - } return "", fmt.Errorf("authentication failed: %w", err) } diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index f99254e5b3c..c7b26b1d2b0 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -94,6 +94,9 @@ const ( CallAKEYLESSSMGetRotatedSecretValue = "GetRotatedSecretValue" CallAKEYLESSSMGetCertificateValue = "GetCertificateValue" CallAKEYLESSSMGetDynamicSecretValue = "GetDynamicSecretsValue" + CallAKEYLESSSMCreateSecret = "CreateSecret" + CallAKEYLESSSMUpdateSecretVal = "UpdateSecretVal" + CallAKEYLESSSMDeleteItem = "DeleteItem" StatusError = "error" StatusSuccess = "success" diff --git a/pkg/provider/akeyless/akeyless.go b/pkg/provider/akeyless/akeyless.go index 1c332c1ac14..07629670566 100644 --- a/pkg/provider/akeyless/akeyless.go +++ b/pkg/provider/akeyless/akeyless.go @@ -15,6 +15,7 @@ limitations under the License. package akeyless import ( + "bytes" "context" "crypto/tls" "crypto/x509" @@ -23,6 +24,7 @@ import ( "fmt" "net/http" "net/url" + "slices" "strconv" "strings" "time" @@ -41,9 +43,13 @@ import ( "github.com/external-secrets/external-secrets/pkg/utils" ) +type AkeylessCtx string + const ( - defaultAPIUrl = "https://api.akeyless.io" - errNotImplemented = "not implemented" + defaultAPIUrl = "https://api.akeyless.io" + errNotImplemented = "not implemented" + ExtSecretManagedTag = "k8s-external-secrets" + AkeylessToken AkeylessCtx = "AKEYLESS_TOKEN" ) // https://github.com/external-secrets/external-secrets/issues/644 @@ -77,9 +83,13 @@ type Item struct { } type akeylessVaultInterface interface { - GetSecretByType(ctx context.Context, secretName, token string, version int32) (string, error) + GetSecretByType(ctx context.Context, secretName string, version int32) (string, error) TokenFromSecretRef(ctx context.Context) (string, error) - ListSecrets(ctx context.Context, path, tag, token string) ([]string, error) + ListSecrets(ctx context.Context, path, tag string) ([]string, error) + DescribeItem(ctx context.Context, itemName string) (*akeyless.Item, error) + CreateSecret(ctx context.Context, remoteKey, data string) error + UpdateSecret(ctx context.Context, remoteKey, data string) error + DeleteSecret(ctx context.Context, remoteKey string) error } func init() { @@ -219,6 +229,17 @@ func newClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Cl return &Akeyless{Client: akl, url: akeylessGwAPIURL}, nil } +func (a *Akeyless) contextWithToken(ctx context.Context) (context.Context, error) { + if v := ctx.Value(AkeylessToken); v != nil { + return ctx, nil + } + token, err := a.Client.TokenFromSecretRef(ctx) + if err != nil { + return nil, err + } + return context.WithValue(ctx, AkeylessToken, token), nil +} + func (a *Akeyless) Close(_ context.Context) error { return nil } @@ -234,26 +255,13 @@ func (a *Akeyless) Validate() (esv1beta1.ValidationResult, error) { return esv1beta1.ValidationResultReady, nil } -func (a *Akeyless) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { - return errors.New(errNotImplemented) -} - -func (a *Akeyless) DeleteSecret(_ context.Context, _ esv1beta1.PushSecretRemoteRef) error { - return errors.New(errNotImplemented) -} - -func (a *Akeyless) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, errors.New(errNotImplemented) -} - // Implements store.Client.GetSecret Interface. // Retrieves a secret with the secret name defined in ref.Name. func (a *Akeyless) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if utils.IsNil(a.Client) { return nil, errors.New(errUninitalizedAkeylessProvider) } - - token, err := a.Client.TokenFromSecretRef(ctx) + ctx, err := a.contextWithToken(ctx) if err != nil { return nil, err } @@ -264,7 +272,7 @@ func (a *Akeyless) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDa version = int32(i) } } - value, err := a.Client.GetSecretByType(ctx, ref.Key, token, version) + value, err := a.Client.GetSecretByType(ctx, ref.Key, version) if err != nil { return nil, err } @@ -297,6 +305,10 @@ func (a *Akeyless) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecr if utils.IsNil(a.Client) { return nil, errors.New(errUninitalizedAkeylessProvider) } + ctx, err := a.contextWithToken(ctx) + if err != nil { + return nil, err + } searchPath := "" if ref.Path != nil { @@ -308,25 +320,20 @@ func (a *Akeyless) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecr searchPath += "/" } } - token, err := a.Client.TokenFromSecretRef(ctx) - if err != nil { - return nil, err - } - if ref.Name != nil { - potentialSecrets, err := a.Client.ListSecrets(ctx, searchPath, "", token) + potentialSecrets, err := a.Client.ListSecrets(ctx, searchPath, "") if err != nil { return nil, err } if len(potentialSecrets) == 0 { return nil, nil } - return a.findSecretsFromName(ctx, potentialSecrets, *ref.Name, token) + return a.findSecretsFromName(ctx, potentialSecrets, *ref.Name) } if len(ref.Tags) > 0 { var potentialSecretsName []string for _, v := range ref.Tags { - potentialSecrets, err := a.Client.ListSecrets(ctx, searchPath, v, token) + potentialSecrets, err := a.Client.ListSecrets(ctx, searchPath, v) if err != nil { return nil, err } @@ -337,16 +344,15 @@ func (a *Akeyless) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecr if len(potentialSecretsName) == 0 { return nil, nil } - return a.getSecrets(ctx, potentialSecretsName, token) + return a.getSecrets(ctx, potentialSecretsName) } - return nil, errors.New("unexpected find operator") } -func (a *Akeyless) getSecrets(ctx context.Context, candidates []string, token string) (map[string][]byte, error) { +func (a *Akeyless) getSecrets(ctx context.Context, candidates []string) (map[string][]byte, error) { secrets := make(map[string][]byte) for _, name := range candidates { - secretValue, err := a.Client.GetSecretByType(ctx, name, token, 0) + secretValue, err := a.Client.GetSecretByType(ctx, name, 0) if err != nil { return nil, err } @@ -357,7 +363,7 @@ func (a *Akeyless) getSecrets(ctx context.Context, candidates []string, token st return secrets, nil } -func (a *Akeyless) findSecretsFromName(ctx context.Context, candidates []string, ref esv1beta1.FindName, token string) (map[string][]byte, error) { +func (a *Akeyless) findSecretsFromName(ctx context.Context, candidates []string, ref esv1beta1.FindName) (map[string][]byte, error) { secrets := make(map[string][]byte) matcher, err := find.New(ref) if err != nil { @@ -366,7 +372,7 @@ func (a *Akeyless) findSecretsFromName(ctx context.Context, candidates []string, for _, name := range candidates { ok := matcher.MatchName(name) if ok { - secretValue, err := a.Client.GetSecretByType(ctx, name, token, 0) + secretValue, err := a.Client.GetSecretByType(ctx, name, 0) if err != nil { return nil, err } @@ -384,7 +390,6 @@ func (a *Akeyless) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecre if utils.IsNil(a.Client) { return nil, errors.New(errUninitalizedAkeylessProvider) } - val, err := a.GetSecret(ctx, ref) if err != nil { return nil, err @@ -404,6 +409,121 @@ func (a *Akeyless) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecre return secretData, nil } +func (a *Akeyless) SecretExists(ctx context.Context, ref esv1beta1.PushSecretRemoteRef) (bool, error) { + if utils.IsNil(a.Client) { + return false, errors.New(errUninitalizedAkeylessProvider) + } + secret, err := a.GetSecret(ctx, esv1beta1.ExternalSecretDataRemoteRef{Key: ref.GetRemoteKey()}) + if errors.Is(err, ErrItemNotExists) { + return false, nil + } + if err != nil { + return false, err + } + if ref.GetProperty() == "" { + return true, nil + } + var secretMap map[string]any + err = json.Unmarshal(secret, &secretMap) + if err != nil { + return false, err + } + _, ok := secretMap[ref.GetProperty()] + return ok, nil +} + +func initMapIfNotExist(psd esv1beta1.PushSecretData, secretMapSize int) map[string]any { + mapSize := 1 + if psd.GetProperty() == "" { + mapSize = secretMapSize + } + return make(map[string]any, mapSize) +} + +func (a *Akeyless) PushSecret(ctx context.Context, secret *corev1.Secret, psd esv1beta1.PushSecretData) error { + if utils.IsNil(a.Client) { + return errors.New(errUninitalizedAkeylessProvider) + } + ctx, err := a.contextWithToken(ctx) + if err != nil { + return err + } + secretRemote, err := a.GetSecret(ctx, esv1beta1.ExternalSecretDataRemoteRef{Key: psd.GetRemoteKey()}) + isNotExists := errors.Is(err, ErrItemNotExists) + if err != nil && !isNotExists { + return err + } + var data map[string]any + if isNotExists { + data = initMapIfNotExist(psd, len(secret.Data)) + err = nil + } else { + err = json.Unmarshal(secretRemote, &data) + } + if err != nil { + return err + } + if psd.GetProperty() == "" { + for k, v := range secret.Data { + data[k] = string(v) + } + } else if v, ok := secret.Data[psd.GetSecretKey()]; ok { + data[psd.GetProperty()] = string(v) + } + dataByte, err := json.Marshal(data) + if err != nil { + return err + } + if bytes.Equal(dataByte, secretRemote) { + return nil + } + if isNotExists { + return a.Client.CreateSecret(ctx, psd.GetRemoteKey(), string(dataByte)) + } + return a.Client.UpdateSecret(ctx, psd.GetRemoteKey(), string(dataByte)) +} + +func (a *Akeyless) DeleteSecret(ctx context.Context, psr esv1beta1.PushSecretRemoteRef) error { + if utils.IsNil(a.Client) { + return errors.New(errUninitalizedAkeylessProvider) + } + ctx, err := a.contextWithToken(ctx) + if err != nil { + return err + } + item, err := a.Client.DescribeItem(ctx, psr.GetRemoteKey()) + if err != nil { + return err + } + if item == nil || item.ItemTags == nil || !slices.Contains(*item.ItemTags, ExtSecretManagedTag) { + return nil + } + if psr.GetProperty() == "" { + err = a.Client.DeleteSecret(ctx, psr.GetRemoteKey()) + return err + } + secret, err := a.GetSecret(ctx, esv1beta1.ExternalSecretDataRemoteRef{Key: psr.GetRemoteKey()}) + if err != nil { + return err + } + var secretMap map[string]any + err = json.Unmarshal(secret, &secretMap) + if err != nil { + return err + } + delete(secretMap, psr.GetProperty()) + if len(secretMap) == 0 { + err = a.Client.DeleteSecret(ctx, psr.GetRemoteKey()) + return err + } + byteSecretMap, err := json.Marshal(secretMap) + if err != nil { + return err + } + err = a.Client.UpdateSecret(ctx, psr.GetRemoteKey(), string(byteSecretMap)) + return err +} + func (a *akeylessBase) getAkeylessHTTPClient(ctx context.Context, provider *esv1beta1.AkeylessProvider) (*http.Client, error) { client := &http.Client{Timeout: 30 * time.Second} if len(provider.CABundle) == 0 && provider.CAProvider == nil { diff --git a/pkg/provider/akeyless/akeyless_api.go b/pkg/provider/akeyless/akeyless_api.go index 1d883a7dd29..b7cd3f94ee1 100644 --- a/pkg/provider/akeyless/akeyless_api.go +++ b/pkg/provider/akeyless/akeyless_api.go @@ -40,12 +40,20 @@ import ( "github.com/external-secrets/external-secrets/pkg/utils/resolvers" ) -var apiErr akeyless.GenericOpenAPIError +var ( + apiErr akeyless.GenericOpenAPIError + ErrItemNotExists = errors.New("item does not exist") + ErrTokenNotExists = errors.New("token does not exist") +) const DefServiceAccountFile = "/var/run/secrets/kubernetes.io/serviceaccount/token" -func (a *akeylessBase) GetToken(accessID, accType, accTypeParam string, k8sAuth *esv1beta1.AkeylessKubernetesAuth) (string, error) { - ctx := context.Background() +type Tokener interface { + SetToken(v string) + SetUidToken(v string) +} + +func (a *akeylessBase) GetToken(ctx context.Context, accessID, accType, accTypeParam string, k8sAuth *esv1beta1.AkeylessKubernetesAuth) (string, error) { authBody := akeyless.NewAuthWithDefaults() authBody.AccessId = akeyless.PtrString(accessID) if accType == "api_key" || accType == "access_key" { @@ -71,83 +79,91 @@ func (a *akeylessBase) GetToken(accessID, accType, accTypeParam string, k8sAuth authOut, res, err := a.RestAPI.Auth(ctx).Body(*authBody).Execute() metrics.ObserveAPICall(constants.ProviderAKEYLESSSM, constants.CallAKEYLESSSMAuth, err) + if errors.As(err, &apiErr) { + return "", fmt.Errorf("authentication failed: %v", string(apiErr.Body())) + } if err != nil { - if errors.As(err, &apiErr) { - return "", fmt.Errorf("authentication failed: %v", string(apiErr.Body())) - } return "", fmt.Errorf("authentication failed: %w", err) } defer res.Body.Close() - token := authOut.GetToken() return token, nil } -func (a *akeylessBase) GetSecretByType(ctx context.Context, secretName, token string, version int32) (string, error) { - item, err := a.DescribeItem(ctx, secretName, token) +func (a *akeylessBase) GetSecretByType(ctx context.Context, secretName string, version int32) (string, error) { + item, err := a.DescribeItem(ctx, secretName) if err != nil { return "", err } + if _, ok := item.GetItemNameOk(); !ok { + return "", ErrItemNotExists + } secretType := item.GetItemType() - switch secretType { case "STATIC_SECRET": - return a.GetStaticSecret(ctx, secretName, token, version) + return a.GetStaticSecret(ctx, secretName, version) case "DYNAMIC_SECRET": - return a.GetDynamicSecrets(ctx, secretName, token) + return a.GetDynamicSecrets(ctx, secretName) case "ROTATED_SECRET": - return a.GetRotatedSecrets(ctx, secretName, token, version) + return a.GetRotatedSecrets(ctx, secretName, version) case "CERTIFICATE": - return a.GetCertificate(ctx, secretName, token, version) + return a.GetCertificate(ctx, secretName, version) default: return "", fmt.Errorf("invalid item type: %v", secretType) } } -func (a *akeylessBase) DescribeItem(ctx context.Context, itemName, token string) (*akeyless.Item, error) { - body := akeyless.DescribeItem{ - Name: itemName, +func SetBodyToken(t Tokener, ctx context.Context) error { + token, ok := ctx.Value(AkeylessToken).(string) + if !ok { + return ErrTokenNotExists } if strings.HasPrefix(token, "u-") { - body.UidToken = &token + t.SetUidToken(token) } else { - body.Token = &token + t.SetToken(token) + } + return nil +} + +func (a *akeylessBase) DescribeItem(ctx context.Context, itemName string) (*akeyless.Item, error) { + body := akeyless.DescribeItem{ + Name: itemName, + } + if err := SetBodyToken(&body, ctx); err != nil { + return nil, err } gsvOut, res, err := a.RestAPI.DescribeItem(ctx).Body(body).Execute() metrics.ObserveAPICall(constants.ProviderAKEYLESSSM, constants.CallAKEYLESSSMDescribeItem, err) - if err != nil { - if errors.As(err, &apiErr) { - var item *Item - err = json.Unmarshal(apiErr.Body(), &item) - if err != nil { - return nil, fmt.Errorf("can't describe item: %v, error: %v", itemName, string(apiErr.Body())) - } - } else { - return nil, fmt.Errorf("can't describe item: %w", err) + if errors.As(err, &apiErr) { + var item *Item + err = json.Unmarshal(apiErr.Body(), &item) + if err != nil { + return nil, fmt.Errorf("can't describe item: %v, error: %v", itemName, string(apiErr.Body())) } } + if err != nil { + return nil, fmt.Errorf("can't describe item: %w", err) + } defer res.Body.Close() return &gsvOut, nil } -func (a *akeylessBase) GetCertificate(ctx context.Context, certificateName, token string, version int32) (string, error) { +func (a *akeylessBase) GetCertificate(ctx context.Context, certificateName string, version int32) (string, error) { body := akeyless.GetCertificateValue{ Name: certificateName, Version: &version, } - if strings.HasPrefix(token, "u-") { - body.UidToken = &token - } else { - body.Token = &token + if err := SetBodyToken(&body, ctx); err != nil { + return "", err } - gcvOut, res, err := a.RestAPI.GetCertificateValue(ctx).Body(body).Execute() metrics.ObserveAPICall(constants.ProviderAKEYLESSSM, constants.CallAKEYLESSSMGetCertificateValue, err) + if errors.As(err, &apiErr) { + return "", fmt.Errorf("can't get certificate value: %v", string(apiErr.Body())) + } if err != nil { - if errors.As(err, &apiErr) { - return "", fmt.Errorf("can't get certificate value: %v", string(apiErr.Body())) - } return "", fmt.Errorf("can't get certificate value: %w", err) } defer res.Body.Close() @@ -160,28 +176,25 @@ func (a *akeylessBase) GetCertificate(ctx context.Context, certificateName, toke return string(out), nil } -func (a *akeylessBase) GetRotatedSecrets(ctx context.Context, secretName, token string, version int32) (string, error) { +func (a *akeylessBase) GetRotatedSecrets(ctx context.Context, secretName string, version int32) (string, error) { body := akeyless.GetRotatedSecretValue{ Names: secretName, Version: &version, } - if strings.HasPrefix(token, "u-") { - body.UidToken = &token - } else { - body.Token = &token + if err := SetBodyToken(&body, ctx); err != nil { + return "", err } - gsvOut, res, err := a.RestAPI.GetRotatedSecretValue(ctx).Body(body).Execute() metrics.ObserveAPICall(constants.ProviderAKEYLESSSM, constants.CallAKEYLESSSMGetRotatedSecretValue, err) + if errors.As(err, &apiErr) { + return "", fmt.Errorf("can't get rotated secret value: %v", string(apiErr.Body())) + } if err != nil { - if errors.As(err, &apiErr) { - return "", fmt.Errorf("can't get rotated secret value: %v", string(apiErr.Body())) - } return "", fmt.Errorf("can't get rotated secret value: %w", err) } defer res.Body.Close() - valI, ok := gsvOut["value"] + var out []byte if ok { val, convert := valI.(map[string]any) if !convert { @@ -190,72 +203,56 @@ func (a *akeylessBase) GetRotatedSecrets(ctx context.Context, secretName, token if _, ok := val["payload"]; ok { return fmt.Sprintf("%v", val["payload"]), nil } else if _, ok := val["target_value"]; ok { - out, err := json.Marshal(val["target_value"]) - if err != nil { - return "", fmt.Errorf("can't marshal rotated secret value: %w", err) - } - return string(out), nil + out, err = json.Marshal(val["target_value"]) } else { - out, err := json.Marshal(val) - if err != nil { - return "", fmt.Errorf("can't marshal rotated secret value: %w", err) - } - return string(out), nil + out, err = json.Marshal(val) } + } else { + out, err = json.Marshal(gsvOut) } - out, err := json.Marshal(gsvOut) if err != nil { return "", fmt.Errorf("can't marshal rotated secret value: %w", err) } return string(out), nil } -func (a *akeylessBase) GetDynamicSecrets(ctx context.Context, secretName, token string) (string, error) { +func (a *akeylessBase) GetDynamicSecrets(ctx context.Context, secretName string) (string, error) { body := akeyless.GetDynamicSecretValue{ Name: secretName, } - if strings.HasPrefix(token, "u-") { - body.UidToken = &token - } else { - body.Token = &token + if err := SetBodyToken(&body, ctx); err != nil { + return "", err } - gsvOut, res, err := a.RestAPI.GetDynamicSecretValue(ctx).Body(body).Execute() metrics.ObserveAPICall(constants.ProviderAKEYLESSSM, constants.CallAKEYLESSSMGetDynamicSecretValue, err) + if errors.As(err, &apiErr) { + return "", fmt.Errorf("can't get dynamic secret value: %v", string(apiErr.Body())) + } if err != nil { - if errors.As(err, &apiErr) { - return "", fmt.Errorf("can't get dynamic secret value: %v", string(apiErr.Body())) - } return "", fmt.Errorf("can't get dynamic secret value: %w", err) } defer res.Body.Close() - out, err := json.Marshal(gsvOut) if err != nil { return "", fmt.Errorf("can't marshal dynamic secret value: %w", err) } - return string(out), nil } -func (a *akeylessBase) GetStaticSecret(ctx context.Context, secretName, token string, version int32) (string, error) { - gsvBody := akeyless.GetSecretValue{ +func (a *akeylessBase) GetStaticSecret(ctx context.Context, secretName string, version int32) (string, error) { + body := akeyless.GetSecretValue{ Names: []string{secretName}, Version: &version, } - - if strings.HasPrefix(token, "u-") { - gsvBody.UidToken = &token - } else { - gsvBody.Token = &token + if err := SetBodyToken(&body, ctx); err != nil { + return "", err } - - gsvOut, res, err := a.RestAPI.GetSecretValue(ctx).Body(gsvBody).Execute() + gsvOut, res, err := a.RestAPI.GetSecretValue(ctx).Body(body).Execute() metrics.ObserveAPICall(constants.ProviderAKEYLESSSM, constants.CallAKEYLESSSMGetSecretValue, err) + if errors.As(err, &apiErr) { + return "", fmt.Errorf("can't get secret value: %v", string(apiErr.Body())) + } if err != nil { - if errors.As(err, &apiErr) { - return "", fmt.Errorf("can't get secret value: %v", string(apiErr.Body())) - } return "", fmt.Errorf("can't get secret value: %w", err) } defer res.Body.Close() @@ -263,7 +260,6 @@ func (a *akeylessBase) GetStaticSecret(ctx context.Context, secretName, token st if !ok { return "", fmt.Errorf("can't get secret: %v", secretName) } - return val, nil } @@ -284,31 +280,27 @@ func (a *akeylessBase) getCloudID(provider, accTypeParam string) (string, error) return cloudID, err } -func (a *akeylessBase) ListSecrets(ctx context.Context, path, tag, token string) ([]string, error) { +func (a *akeylessBase) ListSecrets(ctx context.Context, path, tag string) ([]string, error) { secretTypes := &[]string{"static-secret", "dynamic-secret", "rotated-secret"} MinimalView := true if tag != "" { MinimalView = false } - gsvBody := akeyless.ListItems{ + body := akeyless.ListItems{ Filter: &path, Type: secretTypes, MinimalView: &MinimalView, Tag: &tag, } - - if strings.HasPrefix(token, "u-") { - gsvBody.UidToken = &token - } else { - gsvBody.Token = &token + if err := SetBodyToken(&body, ctx); err != nil { + return nil, err } - - lipOut, res, err := a.RestAPI.ListItems(ctx).Body(gsvBody).Execute() + lipOut, res, err := a.RestAPI.ListItems(ctx).Body(body).Execute() metrics.ObserveAPICall(constants.ProviderAKEYLESSSM, constants.CallAKEYLESSSMListItems, err) + if errors.As(err, &apiErr) { + return nil, fmt.Errorf("can't get secrets list: %v", string(apiErr.Body())) + } if err != nil { - if errors.As(err, &apiErr) { - return nil, fmt.Errorf("can't get secrets list: %v", string(apiErr.Body())) - } return nil, fmt.Errorf("error on get secrets list: %w", err) } defer res.Body.Close() @@ -325,6 +317,48 @@ func (a *akeylessBase) ListSecrets(ctx context.Context, path, tag, token string) return listNames, nil } +func (a *akeylessBase) CreateSecret(ctx context.Context, remoteKey, data string) error { + body := akeyless.CreateSecret{ + Name: remoteKey, + Value: data, + Tags: &[]string{ExtSecretManagedTag}, + } + if err := SetBodyToken(&body, ctx); err != nil { + return err + } + _, res, err := a.RestAPI.CreateSecret(ctx).Body(body).Execute() + defer res.Body.Close() + metrics.ObserveAPICall(constants.ProviderAKEYLESSSM, constants.CallAKEYLESSSMCreateSecret, err) + return err +} + +func (a *akeylessBase) UpdateSecret(ctx context.Context, remoteKey, data string) error { + body := akeyless.UpdateSecretVal{ + Name: remoteKey, + Value: data, + } + if err := SetBodyToken(&body, ctx); err != nil { + return err + } + _, res, err := a.RestAPI.UpdateSecretVal(ctx).Body(body).Execute() + defer res.Body.Close() + metrics.ObserveAPICall(constants.ProviderAKEYLESSSM, constants.CallAKEYLESSSMUpdateSecretVal, err) + return err +} + +func (a *akeylessBase) DeleteSecret(ctx context.Context, remoteKey string) error { + body := akeyless.DeleteItem{ + Name: remoteKey, + } + if err := SetBodyToken(&body, ctx); err != nil { + return err + } + _, res, err := a.RestAPI.DeleteItem(ctx).Body(body).Execute() + defer res.Body.Close() + metrics.ObserveAPICall(constants.ProviderAKEYLESSSM, constants.CallAKEYLESSSMDeleteItem, err) + return err +} + func (a *akeylessBase) getK8SServiceAccountJWT(ctx context.Context, kubernetesAuth *esv1beta1.AkeylessKubernetesAuth) (string, error) { if kubernetesAuth != nil { if kubernetesAuth.ServiceAccountRef != nil { diff --git a/pkg/provider/akeyless/akeyless_test.go b/pkg/provider/akeyless/akeyless_test.go index 074ea5b23da..479de54d01e 100644 --- a/pkg/provider/akeyless/akeyless_test.go +++ b/pkg/provider/akeyless/akeyless_test.go @@ -18,40 +18,81 @@ import ( "context" "errors" "fmt" - "reflect" "strings" "testing" + "github.com/akeylesslabs/akeyless-go/v3" + "github.com/stretchr/testify/require" + corev1 "k8s.io/api/core/v1" + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" fakeakeyless "github.com/external-secrets/external-secrets/pkg/provider/akeyless/fake" + testingfake "github.com/external-secrets/external-secrets/pkg/provider/testing/fake" ) type akeylessTestCase struct { + testName string mockClient *fakeakeyless.AkeylessMockClient apiInput *fakeakeyless.Input apiOutput *fakeakeyless.Output ref *esv1beta1.ExternalSecretDataRemoteRef + input any + input2 any expectError string + expectedVal any expectedSecret string - // for testing secretmap - expectedData map[string][]byte } -func makeValidAkeylessTestCase() *akeylessTestCase { +const fmtExpectedError = "unexpected error: %s, expected: '%s'" + +func (a *akeylessTestCase) SetMockClient(c *fakeakeyless.AkeylessMockClient) *akeylessTestCase { + a.mockClient = c + return a +} + +func (a *akeylessTestCase) SetExpectErr(err string) *akeylessTestCase { + a.expectError = err + return a +} + +func (a *akeylessTestCase) SetExpectVal(val any) *akeylessTestCase { + a.expectedVal = val + return a +} + +func (a *akeylessTestCase) SetExpectInput(input any) *akeylessTestCase { + a.input = input + return a +} + +func (a *akeylessTestCase) SetExpectInput2(input any) *akeylessTestCase { + a.input2 = input + return a +} + +func makeValidAkeylessTestCase(testName string) *akeylessTestCase { smtc := akeylessTestCase{ + testName: testName, mockClient: &fakeakeyless.AkeylessMockClient{}, apiInput: makeValidInput(), ref: makeValidRef(), apiOutput: makeValidOutput(), expectError: "", expectedSecret: "", - expectedData: map[string][]byte{}, } smtc.mockClient.WithValue(smtc.apiInput, smtc.apiOutput) return &smtc } +func nilProviderTestCase() *akeylessTestCase { + return makeValidAkeylessTestCase("nil provider").SetMockClient(nil).SetExpectErr(errUninitalizedAkeylessProvider) +} +func failGetTestCase() *akeylessTestCase { + return makeValidAkeylessTestCase("fail GetSecret").SetExpectVal(false).SetExpectErr("fail get"). + SetMockClient(fakeakeyless.New().SetGetSecretFn(func(secretName string, version int32) (string, error) { return "", errors.New("fail get") })) +} + func makeValidRef() *esv1beta1.ExternalSecretDataRemoteRef { return &esv1beta1.ExternalSecretDataRemoteRef{ Key: "test-secret", @@ -75,7 +116,7 @@ func makeValidOutput() *fakeakeyless.Output { } func makeValidAkeylessTestCaseCustom(tweaks ...func(smtc *akeylessTestCase)) *akeylessTestCase { - smtc := makeValidAkeylessTestCase() + smtc := makeValidAkeylessTestCase("") for _, fn := range tweaks { fn(smtc) } @@ -114,16 +155,12 @@ func TestAkeylessGetSecret(t *testing.T) { } sm := Akeyless{} - for k, v := range successCases { + for _, v := range successCases { sm.Client = v.mockClient fmt.Println(*v.ref) out, err := sm.GetSecret(context.Background(), *v.ref) - if !ErrorContains(err, v.expectError) { - t.Errorf("[%d] unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError) - } - if string(out) != v.expectedSecret { - t.Errorf("[%d] unexpected secret: expected %s, got %s", k, v.expectedSecret, string(out)) - } + require.Truef(t, ErrorContains(err, v.expectError), fmtExpectedError, err, v.expectError) + require.Equal(t, string(out), v.expectedSecret) } } @@ -160,9 +197,7 @@ func TestValidateStore(t *testing.T) { } _, err := provider.ValidateStore(store) - if err != nil { - t.Error(err.Error()) - } + require.NoError(t, err) }) t.Run("k8s auth", func(t *testing.T) { @@ -186,9 +221,7 @@ func TestValidateStore(t *testing.T) { } _, err := provider.ValidateStore(store) - if err != nil { - t.Error(err.Error()) - } + require.NoError(t, err) }) t.Run("bad conf auth", func(t *testing.T) { @@ -204,9 +237,7 @@ func TestValidateStore(t *testing.T) { } _, err := provider.ValidateStore(store) - if err == nil { - t.Errorf("expected an error") - } + require.Error(t, err) }) t.Run("bad k8s conf auth", func(t *testing.T) { @@ -229,9 +260,7 @@ func TestValidateStore(t *testing.T) { } _, err := provider.ValidateStore(store) - if err == nil { - t.Errorf("expected an error") - } + require.Error(t, err) }) } @@ -239,7 +268,7 @@ func TestGetSecretMap(t *testing.T) { // good case: default version & deserialization setDeserialization := func(smtc *akeylessTestCase) { smtc.apiOutput.Value = `{"foo":"bar"}` - smtc.expectedData["foo"] = []byte("bar") + smtc.expectedVal = map[string][]byte{"foo": []byte("bar")} } // bad case: invalid json @@ -250,21 +279,17 @@ func TestGetSecretMap(t *testing.T) { successCases := []*akeylessTestCase{ makeValidAkeylessTestCaseCustom(setDeserialization), - makeValidAkeylessTestCaseCustom(setInvalidJSON), - makeValidAkeylessTestCaseCustom(setAPIErr), - makeValidAkeylessTestCaseCustom(setNilMockClient), + makeValidAkeylessTestCaseCustom(setInvalidJSON).SetExpectVal(map[string][]byte(nil)), + makeValidAkeylessTestCaseCustom(setAPIErr).SetExpectVal(map[string][]byte(nil)), + makeValidAkeylessTestCaseCustom(setNilMockClient).SetExpectVal(map[string][]byte(nil)), } sm := Akeyless{} - for k, v := range successCases { + for _, v := range successCases { sm.Client = v.mockClient out, err := sm.GetSecretMap(context.Background(), *v.ref) - if !ErrorContains(err, v.expectError) { - t.Errorf("[%d] unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError) - } - if err == nil && !reflect.DeepEqual(out, v.expectedData) { - t.Errorf("[%d] unexpected secret data: expected %#v, got %#v", k, v.expectedData, out) - } + require.Truef(t, ErrorContains(err, v.expectError), fmtExpectedError, err, v.expectError) + require.Equal(t, v.expectedVal.(map[string][]byte), out) } } @@ -277,3 +302,150 @@ func ErrorContains(out error, want string) bool { } return strings.Contains(out.Error(), want) } + +func TestSecretExists(t *testing.T) { + testCases := []*akeylessTestCase{ + nilProviderTestCase().SetExpectVal(false), + makeValidAkeylessTestCase("no secret").SetExpectVal(false). + SetMockClient(fakeakeyless.New().SetGetSecretFn(func(secretName string, version int32) (string, error) { return "", ErrItemNotExists })), + failGetTestCase(), + makeValidAkeylessTestCase("success without property").SetExpectVal(true).SetExpectInput(&testingfake.PushSecretData{Property: ""}). + SetMockClient(fakeakeyless.New().SetGetSecretFn(func(secretName string, version int32) (string, error) { return "my secret", nil })), + makeValidAkeylessTestCase("fail unmarshal").SetExpectVal(false).SetExpectErr("invalid character 'd' looking for beginning of value").SetExpectInput(&testingfake.PushSecretData{Property: "prop"}). + SetMockClient(fakeakeyless.New().SetGetSecretFn(func(secretName string, version int32) (string, error) { return "daenerys", nil })), + makeValidAkeylessTestCase("no property").SetExpectVal(false).SetExpectInput(&testingfake.PushSecretData{Property: "prop"}). + SetMockClient(fakeakeyless.New().SetGetSecretFn(func(secretName string, version int32) (string, error) { return `{"propa": "a"}`, nil })), + makeValidAkeylessTestCase("success with property").SetExpectVal(true).SetExpectInput(&testingfake.PushSecretData{Property: "prop"}). + SetMockClient(fakeakeyless.New().SetGetSecretFn(func(secretName string, version int32) (string, error) { return `{"prop": "a"}`, nil })), + } + + sm := Akeyless{} + t.Parallel() + for _, v := range testCases { + t.Run(v.testName, func(t *testing.T) { + sm.Client = v.mockClient + if v.input == nil { + v.input = &testingfake.PushSecretData{} + } + out, err := sm.SecretExists(context.Background(), v.input.(esv1beta1.PushSecretRemoteRef)) + require.Truef(t, ErrorContains(err, v.expectError), fmtExpectedError, err, v.expectError) + require.Equal(t, out, v.expectedVal.(bool)) + }) + } +} + +func TestPushSecret(t *testing.T) { + testCases := []*akeylessTestCase{ + nilProviderTestCase(), + failGetTestCase(), + makeValidAkeylessTestCase("fail unmarshal").SetExpectErr("invalid character 'm' looking for beginning of value"). + SetMockClient(fakeakeyless.New().SetGetSecretFn(func(secretName string, version int32) (string, error) { return "morgoth", nil })), + makeValidAkeylessTestCase("create new secret").SetExpectInput(&corev1.Secret{Data: map[string][]byte{"test": []byte("test")}}). + SetMockClient(fakeakeyless.New().SetGetSecretFn(func(secretName string, version int32) (string, error) { return "", ErrItemNotExists }). + SetCreateSecretFn(func(ctx context.Context, remoteKey string, data string) error { + if data != `{"test":"test"}` { + return errors.New("secret is not good") + } + return nil + })), + makeValidAkeylessTestCase("update secret").SetExpectInput(&corev1.Secret{Data: map[string][]byte{"test2": []byte("test2")}}). + SetMockClient(fakeakeyless.New().SetGetSecretFn(func(secretName string, version int32) (string, error) { return `{"test2":"untest"}`, nil }). + SetUpdateSecretFn(func(ctx context.Context, remoteKey string, data string) error { + if data != `{"test2":"test2"}` { + return errors.New("secret is not good") + } + return nil + })), + makeValidAkeylessTestCase("shouldnt update").SetExpectInput(&corev1.Secret{Data: map[string][]byte{"test": []byte("test")}}). + SetMockClient(fakeakeyless.New().SetGetSecretFn(func(secretName string, version int32) (string, error) { return `{"test":"test"}`, nil })), + makeValidAkeylessTestCase("merge secret maps").SetExpectInput(&corev1.Secret{Data: map[string][]byte{"test": []byte("test")}}). + SetExpectInput2(&testingfake.PushSecretData{Property: "test", SecretKey: "test"}). + SetMockClient(fakeakeyless.New().SetGetSecretFn(func(secretName string, version int32) (string, error) { return `{"test2":"test2"}`, nil }). + SetUpdateSecretFn(func(ctx context.Context, remoteKey string, data string) error { + expected := `{"test":"test","test2":"test2"}` + if data != expected { + return fmt.Errorf("secret %s expected %s", data, expected) + } + return nil + })), + } + + sm := Akeyless{} + t.Parallel() + for _, v := range testCases { + t.Run(v.testName, func(t *testing.T) { + sm.Client = v.mockClient + if v.input == nil { + v.input = &corev1.Secret{} + } + if v.input2 == nil { + v.input2 = &testingfake.PushSecretData{} + } + err := sm.PushSecret(context.Background(), v.input.(*corev1.Secret), v.input2.(esv1beta1.PushSecretData)) + require.Truef(t, ErrorContains(err, v.expectError), fmtExpectedError, err, v.expectError) + }) + } +} + +func TestDeleteSecret(t *testing.T) { + testCases := []*akeylessTestCase{ + nilProviderTestCase(), + makeValidAkeylessTestCase("fail describe").SetExpectErr("err desc"). + SetMockClient(fakeakeyless.New().SetDescribeItemFn(func(ctx context.Context, itemName string) (*akeyless.Item, error) { return nil, errors.New("err desc") })), + makeValidAkeylessTestCase("no such item"). + SetMockClient(fakeakeyless.New().SetDescribeItemFn(func(ctx context.Context, itemName string) (*akeyless.Item, error) { return nil, nil })), + makeValidAkeylessTestCase("tags nil"). + SetMockClient(fakeakeyless.New().SetDescribeItemFn(func(ctx context.Context, itemName string) (*akeyless.Item, error) { return &akeyless.Item{}, nil })), + makeValidAkeylessTestCase("no external secret managed tags"). + SetMockClient(fakeakeyless.New().SetDescribeItemFn(func(ctx context.Context, itemName string) (*akeyless.Item, error) { + return &akeyless.Item{ItemTags: &[]string{"some-random-tag"}}, nil + })), + makeValidAkeylessTestCase("delete whole secret").SetExpectInput(&testingfake.PushSecretData{RemoteKey: "42"}). + SetMockClient(fakeakeyless.New().SetDescribeItemFn(func(ctx context.Context, itemName string) (*akeyless.Item, error) { + return &akeyless.Item{ItemTags: &[]string{ExtSecretManagedTag}}, nil + }).SetDeleteSecretFn(func(ctx context.Context, remoteKey string) error { + if remoteKey != "42" { + return fmt.Errorf("remote key %s expected %s", remoteKey, "42") + } + return nil + })), + makeValidAkeylessTestCase("delete property of secret").SetExpectInput(&testingfake.PushSecretData{Property: "Foo"}). + SetMockClient(fakeakeyless.New().SetDescribeItemFn(func(ctx context.Context, itemName string) (*akeyless.Item, error) { + return &akeyless.Item{ItemTags: &[]string{ExtSecretManagedTag}}, nil + }).SetGetSecretFn(func(secretName string, version int32) (string, error) { + return `{"Dio": "Brando", "Foo": "Fighters"}`, nil + }). + SetUpdateSecretFn(func(ctx context.Context, remoteKey string, data string) error { + expected := `{"Dio":"Brando"}` + if data != expected { + return fmt.Errorf("secret %s expected %s", data, expected) + } + return nil + })), + makeValidAkeylessTestCase("delete secret if one property left").SetExpectInput(&testingfake.PushSecretData{RemoteKey: "Rings", Property: "Annatar"}). + SetMockClient(fakeakeyless.New().SetDescribeItemFn(func(ctx context.Context, itemName string) (*akeyless.Item, error) { + return &akeyless.Item{ItemTags: &[]string{ExtSecretManagedTag}}, nil + }).SetGetSecretFn(func(secretName string, version int32) (string, error) { + return `{"Annatar": "The Lord of Gifts"}`, nil + }). + SetDeleteSecretFn(func(ctx context.Context, remoteKey string) error { + if remoteKey != "Rings" { + return fmt.Errorf("remote key %s expected %s", remoteKey, "Annatar") + } + return nil + })), + } + + sm := Akeyless{} + t.Parallel() + for _, v := range testCases { + t.Run(v.testName, func(t *testing.T) { + sm.Client = v.mockClient + if v.input == nil { + v.input = &testingfake.PushSecretData{} + } + err := sm.DeleteSecret(context.Background(), v.input.(esv1beta1.PushSecretData)) + require.Truef(t, ErrorContains(err, v.expectError), fmtExpectedError, err, v.expectError) + }) + } +} diff --git a/pkg/provider/akeyless/auth.go b/pkg/provider/akeyless/auth.go index 112d2e49218..f23b20e0946 100644 --- a/pkg/provider/akeyless/auth.go +++ b/pkg/provider/akeyless/auth.go @@ -38,7 +38,7 @@ func (a *akeylessBase) TokenFromSecretRef(ctx context.Context) (string, error) { if prov.Auth.KubernetesAuth != nil { auth := prov.Auth.KubernetesAuth - return a.GetToken(auth.AccessID, "k8s", auth.K8sConfName, auth) + return a.GetToken(ctx, auth.AccessID, "k8s", auth.K8sConfName, auth) } accessID, err := resolvers.SecretKeyRef( @@ -79,5 +79,5 @@ func (a *akeylessBase) TokenFromSecretRef(ctx context.Context) (string, error) { return "", errors.New(errMissingAKID) } - return a.GetToken(accessID, accessType, accessTypeParam, prov.Auth.KubernetesAuth) + return a.GetToken(ctx, accessID, accessType, accessTypeParam, prov.Auth.KubernetesAuth) } diff --git a/pkg/provider/akeyless/fake/fake.go b/pkg/provider/akeyless/fake/fake.go index ba491a3ec2d..b3c2e212728 100644 --- a/pkg/provider/akeyless/fake/fake.go +++ b/pkg/provider/akeyless/fake/fake.go @@ -16,27 +16,78 @@ package fake import ( "context" + + akeyless "github.com/akeylesslabs/akeyless-go/v3" ) type AkeylessMockClient struct { - getSecret func(secretName, token string, version int32) (string, error) + getSecret func(secretName string, version int32) (string, error) + createSecret func(ctx context.Context, remoteKey, data string) error + updateSecret func(ctx context.Context, remoteKey, data string) error + deleteSecret func(ctx context.Context, remoteKey string) error + describeItem func(ctx context.Context, itemName string) (*akeyless.Item, error) +} + +func New() *AkeylessMockClient { + return &AkeylessMockClient{} +} + +func (mc *AkeylessMockClient) SetGetSecretFn(f func(secretName string, version int32) (string, error)) *AkeylessMockClient { + mc.getSecret = f + return mc +} + +func (mc *AkeylessMockClient) SetCreateSecretFn(f func(ctx context.Context, remoteKey, data string) error) *AkeylessMockClient { + mc.createSecret = f + return mc +} + +func (mc *AkeylessMockClient) SetUpdateSecretFn(f func(ctx context.Context, remoteKey, data string) error) *AkeylessMockClient { + mc.updateSecret = f + return mc +} + +func (mc *AkeylessMockClient) SetDeleteSecretFn(f func(ctx context.Context, remoteKey string) error) *AkeylessMockClient { + mc.deleteSecret = f + return mc +} + +func (mc *AkeylessMockClient) SetDescribeItemFn(f func(ctx context.Context, itemName string) (*akeyless.Item, error)) *AkeylessMockClient { + mc.describeItem = f + return mc +} + +func (mc *AkeylessMockClient) CreateSecret(ctx context.Context, remoteKey, data string) error { + return mc.createSecret(ctx, remoteKey, data) +} + +func (mc *AkeylessMockClient) DeleteSecret(ctx context.Context, remoteKey string) error { + return mc.deleteSecret(ctx, remoteKey) +} + +func (mc *AkeylessMockClient) DescribeItem(ctx context.Context, itemName string) (*akeyless.Item, error) { + return mc.describeItem(ctx, itemName) +} + +func (mc *AkeylessMockClient) UpdateSecret(ctx context.Context, remoteKey, data string) error { + return mc.updateSecret(ctx, remoteKey, data) } func (mc *AkeylessMockClient) TokenFromSecretRef(_ context.Context) (string, error) { return "newToken", nil } -func (mc *AkeylessMockClient) GetSecretByType(_ context.Context, secretName, token string, version int32) (string, error) { - return mc.getSecret(secretName, token, version) +func (mc *AkeylessMockClient) GetSecretByType(_ context.Context, secretName string, version int32) (string, error) { + return mc.getSecret(secretName, version) } -func (mc *AkeylessMockClient) ListSecrets(_ context.Context, _, _, _ string) ([]string, error) { +func (mc *AkeylessMockClient) ListSecrets(_ context.Context, _, _ string) ([]string, error) { return nil, nil } func (mc *AkeylessMockClient) WithValue(_ *Input, out *Output) { if mc != nil { - mc.getSecret = func(secretName, token string, version int32) (string, error) { + mc.getSecret = func(secretName string, version int32) (string, error) { return out.Value, out.Err } } From 231a6ea67444eda6355ebfe568a12c6fb09c7933 Mon Sep 17 00:00:00 2001 From: Engin Diri Date: Sat, 21 Sep 2024 09:54:12 +0200 Subject: [PATCH 308/517] feat: update Pulumi provider for GA (#3917) Signed-off-by: Engin Diri Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- Tiltfile | 2 +- .../v1beta1/secretstore_pulumi_types.go | 4 ++- ...ternal-secrets.io_clustersecretstores.yaml | 7 +++- .../external-secrets.io_secretstores.yaml | 7 +++- deploy/crds/bundle.yaml | 12 +++++-- docs/api/spec.md | 11 +++++++ docs/pictures/pulumi-esc.png | Bin 0 -> 330209 bytes docs/provider/pulumi.md | 31 ++++++++++++++++-- go.mod | 2 +- go.sum | 4 +-- pkg/provider/pulumi/provider.go | 8 +++-- pkg/provider/pulumi/pulumi.go | 14 ++++---- pkg/provider/pulumi/pulumi_test.go | 9 +++-- 13 files changed, 88 insertions(+), 23 deletions(-) create mode 100644 docs/pictures/pulumi-esc.png diff --git a/Tiltfile b/Tiltfile index d123330817c..1f6f491bc64 100644 --- a/Tiltfile +++ b/Tiltfile @@ -80,7 +80,7 @@ if settings.get('debug').get('enabled'): docker_build_with_restart( - 'ghcr.io/external-secrets/external-secrets', + 'oci.external-secrets.io/external-secrets/external-secrets', '.', dockerfile = dockerfile, entrypoint = entrypoint, diff --git a/apis/externalsecrets/v1beta1/secretstore_pulumi_types.go b/apis/externalsecrets/v1beta1/secretstore_pulumi_types.go index a2cf6fdb3c5..48c4b5ed804 100644 --- a/apis/externalsecrets/v1beta1/secretstore_pulumi_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_pulumi_types.go @@ -20,7 +20,7 @@ import ( type PulumiProvider struct { // APIURL is the URL of the Pulumi API. - // +kubebuilder:default="https://api.pulumi.com/api/preview" + // +kubebuilder:default="https://api.pulumi.com/api/esc" APIURL string `json:"apiUrl,omitempty"` // AccessToken is the access tokens to sign in to the Pulumi Cloud Console. @@ -30,6 +30,8 @@ type PulumiProvider struct { // To create a new organization, visit https://app.pulumi.com/ and click "New Organization". Organization string `json:"organization"` + // Project is the name of the Pulumi ESC project the environment belongs to. + Project string `json:"project"` // Environment are YAML documents composed of static key-value pairs, programmatic expressions, // dynamically retrieved values from supported providers including all major clouds, // and other Pulumi ESC environments. diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 97e9df4e600..7de4c50fee1 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -3817,7 +3817,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com/api/preview + default: https://api.pulumi.com/api/esc description: APIURL is the URL of the Pulumi API. type: string environment: @@ -3832,10 +3832,15 @@ spec: Organization are a space to collaborate on shared projects and stacks. To create a new organization, visit https://app.pulumi.com/ and click "New Organization". type: string + project: + description: Project is the name of the Pulumi ESC project + the environment belongs to. + type: string required: - accessToken - environment - organization + - project type: object scaleway: description: Scaleway diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index fde12c88c9e..b5622fab92c 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -3817,7 +3817,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com/api/preview + default: https://api.pulumi.com/api/esc description: APIURL is the URL of the Pulumi API. type: string environment: @@ -3832,10 +3832,15 @@ spec: Organization are a space to collaborate on shared projects and stacks. To create a new organization, visit https://app.pulumi.com/ and click "New Organization". type: string + project: + description: Project is the name of the Pulumi ESC project + the environment belongs to. + type: string required: - accessToken - environment - organization + - project type: object scaleway: description: Scaleway diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index e2fe9ba155e..2f3a963d64d 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -4188,7 +4188,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com/api/preview + default: https://api.pulumi.com/api/esc description: APIURL is the URL of the Pulumi API. type: string environment: @@ -4203,10 +4203,14 @@ spec: Organization are a space to collaborate on shared projects and stacks. To create a new organization, visit https://app.pulumi.com/ and click "New Organization". type: string + project: + description: Project is the name of the Pulumi ESC project the environment belongs to. + type: string required: - accessToken - environment - organization + - project type: object scaleway: description: Scaleway @@ -9968,7 +9972,7 @@ spec: type: object type: object apiUrl: - default: https://api.pulumi.com/api/preview + default: https://api.pulumi.com/api/esc description: APIURL is the URL of the Pulumi API. type: string environment: @@ -9983,10 +9987,14 @@ spec: Organization are a space to collaborate on shared projects and stacks. To create a new organization, visit https://app.pulumi.com/ and click "New Organization". type: string + project: + description: Project is the name of the Pulumi ESC project the environment belongs to. + type: string required: - accessToken - environment - organization + - project type: object scaleway: description: Scaleway diff --git a/docs/api/spec.md b/docs/api/spec.md index cabce94d4d2..9fc7d5be877 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -6010,6 +6010,17 @@ To create a new organization, visit https://ap +project
    + +string + + + +

    Project is the name of the Pulumi ESC project the environment belongs to.

    + + + + environment
    string diff --git a/docs/pictures/pulumi-esc.png b/docs/pictures/pulumi-esc.png new file mode 100644 index 0000000000000000000000000000000000000000..e5d3fe89ca6f206630e8c6dd25e17665653be59a GIT binary patch literal 330209 zcmeFZc~p~E*FH>ZTid5reH@A)l3GPX1PTa(KzLeI1Ox)g02;{hi*3^X?D8C;#vHza99$9r(W;P}tZ_CY7S8xG<%w-IO-s#*zQplh9w% zGa~j3$h0<*)J@NvWi2p5_5FwhSL08rH$Tw;fbt0Q>)u=+KgN|Zm#*yf6YnABQEVEE zJO_JRsEY!xy*{#`&((hrSg2dpX8wN6YqObVyx8scfQt|?CILRHC8@Aq;}+f#>_duYk*BA)m*WkUc(BcyxNm67`$J zSqXOL)9vqGnL^Br)QaQqV5zV5H)L6xPsQCA%SR!fD=190_1qj2|HySchClIcxWXg; zfnrt8mdUqKgA!586%+aD6O-4!iVaygq0mO$p)QWSxV;-&yZgF^_xtx=p9Gd6wk-Pr zB9Ni9M|UbHbkrPPxH)bk4y(?K8>9%-8zk??Pq}ZX4rKohUr`nusB>8<8gq{fv3^AR zg>{^b!$fw+0M~`on7uZe6I^QQ+Z}C=tw&SMKYaK44PGrK{=S+*->b`?wG&4hd# z!ZxsJn)py%^JgLc3HX-tkZ3eJjrwZm{&#OFYt4BW&sITU4 zrK@);IRXa};-cN}%8$Ks-;Ynsg)ZpAYVJFIwy`2~Ktuc07#}D+B3>?nKJvE4o;$rB zJ1FH&bJR~|x_88*;;Qwi`kD=<#d=_K-#qyX#j2-=dyFy@T2=I2?EH3&8v1APxJtr1 zsKKpe;%a)qqFgl`AXD0E4CaYlTt4?A<>ov$jFy<{b;lf*d&%Iu^bDq3&>P(wLnhOg zjl2`uby_C$MSlYChl%a0k>op~Tw0dIRdJwoF235G9-L=@3tVEe$+{tYD3?F+E*u|; zhAhoGN;1PwAey;aI=U%Oj8g;i)FHI+Z`!iEenDBP$)MVrzV^_VWSrscilNX{vFadV zSQ}qHsp&v((o;Dh)3%TEnclcJ755^vYR^(4{TP;<9L;$7rT4|X8HFhCw&o>%dei$r zdaVhz%>D(~GSiC?I_73~H1b}2zMTv?NyvP8DcoHf?t|2BgZ*(4vP5^61vS|!Evct^$IVGi_28M`T-~8? z!@f~4)oyYbwM%Un_u4BD+iZKUl_obaWW7QXQmS$yE3<;*0cJ?Y>eFcYvZ43_%lzQN ztM?hT)!_^J!%a_@5|ahwuSU}nmJm&Q-^FI)7a$ofcqo;pwZ%W}Ow%6?I}uO__cyxi zWq96uYmf7ou!-i9mC3{u%aFGGD=vQZ=KPHoU@6|&Pg-Bw7mjm-`)od|e%`r`3bVPd zv`yi+K#1Uj8ON2WdfH=kdS~n2M&yrL;uUg387 zp@x13(U;|*PGhg^p;Ox+OT}EigZM}-mOPU!isiNcwY@(<7wV44x7RzNE3RPkX*8=s zTdBC#3_F38wBKFcXmRPeT>na+FmZs9rT1 zE8Y8|`ggQfmeBUa=BgSrEcm&s7gn>QuKz&vQp=*BWTYgRT=JA43+4`7LrxpXr<8|y9W6afmH3hjm#a(3FG&yrGcnYzOTck@p;hz7t` zHQPd>$u$`ko%MU7y)`X@O-B0&HXT8Z1G;T)I`ruKtr%Jlq^|EkGz8Q8z5+e6AGS2R zDo^>AZdZ(!N6&7~eFu6Wl?&{^Ius=n4v#34X_qmY5;JMdUo4c~uS#V{6Dg$OCO`9#?To(=gl7#yH+<~ zT7~-QI9gMz8>hGy9Tg$9eiwVModgaTr9l6D>(Kh-R%Sr=Tf4x%$;~nc24wB1vrWy( z6)lgBQtA;B%d%2T>ryeS_ke-|df*)D&p4aZ^!$jT=K&ha2;#S-jP@6l(yEgxAQe18 zDiG(3xx~zf3OARc+BVm&Ysh=8QrFUCe;o&U!nrOtqA$0&R(gK})V4Rz+QanO5%?-#ca^&ZvO@FE$wA&rS$6_0J<8UjoLAT_Lw++XYEPGn?cN^V4DE zV^|?I;SfL9W|Y$CBUa)~Zf+V3<6*-Ahu+y}?)omsPN)^KKOB7Qm!eRj0qi2{ zN4rRx2zFNx<3Pt-)$*Wax|vd|+u7W!(Mz1}Hp>G2FwwL8NSZDTPPE9_WP+CZvq8l^-%4mW+&pMGZ}OeQf1H8EbC-io&;52g)KgHnRy&iz#D!Dvy>0ro75 zPk=XIFnjyCW?~;U3{hT#kQj8Q*J<}3EDl9$v|SU$Rwf5R3h2Jp!%a~RL|^N|UkDj) zK4jf2`p0hZG6|U0 ziQFq7)nZJBI#=9^nw0zsv=_!~lwiucnpV#^LYWkyC;-ClW0>i&!GxYYTClE&`#z@) z0H5No+>ks^&r1bMypFEg!?53-O6B<#Kx=)w)ZRk=-|;lmO7_$D3HF6gdj$^k>Tc~Z z*LEXkKk?I`!VUlPoU_0bsbiNL*}kx6ZzsanX4Kw4K;S?O^FN*GmBDz`sLf=RroZQH ziG|RGWpz1pT~%A?7`_s?<4xI#a_CZ+@c7WT|ES9Au_opav><-itJ7R#Xl_MY4*bdcXK3;52XrwNwqcrS!?(@y{C8M+YN z3oY|+>iSnf4}rg4IurL>+AUY*B5tH@JvU8zp|x~}d(=%W#dIc_UY)tbM&(n76YZ7c zC_QkZE|IWl2Fig_F&C~OeXtM@HcQ(dT@eI0MdLrp2+>e7B250#^p8SOU54&3>2{Xa zWI}|KP%H^7zFoud*y&7EDgsy#j0Bs;aET~ldZ^{+zhjacJs|IK^1RQR8OcDH+jNJ2 z3qQ7TQlk#F;c@kDbnU!JdbD>nfIFDR=%!iMhhI2|P#W%$-CzYSLY@KfS%~iWiC9ff zf_E*mUFKCk(L}fytS2wqI?pMDn_SO&!HJ#TgQ%1K&x%Y&B5vI>{lMpp5rCopv5sRF z!C3Wk{KTvXj*jY!<&qFi<`F_QhfA7M?W&NNV}oPm3n-ltzTB4J>)hMG-ua#TMfzt+_anQPNW;*Db(WMdtMzO@PpXy^NPpO1Q_bQeoG@0u#6|s^U97#}FQ;i^5vIfKWtp=6Ze0xDztPdJ z05#YIT7Xd9vlHy$H&lwcH=hYR^R1`J%U6zBJ410Ve-2u5hGy0NeyJ#w`9JuI4dW$X z$1;y@g6~62d_kdZn~{#Wr)Yf#M8B)Cea|~HH zT%L7Mzl?X#smjdS13=)P+bz-$`CCS^`Qv z$^}c2PHMJo8K`sFkMYrO12dnw`g}H(uMN^_^-hxHV3CgtAjl4y4#W_!=J7I2E7PUt zfuH-m*4oU{dqLP84kEfW949_$G00iHuLK+29o=V^PV|w>w(@6+{->o`qMY)%*I-&P zF0B@w(##6%klZD~aw~6>P!``}?`@`K<9&%0% zeC+egX09RLJD+}Tf{+<3`P2fq0(2ZfY72yaqJTVbYW2@f_-guw+?Bf+<~2-_hUq5c z>JBdjyfF@lEn%SRumml*nkN9Q=hm?m&E!3TdU^YTO_5VmncMY`_vUpRLv8U#0H~zZ zz zv6o>EUv~?D0D^y|4SC`RIW4vS4M`2-Z|8lr>pZb{F03GGwzZEzSYadkNK$o>ST7ul zLK*)fGXNZ&u>jo>U{<~XTl*#%DSOJYbKy6eiwWHe%oanUk?9fqhcF{Ua`y3GjPJW z>@0BY#N~+CmQcQbfsNfv5P<72dF&liNA!UP^P*ZZpnP(7bAZd})&!|FN*;Toozd18 z@!^nY9I@m*KqgiKfc#ocb%H##)1(#M#(&G+t*&xE;o^xgGJTxElP}?i6M@RbwTP~2 z(yNU(>5I9%1?A9h3xC_tT-Ziw+Wx2K4hNlb5Yfi)r2<^mu`j)=&XV$7gihV=@2b(v zJ#jn8lgsrLZyL+y{w!apY0!6*9-hMnqQ2$i2#iV2tmwSV@1?=8{VLpFF8pmh8<$ao ztaI`!nT9?kLc5&c@-z5gtlqX=Pfd6yNOe0Q!g}X%b)} zlscbXm!QRu9!&#+=0AS|BDeXZ zpaGNvAUHU67s>lMc@%giihq%;jO`^`j?~vmM7g-4r>A}hy1(93+wIyB_Rd~YJBYwd z-fCV+ug(z-$iHk0q!&=wuierG_&0j!^V(JAXk5*>q-a2G!Cy{1KDHP%sEN9h#3o?k zNuboDGWT@d|3KmTP3_@BYaQ)GGFHp=+z6STpS~A0x8&)*5C91B&d2bT# zxk{^bQZsL5-_H~t?aJD#5#s>)N_%$p5~6KSG}A^*wirTq4=!O>A}U%ZvhKO(*z9$k zTf#;>#H#_Y)hfO6{NuOuUU0htECR@O3#?+YcQxZ!Aho0oY4%Qe_O6nF2BXHvI@#`!nwJZ>p~aWl zBkLYL4;Bzh#Xf9Mjzm}G;IM1x9O`=WF`e+Xn)IJ;TR1ba(tqiNIE@bZ07|UU_AnT5 z2oMIBBQmw9-5C}`@4BvdP-wJghxfkPBaj(%weEeWy&!P6CXlg-vPUWFYa_9@$z}~8 zBslVF@h(PQ4}f~VUtaGGN6$Q%9j-g~@TpMOJ?HSSJ3|EQ2E03>|9+Tw=~9b#higke zA4q6-sf7Cu;~+0BLNR*i*XLUj`O#49vfFia)KSlP> zJ5oc(z1gAgqIcx2yV}|eOCahrsSnbtk=>6!e~TH6#bR!(Mhj{ELqmS$>whrqsj0z)(h)udgnSlTHC^F_?$N}W8%Srp&Hc3Rfyf}xT7VB0$Eb> zIjjrtt+Sv}y6dUe6{S$P{WtbbkI1ht-J9nc0uD?+s-ERlFR(sHnfU;HFS@mvd*uXt zxOpx}QSEcr=9uqX%AURx2SZvbB;M)X`AmCu>j;6Yy<~|3A*k0u_bPrW7EF@NiRbR| zQ3bUD1b0pP50jR_vF|#LN4wr9MRjs3-T-k=5Mk;B*FBZAX1Y3Frf?^}6rNeTsePE)h9u$+egK5P2a> zNX2LfV9wwygIsAkk`FmLnPzGPVQ!kBxw(se1&0^Ln#5rj1&D~}ol&m~HkV+zyQ8RZ zcl}?FMLW=IL9?s=IpVwQ^q#H?&hTH0UJ^QpNQSVBJa}lH%uKu~c7p=l!Vr~@mC)Ol zN*9YKnB!x<8CUXx+pdK8<^-oRmK<@T%=Q=!vGKc7HpQMVR@IctyIw#;LBrFirs#pI`^i;h@41Yb$#c<8@P(M z&=8Tiho0go?tLfrrG6ZHz3*%;t#>yE)co}(B_@Zx_vaO+cx@OJtVmBuSt#OivU)>M zhjOY%@94r56viFw9_2ueLoEn)J5Gd8e7k%^uWQBmvwpxw*;P*Ojf57?f7FWcrwNtd zC_+cPS!Bf5?~=sa2_lHw5+8$TrwFgS-bhzoF`$hQFNB}9QSu|HJUM-Sg5p~C)KIL< zHP(*cRx#mQ*+7LZZ0o}J9$=_{QVLz@fSSO9&BYf)&<|QHt-XMDCZ|y2H25HOZShU$ z;h!B?5(%nAf5=b8ww}MFv(uxN6TF5iccVcENAm~CSqy4F;>vKUr?Oujvxv*8(t8>W zf+#vZJ)8c2EIN8<)1Cd)D6u$5OwP8gs3=@Q&I-(Mltn0kA0Zg{8p%L z#^ZCxSCtu=ZkyEG$N;L$_^kKltBki6C`_qyidFUHVLe{`l$}B!)f0xk--fswhZkli z^erw50}4&BFi8!N?boZ@yOs!xzBYkMMWGV;hi=?Hys+&Vz(7c`NP@0Yx%R0_au#f0>wTe~-!6_NW`Y&D+1$fQ*EqVX= za`UnqWu_!OVs6>xujtr550kbAcjK0SK+lQgtk(C4&JHvA_tIHo+?PJAe}QI$h`ziI zjQboaQGo86i+cjeSA}eyIqojG0 zGeTj}QFr58=rab;W5m^f!mz&`lVF^uW$J~9G~=g&y+34ZxxhRwePCY-mZ>p3B2@bUt{<^)wJD~$wYx3Ys9~2rpVdG^k zo*i!$IuPN1vlmzVv~i-Vf({E&HFywM`*by@+20#8YAG#bS||=o;O3}|G*-Z0hY@6O zYPr014)tU;TzoJ$o2+KOW@)&Z`*26ggy>o>d(9AWrpnpWLGv+e=wUM*Ep_ zinIq$8=+Vqi&``kobRc-VlMl6uu+Zb*|RM1#%@|e4endT0Ymq(m>k`XL|>`a@KPQ{ zWWuO66O-@kfspSvH=1E2Fv8MwD_yhQ#|Sf*^R0AU1QXsQW*PRlEoHUh(Mu%n!fPbc|91RoV6 zCyWCpMUF8%gTH^_(Jlcd``Dg7b;U#J>3OX%mZp{ft&N}qk?5~yYJ1OTwmQ1DUb*%s z&tNA!t-lNf=fGqKQB#KQ=kJ6;`S2S!b#;T;kBY=4MFyjtQI@65>GqW@b7noJHO3ZX z^xvMuYPh;;pMK#L+4wL(#J@co*Jiaglj9?vyOzDniLJkV&5Cxg*IuvOQ2N_og-1F- z%TIeA5CBe&{(7dc1LRq>gS}CFR74KwkpA|Nt5>pg7rHGmJwPdbS6jFK{^@Q^!Bj?U z;JW_bhASvswZ52+>8ema=AD=S=c)GD_vc(&qpp7|%0iRDX4t#5W-OBk|K+?JnzIvG zt>7-nz@dWM?kjaNE%GfB{r_6+e@*rOr~i1=pcy9S%Wukvv{;@pX3h*tLfqhJk;$`= zKVpC3IVlcEgg7^mY)*FR!w&K|Hj+$RMWd4-za`I`Xrg1JIx<;7)@DDi@ue2owvSw( zT}H>^VX}2Sacd+~Sn$Q0&3L3N7V)|1jvsd5SF*6#UH*&Hl2kLXb4CUErs{slV}W(T z{aZaWXW2o8wa(cqSku@2-6#1!zVNKymHu(z(6Sly^npa%+c$WcqRsqOT_&Ed+d)Qm z33-GBo+K`jm=McjA=}Tt-T995GH-;8IA`hq=~|(6K7{zIV&SYY>AW=2>_pp?vhm@? zarOdc;Jm^keDPD5-6hI5+3PtQ|7P#{ka*?OwGN-6$?_!z)At?&eS0=D%G$JCI}~?4 zUx|hAJ@R%2-vEe!nGMN2JcU#)p2T6gKObI6@F`Bjt7dv%Ptjcn$>|QSg}N%d{=6Hq zf%u#v{`L=&e%GmQ^6;REl|;x_!Wo~)O&!HGvLx5Mn^?K`mlKG$67R*Eh4tCIo#YX? z>4El4ybK1bQ__1yvjffWfynrjbyEE0m_J;+2N}z!q;-cCUN_ACAv_@X`{9e4wvc&m3{k#<36j!BSN-L^UocqVCO&ucfaH;O8H3nQ-)LWfOn zv4hfw9bH;zO2?_Xz_lth8fd*m3l5_n19BTi8Ca#*Bq|mWB=EMx_4ao^z?^{8TfyB`Q=-WG0rZpP}nHym}n4aCQ z5!MMChfGA|4Us{_#)}ut>0Er4X*#`vS!L<37#uwx=`0KSEWy?LB5PkH_tBcDT;Xe( zlHh~?XiBnoF1B5R9Gw~ZG!ZlZ)i>m*ITX12qxna`$T^Y}(+$}-;j8tsCBtYlx#49o zIB)C6?MUI#mQjmEi4Zm~P_}V`w}e??qP%2?CR{H1-X6hvZ#oBSj-+{aeudT+h0FN* zG>Fq@<3~lEre)bY-w7*lz9xUB5KXd79zajbB)PoxU8gp`LxJ3Gke-_wd)D~0TYL)WvD(U&SnK}3 z`-HN^1loprFuKrFQIMFY1kLp-eH!&5ml>TSmB7GGFG#0P!R>=R)w?LG=%x*?whH=e zwl2Z;%Rp%nH+y481`O8xVz;0pa~}Hc?vi~lh;50U)au}x-R%ky`=a<-L?#rfy@5~( z=;p_##6zC#fY`=;h)PJP?aJ9{19rwL&z}`}+CMzL#ayxjaQW7b0#5PxQY5TlrbsFdNHHFiTZp zwfg?T8eaZ)gVLcrgo6MQ7G2-W{~EPeEJOO1nFnrT zcJCI*@--l~YafGikzH4AV~#19J~|+X4TFAiz4_pijnAi7lZ!TnR&+s|&DAx2SgCR_ z!WHij#=AKA;G;rsML~z$XRniUd3!0V>LG+NilsShe3-7~5nJ3NXmh^Dk1cOyPbiBG zzHs2V=5UMO=ELi!D`7AAWRd@Ry5Z}B9S%HN&I;JlNAN+(f54JHe6;Pp16ni(d!$o~ zS*N~SwJB0L2ps{v7;W*%**wec5EJI4(%R1VzPNNR9%nR{)otv3F+K5ia}Cb3i5p>* z-`LW*8-n7p_^BVPje=Mhy(oJAwwlNJiA5~&KjP%E&XmCd>MQ+(Qy)xy&{aW3@^z;a zW4Y9q*|hvi8QVJT>1vysB68Ezq|kxP{x1U*1<-IjkD!O1`h2lC(HnTTPirM$8U5tv zyvk;s`=5& z%_e?PTNN(*lMuGz_s2HTn_1}2Mzfv=0{W}Tl|2K8jP2;UbR7s)pu-E{9hMZ3c{u^; zlJ6h`$PC8IX74%1oWA-r>U7H&ZP^5;P|60+z&arzHG%asXO5o#{}d zNLvJ`jJ+n*2h;GV@Wexr(iJI>1*hXn&yws__=XQ!C=>qVKQs$+oP zkb`R*PQ)1}8a6Biw9rMd!U0Q(U>0U!dbR%fZUHn8q~`cJMK(sz5kY=Kb#CCk+MF}o z+zP@ccQ)E)a>>cDyd`t$3uY&OGjbvot*GPFjWIY&G7spnOfNsR$=GZ`!SB+TM7u-u zaK)u%{}znd&A0nDqmk*R3ekN^=Wb&<-wR|O@*5+FdGN->PgKme`3m%>F5hD_?zFBQ zFgIgf6_b9Yg*`tf^)}vA?cr5fQvIXq+U;l7LAwBrt1q!jCS zEwyI*aN2pLGZ7La9b6ufxmj}#$h*ftY_(WvqbFnMz)gVMNRIRLM!;9twsVlBXrQGA zOnBXE4Y?ZoV(zj~KMVGclY z?Cq7bSPnmf6@eqpn)?o6Z-w^XY6PNY5Wh!A;8xE?SxCdi(83vU>?ndP#}vhh_1NV- zn1Rk!)lhGu3cEh~zDKSoeRQ*?Q?4@igE*Ig)1FvNBe;gr2avXQ*isTX($j>NmqIS>(n%OS%3?@MZ!O#oT&AoypTq8#u~S_H5B7>VC>t@GwLcIMF`;KB|mP*I?# zCtmY{M7LdpCUyg@7-~qTh?mAtr&?aE=}(R8VbhlQ>`V6;Q4XR407oiO;j$(II0X-x z(BtVeYVy~Dw*>B-K zl2`Y`N#mzQ4x$z{*x>eq;*s_VS(p|$Fg1{;m~DiZ-=U9Wyu8H1)+GP$$Fe^a6g>!;{bF4s&6?Os|}NFjI}@IUt1EP z3k}!HRt$Q5U61+l$8g(m^SS9iM=G%hI0}256<|BJ*$``P@&YDCuyHnjs=eN`zNcSp zFrv)kKjANH{zPp@H0pKb1wHbFe|?&8`jbk*eON1ZF%LGWBh&ZX%nq_uo78zJB(MI8LdtN;1ojIoWb$Q<~XN zD!XGE*cP$4-~Gj_@yHQ4GxGh7Y=wk}LG0NvtG*-R@dg?%lLP6O95VBrJRv+-FHpW| zFK&-3UXLWIlZQGYt7hZM+p3JTHH9%R+*ZmQs@uLcu&NvGhINNp2}02Jp<^PIte!-> z(=Dj^Gk3rpDB-qNO;gQ&3K-FLAt~}WJA5vF#D`J1X%}9du5RG^I-w`pD9};=+J26T zj;}sZRp;QTN@jri7q>L~gEt3E=bKALX!4hXElTS#1Gb^&XVfv81|Eq}>!E4bqN#{a2?n~6| zwEm@xxrl+fL(VRXvqwoP2i9{K!ZJGHrmHdc`F!+!=1eB3|H`_Wg?S_rti{ezg*8(* zvky;RT&lK8f|c>(b6Y}kxlN(n9vHKE1KIKNoR*0e(xlJAJ~-{z!&=vBQT>tH^*{Cc z(o^U6A&uwQb4iHF)xb5o@K8H*t@Vp)of3m9+-(fYm6%yddpXd4penjNoZ|T$Em>SvImc**}3sX-~3sdfF)pShX2QM(q z3KmvGZd%eXSW-S$Kq${)q|R9Jc<$kJds{bl;CZ+{IB1X0t8J>52A9sM=?*uNLE4YLKLwV;ZU9 zD{c`cc zI~MJ^nq;P;!vvih{zt?hA{-~0(7ThX-dX56YsKl&wTpEP_i|ZWDyf^XEq04N7nJ5# zlTJyqRW{>}lldjm9#y+?4za1&y#36Ad-%@xzQSnYBbT97&+Eq$wQPg>U+qJhER|fX zbguTU#4YTnAl#P-dh<;&shAHu<5jw^7tE?!)nU>FGRB{mjVI@$Ch|8rrWQDN(^3(R zi_y-7jrJ~!FXJE#+DY@=CXr^%bauo1DZE3qS-KBZ^u?oF8-AL;KU)Y@cbo6GPZE`8 z`RJIOrkD(m<<;q_(yz5ukHB6zX&;;xj~|w=B6n{18ZvuqIIUf zcTS0zG6BN^cY$@-Ew582`*TZ-x>^EdiCOcPi2~bV+~;BVCy`UtAypk_eJ5i>bJ-pK zOQT1J1W5uP0wvuK<1yZb>?@Q$AIp23Cc&EJCtl6bHzgD4!KfPJ8fX>-TT0O-IVTo+ zbV^Ry;;|vWBQ(&li4ceWK<&iTcJGPRdV9fUOl4U5K(p{}jpTGWT?%h#CuON?*(AYk zhf8}`^a|!eq`yE>A)5;ZiK>KgiVv0H?2bM+XR0x5I{+WARbf&>%R-gSwUNSy?_K{0 zTN2YzQ!v=Bh-02)>*n*}AT{liSa(jr+%sv(I^NiC3I?wGjI*_*WEn59jBp>0iE~_Z zw!u^K6?HfT+}i2p>Jf$&tUK>~9XDz4Xs3rdMy*OYgaOTexq%ktYT}+a0?!3xeUTF? z=^y6onUsu68>UtAO|#mQON_Rc772`em%8EQ z6$8?=kq$D~9f~bMq!12m%U_9Z4Hz$kx1{^++IoBG-}2~)(Rc!jMyAjkW|t#ET7oaM z=q&hPGouGq$HH>N6RH2%WSGVli#1jPQpG zk^1`*%gz8?$L3}E;$7j59U;|A7AGHem_w$QqA=>6s!c6J1ZIf-J1tb)^GJY7y!IjSVy(SP|Q>1CLKW6Zm8F;PmRF zA#GRv=krnSoT%9S6#vdiJ7t^6HRznRDX#twi}Oj(m>wwUH~=)xleekM18d4ZRj=<- zO~8>-%r#TB_m*kBeB)-z>sBhXY21er zoVgEagg9wj;<`BR?|CW-RzB|oCj>Qa6s2zwcgg;CdTj=D^iZLFU}E*8*_Xiczv zB!$WLw#DL*rZ4I1BePQ05v{(512Rhc^9Wjvs9e~=el@PFg}&jtuBWasOe>{R@6>wW z9;$aPTbN>3U0Q65XC*`d>d&t$?4!$2mzP_?u<6`tUY|-l*c3?s}LX+p?4C#S6Pb| zLX(=Z+`}jOZNZ(bV{i~WJ*#7~gwgS)e_OO#O{g$^Qp5XwcFjpH38P+=lntI3Hu32w zBXsDU4l(}(VeXp>nWq0SNvRlGF-0-5=oXGDo?WC|?22s`;jsBm&kR;iGx!-A{hByD zcg~%S)b^Gb3{^}%8Es<{T=?eeqx$%2BSLQjL7;r4Q`I8DT(q!X5;yv9riL&gbf9QI zEs2FOMJw!lmZb9^Ha$I;b}QC&R(fEinq`uCo^R5BIPkdFFZ(IBkyipjn+ks4<$;U> zgqsxKsp>=M93MH1ILYXvNnYeVJ3R5tZ(jrMVM5e+M<9Dl;Y=Y@Q+ObaQa_=rB~pz* z)-X?K2#ri!^YW^&A-bo9NeEQw?CGjLPk--nBjMskmQR2W(=zBXj`53+#ODYu7hso{ zmTKexfi(ic8b7ohmhknj{@wKh`;>hlK7k0Oe*CPlROdNA47l zx)DxjrpAJ($bsYmR&5tVIIzAtX8z@Scv*W9mBfBkYgdj+d^iHTi*LwwYD@i%PKd0k znI1Vz3v-red81#pguHBxSp3B_Yl*OGM6dn$I4A$FT6N65?#{q{wKlcRL{QNyl{>>N z5<)I1|7+K?B(pnFu+gFjFJrP9efJL2vKX@rVw>o7bu+hW0PgLm;wrr60~fi)OUvp` zUPuzyoqjl~sUeJ9x9ZDx3BS*pg^#zXxYn9{(Rpy=yE;mvE8nHXzIa{tQMbj*pGu6l zN#a8jw?CQ9jSt^OfiyctrmytTU(M~F-k7E4W3@XFOKJ46Tqflkvn~6^w z{B#0%O`Ks(;d1?vAUy7>V?!5X`kQh)1|dvAu{%lU`*PtAET_zUyeGe~iIptnKAveo z=*g;{B-ZU_Ug6D^49d{XG9>iq8Z?7dKuYlK0YOma4CW#`A0n4hFA2rQMe9gR|e#!6*jnpISf4=KGr<4U+V0=|B{Y0u# z8nZH$+RB?p#Jh*ISts$0^vm-=O{W{sI1PSb<#~hE-ASy1Q=kO^w0e{;qik%<(82G0 z-#x$gvbR$sqg=}e5}^=pVR*tML5Z5UTHJjzl>Q7^OOKyf$&MNxy z6^m>pL|!I3KK*~pb5EpFlSuLj()J^b`rPV09T(X%btOF*d*l9P7)g|{mR~)Bybxbi zsY$uWT4GgHkI?3i8DLi5hr?-G{e7x`f&dsUBo@=>2ggA}1qiKOmC;qI5obT;i{%hN z&0Eh45|PM0_qO3CL{&a^A7xRAT;c@gva+=`o?FaM@D3hj2h+eR-P=API=nFyyHBz+ zaI$jFzf;#Deh9;an{q2rH`xxt*Y!twpq5B+Twc#D1yvo*j=P6+HuIyBL@!_Me0WSl z2$^PNT>&qR5i4Oq+g~-E&UY%9jtjv1)ZM|>8aJAkbl9kVBd{wfNTojmF7wl4Qbd@t=&@>t7$XDHn zCu{V>vu1YYjPI(zZbi2TJak^* z)gn(NncZ#-b7r4JedXPTzgcZG49MhFS`sQ%_*WzOyKQ+~Dt94jENs5@E8nl67xam{ zy2G5QppUl0bNZ9jJ7pjfb6Cb1uq_J%NUN)u?%X!dq6k$_?h_aHI%0ZPnr%IZE+v~7 znu)K4dd4v8(2Enos6?}eIqCZ; zMsRas_P}wW64>X)BpA>J1~gL{`iYg!i!XbnzX&TzVPj*g!hMt-Eh+wYj&>IIj~QN> z&2EUaP9og~=%SqhGI|~Am&&s+zDjL2tM@|(gdm^2v4-LmzSJs6GHYMFTTjdJQGou( zCE?#DKC+f;``G4BiQW$hN4RC@^y{Y&l;Z|f1et!m0ZTUwX2n=}YNO?;eN+Riq}|!O zSm<&(1;& zbs-LpNyZzKQ2C6KGJuinIB~8|cs^?uITY``tekC~#JN7KDk?F$dN<6Zn4q;fP?QwW zyW4jl`fP}{ok`ZxoWxP+Dfw}B{6KlmVE(Mcgvj*C^K?;Z@E`xOiL(sS>I-=hj(O^( z1D2wY@VI{Z^O5DwB3!adxU4_KF*39C=93qBx2lc0#DbE!it}~6NeNRUHCDK=9~n2g zCk#G&fNiMNdTD9frPEruzwV>Rxmzbk2WbLGN_Gv*=5(j3UE!dY|9na*yUx;aF}$-K z*;(jAcp9lgF~T(e3Du|#psJXFUbb*h#TnUo^m5aum2gY2{SbUv~zYf1!Pm#b$%D%?e_t6(n9A{k{EpjAiX1lOks?3}EyoJk%G% zU(R~{w>SS*rmq4(@9!@?rYX0dx_-FBaJD+2vjfw*SsKtO@G0=&q)i*KpEVtgG`&+V z%0fgZvGPwn94(4jx|%yU*qFq6lcNju(HMJ(Ytc{H`T{&kQxs<{VzcnV%mj^Y8Ul|f9ZM^nv zm62Qy@Ub-Rw@S~|^5|5RCyZK{{%orX*##(2;HyFX*Kzg4hO+9|^|mCbX~$xVzqSqV zq>UMz<^V9n+R+Qs&=}U8B!I(&$0cVbygOUvb@9-z`;fMg11&6*8{6UgeVbF6j}o*~ zJ4Vk`I(uOo8jERw>M7gUX>7frN6!LiyG5q2aEoTDpo_f^N#Dw0`Jc`GNfM&KNuoFN ztK_G#yjDizwVNd)Pk>~6c#B3k4x3;ScEBO8$hlwcKhqgc!KXB&`S}8QVAqglE%Jg% z7O6Wadcc(A+;5`{NA}@aPIK%HcPfT)in(D_Su4!-8B?WY=Mk}e8k~H~4nrc4u_J27 z(3|ldQ4hxW;D3;kwx41Q(y`PK8@Nty)#AUq#igL|d$p6PI=eAF7c&=G0kwDQ57!p^ zKf4N8pXKCc3uiir?%d~nbBO8OPL6>7CHH|}Qj9za>`I$R^D_sA{)n$R&Y^eZ1AFlV z)E7PR>`IQ#8xeOGzq;864B>sP(f`LNQp?J=e1tLT7Ybp;;o3TF!>a+em)B2XDi0Xx z$%ek>Ujpr5$(*%i?Pu0Wf_}>|3x5*JCjcms#9se4+a0paunr*uP?asA`6?u|P;DcjI~0(SYbHPs@u{&68Rj5Ib@oo_DXCgt*kk zon(4ei9-^V(ceCA&!DYmPG|p+kMu2Q(YZL+@xA0OeeO%Ea68bJ$gA>gN)h@$bE>iB zL#=PpGPG$aRJ#yajzwL0cQps(CsLf?iBRniR5!qZCWE5ap@a1Ag!UtGIITk@)rIFh zVlU(J|1B4Ps&+%q$QB*iz9Q!gX7qTxJwQoZg?$s};)Ms86Z`8v_VroQ4X;d60jS)~ zW|4r^p6M&OYV{@?o1%F`8p7+Uh?Y9QpV98R0g&mR-Ir0+u}ob{-o%4<%R3TP)n z?}-k+|3#^SLhz7AVQeH|NabH^_D5d8!xZsc@sniC#bTt4R}W}$5cE4^$Y1AI|IjLa zBZQP%^$iv7rxRnC)c=>8g6IqV(tl4oRvGn!4-bRV2ly@EsQh};84wmn`n>lNSF_bS z7R z#;yGtQ1AberhY}Jfs9&Te15!^223VgNHVLF-v&E(_5j5&Hg;oYr0p^>;U==h}CsPn+IZ8&3r7`$U5u9&_Q1 zpTw^?n?0ardUuBZZ!N_~AT$Elb%3JKtYB7`hUMi23>1N=TKNkMU-lr@T23HMJcqi< zfoxFBD)Z=EPQ~Kq!THCiPeJW`17-Y7L2ii~2bi8g;wxncQjrDEUnr zkVix-TaEvhk3{&4=-B-Z|7Z?Vdx6qn^dbOrJ{$!qZ^Jn`xdbghp$`au4nCWbR?^(j z6dePgdw-fAvq|jrQnNGq45-{U$IR=@j*^^*>7yXf17zR2A(*!ZW#=9QbdF&zXlM)r z5-Z*y(3lhcrQB(pwTv3&xYyBu z$IUil-B}>eAP@2}04G$i`;j0XM~?!fF}Lo@|Hs~U1~iqm-Rd~%D30h@P+G)>NK@%u zK}D1zARwVBy#=HjAYelf1RUvIq<4WN)PM>Y1(HbU9YqKbAk8PN0(=5dUN0rH%KM2s&Ao7eXj1z2KQtbxxgOk0 zE3G~|+SP(A|HVuVzpZ3nZ;nvFB1g!o-_7u`7eNfE+2-rgoYW@#dD}p`*1NP`tQ@sbF=^B{i7Y5#>;>=w5C$e`(_WM1L>69QG;>`*(1$+ROZtQ~ zdv_eQaE!u532ig4a{_&m(2$gzosX~a71G_W7TaLC*|JEB3XP9sBbOFr<))zGGoOEgt?&GpBd4C?x!^^O*^uzXIIb)(Alp_Dxw~&}6F>Pil z3=#*aFhq7snsH%9RI7Kb*>&1L$z0k+W}CsoM|A@wXcw5`Wy_5fLhTeBE{inyi+Y+Q zI-X=RPNlNb=aJUWb^FJLoZtoFwgosJ=-ft7upVOVLN6Bj50c)MVD!+OCB+|Q0SG3m znlj;wFdLQo`VyTDQ^#@=9PNO?CekIV(^4VIFo67dc!w0iv5hemXBYl%e-G1KH(HL7 zNZ4^E)4{DS5;-2ZmnH=l*aodzMxC~r4;vsHpRq^hj~2rf0}gs`Xm6;hnr?jescQak1mGu4jhOUE zpAxa5%Fbb@g%9=2?=QVB1q#3BS+)4+Wj9|m85ikMu1nkJ3Wm1Pw_swUcSXys7rjQ* z&}ZCCP-^COqLVgr5nscNkG6BoXbE7Z!*)6sF7IZJlmBk=&q%z1w*a$kR0nSBww@c; zTKwtUQoINmcFk8Pia3fuq(#By$AaGKPRk4R5RH7@-4qn4Iz+3EG08D`c6eNBl(QJyuL+s>{lFyoR5NZS3pwBR2_8H2{ejj_%NgEq1)C-2l0_onG zc2a#yd+|Z-`8;5HTF}MUP0JPl~|C_2lT+1nuhI>^AYm~Z|ngs4^k*R z8cf;JZ~-`*iqlR#d<{XTv%9mVT|0b`YeDE(oiww#0tndPI${zvF$6gqj)+(0+61k0 z%gYn~+!ksBk;)H!AzF<&hJ^1U4S%a=WG39ih&mfGR* zmdW1(N3!&(F`!Cy*{P+JCh`DADJ->PFc7{FD2K6s=OzCT1#^alBz!!;Yz>*sus>*u zGm7VU9GKkK4ZgfSWi4;+?spSx;^|6dYf0W?W8s}Stm85^x)otzGUab1&zIk@WDC8)3Y^lF_uHUOzokw#j)y(Uv#ZBC3=xzh((!ql>znE<-Cn zL>HVuqNq4=F{!oqi%yM^P6jPIAFPQim_`B;klBDuGipw9KokH3A>XhNfOR@?PakOW zd3!5vKW+p7DPN1(gxDvV=f#wzi5o)sUaZyE3>RLk=9Cn64SL3{4cpA#;X$e-FKMhj z-3vAJIuL-BDWN*BijnjSNq2H3l>tUc5d!kCY3kQARvQKq3Fjh7ZSn3}v%9_X(R%Sw zgG2X4U1+=-npj!+TsMD4^lgPW4jH8#J@LWI`zP^|0TU8KT`$|4v;n4oP%HMTi!=$e^Eyr z?CpL{FZB!?6EXycjdSi*%J)uy7L@L^8pVKjnKEb1ih_9C`pq0IiCBJ#l6LEC4 zb6W91%^}C)mJ0KFt3@M?p7XJdKiNm}sN*!?VhmjO@&%6bT}WzX+;&)NQC^W2>ZPPG zAEoeViGd09wle$HFuU5Vk8n#%C$J@MZzV05aup}kXSD|@SZbw7eOwb+$^~q5NY|^poC_kP6e7RVeSgKLc+mF=OiYLVQeC<_VYINT6 z$yWt}I7b(fZTqlJ1q6dO%J@|7oI6;hcOd_ROBXF}KPu3LowpI1? z`FR3+olkRW@~xEIj=@VwS?d#rPKG3Yx{Psz4HcER*NfE#Ta@km_}hH)vv`*}%ujWC zXm=LKKjVkzsX#Mo42Hy*xS%MmLRVP0m$+jDwzRq+Mi6{l-$~N3b#)q0bjsNMYoOOB zo@ir*vp1;Q%oX)6txiboHwW|Z*D0MmjP~enPg$wDbvrnn7AM{i=pxw38eenKNNg%!9Q~UCB`Uqf@_ztW&fmW5fW-PR{R5UJxN;=id3+b7G`6H3 z@wBbPD#I(!gb7C~3$vRn->rWFBq@(UO*MKbe6ij~De(>QtJol0bNmA!437*Ck69Qr z26N4bW_9!1z`YzEzTTVwF#a#qIICBfWTRCQWwHn8A_NA_I=yW6wVU8A8rbs0d|XVZ zoJ5T=TU!%VX|UkkE|9(w?jzh~z6PF+pv(ZzaASIgvai!jYDaOxe*5<)@wjPm02D1% zznljxXigUua3f!RVuLY|9js;kME1Hednr%j^7MG1>nak|U`_MX{FW`YDivH$( z2|TCAYO*}jW(LSJv^Y!L#`pg$J=poANm{;bPMr+6I9=6e998fxaQ0hXZ;PP7ABuv8 z0pI6dso`!q9nx05;CP*g#)ykCkg19=YGN zUmxhFzXC_!dT7`On6<+SQbT61fcB9r0A~RNX&3anL$FU1VP&A1k-6xSuUKN)yQnb7Jk zH?C2vCKee;U#Gfei$tXB5}W(LbBL?V&i2Ukr%E#Q@INgVc9DHyk`l0fg8DJRh53mq zMIWOD2hk_jDUz3W<74aL+f#QW$sjRUp)E>J>z%^%slB{mM8of_fY55%DT{<%Xc zl$53wap;?c8mydS=%^UZZsh>dv#dG+sO~UmJLKwtK4c}G_31FfEz!mY_%UERqo$WD z1;eoiXNyu{-72e2wUw#YDF71TNiYRM7ffynoUdSp?oFIQ%)xMA119y!dT~*V3d6{~ zSPd7iysT+is375+sO4-6bAt26x0M(jObRn{){ggY=1(-sou1!6w8-PqzE4#Qs^CbO zotIyzJZ?khM7E=JbU97lxY&s?t{b@-_dx4TgD6}Tp2B5FGGj`dWCin@Jd91_joiadp>a%plJPedLH^9`d9ilh|panP2Iz)5l zB1$i8FKGaPENcf1I02~MO03=?m8&y8dV7hzpn}uGT|Ri27D=`?u_NthFK`98Y^MwJ zbOHrj6y9an{x1|0z=xcA!&GR=@htf$9v{|X&WZ?4~5zxjX?MHb(H*$ zD)3sYxzRb8J(um+oPf4L!epkYpICWH+67=H#(e|<52hj?B-@={y5llzglex~N-?7( zDJ$+xNk+^NI4ild$-UF+%4cQ%5q@fBUH7F0_JRyBeodFosCE6d0BGee6UeociO}vN zv#ASB);=F9+q4J}(-nsx8NSdt}q?UI};|JAd|pTvv-;uX|!ZRxr` z{6PciO?4X7_gYSei(NlZPDCZ3NCyVWC&hd)o^%VGp)8)<3ABW_08|=CVxEEcw^y{b zk+1ttd`PD)Z0-|B+iT}{0~*Hdn_n#5E*X-K;%hISFCE3=DW~hPm|XtmKVI@CH_@t` zW_Q-hEQl1D_UC-$x}Jh4GKGLCE@K@BiUBebyfL%??dBitxNFOYc|*c6sw**G7#L7r zti;^*qF6>UWfW@yZ9weH$9=%Lubs&7G3XBuSILeelPs9bnqFG-a+LM4P(IpMYxg9w zK2{Dh(H2S?9(S_Oxj5TB7IDzHSXp*?X#~ZHmhG55HrZFY0D5A)4fbgbJB;?y?RZ{@ zN+1Sp4#i`M5%WYw=;aJ}Fc7;4l5DR8kC9N0W=u`~LZDf}<$^&{U9o9( z&P?tEdn;t{$n!Iy(G#F0YMYB81H>tE9bC54zH^bL=R|9c+|mj>rk zSdV3<-X+Q?xyhTs@BAq?FSUbtKI*3x15C5idT+3PdF_ua>!!ca|H{|M3*4&YOWX$*%)8Zf7X@GpK1oL7B zTtSnnz|oIQ1=*z^)nW*TG%S4gl8i~WKvE}&vA+qs7XncsQIJ;Vk+dPsTPe$x_|)bl zmuUS$N~b+s6_DBFn1);DJQB-rD$>XKsn9D-QOOL@w^GOvq`CwV61~CrU)T*Tb1wVJ zIu66^=dEsY2+|_TFglR-lT^1#Z#CvHm`@y8hVXD>9v%alU=U6}1F`YOpzO=UVVDNu z{$?O|FB2uyyl6SKknr1-ik;g;5c6nFh;w$6n4`2;uSsK-p6)mkVqE8zzDuB1=D3C4 zzkL5_2pnDp3{f{SmV!DqR7WxP)gNRYJ_BXN@bKs&f{Qr1ibFHNPXQIf56CY3t)w;ZNG(qmNiW999P(nQRt>ttw(xb(u} zq7?h5m~H@xkAri2f@y%#1|w-_UTYcF;jJ189~?#hPNY-=L@NuLqdHN59|CH7A|KTq zpFPj@wC`l7-9DN$P=)Jpk}UKpJ|4J5WrkDpe+nmM(Q=1=BDsTnf}iUAHQ}LW#TmIB z1(9j#T8XKVIqw0f9vJpl6Ojoo#Lg%WBBk)(7`of&1hI9h<4XCLwZEd9#rYhf7e%(c#*b1(ZlTD=>04;3bJA8&lev1 z)fFBoWGdw^m#fUa-2&6|u08Zs)W2wqMeyMcnl4;3C6Ie^z(;^h(EV zd3`6}Ym*`he%R@ZL!%ZIb5wnYl4fj=Sl>nT%0q1}41z8WG4QFiiaB(Izgs}^;L&_PDk=#Z0!Ldb1M4R!3cPYAsM!di~kK%yH?X&mQs!b*!R1ie)-=;MN~mqEMxTLjItWw zX}+!g%P(x0@>8kS$cTb)(AC>l2S!w;x2lD-e>Ouw5GQz>(NU`!6=o1`N<8vUrEi8R{~!JT9r&MiV6jJ*uHoA$i=bP$nB}!IiDZXqPFLo>b!2@{`Wk&Q+Fz%S9nd!h+*8SE*2z-RX zyD0>CgYoA-RYx^^7ZJ0chd*jsV|=o>Y^;lcePlM*M~8xuoMJY z9a5mNDy)oFFKQ^P%vaNe6;|l|s|%3T50uque+GrI3V8t5F*JR8SYZ|COZ(spe&Vy} z!5Cw#e9)MwW=vnd#+_t2)2mI3QiE5nt3?&KybIKP0>8hnw`O8j|LQAuwB=a%D9vY0POZ^WAx!7FRetT-^gBMJ(?H?C^ z!X>QGGZ>$QeHK^SeIe?1m_DZ9w|GF0n^qdVw#fB07YTpoop&^}CO%R6856#&ycp)5 zCuw=-(x{=Ufk9Ghw_0qR!ie)=Uw^;O)Rk$74!y{4aTCfRubT)VP&(5!E~ zj+42SLr&{od*&?*_WG0IqWqVad~ev0^dN&O9LEd<>^l>%MiWo(@mUi$A)(>LgwTkg z>CYE(GB1q%-o)~TtIHAyr`Kct)!@xM-0BX@Cp1y?-Vt9GJy@avTi7~udhgnzy>~D# zE?-1xS0#RbYsyEafwE-v=jjCu`S_N@z>lj^7q5dC`6N}X%12=}*SB{S#K;r!_uG5h zLu0~3d`KnRcb32qk8fPNvUUX+3nIeiva&>|ALLuR_O=3W&9{T!@7Ha;B{HQtE-`)? z?CY4n?_!1T4&EZ>W(%KYwENP1ePzY_j2fqBDHSufx37IlA1iRKnbPl{z7N+7@kyFg zSEbAQ(yQrFxBd!ZddJgQ2xGXq*W~RqZSeq85yd0bcMhj*AJ}Ve43XiL4T&6ep zQX#M3@q?{%a!9I{~72hh8>ByZ3%KJR&zR%s%StsVj75~22EYp!OHqwyM^g)HRdEeo~hmX@{ zv?&CJQb^VP9Jk8Pc;cOp17+f-9z*bNH4WT(@0+XrwZq`zUW4>_wrc?a0ny{+l#EZT zQpd%~x4)nyb+24twUhO;->Mb3^u*&25qrE+gp>LbqTP+J@*F;FTBPibI74BTdPt)( zE@QuZ57>#FiFQZa^%B1oM{xDon>z~PCHEtiTxUkC@GK|KpFgikZB#G{SNJ4(3;Mra zyD*`^g;)}GS$6sS$TG7ZNGm*_yZEzPKm7DrSJ*W6;2ZeBy&83~+FXun-n?PMGs!u5 zLrU}RLT?n8t<2~B0&4_+-uhMDCbDTW_a!eR<2y@?AWHi(j+idl%CxwzXN&a4viRY#Pg^+Y2vujmz!7Wh2oT{;BKLpK6<}?Av$*k7WC$yC&!wR!>W1 z*t<2)9>II&S-(0aXwd5RloR56#9cSt9Y&SpaaZKh_|9G5({5ojlxt^N-7_cF3(DtP z9%5VmsA8hZqx*RJ?P4+FW|5Pd{x5EH@Sf;QhMlnMG9Xw&JI@<|4Jzr25L<Q^`@?b4N&K)llDZOCH9i?+=bxYP%W@XMNg;4o6=a=haYUf8)o<@~v8sHw30 zC;*;g6N-vdSy<9yNG{iJtF*J=M7p20rnO@7cDl+t*lbmG{zU6O|U4&mCT&($T++S%x z3mv2XL{a%-iS*DXCv(>z?a0`@m+SWgLPcKS^$T=rV&b1tw-$2zVw`p-#>w~3G^)ap zFTx+*YRP?ZwI^3=th0=eOty&0Fl@CfB0A4R>#*7s9~s&fuv_u9vEHxcON>K)=fmZ# z3G>e#I2sc5ZM?lhi;W`}dKR8&hrq!;$tbYUnW?b;ompG1w#|opu}$~!Gnxhoh1;8W ze=*Z-4g2kUvi?n;IGvOH2arC4E_hFyt{uwIi#KmaJh*<@!C7m*brHU?z>Z zHx8HzXa1TSOIs%&`ExMSDuW`x;?ktT=R$cO|D;zeXbsHbj`NGO#R|R!H*rB+BAz_Yic&%yCUwT1)a+3>`X3F z)Yl)f$g4K*bhhHEHP-$$tGL}VW!&U_oT6Uk(xWdtRyI0|m$nrV;X8)Aw-=unj>dSA z+FECxs`B%;j48JVmAl`%UmPNRro2_3wJ_>eA0=May=U9UO#KhsB6h>ib7Mjkn_pkF zTi)s@6t&mq%q)Iq#J;iZ_pjLu$K=&p!lWa2?^K%8|FsIx_6o$U#Yz^qGZ7>g5+85&=1PH67hZ1jQu(zL$Z#ScST{FxJ-#$3(_bn@(@eao-ghGm7oJMKXjI_< zd?0pj2&k+UVe%z@Pm3)5+55||`oh_`>{N296mSo|l!FtCx&5W^zT9g8RlgWp*>Hzt z#a)({V_P%zYhH$}8sa$Yi-uf#Gxwh-y3OP}zTz?Jd#zk9 zr?0P{w6XByFJ`{W(6`5I9zHL^alDX{K*&42Nqe8AZ52PSD2PmJ$e5@B4IAD$+38$n zrvBah+=EF^1y1(twZ--*>WUXfIy|Z88d$M zn_tV9+mFPqp0iq#CC5+?x+Ylm%&i1yTUJ0{zN>GA@#voWH7C-2g}NUq!xN?6t@?rw zw*Q#RMERe1>135+xwOr}Puo7 zqTNiCiQLL_fL5@YuOGKfJRwe=k_&02sUCR<@oFZ2+>_t0Ra69n$8A$- z2rQ1d5f-E4&?Da^pi*v_IFZo`8a7=kc=Nq;<@VNH<5wqa=N;#LC-;RRWq375sy3c*PPZJoTA4j zOa(&CH}DEx+uL>d#k=2Bpz1Bw1J>RoZqfqI-V5|S#m1Sq2YZdg1#d<0o^R!wDD7}+ zLtGO(`tX-`@XuyN>16Sg(ERpn_`PfJ*B7$$Qije4<0T{Z-;^zj*}b?b`ehR^F8 zEX7;cen?Mih?Jpat<_An!m$4$PzHFE`ej_nSNm66Yxr4ZC3++Z5v7idQ4YNCp@4vq zYMKUtzR)pM{|M7Y((jjO@t6{yU`rMmnQj7;X74G%PkXY9ccIL>>{XKUw)hYgrR>`2 zr{mo~l9sBLpd`@BB4f;nX#0ohw+`k=&=J;u7vI=7nod%VN9bUgV*!u5){iDwFp3*R zba#ZjSq_f7Zxw*Z*?P~)JDcvU#<=mKXAv)PPk0-#=!Gl+L{mr@*AcHOJM8%+gNvbI zh~y|aEA%{40P@dCO!kKLe4*dDCs~x2K{fomLZkN;&ewLqQ-piCe@_@*zBD0`%sD4H z!W;sui%*ZT+(5NH(~P&+l0}qncxusb-vY0ec?EkP>KJVZGS06U$ zCxPo1V#ON5JIAKa30(fkv*4`HTE64zcS=Nv{d~B!AS}-`nkKa)VW5w4izE=K!V~)T z+%QCU!SgXB$3Lg`eU>A%Jsz8j&+N8TJg@38beApWU6wbpZyroz5~?hl{PrI-e?&X3 zhH9PYgdDZj*PQ6q6HHB0V1-#8e~yd^e(g+@w-f0eOQkxSEa<@I7Z2@E`*FOaJ(puc z-nmk7GyUjJ-NV{P@>7kG|r0On!$8rfIrx>YJ7>MXU^ola=>c$K(d zz7aV!?Jy3=`$@6Zk=P+RDw6+?x%%WssUGHJ z=B(potY4d}rhhI~mT&>~FpF7m$osP&@RrNuv1p(vIk*DHqa4p2N>6(0+G-0tGJ|w`8v9~;%tQji;eC5p{Fjj6YRPmzju%>Ez_BUa(IL#G@u@R z`b>G<5}a9FGb*#AdA)UOAyS9XDL z(n%CnEfVe|&OaBQ-BD(gv+`J6{U3w-v)^{)$)j%}`fH!azYntYeOv8CrrcAQYTtS{ zAi%A8S&_vfuX&Ost?ZE+pSGunQ}^aPjUU!3EBIT5C1W^pN%R!c;O*!Cug%iJXu_3 z+s)(WYt8dQkyTnWf`aFOXtBh;`)zsLEVT~Nq|N1>V|%Yt!vTe4<+xKR-=G;@3p zG~um^%S8nPBIdEXapmq)PF5zZx`a)&hg*LDLFP`{5#G-&>1H(UiGMfSgKV{WH2hQa z!BJkMwI9sfi`P{Cx%WZ2Ch&n*0ELX2JC~^PY}@WaDJ%Jv%4vXp%Fst4m7;SmR~eb~ zQ=xc z2{9RTdlFvm)fsqF%EPYmat+N{ZzruT0cCw5wU}4Ns4pl-my4!XRaOJ?6`sGyj3>lk_K%HK{Rejc6hCf z|BZEVp=DTDbk;XsP1Y@e8n;Y^o*G~5XrPsvnRgK;76AVAm&rJ`Q@vwH;iVs27fk(| z&2i(MsdClG7h1&GV$q2p-> z)ai*vcHFlt`l#GEwL}LUENN6GQJ3 zUW1{|-aYCUYYdTVEp?@uBy2?l1a!oUdo>F)h95K&VjsjomC0IUu0jLoS>9zWi2~|t zDN(_D@%qr)7LS2CrgJ0dhYq*lIS?PHhekx(m2IoH zt>H(4f3ewme*93vzNdPI{Nc#q=d8>Wldn>mC5GfiRqd{@No0FFVVj&j#kzH-aj*F~ z&R#;LCH>sl7G0B$IBIYf)c9%M>Tbo6MZBDPOu~CbwJOXAw(lpvcup=NSvyBWWauQsC=E3eT$=?9=_+Wsl&<_7qI<<(lFSGlSWVs`CrHi8dauykItigj4()#jKz zYzh8e0Rh(^w_%y75#DjGGz*U0iOSzy0ZWW}n+LMSG~D;>6W&V}!u@WL*)G)q>zRZ> z{4yM7xj!ve!SpS0b(d0ufPtdg^$S07LHscMO^ld$)`);RJKB7G zKl*##h51@50FD8FU+(;Q0bR14S&bU#?K0_NM^olA<{w|*9JEtH5Mu`a7(_-+{Y}qL zaMZ%hDsN85ylr=jD~x%eDYG&AJ*;5-?TXUf=SWAbV=WJKuKft#kR7z{oDk&~Fek7T zCoXgrYZ(cvd8KDqJm`v2NyEJmb;~Xz-GwLCq|2G9cC(4_AJAo6^P0>fN;#~3k-YEC zO(IujH2NGXS3NS=0Uz_1cNVX&)q?;`<~)oy)TiyXqiK4fSHm?k*V|`CHla)&JJH^c zDV5kNtdl*bJL-zn+0-&YGA)KCam>CS{EJm`CWSQs8L~U)xt|rWs!XH+e(y9jIIhXf zzJhwjFv_k@HYvGNVS9iGd8opsVZ<}f*3H)U&J)rs>Uo46>5c>2&!%S2UNzcG`ujBk z;<=@qN#l0qEaq?uo^)KphSoFg@+w!jzJA#>3jlVn($`zItGuA4Fet5ZG`-Y);hI+l z=5w{BJ_xujktdA2Wz`dPP#IOFLo-~9kzJsg#kU37(Dv`c>{32o>x`Z+IhV-ZcB7%!8 z<80?F{ECX|8=$`LiiYsgZr7NE&YkjI-h9secg?zvE5h9WdaW7|@D2*GL8MWWeCJ-; zRQ0TJc!%zmIznR>b(U*PfJpGRhn(m8?&AJaHw?mCMcCHK*9Pw}naFJlpxT zOe5u@e~;a@JI-aehQJ}LFkjW2wEF6b66-i4v};|#(Gttik3PfrxD@5<^17_!;`v(q z^76>m2`6oo(<^Wz9p4j|sKR)z&zQ9rw{Gkl(PoaL?!JvsRpJLvbs+F_(On zcquY$Eui`unH)%rXI#CnAE(u{^(-{$KNxV~sdffla_o$)=Bwi_fW^a?Yo>?@9gErf z7xavtyK5OT=4tK@K|M7C1qUyi;j9`-m;#_iS`L3oWll+Fg`e)Vm3H~~y!j&7paXfK z2#0|eE)(ZU*Voi=wf|N3+;5%fa;-r&=g*JlH+HpfLiPURVrbboWAo%_G5Y;i0%zG{ zAC-R!p@>eFQIc=y$L+T9CUHnuDb(+&e+S^on5O`*1Xz~ed(J{utc?KcZ;Jjg`%H#0 ziRGK=srtdOVmo9<39Xf{jvJ`A2iu-IYQ#%f-p@%K67)`O@Uxt7(fxy;Fs^0WwJMs@ z8Ws^Tf6!ZN-O{Gk^T`JOdg_LOiL(zt_{!wWmx*6VG`w$EBoC#*m@B-KXu(XW%Qx_r zzc;a1pFf}b@N}`bQBjp4&0{2w?IkdGuhx&n4$-72q$0960@im22gry=B0_%Z3DSeP zY_`dQM)EKSpbT$CvIMgz0?x(N0=F1$uK6MTs?6~IqM{g-tATvhy46qjcnlyDXRXu? zUAs0PJ{*}dk2(Dz-E2i}7jtbb50k6tIVo(lR2;wOhsR*^v>=u{=D7^>=rVJ7mK*2K z*E(eXNC(MBi&b3heB&4Rv@urgBp8I$2IP0Y19FGTjgt9iUh*p{&qGyU5E5XRj@M_3NRa9*bvDg)8k(?TH>sMxJ~%e1BY_dG`Z&z!rr5_cXjiZovsuPF?~+OW z$>iPXZfOhk#LgW0-Hg%NF9tA?bQh)`A*D-xRC@SR;UK;!*+yhvnxFsieyK@;BvgpL z`K=Q>BzxT!=y-Q%EB02{8sLC=`NDhKjLRl}4iSjYByuZ=?OcX4HRzc}qK90OvuOc! zkoiCxQrKQGMK&&l%*}3D9=C?b&taJDkBP^y+{oxGdGo2m)X4p+MR$m(2@mo7 z>K8AX77JLQGs_*%-?U25IEtHj6JUoTe**C6wE{*){n;@U7U8`9(y~GqQsSGIti_iN zWuq+T-eVOn>!Jl6MR;uVoy7OppDC^n?pBUFrV`aqOh(PIZ*IP@e*G?XowZQ&Ku0ScQsb5A8 zK3t|2gcxrK-KinXRu39&H4~pP`V#Bu<(>I$K2?(=_qp?w&extn9gMVplSUTq{rG!$ z7q!kWxB+sEarbxAzklLx`%s;?iLWIzVd6(v1Z@t&Q81erTj+}u>fO9dc}KKs0#ZNR zwKLO3L@v*$yBzJRD=3g`NWUkFApTwCz*cL2gDR703YT2YFYaYC)w8 zv9#Pv=ahEn>Q1ljxV!1%mX`H{tq3|Ey}RM+kEtfdTKCimWamrGc>Qxpy67++OT&Q^ zd~YMHwxlufU2=?Wx)4CK!)=OBj!Ii}tG~_aG;0=IYpthZlB@2Qj7rIa_Fr9wx#RV@ zYl{1;{Bs7^nd+zYb%GiEk!)=TgMWfV4w3)VBz<0>8NM;RH;0|+GZrrvDrcx7X6B0^xD)S>5U z4mT!`Zs7sV2|^;S4Jw-Ito4o?lGcmGlAN^cC~_k+6-(RgF}b}aIFoAtsIys9kja&0 z^5!##59>CIFkCf_b2%mR=-$0eY#LDi01HnTEkS*k-yLm7+ECR-Qgl>Sf>}9hfW^NM>;xdy^Z%;?eO%O^-u&cDQ4N0ex)tSj5dwfcd%5WDGN;*(6O)2Z|JhT6Ly$E^FtK;M0KNd}6vHu5#pu~1#^H4M=!@?gi-usta$+YpwE~rU!o#p{=ScOAp2b&QC;(8)#YQ+)YAW z#do>+?y%|w@FJdq^CJ1=TO5x;3dSY#8NL})^M$OT?B%0Ny8%QuJuQd#)X`o`FeWiF zNhM(AYc**VG`grB%#epO%z5C#|Ge;-24C;4ZE4moA03Q8r5+cdLWsF~m&Co{Tj zm%S>xp{Bu~>~;EQ5w-RkYry@U{ zT`c>bHg;3QZu7!}!ANgF0Khn|B=WqAmv%e;hs`KKDK6&G37BQdi+CiVs}U_d+OpLO zurLO4@(Js~2st<=bK799(gy%F@h*_vyK}PUJDcRaN4)$UT79^gF8bIvX`?L?C{}$~sL*`c6UTEd@nu?dMD7wR(}*o>CKr zFAD_`I5(8hm*fFE)8cUpMV)0Xaf5LR>!-Qrpc%=@qYicv+PU%|c?z}pw?EhqHXt^s zUpj`j1NGie>hy5r-98zwo5%k+Zs8a9*L^i%A=k(Y0#|-A62;n_OM1^FM#*A1eh-P3 zrvhzX9WqiV0K`=M%=4rpqYDdtKrN&jYr}K0`wdXskw|MD*G#r);#4P)D&>=P)YkKd zd8VVO%Uoq2#-d(o;cLY}J(?fwBCJX7ZwJdiX$~?4K7#H7?^ZPNK>8q8cU6o=F&141 zmswbPUtWGJ-q0N3p&VV8wH0|b%rD|Ow(p)px#0+E+ACr9Ri${yo65icmr39bVsb^~J!SHp%!0C>FfM|GapB(yqu1Si*nAh1`2KRNo=1VL zVPe-%xL>PSbi!!u^;4UoxCvKf*j(jiyZD2cjcfU6QGmryM0`5UmRiKA%kg>m=Piw@ zY9KVVhUl`k{5Ox}>=EP*o$waVxzc>^I@QrAovVGP{N#8}*BJc0&3b|S8^Dy<=cM^} zDM?Z!`7dQ9Ujtw-|C5hj-v`?Q`7__#=I#j=snbE)Zm11ipv7{*HSS}xFEYz%ND~ab z{u3>o@dXM_Dvp>=n)THW#SzULgu%<+0kCRsX<$oKy==pzY5{)#i0%)-e0wYLY^GFe zrfrUO%RgcK?5`0(qb7wUwu@vac;FGhOVU9fDb&vUdmPjEpJCr`b@tR`_KV<6tIXQo z7TN|ejX>^FEiRVuGlm$nl!C(kApYdD%^?DrZHucPykeT6+sG39`DkF*lE9iEN$=tWd(U*sm>CXyl}Eciu~ z{Gh$IaLtJhpt_Ngl;7VHD04BL-s7Wiru>-4vv>Bq_HCbSvs3Qzo4>VMH3q1`AKJQ!N;|KB51%5<FeOc8cb$Ov0Glds^r;ST0! z{k$g2$n{d?`vUqtgOilLuZa3&ObGN(;wM3c7E3wenHf(Fd}qF5cg*w&{*G{Seyj>i zY^C*cr}bYiRtIK9P0!S2cI4VMA{~`r%D5+uDu>NW8gZF4MPnof!@0!r?P)PW{?~sp z7aQxu{kaMC+%NXE{)4aBxR6n#9RIZurdEVrna}LFjGr=dP_d6l2$Kiu+$Px4qJAi6 z9f}+{;%Q8VGxOz|S9}go;oI}~{+%YX?TR%=^NrZo*I~t4#N6SCHbj zh}`VVRn?7xR>M(l1@Q-5>h%OA)5x*nL198cKV7;7?BUTrQG18FUSS;{#x}~H%SPSj zh(|QqiQG+j2XxS65-LVNyldOl7@$~+)JMxdj8$DvFy{$&aukpsyKEKm>9S1UzSBOk zxxjeWziQ9O{r#DRr-HT^cC}ir@{EMrA22T}cjN^G$yn8DqkgPnSV-AK)PGo>+h-iy z^ck<9w|RBYmgHD5ja&7|fsp*}$G8W9Xf!)=nP4-o^7sboEPa18+a%|K&FPbEB{m$if zJ6&2lG~f0!rd_N*wB(&@wA<9(lG$&p)jn6i;-mM86j%<%QAI^{_a1xSS?-eT zH8Jv?&=GhZN$yJrx;8&fv10~WS^ixs5$Lduyz^iNJ~ZVzk6S%-2+&C^aymC7dAt4N zKBSdN7a@=_A-Va1iI4bHx(@vRN6yMapp`xUk&Q)>B)#5{D(LKH1HB4#)q-hpP@cL5E z*Iu?VAm;fhhpiUOyD$`_9n87bbZa^f^LE8l4QM9{%_+BlZ%^iaa%ZP>2$J#EG%Geh$ya}IvWOGN~xJe zTl^o^-aH=a_5B}rI&D%Zp;Bl=mPuL0PAN2mY{QIDmSGr_m_q1?7D8ccV=2ZymN8?5 zhRBk2nz5TuN!Fok6BB-~sm`f)=Y7t*&*S_1pV!>4>%Ok%^}L?fb>A@TM&IoD`R)()c&g~_~%)NPj^#${09HTO!UZRH_1zA-*_;)EbWrG#79H|vM`X;zGE`){|Apc^YoH(Oh?y8fe2tLylXWn z_yAk1Sd(T@HUgnNZzyaGX#E|XY`L3Kk47aA9ZENz_;zxKQnmhlwVx_9ZKa>O!oNRXOjPrNR*lCn$SQmeJ+_JJ2M6Q&@y8@Z(LX z_5HgIO6M+o0xPk;HBoejWglBX3#Lw)G7|D*8%0Uq_Ou$pMPJha-Os++JL`zUPdg5lQ5a-rm+ zt6Duy0Kck;h_v)e8w8DRIFBxJZ3PfIu4ZtqnL&*eaoGZh&b57koS$a$|6gB^bFA;A z#=+k8nx~3^R?!XZMrn%iOk59nXneiNX5|I4-Soc8k-mxjDp~B8|3{_@I1M8IYj@$i z@n-NJ#ye2JEJWJNkNPtmmE&DD`N_wd7vepTH?MD&m@3<=DKM- zc0H3dKG6L?1Sg~aAFWyxY_~exVRTgIcca$VAy@kG=lt43pptvCzevNsOh>-AS#SDj z7jxeTz6hLG{}jUU4_g5MSolH`6q5P2DccP67(e44O$56E(Osn4a?RlX#)JXK@B79Z zJ9h;ezTU+t37<)LKc%zhrBu|e$|=6$_XASmI-@-aLa60W#l#!`%UD-rmus4g_sO~k zWPBW3PE!*396l;k7Br_9QMA@%2VU(d(z_dP1=ES!SbrXZr>l>eIz$ zd*Eyap#J>t#T3Qubuo1plvrnUw-@vS?fjSB8QAncMUNrFud>QN5~eAvX!0`2;SX`2 zi%jEvqRF2-`y_yl&JXh8zc{Y9-LEPaO!AjD=07K}#U|nE)jJJ6z-f2 z@1Y$#TTH(TCI1G1l-b(8hIsbI~^*;UR@e~-cCL~(3cofbIuAZ9n+QB?P=>iAT805JZr&YG+vR__7>Ly z{W?nWwPc-~E{_Nj4oT7u3L3jfJeN&6Y4$`^@ba?#dwJ)*XYgqpo%F}L%Azdqan^Z; z)`0UFV3_y2PW^9=HdJ~tA{3_ZnqCN=<2{w_`20XjSAg27tQdT1x*K#LdAmaADb3Cf!aw#9?PH%e8yn~ci9{0LyrNxP^9~oT!R8-GeEjOQq3Bp7B zSABopmWKF1I3B&xCQL4YhGeJI$e54|`goSsDN`N=K-sM|_s>#Uw)slVF1C;8IcByMHhYv-!h1Qt$1rfYP z=Tuq_ET;d>k_)+pMXJB0OR>ui54SrXr4!d~5IzDqVHBy=F|vce>ii|^&f9h%tipIG zv6qhLcZk*+0U*Cn*J@OA?%dV15yaixx(ZSW^ZK}^Bl2L*laf4D>zFUo65q_6qQM^4 zOFsT^iG6xgvQrDxIdThA_eEY9JYhU&Ny#o{w5O`#=w@X=ET&{}kp2fb=8C{T<&2Gl za%Y&`T1+)cy<&AVBAz@QvEUg59^7NaHgl#xfxplgCGx+aWmNl+odW&q9okFYZ_3u( zrfDe+4}ej6PrUTn>EA>`mkjr;y_Nw0?|aGqFW5=3WI8^BP&CO$H>=wO5VbaMhV5w7 zHnvC@X^iiiv@gbcNp9uy%io+uwW(1kblgmqv(^g!%KQhyf%A?;35}1R@gMs3`Js00g@My1`;yLKF_t?JMm~+zdTR|J-Wg|cnR+lB4(7zkLpPGkc zU&uGGDg4%|{ALhY3iy4iGk#$E6$=7rLtGx=bN<8tu3y7uHI+Ip0Jm& z;vc2gUsDJyey{z?sI-#mh#p9-m%lWH z3S4Qy4PMy(rAhkzI*z~b_M&i$t;$_G`PXFreG z$Wm{%WosoO_iJ8%@{yPpxxT8z2mcY9QkgsgjI9AT2Yk75<8OSk!gmR1=sb_Q?OA-i zAk|%5Qez|YI#4Ujkx#H`JDn4yzK&OX;m`rX9FLYz$MwtTSJ>`do%EkkWk8(+frAgW ziTzs*Zv`p7TW`_dweD|^?~S4+X(p$rja!G_?DXph5D z7QEoZf)>gY_Z&T_ea8N>~&L&8CC|z@!r&`3P3$avQ;V(c`7MKD!Be<}t&+hu8rl+52 zZ+sageOT|rZ$l*C-cqCNV^PY72g@JB7%21M zzt@=NL&j!ph$r38@zp+)FY<}EW>nuao*I2|S51~t-cPCdfCCa0|M)GDS6o#oN&M_8c3RHjmD}@2jBa=%Rb!hyMQT@+1jpWLxwS5 zJsk9zsxQ(~|3vMrjFLrFI8bK+w^H}Sq_=GQxy=iIyfV-DFC-x0*cio!1 z88Bj+FN$9>ZlAq^2+ikb$k>Qohx3^J2+-+to$q;hNP+KNI)8 zz{EY{{b2cuT$ISlqw$I+dUKiAb9cvp21I8GbIm8wwmZ@S=7V*be~NscOq(+d^5jEJ z2y6E3DX$dBpuryMT{0UIA{gRBm}f{4q3M0F2*3!bmFP` zDN%6Sqc!4n_MIQS0fFP$I-tbd{k_EWzOS@dg|f0$Uge(B^K8;gunyk!oY;)eiw5p~tucZZQ2$R$=lBy5fo0gKsNiHnB+==2*p)@@`a zDBU#CEpB@CaWd#K8I#p@t34g(qzjVn_0G7@0>+kCmtIwktD1m9>;Zm$3^&zz~%gDL@OK#@GnYEOxWd*m>$ z(w8o35t(OB8zEP=*N9ht0Uzv@8a|#n08D#f-K1w{U!7A97X*35)wkze5*fN>$eao? zwW9u;JNDg{SK)LGpRCquOH6gN^pBRpqNnDrxgxS`zfEy)+6`>grTWg95ttu%bHDV z_A$F;j@GKb;U(fPn(chEna9DU{ISzUY%A#^W`mCR(#vY$rqqv+Qflf$;Lp8MTIwNG7B=8|*d-zJ@ z1}rKCv8bZXOOG_(>0WmBJI(4cObKm5Am~nSZ+L$=A#r?m-pp97<=|!{rQFCbG zdhCvHlg19tAs8M&x3c>|w<7q;8Z#?Yux3RYQam;$CSY>U|45KyM!~D4y9Ap{@W)N0 z4@zTCO>h9Yq@T7*gj zNK;9$A@aBAr)c@!`FF%3)k)n5tj|&RAR=kGIcX#>W!4buB3p}GLJ%7N~7>Azso7OD^QcAn;B z=B}nhW8lUFUY^D=FUX>n+;Pu=#*Ly^<7(Rb!fUdMZa7_XSdRHTbimc;0oXbQ&|C?7 zeAI0K8x`LKM3@cVMHpemHDJ<63E|yO$-4q%X(OwgJow$FS{P7eR-ZV$>r@u~M@C}w zg^>WhB`8k!3j6Rj&cxZ;SH^3jB#+bxw@9CiVTFh7oJYnK3`o!dvNc)lxj!YXSMC5> zJ>wSO&kVJq2Maz%{uYaFBd#cP1gkr3!qS69uZ-ZBZnhxYZ2K#f$83A@KJ_gTJR6(> zx}Wx+xVJIeW9@wqI_^X@<&cKV0|ka@PM4YK$(D0!o8BV)rSd!!UtzAL$@Iqhth%JY zD&568`CWgLU4a4M^)(1%s{6`YxF3$mA>qee-@H;4e1sI=5jxV#QzMQ&(b}FnM%^f~ z_j0#^S68#eTsLJT&N|rd?&|%EyX;T=Lt2c>2u%Uz_1rkZ=odNknOPa)S_LrZSF`v$ zF#%P*`GgPjM>u>tx;9*`cJT32!M);JRz~lvr4Uopjn*z>%%J(2A3qU|_UO1vbn^Sn ze{dXjv$L6s6)pwLIk6vAayc>d0V++KIi$x6Y_)p>I@k~>0Z@aQlttFC`wZ}X@xK|{ z{kF(90e&R>O8qM3mFfQGm2q7DC&c*x4KNJSy)f-9%_}Y+vyWeAEV|#4~%_&?RjiBSLkfS3p zDvPI_lbTf#%(KN!vR`rxZX*_zwa-Sp1>o{)b88xXpZbjTgrZhH5p>rMul%vNR)i9E zbInSX;T2WCaaBz)kgx`DF!@u$V##!&6!T!vM1{Rx~iN9}S=E+k4&M03Xq@-pfpS8gO*kg@P zyRpeWr$N_u9gELil?ky=t8Yz;c+q*XH|kE%8<}0Mf9&2y@72r*q+L#_u#J)eaxJ|P^jW6jT(oa3^f9LhA{rypq>cM%RJR(1 zm4IX@aF7r=s-3(Z`&k?4Cl(nsY&fO5aA!&I7%kEJE$O6Q{;BnB89~I$y*JHyyhr*X zH#*i9M-*hI)oUA61iF}{4QOHuWAvmgTjZE?GPa~%m~D?CBO4LH1MZ`i2F`|%rj&Ji z2z^OYqkgZFxWOYTP+$b2G-T4HQa{gABk;|V<62ukFm`#+6Z;a@>uopJ{TOrUaXOwk zK1y?l>rPF7pR3jpcTa?|Jgt7sgcbJ z91Xd3WAXC~#Hc(tf5SNi^Ynfh)e75uc(1s$V~6YAv!{>4T9h0vC`(Ym6+2NSs$|%c zk_i<<9)Xc<%8I*CC30(1#?`|zF!fv*ix;a^AMY+rysSsmRQ-I_ z*}pA;|NM!Ttzf6FrnI7032vfoYZBtGoJO)kVd*1SjXm=#Wjc1jciH@RJS`JN`;T;f-f=t;T{?R-o z%1FYc^SV*izy(gyqq!i@OYs1ffuBE!!{So*wYBbX8fi?)N8V-{u@sGk`<;+Qny*vIdhgCAGG&U4rsyg76c(5EQn z7ff$TkH31s5Kku>jR%gGJf;mJ9)nf_%<~zft74#DC)XU=$)^g>4`90NKJ`si)0S@_ zCvBZ6Iq2zzE`vef1B0BC0)GiuU2RW}-)v7cjfGsg`SkrZC73d#$Gri^bOClYhX2*e z0}XG=B99!yHa-cU7ej0nT{_O?NV>{DPCBBfz&B8~s`ow(EBNjn&*QojOPbgG6Q@wG zx6Lh+={n&;YahDb_-b`5Z|@p*KDZAgYmgtK?p~VsEY_8s%TBVmQ;=$w6^fltK>CNd zj-Da@QImsiecPUYUPG_oSadrtr|9JR9|37B`YCSL_SpfBGIFCG(Yhrmc4sSLZ>Y?> z=&V8qMCjcK5!AA$tjATdT?p)tboCl>wJe?Wg(z{Ufxr}wa{1#d#55WCI2vup<8%fj z-;0xfr{K1?Mx3YYDNrU@iQ25q)g3T0FR;#kzLrMu4~oes?9kL)t9dVby-sxf=QpPc z4Ymj0T>rp<@8nL%?bDsbr=syU)3p!Ct2le2mp`u$gdyMCj|kp8VYkSGd$ zPLvYZ?-xoNRhGoqR>Pm>k!<7ehb$8Gsqtb%a#B=t9YU^^H+yVxl4K=$r~tSzG}sId zt3#9%=%E6;@fR-kk$wEn3oX}4yzMDcaEq!(oToF+%ru5=LffH{tP@W3*j^tHM4k`X zr`_XO8^T=!CY}lBLo#~1o4OCmxQ9dybeqMy)B12zRPucn?|}KC=gjlSfhkpTKyBm2 zcnI~5MjB?zLErSuhc4VM)XJI0ZV*!UL}gpT!fcOx#n8kYG&eSeoYqfH_U{1QSxmbu zs_$3moz`rP3KOsJv_e%E2Uv@`UAM78E5M4ltvBHx66MF40#4 z-X~D+FI~;Fk152~r|$BvnmQ56c2O=oVxz@WDH+quW8Y!!TTEui37ITPo6fJ0c(`sJ z3o|?_7-qmKEkF1Wi=v7uH z@0R5j5SuYxA~AXbV%eXPGF}a(TJ7-1`#KQWE?3TEl&K^)N$vFUA~c1a_8W?5jdWLY zVC@w*CLp_8_t^*8xy}1dLojbBPM@_qZG&{Vj8l{Ki+qL2I59Y`xnGufVq!KX+WhmD80R69 zV}VkAmOYJ`!6@1lqxk$`n~SN`$-l$aXR@9Q9=2JF`aDS^;8_34?r{RNH^4ziLi( zJA||jfiP~9FHj1ZW|&3Bht=pUdY9;7h7hqlb*d#j5Ccu>3{W^{h3>eL9+N(k4OBqh zCMa#fd0@DK|6Y~d_^7w`*}06O(*Y^#ba3p_X%;i}cVn5$L1|atC2Td)k~+$bypkg@ zH%ioEF505K&$kQBDSLcIO%dKlU_3|)d~Kn-Zz!U%&lB-{4+U*Y3hfNxl-}5DVBEdz zRMFV`wY^vIJrMoOfP?wHu`JEm29f-><;+PMH|@%WMh*f!dO3g7lJ_p}wGxC~u7q#6 zAysp2ve$hd#*c@u0E%i>%QqS{my*#5KNgUm8oAkRV;Zy9gQipk8Sf!PsF=Vg-PVjYiNGw)#@&~}gz3`WT66~@8Ibq_ zf_q_ExH$ZFi+<)pA9i75%`@%J z1;rWi)xE<_m8mqk(REQjYtRcTJjo=t_fZrj$!E*7nTQ!2(vU8eMq=_u#JSO%g)iZs z&|k>i@kqlpW{1YREJ@{(GRk^JK?SiHlYFQsCrp{10&+tQuF;X^?%5=z7)o2QU&OzY zi?S^mT#-H35AGa2Jh|`~Qdy0&kI~qkLX)0ZB#zBt%n_s`%-vlcjp&G~H1uy=FLemq z_1Xk(uJcEh12fY)xDU2PRc&AJ*~0&Dx~F2O%zt~~bff^bcK?(2FXDjVWx=FFOP{Dg zVH$(L=s-iN74k?DNsjtPAA0X>xFIx`MjOo&3oI~H_Y=f{?8aTWA0>}Wno zwn4N#)kN=$@EAG{s~3+Dh?#!EoPHhn+^Ki!(xURLAPMe1w7=-Tgt8hC%D**k*^k+> zeIaWw_)I2Kez0DgVWfusd;%RLB)wuqc+pKU#oxrSb{di{IE2Q*Q?rZ5Vl6sz&5QH+ zrFr^Fh>N8ppE4#t#g;xNtVxBeA!xxC{W4ZGc5}bpEZ}rFfm|8diq@p2PdTIst}EYN zDUd$=Byujrs4U8(+9)cZPYbxEm0$YcyCtt`L9;x`a4WnwE>k*1L*GE7#wYKnacE2N zA>Doy82*6Zs1XSA8$)RWpT!dadEzj#G8NmBOi-@gB!y`6b^1vgUUZvzxHyG7v_#De1#*apb;J6hkOb4NOeLh^bn+4_e& z);>zfxG=%b2Y;NejX2p5=sa>+BL7S*^yxiux5Wbh7?pG*)x!*7PLG~WUas%lOJL|a zj2xvzWG300^~kR3ty_)C8Kk7LL~A$aBj9k9d#T@DejW_%-HLD7sk``qPTb2MpN=@E0cC5iFX=rBY06MBh5>X@6t zxMBv|rGTxgraNR@37n8k?+vkk3{=-g`2wox)bWr9@Ad5NEURt^JIit#m|I||6RYoNfBknC2PnvY9-*T8XaxPWDskPcTRl&ElI=ijH+?aG= zu5%dE@&YbHlYq zAkTMIG!Gi9189C!90fnNItmm~VP}Sl=C7(A#4XW!9#VBF|7bB? z^AhpM_yWi`%n(S_Hqeq(Y4$aWVddXqs*fqNl;TX6()R+} z^DJ3qB<^)!!RKgmF1kWSrz1oP3`3=$1|}pA>hLHDS(Dv=rx*_Q&ZRR7=z$`(J^GiI zJq0V>pCse<655mGmg|>Edtc6fLRyQ zq?V})aLtv?L)qm!5UFXG@==nR5s!zRLAui>kk{B0s6r&-uApN{*dh4k+);vFyhD`5 zOpB=jp~+r;@{H&1wiAu}hY@ya42`8vX48~wtU3>C&pgQpb2wF>`1|-=oOv^CR4ShY zmGo`70a&m9&JEUWfqB_gM2SaSO%V#v zVy@$Q6mGvOEYyA%*Q2xZEBad5yR?%;1B53g`HvnNDDtWHWPM&~7`6|6ga`Ob^UBE6 z>q|MXrO8aa%3H*@lMgY!Gr;vCo~h+0 zKAk$!FJtCciT;8$oT-Y?tW8h-PTqLpuptarqI)>H?A=8o*SPyW0ZNf;$9;P<(or+d zk}YxzM+$oRBQ&mE9o2eQ)k#rCv+<6YcGT@7(p7yW`2%_d7jZ2H*1AtbAk@-!QmnVI zfz=s(>B+HWb168iglwn)#nTygn&h$Odu%*R>4<_Y9XShGz2-6%0p9F~Hwb(Y?QiXA zFgWQcEoZD%3PvncI0T=5A(cM1un&Xd3(xGfkEw4~hETH`!VWC&@7V>!3+86+n9P|t ze4pRE?^yued`eOo`ZT&>zXQETx0ID=fyy&qj|W#2R&1N>V@0P^@5DuT3lep8(>4w0 zNrEGO5zjWopNkX-o~=U|`^^NuZy%ih!W!*-y{D??-VYCTFWxXkh3OTgVemeAnJ=#@ z$CMh6Er8l&4mbhV!cE%V9mq<_;G}85*e4&4|5hZjqfFaXGV>h-z%?i=y_*vbM+#op z=avEtv+^AzbF{si8m8xmeOg8}L(zLzLY95Unqq|2R`eG?GspL)2fEMpfu>S)lU7QT@iwh>Cp@Q_cZTtQjMDAaOq#c5UmA8 z+>MivSP=M&tm z%No1I@?A2ix8l5_3u6{uLBrxa=pr#y;5>j%1*F=Wxzk2Zv1qzXHgm_X`St$m_NVYW z%ncW9yOX^-{9`nQW3%U1^X_SOKW&nVID!c;iMH6^jK#6rrFNR2@-)cI!UWaBBdDPZx0WNH5^J!VQtc z9kAKftrp{prTo}*!f2@}w`A^(SS9jQl?AmfZm+I0yab1dMhSOpQLEt1Y$G{}73i}G zh2dfaE>466UgtmZVyn6^c9paMkXv=9Q?^(xm!SB})g;A^J>SZ!DD(Jo)9Ww!8pEnE zKpoV)2kMuj?7H%O|ykZDRfH>DD9lxYK-mgV zcJ1NuF|KWPvKsxu$pY1Bu3ndYt^rk3Tb&s-N=c_yd*j=YZGhtX$(jaq=LNHUbA$3pJuM-bEDTACpaj$rnZaw@8r^keh%EuA{!G zTGK}^*vA}G6QUG~yJ-NK5K1Ogr>U(yzQ`D>cAHv8j!1%PdVSa{J|#|foDSQhW|=nW z7P%22<32Kr>izc(mRW)+$foG|>r$Z8qRt7Vbc=-YInl@g@g#gtggbU@ftc!P69}y9 z!L>oN^7Af}DPW?-o-o7ubcSA;U3PslKg8}mb>9lT8YI0u1D{RMkS>ok^CVq2afciM zQhbb$XoWjK(eB!0KSVkbB!w7Cbc9!P|3(ZE^>_I?|}C z9Pz>%)mQrNS+(X~|772*^_}?+IuBi3B}cyPSO9^qL%3`}xV1J`QQlIK#wIulU{MBHvZxkJ-e+)us>hW=if&o)S9MRNj5i|R6K=yT^_9K zb-;^*V8LFTJNm3CeARE9HvJm^$;;JH zgQy5Yi3@|mI<18Wd(rr@XaOuzZ$>tWwKjVS)yLsr$H1`Pj!qI35BXIC;^Xjc;YOci z&fw-2L*DBPH=kglv!_fA>02a|ba!K;^@U5bfb68i%G!OW)~cq?UMKr$J)Z$-f1HKm zy*N)9@<7S7^sDU{@|8W-LDCH&E$#i59bxWWvC(t{yjjW*8I8CQCho@Qj>ZMZ0C{QB zvN=*X=>9;}!^htUmybSv{`ebF@%u})RRUXP<6LAIwtbrK7vr);qM~#b1V!+d9VX*S z0W55;s2XfMvBpX`UAEG?wsLNY41dsM#z%;b)kNEPWQOQOHN|8(4jP5aK=bI6E>lD)+arBVFQ{Fm*{+E3edoQ z0Q08E3-3IQW$tQ_U1KcHE_F&oL1gwQ9AP^X~G)hcU5kn7kHN-u% zQ0`!p9hrJSl!X~O{7m0Wg*4pEOv?{RMjQiYV&JZjOuC^oKQ;+={GLanYl}JzMxIDK z-9mnA3^mD3!nKjinZswX$fj<~B5a)gBwxegny%(*<#gadv}hcFX8?CpCmLGlXZ8sG zsmjKr6KAaO*B$I$QKb&|-ZzFz6{m;V%H9_gnF^G`aM$+wo#D}oBia99qeM2^o4Fxe zK!08nkZ^!3RCYI=2p)k+7?{!yGYNNSjYUzX;){ByNhbO&4zS4>fiKi~;-01_GIM|U zbhfXk1AVItEQ%wVK&S*8rQDl)A_NAr&L#2r%Uq(9FZHiDF=rNgee9ydb9)_OgJp-% z1M1Xx4NZ`H--<*VJd5p;I&w|_m-O`*uh*ljhA{1g_eFLps!*2_tMT!S{NbJ=34mr_ z5e+&Y^yY=WLE7>=XM3lIF0-+ru1y?jF<`kzy7%i=sZaKM)QkIX&j%^?UG-oD0mLGB zq0EQ0?jcAvABSV5je-|YxA0D8oP%y${dYw^O#F5wKl356@g3-cLP>8d6r87sY2J-w zVZLHvmS>kdf&F3^)+E>Tu`ZAOf*`E6x7B2M5B?EG@wr)Q?^RPI8!jn1vtpiv9LGzR z)fJ}2mQ#4^J+QI57%VmmWYMFA2adsqFH90Jn5^u@Q zT3>m7tN{18KJ+-IndcNl!nAI)gVQ=|a@%YExGng)i#nSsXK?I1^C}2dQR1nnwZ|Uz zRnv#{UM+?nXM+VDX9Z27n?(dGJ+18mrWQZZMJn5(Gh3o`MWZx4{0FB3YtQsp7kLs! zdkZrrW4#CT>vPp<^s{j8oYb+oIA}A$k(o`lLHUQUbKI>#?*NrTrN==i%05Pnskn1G zh}IZOo*4({lD2hBQ@d$#!h_j1{b@ecC2V@NfixI4UqNGU5yje27oGhJ#5A1aa6M0T zSb!js@k?TZQOh6O-0VXi`w`cgGlKgPYfU@WZY;T6yA1v8xA5-u#Psdhq*_OTfFzUs zxjuracs>&eL2TTy3j&o?T<>tCU;;hb;s||mw7ktwX|c{DMu}SJe~|pt<%?vC{kfuj z<(iAo#o}>o*E4d>FXw()E9%;V`;+kW_Y}e@Aca*-}U)FX)B2*%?mTZ6Io8x{}^<1n88^ zqmx`{S*fE(+|?|;7POqG#OSNU`H`DAdPCp}@Fjtu_{D^V{9ec0QN>GCVxe0%&;?U+ zass+?r+kgmi2C(e8Z%X*Sb>6moQ9s@uUEEeCq&oK&xDhePC!NSBsLYQ&?(nyvInZB zGaS~So~w&>!MzSSO4nYYui<3?V!tO(99m3c-)(5t_Sav{a|XUVH%rxfpda!`LjYaX$h{dCt55ZTLu5TsDa2Hw>mmiu)EeXz zh)YJH+Lj{IMA@+951xweUq>{SbEKed%1+-kSdha1(=u^B`}q7VqR{vKU< zO;VC1IR5qHsK;gw@~l_BES^&;;;pZicsGPThKGSM_AIBC(h(bIs7D?3C1gAM7wJZP#08M z%z!q0l<~}Ihaym=traeh|NjtA8k@lQdjes3?KiY|KP^EdgC^%>i;SPx3aC7B)IVQE zUvPIUX;u-$s_1!I8gPKk8m$2JqciRgl4t$Ua6*&5hF=h^Q_jq^TW(=F4i797v9W{U zl)1OQApIv<)uYSm)Z?VRzT2HqW;!%0uIvw*TSGUX(QWd3eCRA;c(w z@8$|hYy(?~5?Da6KXqLz4lxh~a?=@VKEb*aR7gHYe{n|CpGYQPbWpHGWu~0*sk*{^ zM&83o^Ew<;OJ`90%^aR>3(~1jCyew5^lN&u9O9AejJR1>ST=4&`9@n$i8^0YRa!Fx z#P#Sj(1(5a&wbc;4y-Q?cHdnNBkB14$v&}ccGzKFfux3agNF@>%3`mMNeB7cpF#;^ zAF30CUg14*{R$O}PhX zu_6Dc#Y$uXiDHxGwMKp2TmqdQ6?K1iQo8R;>e~=T*1NwVupqHXYAmGOe&T+fa}(ih zY}+SX3*E{jlU_pXChV*ix3;7hW&#b!H!|S9tC?lF{EWqltr3F_(b)jjBf4d=Zy=sU zxd>k--%r&-S4Z=RxV~Y?gO7K=HzI&fR(I~kMxbVKk~NvD*3juCnuY_ytpt!o&$*Zsh9dPy^+X4P^;4dB=X`eVc`p4m6oh(u>-l#{$)$gbEJ=QgR__LTOFJZN~^+} z8i8*iK2jG;bV2Q{&`bhYN~(PaKC!3KBbzWAfg$6S9SG|l9+Q|+4P|8QB*5;cv)rAI zP_#G-S&NKP-&`tdiOzuMNrGWhgd-Z3i`N!C{Z??jb2()*AwRjT&OHqF{f$vQLNM*k z3yU87m6A@wI1BHC^ zH*k3$2gY9b{&DOj^++SaSQWU?mUPoG6DKOcAD7p3EAYLjimE}!w}djyzFddcL+67K z9Ws;Di8DYBiEfrlf{UcJ0T*~TRT@Q{GhLE)+b9+8ZYQk+gSF@z2{H!BpxIZNLX;o_ zC_%D7!AVS2+P1IS(kzEK`M%Gt|HMz*PV*WakbRO7wT8f>6hsJY%H;I?TIQ`C+DSYA zBW!auu6hck5G0d2j5OK`#;o`9C)BC~ZJC;(zUuJ>t&jI^gdX+!1k8op8FcxLOE}`+ zgBf%6;&UMu%U7?WTI<1i^E^fA$gTQj&{R5GEjc&yvzgm$T#^h>BdP=Kss(eibnX~( zBy6(t#SsB)iM~#kctHri?u-^ywbS%b9)C)CUd)%K{CBl~_lY|Wi{jYKabC~QV&r2X zJLprKef~O=5e0lMJ^&)EG_ox-%l?=2SO{8kP~-LXLhK&dqg@Hrl#&Bz(Sm4UhHaZn zdFMWCfkeUa*w`;_8B-s2!jFNsQqhZ#aZV9R1hkJ#lg!6}(n`Id?l%+%ybvSJRWcTd zTA5!}ll*Bj9ufhP_A0(&cccEFV|2-tenGl$7e@23!gB zhZq~u1^V4r-VVmc{i6q+GaWG=vw~O|B4ThyWk6={@`T(h-t2G;Fh0k$^5kyQN05{8 zjTtQWCLohfcB$>M%8pNx`RUcvjwIKNhsb-}6^LZZeYXg8>F z{`^}a1$OI+Rn0ib%s5;iAw3aL(1H1_D;)*|Moc#_o}xSG3OLyPe|NC1k!POWbz2O4 zy*`vno>I||?`bCVp@kHsAAquxU`gpsQUm6|YOP?9_=keht7FW$Z*SCTrcGpoiV-<4 z$b^~&kcJOe9mM@(BuCW~?Jr$z?@1g@l)SQu}TSAm^^7#KhZlYOn{pa^@kxc1q6 zo&SK0q+Qa-G!{OYo$70{*IHY>=2=&$7q&A%tBYmLbc)qupJE1AMY=@)MeoBFu8{mgP z#c~{asM%VZI5`e(@l*E;igOJ!jJu4rz62@S7qQ}hcoB>K0{q__l&_|J*Q&L)HtSP0 z*4$VxhF9*`2MrR2qoz4Qh2E#V8JYPXLACi{AB|-ePz^wz_`gG6r{G_D(WW%zcH!$+ z&8EmYkr+e#OMCfotEIXv#vEt6(4SV&YQJWSGYu;!Dkv)m`m_gi`|%--+sC0IB|c@1 zm#7AN`~#=1lr}qrO`oPQZ71=zOp*W0+zCLiyL};YUl}fd+?$&stI{Ue0CAH4_aMPl z?f=x4Wc66`sG^3F*io(V1@42m{+|*C@Id%C@0|}v`=e*V-A`)+%mC+1Ww75}cWCkW zYLS(v0=MmV!2uG&b@JiZ6~WO`?!7~oHMcVLwRp#?j3=m#o*rJCdJNUgU6&csJg*u> z$qlW_ArIdE#6rb^@aX?mOjUCQI``N)FdhIeb#UC*p>dN#lu||6ROc6mqEoFe0pvr# zKKnvBYo$ zs2eKi<3KO?2=KaR{cQL3$}e8e@PB0Yg}FhhFYo*QZu4Hi?>rZ3zw_8;eDvS|>#rw$ zA0V*@mRstha~>A#1GSdfBjfh$HF;=x<*BSh|Q`WY9Al)i$^qAtSZ&_R?i2m7ghjf zmiQMl3z_Q=*+2MwGd3T@mHt#l?*iPN`PJPg%kgV>#};9#!{=`5L`byeg zKK^~K>Mu9({WRlarlhrJKv!045sFg#Vu{oU7DcjA2&**q|M1}6_;|2!lt)IUyzM=A zJ&w=U5fSZ+CmQ!IrsmBMxo)=qMFka-d&J*;2${R&;=Js8mKF5Z{(l$bzXvLTXX!OuWyxJNf_qw|1S?y&`Rb# zo&9pMmAWH);PrnDd#xCq7=un+j^v2kd zTwDP9e61Z{C>I%?o#U94Z=h#k;onXAHoB@+q4*8ZF&6`tt19{XzQKFKmLGKNxK4_3 zKnF6qPI>S*E`A8ze=iVmxw0Hf&{k~hcKxd*4i`H6t%VFu|B*stlD!+Gr&DZ18_2Sp zg>w^FCpEIhQpiqaRd?2L?cfAR^t{uDi$Npd`CK=H&#D%=zX5Dh8aj7r>`Vo9ax(Z| zWBbS#ECPOtLUVT>$p|})>nEshB{WGhAzWo}fGJCn5V-|O5B zL`lqeU{Mk8zdqFjM&FH{+6|wXT0TxL00Qv=I*if-O8J=IOIU9=y@Bi9SKBP5If!zd zG!df|anjcmfYB*Ntbl-se-A+vq+wr`u9t9Gns?8AZZ(J{K0pWCn zX)tu-vA|bndC?0P{%ls!rU2%@8-8NpLU+)a84{?{hjE)=ce_uve!lzwXK|7O)z5Z1 zwix+SJN`fRzJsl)bZeV4GwP^=&Y;2wD#sDyAWbDjP+{yMY#a!JG!dkR5G4kYKH{KK z9gKn`G$|V*gx-rt7m=C(p({m++J22q;r$7e%~ zRr?Ln=eV{bCsKxDRyHp5Y!La4@O8!dvAR?iJ8Q1!5FBe%y#B#I=7qzj%r5=Ui>4O8 zI!M1(OtT4GE_=Ho@hVi>t+tr>`RZr?EX>hPm|>f=&tm*A*l?qRm$3U??S)5*UMHq% zrA`)XSa3sUq?5*-;b~OfUzZaa!9+wxA5L||?Jl1`6z#dN(Ac)~-}w38S)FYF7D{r> zJcYAxs;4&nwD`?~)vM_E4Hy*Lqcyo~8#o4oaa4MJ#mC_@UgQ6<+5awzNG92Iv|e{h zpn3kDdkjM)x^R!6Q`za7g4sI}5&Y(V1=Rz9(86c1>4_K2lo#A={zqSK+I2!==F-Qo z9G8NUy0%WGH`6ZImT%GYo{Ll1DsX#JY#>~O2AaS#e@8x%dV3}jnCKr}(=)Lp&i~;m zFy+55;{Xr)J0$d%uTb&eiz( zgWaw*35Z1RoG!BX`K8H2eV8=1k_o(q(+h?F_d=BX@wq;wq-u*FHnw$-V4_s8O`_ZQ z_NO&zP2@M_k1mymwzC`kFa;1AxfwuzyypI|J(}N;KODQEsME}ybo+PgJ;GGStH|^N zieN?mp3c7_{MsNYo(*Fj>AmV0J*XRTaf=FX>&P(v`!X0;R5Uqo&or%Qu1;|G>&ewV zDvmd+GE7>#8cIZ@F52v&>U8@P$VYwz3I#tA+UnIMnZv378nY<9{~k2wVY$TD#_z01 zJ9fhPt*+8Qr$=6`k+lyiJqCldN7)HqbwuoBC1SRC5aR`ZivMfTrqsXXKJwhtvC>!g z@1colHX|_e!o-P{jFQK{a?I{IHwoa?nTdRf8Z6u}dro~@G3?5RAe#?q13}LMxY++|8#rQhXxrVH}*-hWRTXZuE+%1DG zS)kzO6SHxZAsZMb*s(;S|D7$tqInQIj-OZvvlRvySd{oCD1O`DNCU4vt4kr{QH>CtNDKK7$JhUK z>cVhU)knd+yqA32#BTV6tsLy=a?`zQ)(*eG{?x|Snn}Agmq`~o9sfGH_WyXtZ@#N4 zwhFzX@Ii};s*mYInK{R!`&D6-#@o-beX(r4)6A8$vTm2xNbAHdY&L&b$NsIoz>EFv zBnU!&!2t1^M?ZdvwPG7+O*z*lUll8KOj%l3So*5JMCJV#kJ%A zvC=)w{gk&$wgceGTyD9%YQ0CaI>4Z`*M9x2h`mqU#1Z?=5D#P!G z{MObmJ99bSxqm2qDc!jG7W_GyyMOty^R@EM^lxp!Ci|IpMaL^HUHM!og$?k^9K+hj zjC%Hz9QIl@tiB`5y8d?V-12+D_zSS5fEyT<`I$L*yw!Dg_1Y=6{hfBze=MBWa=?`Z&5ruyZ-wa#c8StWYgrc?ENZTi36rMizeh_qqLc{^Ej9sz*~K^Jh5o zBEipvjH*FJrqb6EXC`WbN_EU!p=4ht*?p-LBo3&V2lo{pHf5je9MZ z9)E%Q@b%2VCRG|1*>}s0hQ8ENhZ6~WgvcSBwa1e-ep=%v^^Uh*u042qM49(NxZqOr z^4g_*FjQ7lg)TE9msK#Rx;quyprFuM|6Zru@xC+b_x_3hr(3Ty9kU{0{rUrPUmky* zT_rZVxQN~l;cK&dBI7~JQ0f3^FBgpGz_#OY#Hz_CX>3lHFRJ?f6!}_!Ve_{)z=q~A z!YQ^ow?kVWJ5v#(9pI!I9r+IRh1kniaDN1C$dQ7UgV?Zc9yz zx;98rM_Rt6VE$<{i#zo_=NEn3f|9uw!5zs8X?r)+AtI&!5H^$u_YVL%nbBGocOAHA zh=@ql#l@v8a0B-P;CzyQ6_0Pt$BaqJM#TVI8a>WX#>zg|1c!F+hF0?t&4pPjj}yOw z0Hk}d@)Y?mg<}rMEfc^nV3G7sVun9kdHkjP+7rkf?V_Gzj4`L=3vFbs7i?~_@}-jH zbxu%fcmno`Pk-J1WuNP*>;1(ybm@Q^rOh?I|0a|Zx|j5(P5A03t4*-cMT|glz?Ovi z^3dAoHIN3qOo7c$^$f~5Ua;h3eFKI#s5_zl+iZ15q@6JYN9-|t(VODi+3Q=Yx8&`g zJ?nYwsMmaYZkPSHrKrk8he$wt5$Nw=AwR;)fCcY^D_ct@&5N+4!X| zr6h1jzw}c~_4}XlHev7mCihT3c|I`LKO^kic_0ub(P1r34ME;1u2))Ll7+e5`y?&j5cjLWs zT{ekNSDNe`k-;Lgo5Q=}cbiw-dU_-l`_%XTx%~t&r#N#M+8pDZ@6m_AY8vE~*QKwD zxEQUbtJY%+Z2Qe(?{}`KLu8Nr0Ybrs*{Us#puzIQ0(^}3q@@S1I<7g+?~MPlG>1pj z$Fr0Mhlk|Aq<5yD+P3Fy9~k1B;Dov^Z^bgtr=y-ShHQYE&V_!v3|nf4{QN(kp=PxHd#1Y9ak& zZPW1DHj6|b{tpJe`jQqF?yWR+Y4?@R&J&H}HZ~n9-$CMbn>eoc=*I9p!!YVdf7h?r zkr^ppHdO2WdmaH3ZAlODeVSe6Q z%0=}dX^AhSRWzKxgiPO$I$AEO?s;FzW$7)we)8O&#TY5itS7_fLRwv3Gy?xq#DfwlWXlj0$l+mb7%TwCT!Kbu4Eth*5-v||7`w3|` z=i9oj^|p2W-rLsQn2}moYSsH$$tJHfUb(BWIjQ^InbB-%qS zmI{}ukSc0#KuBNabEJxd$7r7yJzv`7H;H=Aox8E>e1oxgV<}Q9%YDeLXJy>IcXV|Y zp?$v3E?Vw=*+Wj#}{I*)n@SC>jjL-WF!6*Jkf;a;~Psp7HSs|`22_Puq_T^ueReCzC$;m&=ME6>vm^~$OhZa!YPbQ*6^ zKi5-4dFeLwX5Gr*H*-}_r@F_NiyY%ur*>>EGBtSX94~*fP;qW`WJq1f>|NQ?`P`^l ziGtqw&=Pjet3}hfQ*#BYQ^P#(JE`-bsfg*vVxrUCMF*ACs~@Tr6BHT8mZO}nT8G9j zEgDD^>^3v~y`TvHP@-aWs>H)8c#fSa&oIyF9Nh0;H0qgSn$hU6m=UEZJ|DUgwY=1^ zI+a>d^m_TtWW3MVQzZq-x=Q~du7nc9csVN9WS4ciRNm{7qMPY9q4Dyw#Kq86*XLG_ zvSe|$l4&I`6|3OkD2q^k)762>F*BUfWWSlV(a4I6?oHwH)WH7IhLXHjk4&|V`mVmb z<~z4p{q}tGI?XQ4Atgtp$Pz(`$*1BwcbAL!%U!F5QBk=S%klxM&g#b+GTtu24GfDA z&#OnBIaAwAXaNH*wJNnmL-mHAB9GaGxy_EmpNu?K*Z{v+iRZrepPlpQaa|pnv6;)C zS&8y;{ndlkZ5U!ji&&jfwmD1xKpzjw3@J=lu1#ndxpgTjz02*>+rj!ra|1g)#xz!k z4lI|r^#u%$`TEA!Rv$?Dyhr`Ij~lgb@`C=IN7^Ru_nbKKaPFf}uK4`Rw6aCt)uBUM zy-G8hPq=qn9DmN!&(qakFdRJb(QLhnQ~cZ?UUvDbdbI}|9uXWNW{SBRi6lVh!=SaPv<)wT=Ps9Q4#Ml=TnFCx$ z^`$OJ=fc4XUC-a^M-QaTc)lCT+18rZsckac8u??*gncn#Wsuc>V@m19t)xd=``QOz z^tTmUuI~Q8Jx=2q3s+sh!2B9goaBNE>lEgcLcLlQm%sCxy|uJ;DQbC_m)l=24;@%K z^m=mJ*yjc9yz+G_O$|e1(@NvhBlLM+^~nY8h2T|Z&ymSEY2zZR6|29P%j!|?xoysq zC$9DmjXTyZO-G1b?HLX+RP%}gJ!;WJcFwpcJ|Xa`;)&6_P44eYo5ELqSJ}G3&?0o3 zS6|4N38murZPF7Vk@F9YU8~?yGvz&wn)P@13M!dT;%(H%6jY`T->5Nslwau?;y&S+ zJCJ;!Xup|znekHPfv#ua%W+W&U46GA>6-N}9htS2Lu#h=%CrfWhP<=4UB*;z1TVYy zsIHECeo|0fO;~AwiF?n`Cg!D%7n(3i@9W}D42x@bysIt=r>ci4N+7O1#`r;(+{PpA zilqA!;-+7`a~tVRxZHPT65jGfA8mTd{JlPidkTkWrJ-hwDJ7To2Bog0)D?fWSG$tw zIN!@@s&Iqa$Y@VS;n1YPf?LYM%tB;RPHGs*V=>p&dgOTVP(j4D>7(CcVd&kM~>7U#0^o<1%X)~lxtg4VElLuwynlcZ#?32>I?O7BY<=GRs zH2p+3S&%iRcf+#VuIDu`A^$x+-EKhWt52Og7dfpI75*{sxZ{1&WZsVOdd9v-5raco zO7cWeb$X7J%fPN11HretKVN!Ni9TqUIk!ixL28R1VxBMjM(Oo3b4lxV`CO7rJE!`~Fx4owt7_KI)i~BZQyIhWMV(yF)`Xk?a0Qx%#tDqTSZ< zs2%M~4(*2R=pfCuZt!Hjo$bsHPiSv>e%avZMMN&a?X=v>5Ax>ec6a96il0NMNfubf z1LP|WHw=(W^OrGeXPwiOk9xqt#T^xIELH?bx$q(tBTVLYA%w4_D?pl$e z-Cj&BX&1d;i4G_8^%RNA6LOn#50*cE!_=oAactliiCN?kI9YO zalaDhy(B_lYz3leL1X89i_cZgJH3O%<;8gaBCkTmb2+Qv#k%-G3*P>CI&=T8L{p2i zXw#J%yDUN0>&43){(!@>E~n9QT>@8P!$i*2B0(md{5!SawP(&_GKZfve`>Y)5~oY= z;L&CJqy-q$x`|b4=*e`B9&K{Ps#$D2>Okm4?UNj#cjd|F91{v%=@I~b!8Jz?-_i%C zu5asl_}8OP-yjeCkRb&p_EN3x$WVL_8mG%sSs7HRJzkh)!J8VIb~%|Z`|Hs_>+iqMh~ItiXhcSbA9D3~s-HMZTT+48?KH_s>l%2f zsA+{BQ_JlDlTPa1ddZ}J-5_rDh!HiTOWe{y_CWGXGM~}8G1ui}y6{W3;;*Eqo3&3q zmwmW;D_=0MI-QN7x@PUZcU+@(K{ zak~Z#)9vPco##WHU23(9cnXN@u`QdlJr4AahU`8_ z>K-=a*tHLF8)0D-L^o;A<;RE6^X=@O0Z4@H2-Eg|!g~2*2n&`$>G+7kiS9RATOY|1 z*ZJV&V4g^<%UeT^tUOUcZFoXA`JLriG@3shw>Wq&2P_@VW~xS15c%3?uD)!kE9o=1I{vg|)-|Q$!v~~y?1RU0 zZ&%Tcr9w98`cS=bs^`pI<5U+1*9JmiP-DLg2Cc8YG>-3^C|>(r-#(7v4J7mBA&wO;~M;scwL?b&2qVB@JhOH>S})1fQMxzdaV_m z3_vcm$JYtAKVe;TiNRlI0{Y#v;C-Yb`yPc@+rvezY)^WMmrII`GT}01z4X;lvtnBnM zy+X@4#p8kvbQrL*W%GWxhyYT?8?ux6+e6r{#U%@&C(Gc~TRlb6)8=8d?=K=N4KV+< zC)U(WbmWE|ih>a~yq)iP*3Nnp`oP*wRgVgHkMcgkYZt%P zaXGoiuai^VY8#@^hPf46^#gUSjLWj6ROEr~K_aYiX)Q}bwbC>oHQ1Q#c3Hir(tDJtSJWvt=NEMM8hyytwZ+YLvB2OBALwT8u0Y&(H*xbeT%GE z9Wo~8cj+nOeKZt_3Y%f9`kbiHcB@0znSkRKJc-c!nUl}$!WM;w9{QAn60C))`VLs2 z%w#}RR5$X6jII+_Fdb!|jc>Gw*U7T)sR;2N8Fqd!{yX*5X)qQ=!tR530Ns;ar{U@V zbVq4?9e?^AXOK>|Y(-CJ64v>kmm_yz8+g?S0JSFRjSqS)2RDBHz15*xJloQmH(JgS zdH^Uo2Z`%Ko!#r-An~Vowyo=xNz3ml2tBs>c3cco9qlir!7dy1ukI3O>r0zmguPDd z%4%JwOx$gtNCe}GDpvTFz)d^CTsApKcxq$6a2GBFx~I!?gfpuX;BV)k*HE;{eJn*6 zPzkopoKw?K6Tg!kVhC;ti@bEpt_qv6k1{Dj)rhuf69SLepr{f(8mPJiH%1OU3vTPv3;7<_&wsIX>Rt*MeG)}f^VNKa$)PTI|ymiQ|iyY#vaJWt95BA2K_5$+k+ z?q+E=d<1C0v-FxvmjEL2oq|Y=VRaV_8mW>jw+PamsToh&&6Bi++rQH?ESPm2S*va& zRXHN~_quo-8w|ys_s$tyoC!NpI=uW{C295~6iZRla2H@qA%zZh16b7+p^X*joj%Ib)ird0l8$GQV&^nTp2<44DH z6^7w=55DkYCH-oBlUU{Q%4PjemA}+y`r_(?ez9Kg>!0iUAH#H zexv(p3TT4ISiJlTk@qQu^_glmEs}w3{7t$J&&H-zQi9MTxYRId&Xg2qQ!baZ#+fr; z_#;jk9hNfGg)91OF>~JegfowvxSUqcI~3Ey6u*8{Rf1qA&>OBltZ3VuCkyap!0wS! z*bJ5+>nd-L9M}s8hY+RB1mdCF-m0!{{LRovJ?=t<_ zmR!4xg;%d+aq^@c{kV;+a7hA34Da(wBb1G&(B+We2?|r5fH=-$w{!iFu|D8+=2^aby0ZxJ>btW{)lgM zO+=xlKrcfu(8^-O*F@~4vfABp!geZ=>L$#|57~a&JFL=WeYeHuC`ZxKIZ0m@3vWv|C*KP=|V16;tZPYDA3i zG?`dO5+mhj<0ObJTfHh;=K-wKgc`v13fzRBNyvWY-{iue>go1?V;GumASa_^L;PB@;9hY{pH#J z2kFPJ?-93*6c@WP6a|AzOWvj-+xPTT!oL>r4|C#yXOO+rH|lwX3V)_)#Go5yA8K!8 zyLS!fvjZv+AGcZJd|{=h*io3uCTE{SPDx$2;wKB{Mt@|!bCyI)mp$?magesha*DL| z;C+O&MLh5vLfS>`vLHWX;i(xBzG|cwl9fo$4@25T<#4!s^ zV$c+Ec2H9#&X-M>khXv9k0?@9d(NFpxR0RMT^ZU_NeIu9qtOO~J+4ISLk{O$r!#Kv zAQB?P9{^j{Fks`UlRD(lE1jG-7R*19A=a!$Mh7EuG+DLbPx!*cjcmogDsi#q81aU# z+Xq%4aTd-rklD*rB!#TR+6duRRfMyTRvF1=4yq}8<%v5*;cG&{8UFS%oFT0_ z8<(0w(0Dh{#$s?Zen~jDIQeir`3JTnj8XYh;JFx70&n{`t)>zYBZ3L~vcntxY{8k@ zQy$ji`o-CjqrCHYNeS>N*!(VC=6&SD+yl+VffND-urQgR(G};9ND_qdz67y>-G0c1yExt{OxTB3V zvbyaam|a3Q@z<|LDMLGZ)` zv#RhmDS#0Hz#0DL<7}L%LxF4%3pehZxzU__YZtNmMH2Wa#Sid@evh6s_X~D(n@S+Q`R~xz=EZ5GB_s&gg7iqV9l%o!ro-TV8L+07W4S`k2=@@bw%e_m+ zoNQSfsYs<9?=zPm&8Kn91*gbf1F<=t6~B;4la9u2j3n-{4;#tOBTRJmOM*k-pGby) z(L9yoI=#6-pm)p944d}^W)qi#JgW5~r-Hag=T4AaRu(l6DlJ^oTOf#kg`ebO&2#%4 z&AyghMMNwwlsLYUTGR7HM7pC|HoHZHn&sUx_AFJ*`7zAvsH${N3&=}lMLoFHMq18a z-?KMuoz3>yu<*=#D|^%2xOrbCtj|G3;^0_EwGwd@JSd+bh_go)jScN}Z|v{~a5BbI zGV<9K7J?_CX&MsjE$Q>aTZxiHyDof%OPzU+a=KuE53w1omwV6w|Js)>m+!Z2u0*>A z_vuLx^3!CUImrYt^%_%pfTJT5LPVMd+!2+lp`b`~f<3!JrR$InQ$JBv&f@pNf49xa z=lg{@nL-9xjMx%ij%Fg~N3X=%gR5QESKJfC#i8Wke z%fcY~I-QnnH`v~yMtPAVhiB03kqHVfjNWRrG2G9QoNXu`Ax8B0rOF;5T+M9-Q!}P+ za%38ObHLESZ|V0C)?;(tGu3UWM3??Fjq4DPYAkqAeC$vR|5uI!Zn){+q~I1s4PTM9Y030uqi1XiB~Q#rGBz(Y5nja76$FHM7C z58Q|IGikp!dX!2b`dgL?8?6gJ{$(8qIH%#1gxr2#>X|MJ2tYzYczMris*!v9X^(*p zZDz9wmMrJr{Ub<;mB%3jTlyP2Ts(u!Z4FPBL(I9r<>DN9uVmW+gjs#OygZHY4y!J3 ze>`o{oVVSOdc*>JJ+DSshJM87j(|x?9_`*`YR@0&gD=oJoL!4L7#<~d`cGO=sfD^j zVkA3$T>T*k>3l;&u=8yi{HwvE%rM8nDeAnpD3m<<}RQ@U>5FK$jHI^_%a&LR2k zj|^usJ{q;M_&*ZX^;e>Xx3zs?Z6kJ@4qGryGzCCjgz)^y>7xZfZLHf7rY6+K!=_3^ z^K82}DK&XDN`(0qAc20dIB8;~BiT%XP-DUTbPuOOu!dk780Ic`a+UhnzNACuF4Nea z?vF6%Ubg0CqZVC!T@%U?MO(jeoG42#kQGx+hv!Ko))2?NZWXoi2fj%-(=||r8yY{`TWP5#YM?k%|Ypp_A-=%T_p+0#IPTUJI0XR<=MG zo9~><%0m_26L*WH5?qim*6UuM zMA>AbXm*5w=+kT*yO4h6iai)w@PrXr`zb6V+6ND4sP55cG68dKkSmDI1*7aRHE|F5&DDAj|}V*M8^zDD`N0UL~5@Y)&3f(J#k2 zHmjV|XRE%b_fKia%@FXf3Jur?Ar8l&{y=ynNr9OK0=#)qa2h91phr8+=Q}o?*=Nqo zY`*=`h`E`qTA!M;dk8r)I%FrXBvAeCp`X$^08wM$yGL5S45CJ+)aGc}aGMs}#(`vo z`v`@LjjAD#IZ56{%Kr<9{^UvK)hHtyHMQ(kcSxJcESMEq(kRByUhoouOlgaTpKHrc zv}16cY$ALm*yjqPg~d8ERn^G3J%yF1>ppvAJp6Z?82iN>5anCY0VDD+)P-B_Z(PZC zg6V|oQUT`>jcq#E;nHfBPFmokj~4%O@hv{1#|JsDA>iA_kR{kxRgdJi0@_NP7RYRI zZo{Y+?@%C+JYswwn(%-qNEqDJIuL_a81a~Nk2|q0eGhS>>{I;d#d6DHPL1DQTgq-R zCF1@v)VlBjqyZFijRpC8HiN@ye@$V2hivX|L2LBeSX%(^b)<>&@i@nocj6n_TEG%d zDpXdYAC3A^D&G>aB_%i{4o=E>T*+qOt|TGs*nV1vy6S$a3Q-MPLim=2v!T3znj}UVQrm(vCF9Cr@?7)gqLK>?7u63oZn~X@(9jx!XD^qvOdB zY-?=a!~60yzCD127@5u5Vn=86myMWJ2%vx|Fg%U=+Q6;szHC%hl4SaPNUwws3)g2s zzReZp-u7FMlv)VlG=Y@(wXvF$fCW*4^JKr%mOL^KDOUtZXhbd&Wc4akRU$p#T4vj& zINF23?DPeCqxy~*>qy>pw3~KHz?VM^DJ!1x7?P>6BY{oX0!CvuYIifPN~RshxK%UsYKwnd4+ONap9GIz#^Ob^XkOnjzQ^& zC!WiHql{V9|9~>FjUD#GOV^Ke8{c6ZV0y)cDjY@3OX~{+GFSwIoSzw$%f7sf+0Nuv zs9G(ag*^ePE68%*MI6M_J{@3r-)Vb^^Gc8>Y6!BTo~Frqu^+KN_$_uWb$uIPOjUjL z;l|EHbMn}S3JRnYyY(cArsL)4@RndKZ6Z#x${E?R&UNo|$mQrh>dL2m0gA+VEUc=g z{`iP-H6;nbIp^O;&W#jV#?_h9vxG%oY$3)QkuB0?4>Dv>F=i9ww^{3a zrB6<*$u|l9RJWp5e9!GCNZRN&%WMoxTjTtZZKhoebDu|Sz&e+wpk(;6>YuitlBQI8 z65{x7pbt%FLLL^e%>t#IaN-E%4R6pL0jenvS@n#Bt*n5&kpRiUksnm-XO?7KlO1_N zdMoQrwlM4CLYC^(9M7Z?CaZ`gh^lf4>$StuINEJsxVVksk9Ek5(GX1B2vkfV6q8=m z7dh(|8#_$;BaQ+YIb^JZ3wg}|WD8G6M@|Tq$HU+G$(3E7ba@xv-UXaK(0lva%9SrcK3N>vQaJa z=rx_Umr0;)(jlu-H`yaoTUpdH6{Th_F(1~Rez6g#i+4ts%wgskZAd^Y#-HXvY=#}) znF>sfX+|kBF#hmo$o#Q`<)-KfZ;b5AJ^+!TyocxgqI+<}lO{3c*rzsl;?9qVzcBDIeFNKx8 zxJ#-JwGeFY!xdvJ=LN`SiL$!)aF-#Y!*U(UCV!;R)Eb=)PK1=(XKEAgmjp=HlxK>Y zKXNoNUMhPZF<{HOnK~F*a%(mq3T|ex1!)>7Knl}pHfYx*%1RM;z=l|U@`^QcC}_VR z7??IEAE6wCGzxSi7XRBDw?64I+mr}CX&jwBi-{aV3!DTV`2QK?o-&X?5&>|(0tps% zUC5Ko?$8q>?8en1G3St+_uo6dG^T-5@7qJ1IjvcacEpOe7sN_*b{wU;cJL!V2XIeJ zsF06+av=ke%Vl^IYVUSX?Y3Z! zLN+A<5((plJi(67Z)dPzdu=WVELElI@ewm1)Ma$w^~Kp*N2s3?LojJ|8xVL3ST@)% zpRc2s;sW^Pp6?(n!O?+T1EA{nz8GuHo4=gX@4k_BCbyOEnNkJRUW2a(q&9@b&rAwj zudPNia@5amNfRbp2&UV^TF$|6?;yl%4X=Ng;vtB`{1fmY+D<5RI%mMve$>Va2$%L1 zBdohLQH#)n9BUEj?>q$4r8V?7baI5TgQTfVNVrLYjfQ}s8}U=`F^)bavC7;8ggQ!9 zP47t*Bg|Lgay#^HcxQA>f0zJEKbS&jna?a;5(-?&0c^>F0G6&jGTRcn-xlO-xqZVC z=LxS*F+E)3{KFw6|I{SAr^VK6*H12%upKh=$BA}lexa&nq{~oUX;;WXBVO8iQFi3c zR+)t0G$Ci7$;WB_`#{{EpfslmH=5c%e#S{mCMfJ_w!8>hz`N~z=-xUt>SV&7K-1VV z6uKsIRhn>u{&@gW;(H!~?HjZe#E3#&^3nc0kR`e}_Q?C=ja)+afuXzPfc4rNvoG@YrlVfqdVPJzrtpiV9L1c3m476YoZZ_QRlt536w7-qDP>+Xb z`%Qvjl>%XY82HFZOhR6K1?JnY&$cdXfk+cGY?#sbBx{ZeNpKRVMwO_ra3M`r)rqTd z3Se8v88p4}f6Nba+my%fKcathNmIvGEojs8gB z-@~(-2kY`;g%70ji%>X;&COd+rLRDoqP5pk)Y8CiI|New`O}A>!Ji(^8RsK zDS|Bqh0So+Wf11@loxY%fuv;!@X7v_=yk6f_K%opLRqOYl%-EWeG??UNh5NP|{U&wO{(_9&%( znU0$t#x5s-pD&dEzoJ~QAt&45(NfHAn;m;POSkXoY}&pj&?Jvpr=9`1r)ve5FerUn z95m+Fm?~S)F%3e_=f*Kyv-pw)`F-h2^z(0KvHr-MZzV9FhMwR>LD>m6O}^zV=dtVk zX~G~6hq0g)qF3Rsj?8l)Fbxj*DN^6`vP9W*Qk6ee3@K@S@(6UD?0owNR{}A`F$V1g z<#J?c^e0K86Il5Rb9CyWFDocu7fpux#?&*e#*|pbxO&i$_xj^5yIY|_d{BG#S3j#) z5hL!tPQMjIP{ah1WWqWtF4Piq#PInbj#5F@-mQ?)F%XNs4*I~O+Dvh9J4sG|<^i9s z$M1Hs$;ZIQGMi(aJes`QzAuflP;@7q)2%=ZgPKU+I<(sdL1W#+gIl0{&`}Fj7w_N} zbarCUH%%k?uS)dw#i4bVC5hQl238P(HSR&NNKZi%%LtOH^w~M-86A2K6;GR-*lGs$ z`jMs%`r)IoxN*Ns3IcImpKE6SBE9w$pJDC5Pyptcui*^?fSD^&f#FD!gcdwIMLMXr zKLO%_1oWMDK`S1ucRz#+2d%UcYBx0$pr|p`UON@49LY6w5X3+22dW_K*4ayWkqJ&c zAJUde5X$-^VOZAcx@~7QVxEm1rh|XYY_kp!BdAJ&KIZi~2?`v=s?Dij!}yF+$~%6g z5zl|0B=S8hkA^oYF-^?^1aH`S1K)5Kq8|EV=2rp&c-uy;Rr9?`^KwyPgVR zZ@JMNk0TV^HV0cexRJfZVH%1=2Ro?J$Iir{xJBFPqi2xKTZ2KG<^Kg`9fhBF>9cX{ z9|35Da83`2$_*gG`Vb?Z^J+Iqh|4L{&OMh|18gVG0PR0A8pab&L7R-}IN@C}ZJ z8BJL5_}xnWm=3qFy&UCuq~L*Q7bJ2jm54%FmpFx}iXk{3IOG#H)P6;fk z&l$NDVJCDh4%-z`nYd=W8se-|e5`5!2ZZ`3{+;zPLkTu*i#>wMs#bnj9$En1{Yf71 ztGW$6v`@_7x704EEZzWc7 z*ea+xEq!P&wK)+qJ4vF(I~mGbJrjrKLG-!BVd@L%^w)W5cIlYj96NqpdhQA5#L7f09cy2fgb zVX~=T_#u}Sqb`$qt^1Z$*RC8C5qY^wxEP$Lw03DCz}u0y-lOkCzp6-oh+cZ0-PY=J z_L#iv@tk{?rMorihAqfSaysOzCjY#jW+y>@ma4;4csuN{37%Y4cF#lW{Ylt9xKDEU z+^G5HxzWKg)NSsF8tupnC|`6pe0c1SIL`t?(R1y(Ea|s42+{;HI^b(~N`cE?W>iVb zNfJ~GPC^!C+r^0ZRfl}@p{+?5BkwzHob$|2xCE#OoJPi8JO>anbdaQ}rXFp65h~4r z2!>1Vumr%#6EKqNgh2HjnzKy7#` zkh97-k{9!QbNXZG`_^J&S=Ir_`lgb!s$G~SU2!_(K!?zH^p@50niH*+;2SbSZ!(jd zxRCr2B#GSPh5D)G7EEKx#S}u#MP{TV9uh8bwv6?QbWPAeU-Kw+y_b?|&LJR;alvsh znPuZ?0cZ`^V6|u&;~NN+gTCy5t?U4(@L&Nl1}AaUCsF8NXm{~EB8hJ?w83F&JOk>I zuo!8=XX`3=+5XivjY4N+O`U!;zTv+MsLtmUm;4Mw}y)90S2y#?~(-(Ab{xgAUVC z4ojC$lG6*>m*&jqhFz)RR86Y8Buwm=tXi$eV_;FCd zSq~~u!5Wp7KI#(+8PL=Dk%|VPKgmLL$vL z9|nS}coS5&NHJxE7YzkEjwjSB2}oO-YynZxcG8h|by9F1acf}MBVtE<$f1}9zbB*X z$wQz}mrXF(26T-K9eWNMeY!>&t^{gA5dZ4hP4!t_J7aK8q>?VaTMh`cyG$MYLRomr z$HV@xm5*Ta0I*L6vM%0R5);FBHW=Q?-ox(S7O$R2+t`edWaH+BTd6ChhC z!}a%}`8js)9C|t(GAp#c9sfLx&^;3DBxMS)`XwXXE-jf*16`*e-9r^HkiBF?K0+;M zAntlm3zh+6ointToQ!UYhGY;bIBhJgUBumL>II$x{xF624eyZqbB^>%qN6{;MQ1(+GpI7QQ4|TD*uNNr7C7Ac8r8X3O z?XVO{GZ#`vTjW;1%*t){H{oZwHf@1e)elw8wQ6l}RVqPcXfDSEqvn%pzdDkmE^K5k zbby2$DMkugDi$MgAmLi-UW7h_f+RD>tnz+9pAm?#1rEP4wxqfEvVMu>4bW6xeQ@Fm zf6Hwhz?2LCucg4XLM zTvaQ(ef7h%4)ZCNk=p^L@xrfb9i}$t)qKgT0Stdqr-2nQ{mhv^9W&AnDo2BAXxW@t zl?)+16{{gL&{675N*ByPb-0Qm*dB4N9F>G@T!-xT6iVl_2TL&JX@^9|tZ(00XhnEq z#g(Od|7wp|e9!(x2^5mO)Pl6;9J7Byuva-TT>d~qsc$9Bgk{}I6%c< zto1LzX;_|rh$-)Y)Zv(^Ag)L4nqNyL`j3n*d|frdduy^We7%e};3Ne|c zBSnHOE2#YSFL0)mcb?L+{i*NyoSs(GTxlr zxIr8G3VibH=q2_9TZ+bah{dfdv`HPZ<|WupIve$ zKD(f5s`qHwLUUvFX>(KRi(`{I#w3g2Iw%yaKH;jo-)ZdDcMJUxH{<{fKY~w9kiTVM zUZv;MF^t_-^Iskz#}5^&(jNm-}e0W^_Ae}l9_#jj!(5)M_J71*D4M_E4EIF zpI0*=F`F@eMgSEve^y(XodGkdtx+<%G zmLTmODuX`lbXig@@LeOGuNah~K(kZ?+0QQPJ`zE$g3gwGn6-YQs)0gi!e;7uBqwPqzX#vwuml%m-SXA&7&_#9zzCvbtg-r`SDw^e;@&3XHm@ zS```=kpfZ}ggl`Tpo9jECXX()@G2a6vWnD&PU!uEh_A_Q634ePlYx=lW3R_Hv9P4n|v@z?>g-k`l4u{)&I;i4jFAB1t zOdo3wf{6!TL?_lF>wh3p((XuZ@_J zedxF7Gq){z+(+zyM04JX7zx7nkA(bJ!k~Zfw60JurU0kQ>eW-u^@3_vYQlUTtcTCk z2aklExgGdo|2(^b{Pf-*_9c9Wkj}J85?nw~tkBZfPiKKrTpvbDw`C zkxUTFV{qAXmHK6rTPQ?y0qw3$njFadh4o zY=8o3->G+uz_4B49DqRGdWHgQlC18_PVuiFMjSc9`yY)$SSfAUXwCACth!+E@kviH zm2S(+qHG#bkp{r~EsYQltycC>LL-ZjM4v=!Xa};ipm0#R5G{-@q)wfLD;?2N=XPAa zb~2HZ(F~oMa~<~wD7@!$QX7FjK(TJiEq|nmV@~cj-x>xK;&e{W2JIOr6=)(`H3gQE z_Z8A+pgqqBo<_-8Nz^AxKz|++>!C@;N>zHw3umR2h!G1fA{d{f;aOD?&@rK5Q(`4o z{n9F_-lI)FVlI+`?iS(@lUdqXh@^9_uMZBFg| zib>b%{{KP~@rNYiT=h$_X!U*y{e$#ojG>NNPHm38WvHM*wzNaKea!IkJqqSw?(qBHL#=uosDt+IvJa1hI$z6S>x z*#mZ03slO3%c)}rp}XQ%UNCT1w7&MNFZ+;FiKNs5y}HNL5dm~TK|W!H;;#U?f=K?bWWWTPU+-O(S{JR zjqDXA%TNu;E^8QM-$$iLMD}GYr3|v~jAc?;#-4SolXVP+tYeHZ-)rcc`+V;Ebbi12 zqaHlG-*a8B>$N^#&+EFP(}5ccQig(JHSFL~N$4dYn!HxqVb?FpglB9}>Ms%OcL!NO z=d^-YEzphFK0k!WyLU=H4^VU581ND3YZUh0_=t)z&z5}10FWfJtaaGgk!RylbqsCw zh35c-a(#z!3DAw$#L2D6Rhg)Jj9xInT(o;PK41Z-I++P1mN1)PZEFxNLy+47pk=dD z3I~1egl9!6Px5 zL{U8(f!pjzzy-L?4v|E9mI4_AG}nsJP6e~lQ0;NO6=Gr!Dv(}=!vahIzkPh_An$s} zNJAvBULAXnUZ!NKYC6&Rrx$1$iB)MU?Vh09RjHK!wp$1SC}3!4vaRC~J_t&sRM>ow z0Qu!tpkPI#fYw>r$EXU?!=M}pPILf#fCJF(92i%}CG=oP$6=R|(QZj+v^%$+!;4TZ zlj88F8r?b`@}G=_VlPToz6M&DecpD^4pnmpw7s4uf{?fV5I|f~S;ejCexT8!nkpFt zWnWYnY68v89?wG63DkhF!=PVSGBGwWR9KS48v+I0;G@zuj3%9t?Tg{wXHb|A;A><7 zcETq{tE>Vv=HFd~r3!}TNJ2?IF|43(1f*X2{HPSMG*2>t-zOMTER?n%wC#*0G(m<8 zgfGPdxR`qOv+Q?4uhbc+5rc#bXzp#CQk9uRD{hGqGu}m!+aUPJT*)IOPVbveMD3f_ zm#hR}9Y7z~Zg*cT>T?Yeh7i}To_PQwXO%@Ez?HD|AYi&S)s%tUgaw)-$qZ6nKQ#?Y{3phi+1u#S+0!kapb6Y41rc31obaH3W1)a7xJfm z^AInbXM-7U2MaMkC|#lQsi?by%d-&KH|{YBxBBllbINq6W5O5*RDn~4@>KERpZ!#K z{otNgXJ`$39Z&E6IVEp_NBa0N*$`Lq8k7!pPzr_7 zO#vD_4b)K?Y8;%%HGhIuu7dl>5}e8otj$59#AOpFj@+$$(dbakl7i<;8UoMHO3~pq1IfW!>jRb>_v#5sbGWu1HLeN zlg34ARd0b!8u*=Ui=d+TQAmtV`9M)(2k9xA#o#X9hOdXvp@m8LKEsPY2HhNE>2@^y z?PqB(5WuRlXgOPwUqEf8?31tjfJdT9luMwZJ73!rW%<`29V z-?qqZKYSl};~Kl{cB;B496hrSgIj$QQ;;Rcf{aBjzwdzS^}evcS@8CF*bYk+7G4sd zp;>kpMD1VJ%Eh&8eOBkeNIU2-&)evhuS<9Vf9$IP(&l59x!7rtSu-%HV+nx5{7V&X z>r>T6J!%w+!P?;SFF@>CxIL-&93DLq*&7mN2OR=RZAA0bD&AZoLGMT8F#4vz@!Cc)=zYs) z;Q9q24|@2*%ASS)n)ut1BS-otxl>GRGVWq9AdwG;KQn;~q*k=X>RgoKgg_$;h%T_Z zD_*KNiQ3xk=Q$<>aD?*-wj}f(rmO9wHf(L9yu!aQ; z@@zRyyYyp4K~`IAZ=RT?8wu<#@@rSajP6>@o(1(?GUJ{{B3J)bx!uFK3J)&4n^c3H zgvc)d=s&Tn90589sI9lMgT0&((hO+j;(ELbgnXC1r>%^@S}AXt#UbL0VRMQSfD{AI zO1@Xv8rxz9i@6BNEtmpC<(wi;NUz(mx2UIVCzwD&M%@(y#N)?=?YZ!4cKNxwA`6x0 zf0s;nSfkISI0{(o?-a@cjA|aJoVyQ0yvc(kY@L%;#aS@r-yOU*wA>0sGi0$b1vfA* zAdeIdYleP8VUWRWihu+m43?;*Yt{_b1~!O*TDj?S0=cmAFFeY z;-Osm{FaN7ze|2`X~>2Az9SK3f~Eok;!1{(y;K*Mng*tIcD&!EEW0(vwkGv)Gigjpfd7@ zsKGsQlRoTuyqY;`!^yM#DWFz?TB2ET7LZ7gaTX4>49D=d0b)6 z++&15sbP|tBON0-31S}CZm$J*@?X}{=Y<{At|$XwLb;%YQ8Wm!&@g~)ew=GdKso^X zKH^0492$nej0=aOb%b|fYtbyk;BIlVX6E8Ubw&!{VdOh1Z>+b|`bpf~0A=cO?#JM( zLqsX+^Vx28T=%pet_1j*mm$csmEfyoon>+^pM)5SlgB+2%MNde2Ek#<8U^nHtb9O@ z$^}>{t|-v3y8YM_)P~GOslvhC8GiUHpnnTj{o7uLxmaI7w}$NlH!+WJaQPT*0G=_R z(;uVYSjxT)M7Fk-F|4ElVYF=A-UrE(u+$NRdI3b%Z{ZVzcqw2dAS@*v_s)dBf*l`Y4z8hoi1`0OmLfPBH4{+Lq z>AN8W|JV@F=5BNDWcMQwuc=D=sQXbq3r?86)yWU7ZKXRV z-zGB`3D#%CimxY6jLmjPsVUmfN-ZB!Z>^^UwlS}r+4+hO)5@EO^Z#*thlx@wp5T;u z#>aHz)&o+h8^o{~?d@b%N_091cKpG{9GS$V`gW{ZY7Xh&4nQ-85_Hz1BpF)~l2jYC zBqi_hDF>sPOpViNGWd?qo}5X~7Kt?XA^0<(<_V}2Mj4z9Zb5?~^_tEZ=A?Iy$2%v_zj{#`7Oe=L?k*n^P;^y)Rh_f`|RoN(E7(+}SYE!nY!F?%Y!G}nfB6X1Mq zdP?od2cw)|dVb)~|9`!?*n7!6|5$&5+D{o9`YCa*vn<+(r63&byc{Q=foiBw+z|ad zu4hTuS8Um7TR$~F%VsVDG4g%=vVM%s-jh9)J4E*Q(p829H@8*y)VqKkJ%koxCE{EBFlS40NQChI7FZ!OPb9mcqef=+dw8DNc z+VqzV-ZX5MVq8d~LFS^#V@2Q~Pi{ASA9Y z`Se>kB<*O~g5?|=rQl-;Z!y@qrf1aXMzyG)5ouB|2e6%8W)8koAGF|GbK%&1@S z?%gVZ74+^mJGn^u(f`~;2X6rR>6P7~mKLAC`{FI{!Q`Wbu!fWbq!r`u3w<`9-S1|X zOGW&D4kO`ZY@`!xS>w8v(Xhl$);iMRS}=JHWw>4$XsG%%`X68MT{eA3fOpV<*xmsu zfaRXE(G}5D*8IPz2Ui6FCyJgZd z!^;+Eup8e$PxKzP+ESO$IMW9Z&87U02%xAZ!?ZF z{Ho0<5KYozm;kZb#!+ebvmFqBL)Vkw0EM)Gf z9e_UFJ$LuN9xAx{>LzI8RX(zT_N(f_uK`^j_S86_4t9g^*lB{mYvlQtJNd6i?`0ed zNVoU<3_|&sjQu^g*@VjbyEdP}DUfas=BC;jeJFW;V^i}-654p6s>G{jCSYW9=nRa# z1^SmpYw1}Ws=G5Nsepe~OzeO8U*Ej@<6N{wXNkAdNim*JDD8RWU3C!UIG~P=L5;g@ zB`IrSJNaqoBmeZUY4Z4Zx;>BKAzlz-yww!g6&J=)dJIFKN1*!SueE9y^+kuK{0eRW z`QOi1A>A@O^H=jw+l-YQ;hu=T?9b(d23yDC{KsmUnXbySoKM|$e~2ucONr~0#DxGIScx~ z$DCvG;wsEG!UlTv&(WsuR|j@#s3xOuL?Y&A%`c4^e}<#~dNv1USOTD8VXy~Nqy9Dj zR=n&Q zfcUnJpOuIgwXW2kDbSSXyhQ+AP*iEVL4ohCB1_m3adS*dq@nbcL@?FlJj=CHw8e)%6TT8d0|l+}ASy zdHDr+{}!r-8s;7SM?K4(_-U~D3R&LYKP z$+1wXYtoNba#|279|*BF$r<${)GV#|Z%(92A%Cyzh|TSss{U4^i2f?-vuH#f6coX9 z8T(E3dJA>Unb>b_x3`RA!bd z7N93qQonO2U^8oWXn2+FJXc&fWOPJN$=Ht!rfsF%T*7 zV6%=D@rtrC5W{YCNqCbwInYWN>{R<8?y}k1iVqmk3AUSDoLVIpmZ{~Gt$s>hN8^pG zMbHnE$FdPuqia^C;>-N5mfiHa#6bj_HW98EEq2W$= zW2nM)dbMNaRJb^v9Ji#RxXD-5)<;jrK&IH5Nzi_L$pC$b^ME=ywj;O~)g>;+4Yup7aadrblnI6x}3mdDN~Xw{}#Pamj6%8Yt8nnh%tL1C(pS7Sgu#oBBN$a4u_jL(1As ze~~%;;Pgp)hMm91$PMntembxtu&xbhy$6x;SVil5;D)gO{XAOJ6xDaGi)4*obuxRC z<(eB@U{fQgeiE}$j~SqE=bH>E_-)QYzr9?8u8&qN6br`Y7LWvo#7(5O%?~0UnmhNt za5s82SKd+U-Xc`qx>dQQ;!xZMabHz^OTx$cK9C)h5l{73ssK9?MdZmv$v!K?Gvo=2 zA%8q=KA%qQ2lFe(&`6B=ZBsGysu71F()?a3_X9#}ym_kOR`hmN#C9U&=`!J447)Kn z4(s3q?@a#%lerH6?U4MEyK8Q=IDbk4tqm9(Ie1&>6`tu}Qi{(kFh6WLyO_x$%7XU+ zK-X-V084e#{GVf{sb7?_l|Y^t#gf;<>UdI@RI7uUdr$#CiPeAOT$M|HGATZ)5l3CD z#MgeCXIlTn!);aTzGb#Ee@a&eT&MnBereyaVVewN_b+e5hb+1M6DeCKKDP10BX8X} z{@56?q$68unRv=+^4F@VSj93tZNWoav14=j5skH=SEqM#G4SHCQX$6{-{c*q(lu3= zk?Pr3CQ*v}6m-&oPLQHUQM@tymi+1nk-(EOpMggo^kQu-UaVfyEI;_6FX$-$OV&9J zW@+Yxt|KrtBm2$o2XFk}75}jLSw)@rkl*+rxRu_1u}YWWY%_2Gie2D>_$~V2i|Okj z{>3#uBPxxON!&K6>k|?Sn?(+5sRjc9tTMP!*H6$*yPmSGl~!_TAsY3XUoI?_HAItH zdd=V;)&ZQq5S8~aJ9S z7aWuVU@@fHL<%kg+_rmmZdtQ$?ZQ__#L5XDVtw2I8E+IxLHDN@UD$A=w~xG1lc;uC zU7U@HGbtVQe_5-_b`|VPfsMCi}O`5j7!>)X+_~P zXj+cO;S(~$+xFO?gvA3Ph!NyGFkGdZxRNm%U{;^V$JmIVO_OL?Ekq>6a0E(`B}Gt} z#POd7E6fHCQLR?(E?KSqL2dD;TTT;(T??XvSC(;bs>YjK#Z^iwX&e^3Xr^Q{%=fe&FUNCnCao9yCaug%5A<8;T6R>G`9Gd?H^ zsXtF$%&F2zd$z(p7(0F3=;*L>i;%b?p<$AYq5FY=H-szhIB7@!*2TR>mZH%dG}PX$ z#(dZVgPjTIN#pg} z{*i)qc>;bJ*dgycWHF;XK3gv@&hY9Et@oomheaC)t}}6W_?q0rJv|Y3^g_FjY3<1U zpi|=hyqM6Vd57g5zG5iw5F?5BK5&0oNLePqT9KMCBE6Z|jc@69YMl{X_eZQKCZw9f zzUk7J1bx;Mtmo+J#6=%-(NmH!${Ojh%342??1m>l$EEskS|p4Y-o?GRD_(i{<|2L5 z(P#Cxigm5Xd0_G_VP%@k`~uB_BrcPQ#dr6Wf`$wns&y2#YHMEYj7=0C`Fkp`ATyQZ z%gqjzQ?Wq0$uy8w{pJVyK~jc30e-~FIC1wG|( zFK%!5rJo4l6qlR?r&i=kq`&3;=bCuKioZb(v?@zmwU-UGxMl6taXl|%PR#i%b{RO9 znAEy@O;d-G7@q1&)nY|siq~d>JJP=F%ZIZxf;bW6F{h|Ci+=cpicewgeXY{#;rZ1m z6yFnFP%w#y^Wgt&0A!so-e4SND7_l7#K0}8nBzn z5F~vJ;x0AUFg$bq_jY0 zq5EtOIkg+Z>Scwsx6j3`rgnfm&`U}~ZyU8p)d!}B$auX-irk4o#@w2&BOK3rtJ2AK z*`MLdlJMd+$awnOy~AmOh9s6nqr&|TeeuLqn|+bEm;*zAK0nAP({i! zsruQE7;a$Fyto!(;xb~Zl=vbZt#9`tRglecB=`rlniPogfD^bk%EU%MVI3et^QiH` zKqzK2++^U0N?5^!@JVvaupe1rogK4reR{?3)KtSFf;w*pEb>h&xm;Qum_~N0e_69I zbptkpeo&Y!?-F*(?W5`@S-Y#aLuSa>qs?tSonTUA-=f&h^JbMW(3uAXUH|Kf6s+RV zXw`bV@8VpGOZzr`K$g65p}E*!Mf0bh_UE1z_{H|iogUll-fd&*i`={Q-mf3TC=0%@ zt`mRV3%Lr{QF}H{xng5~MCmPLYp-!#gj>YqZ{p3^ZuyIHRxW26+NY{8(;9!{pd1vP%s}mt7G>L^}fN&2!)F@h4tqdDdp4N3`^M* z70+kgku}LRu58d_!KCKkA53RIT)bwTGEr(!?jW`t8L_?x3%VzcQ^(4dTGU{ zuu=0a>6TkFHlqo|cAlt(OX$ot4llqu6_n$^~67cUyjga2$lXayh!M+6227rh3vGFqN4 zc_b{&ld;F&j>Pl!c$Lrjm76PR)-FK*F$La}_3jN@)G3E$1k2%tnPU&X!1Hjib-Y?N zA85n(3997|Bgso_x2v4CRu<{54IR2sH5JLGY-V%uA$6!y?p&8?$s>}{66@22?G?e7 z=LYn6GcCgHv*(OGt!+W~^3fhu<*V8Ox4c8Yu&AtGUb<(bCnQqyE%KmCsa=1&SGY3i zi@76*^Ck!H1xt*sT~=~Zb!UOQatYx~6Roy5b!#@-B%!}ooAj`u6;jg~*`KQ#0Nvgb z#Z&i>VEawhv0Jd7n@w3~S|^_+ai+XAhq;v9D6mnlKb{~ng>boDDvvnJqTp1pH8rZ* zz5%ovHSa`?8?qz?&0V8*wV<+FQtaQs4hK&ne?}T=ZKSeY8|sz^!rE9G44-;NFu62W=0a!}o$w$H_C9sZtKL%cx=@l@ zy)=lN{sU%E)6K!hh1dHQrtybjoonWxdANMiRB-<~X((vgUW9Enk+PUEHR3VqGMZi5 zV;UKVJzf7kkvVO4{>4JA2J;zn&+^=X!x+t@-x@q-qm&!=i`5#S7!N%j?4LA|^xoV~@g}do8<8XUjXJ zAvpC#bOYDp_OZ%!{v0ObI`hC`Zb_qxT(jP6w>*IANbcvE#cVH$aCooZvX(x2JKTo4 zQ017(n|gt1T14WiAl2{Ao4&ir{-o!bbB)}sgZ^|{8^V9Il8~SobmE%ZFv1UF_be`P zu}}G*<8#;J{$Ol>LYBfwW6lR$D<1F{#L*pVj_0rAT_cq@zw^gzYsQ~5E>&-&5Rw-| z!Lh%HvSH_Lp?16RH4NRW-nFQp5vpy3_ZF>`N64+y989dMQ5q@*s!CAKn{xxj8RD99 zqbnIc7L=~vf&OkTtBWA*MF;Fv0z}v2UuHc%O}Skb@YARlgJHf!u0^KGaPJkjvC#JeWu;W5wm?LU0!O=fR)UlaQqClc8%n22-e z1_s{WcL+j+_DS=$U=W=SCdgJ@Sm zrbRCerWAulNDNQ5MY#tc*XA#>ZI+ruG2OTZ<-Gf1e_{hPvv{ADCIR&W58u_9fF*YJ z{ATu|hI^ZX;SA$d>rhjRd6$wQ60a>VT5|5QJ*t}9Q`q(j;5{~==TBcN;78EvP|qww zrbZRDqR)k0zQZ!(_Q-XvuPs4=>r=9=Ow;2U)@bu^>AtPeyZQP;rM;zJD7hPx;%w^` z8y@T}UsO&BQ5TByy;(6+hU zdd~|mk`d=+{^>ucAMjkS$av}p*Ra8wx9wg~;Ta}~*GPQg?BFqGX~xa8|ND6t*|1OJ z%cH2F++b5!RGC$Qs)!n941Hqq^*&Y*-i#%W-4D+`3V(rD{^{(`$nkzA2+exE#kqf@ zYVutjpLBQ0XW`_kc>G8JS@D88JI3xKl+!SNY4R`!@R?oZj*7&t^z0RM?E6LO@$n;K z^fpQnt%cLt4{Xr_vrhoA#x1*F9Yobchx_YtjpiWLm^u(d`v4a~!-bg72wgO|kYBTz z=vzi~VRJ7^)#?+$WJU%p`d3_URAK&Y7NO`cpS#>QT%JU}87Eu57`aSgnv4kIib~ zCg4mF62xfQtU#4a`Pf+v!hZ_EbFGY>biVJnQRw(>rN=ViK`fVh66l`2-aUzpH$zRj z3;B=gJ3Ab(OA-0seh_D}w?1^epmPaiczZC?|I zD8^*oj;rmz6jxgC{(@B4`g*Q%J@K}4=i>v?i){HnBRMrxt~@n`ZIwCV6(szPEW+j2 zAEwyZ`*3#-!L2#Nh&@?RE57efUNU_Yinel{@jx58JK(2ssysCs-I2mBqPUW&ViApG zu8n}n*cL~iGU<-^TCvGh@yWa;4{Ru(brXm36xsY{kQlvYm zm|JFJ?8JmiVp#Rxq@&iJX#I@*CrO{~#a%@?ems?U_Azh1Ik>-<&1zZR(c}_R-Ab*1 zIG2oXk`0MXWEw6F38E=1;cER3NZWiG-}>jjXFfJH7FHde5nV*Ew5JM#YWodW$P4!w7?}z*)<7R zMx3y*fSsZ~pMfIY_S)4dTX$6>Qh$5(yXFqXk&7ik3tgmd>^;T<_|p8RWL#ZG`M63~8k^Kb zTpI2kgw#8p-FxH-^ubV8cZ!uF!V&9(S_%8xocN7wN?JxmEbpiTed!W>&<5l10LKl zOz_Xjze3*FSGki~5nKJi{xRtxu`+Y{(%pq4s20P+5F5g~#P_GBB^$Xts>O}%^eQ~w z5XU7RHo>Kg(R_zcP{F-3{gbzD3b z>02bbVOOg8!myEIJ3`p(2Z>nl)3~#5P=R}36;V<2vh7tjr$ZGFAiAwjO{4Y)Zl6qK zJ=MaccqAwZ5h(Yq{6O-O&J*Yo@+PnxHpsNsr}ij93Zh-lzb)arhrzD&O4IptP25U} zoiXq~B#%_N%?bNa*Q4%ZIC$UYpAuqQq=dA3FZ`lcZCVJ_F1P1ye{;Vq#%Wrdqpiru zt5lpd`0{Mxm!kV^jqP9-HG87EV?YREF8@UKtJ}F9{C}+Ek@is*$?N-|UoOGmuT}k7 zLP@)oM*P7#US{Uxt(K_dLbkQEaXdE1+FE)d8~7-xh)2KH@xogb4v-^M$(qi6CN3!R zDrj8gN%$tbo3OmdXMOYjeXZ{F7A~n?5R|d5&Ruv)Nh1o|*HND6aA)0@_br!7JE))t z@@%)~p2`cOv_z^WpT+u~$?(p1fj#fLQ&AOlQ!2#+Dx9xho&;J7Gt3=5y;YyxX z+Yj5{k*mf%y*)3=R%+fDW~Hz#O5$Fg>JzZ$_)B46%icqz1dIYKuXdSJJP!}BL2P)~ zR>VApzTIwTUO|abg%5@3*if~=ah!t%e$lHeLKgT`x2~?_V=oU{R-v-ZiF9%W;JHU zo@8Gul?i05mF(w9H;WgQi>#8@KWhD;a{Y{d#$P5L#cl;MUb36}SzJ%3y!X72;?~${ z@f&A(Ph2@zWY?ePymbAX#pnq~*%pE-$ko^mKK~7_ra59&`l9d>oTO_x5g159mw9JUk~J9#ECYjaUH>E4 zbDW-XA&OViIX3tElvyEOw$C5*l)kmZ`wgL7V6Qj_yYo~Rh4f+{R)F+r{X};R|H%jM z!-r#?*k-pn>W6o3Q2(Dry~(4=hq|$PP3y}y*oW)Im1gPz&;-+bnvdiOxwC&dDjveC z?v7XfTeQ@6Tv=~S@A7sLd1|H;(#^;+l9YQz+fTTsTof>vtd7fdSd>YYzj4-9t#4%hb}BnxP2mf{Ojhb^!U?4QMZmHAU{PkPz%M^GInb++*u@AEKn4W5`{%&0%1R zXw~h7@&_7rFL={{WVZ74Edz8~F)kaz==5U!59HiI7L-Zy%2pa-WvH`2;$Uk2w*Q(VvCo zc75UQ`a~;T^Ps$UD z*tQ8jTeo`7gR)hcRMHI~1TjXWZ_O}`%5ZlOpebb?KEcWInN+GA1DA{XvK&#@Lh}r4*G9i&E^F z#2EcR+CM#kKHke`owx%nz*!(8o}Zx0oAjFdGK2qjbfErvl|1AjJpmyw9Q=TF3MrI5 z+>d49oUV!2OWy)`y10YO?6wYYa2(>s;!Yq;P)@?{2$uWu+uhBLAf$SY_TV2Y{&B&F zj2lV_a;+q!B&P#(f7-KCn@|+HA1R^ii8onrX{cZ2IHrH7huytv=m)BP{&c5>bQ8NP zC+;_g-7wr>3hVfoGHteHo#K6iq1Sq-(|>9FQnpc)H+eybJD>WQL!66FA^SHM;19br zylkxXqc$%((rR+_O8YpZxbkafZHaxkRpJhER^uRjU6IGVTiAGiS7Gz(+gr?t+YYCE zvX3!~#MbcvK}C6!@Pb6YG9F{8Ss8IfP|>(f>-x=_XklM<2VTw(>GxY7P~iN_o(f!ufVAFr3%e^};Qt|FoLQ_@I%^JVUSAoZJ%7bmD2 zws?>Jb_O^dPTMZ8oQ-!M!E6kU!e{Xq3`L%}2!b$|BdgHLqrE{g6Ak9P4&}s1)2KO+ zKU?$_i!=dB(b)hkIaP0vx+i348{ETn&o{;x2qaTrrK2Va%ZCVV!I_Q7hK9zT>@(@W zDb9br6E(Z~qcuP=!LB@44bZCn0P`ye*!7KNzaRl_)8#r?5cgL4Kk^@ntwZhIx4&s0 zj63?}iO8Wq7ki)`00S?#wTl66@jP(ck>hD*(lS`m#oKNsNdPCbM)XJ#YJ1Zrp2@&x zF1ZXBHa4t2c%pV!ikEL@(#_3wWWs%9u(^|Q(Lc$_mm`an{lsQlnae2?hWG2T?prvm?Ir#E?O zzupml1FoQA7#=DmFa{65*O zJ&7MXy@|t>A;qqUTwcdFVIY24~syQ7Bb19F%Qp%TP**P&kTl`bX`tkJ|GKt*L5^{j)@bOaSi zdv7*j-R?8%q*6|ytq*m08OhmNX9cjxG=*Yp>x0@i;`K>;qAcMbu>F-;-8~2TW5xzaLL}9N&eE9TPtE{m^ z$k5Np*Gk*-{QoxjJ-K1O>qp)^ka6Rs=7~SMC^Zi;0CinPzWFrSaKa%{h1**jAb{QP z+3S4%gO$aZ!hCm11j--qF8ld}jFbofb;f+`6l?W#4&3ny3}DP<jS7+;Fs*-hCAHhDZ!y(L`uUq9Kd>+ql`?57=jI+L;7-pd@{R9+btrq`ja2C&45 zf~kORW_SxILp5WCjctF@@D`;s&M8E6NZH4VC=3b27}QD_39X)m`zRRvg^BPpjB{5F zwCZ?C-tXM*hVyaW>rH%Jm%=DZqPkOEQI1*ON%zQKWGGAFQA5JL4kKtRXan+dBfdq5 z*K&o78Wm}@|FLYx2rhG1%8Ar%u>r4e*DNY+BT{y1=4}`wn8qHQkZdhAcK7YwJTtEG z<)9=b)E&P3L=(i8@Adc}A0MNZy|zPW88NkvPc(jx|4lTmC$Y?R!3s8!qp7)4a(r;@ z@2vaR^_L&>uvys73?5^V{>9bl(1y869YoCEm~PRz|X588gm@ffsT3!!IC<4)j~v{CqZ-(&{~D&=6E5gC5=*dpK~ik}K6) zM&eugKA%_dKH&J6*|^A(LwfC(=>Q zr30hL4-ybda#&x@Z)yRmHS3F0)z)&h zLFF(lX`NVML_bIWNc@^j8F$2LyLK_8r*qH-zNWJQC|I;SE26Zj@5>uMpKF<6BA^2u8UeP)TXhXhaC+75PT(}_7tQnO*O~5m zvM+Wdl%-r@J3F2i$fC(Sf;*M3U*F1iF=jP z!ih4w%HJf|z%Eiz0piLH5nO-!`MFq2GWn|VXYI_rd?sX6V&s^m6mIR<-*n=%1Lsfb zW2v0_FWfC(xISDSalG`Em80@32%RS{eZA#1UT9NfzXGwIpB~mJ9x{X@rheDOo(VcR z9(pQ2;g8>JYzl~916X6fyuHyvKq|!TR8&$KdHp_%wYmtzHRqOD)q*UWgAg8T;h&MU zqZDXnASsejdu72E;#S(_wa@@51bFYm=}KwxU^eowyicaw_O}UMjd#?V{n7Jecsoe% zir_@&N@?wG>MC)fTB~|irf)OdtrfwF;l4<}BD_6Pe+K}j;y1)>U)>DnXWb@Uh57X5 z=-aJBjXKtS8sEBqd7qa9X;}hw;2DscizUCAC);Zp)zWE{U_cttY7%rYmYg8U5jWO- ztkA}{Y+946<{F`yA*120w(rZYfr@=cWT!HO-rb3a=L4^@(3Ui*mR*+SO?t@Et zCv|!i5yUxsR&fT5I=S249{AXH9|(cbg8=bfQnFNu34Njd1iWjipOyh2#`ZsibjryF zjl+X!G?*P>*&_~VDSfsizr2KNc9HOuPO0S30tAh{RC#eDW^vG!dYa%{hvEed9~r-0 z6}yu1l~pnZgDWF&{dS}n+i&e~et37Q?5+= z;S>5=5*3pk)0ouQATG~)yrCF%%?*FP`2Gj+Md^~IAYGrz?c7+JXP4BGwPrIKP{ZRRHmo8Qc>IE_3wt-9KE(3)s>;$WIv z+N^i4lWTR0NY%AwLX7O(xo*k(>0kFm9Tcs9n(T^hD*0ZhdOcF?DFJx_LH75vXCb+L znjin(0edB(Y08h=#O*l-+;VHIX*b`TRC7|?G(*m(WZfmsyo`tojc(-jGMvVUnn3bA zs$Rmu*~~eBL}mC0(Ma-tWs>at{$MF?g2xtwzxRUWEz9XGQy=!Rx;E@ELevTEMw3tQ z#;3_!#FWnU)grxo5UIFUjJ-{```2VB`LN0Ng87g+oq)aT@xgzsKmgSKjRSt&ITJ8( z_*D2RnI+QQ3%mU$7#-xmBn9O_=2N`&pF+&#=30xVCQVXKk~q^Ji}*0G#r@1DEo{~7 z*EFrY0(_^Ybf-`!934vAb;?H2ZczZa7o{fl9Wrw8G0Ma!Otf}7P3baZYlL=nYp@lP z)L37TZAo&AAP&Ca&9;j=C`HsFb-fD<`4gUdHL;-t{oT&2qvp(6vn^X@p8un~sz+D^ zm=7;BADj5F=}166gn14=Qq*q&Jd5I&u7vGLtn|F%5Ei!{atgczr*j{O+?+VWQBYn%zdlfh2 zo76@nZ$wEaBurwU7} zVV{EnFr>w9b)4F7jTrY0zoz_o@}hs?M<%J>2f3wlfA6(D3K&XI-3Jxjo6)32!u9;- zT|~bXp*{^OAg*XhwM@ksodNZ|bL_bjt&@+Mawi<30I!y>{oViwS-XkJakzfwsqO~+ zR5kC={Ggji<@mB7lwHw>16d4!c6b)<>^YGd4Hnt?1MRrVuS)>emBM=#gB-}Gec3u> zyWq~1Ce_6Q3MRY$?A6=o<3hN1?4uy-7^Sd0d;VO=rM-mNxWeW-_PN(HcjmuWtIyv6 zu@b)?qjrmZW&OR<3_!{P<=V{*fDsV4r!T5N;<0-pIJDYdF{nlyf(8JRDft;0Dc=7C z$~p7JZznk~w$>t)4vZgpL%ZMgS@n*Q9_gZab-TBFEFi2CT6WMd>uewQ!S0@{p@vc3 z{OYau#jOMHPFZjgFp6)4*AbsZ-w+S&j^6pz()B4G?>ZW&vEDIK=TnD{95I*ok5?T+De;{}k*o4gBozEdo2gYD_L6KG2v<9=R#etpkq zqwv2c`DvGv<2iH49(IR1+jBMnlDG)N5%f=EeA#}L0gpy%~`zwiD2IoEa0#hK^XYp=ELd);g8{Rm*|9)|<_ zW)W1ENojl3(`Mmg%I>1r+p6X29`x-Kx{u4Me2EsOstpB%%)9BXJAb{YU1=0uoHU#b zZJ1u|G@-oCls)L6Wuisw3J%s9lY@k514&W2rc0E1=cvTvE+97FQXGn zpHrCZR+B7eG0b8?>B2W%rYqerp`?{2z<)&N>VyoRR;=L8kLOpFfB{Esgd#us90Qgx zrnoL#FE$Wy`uY8BV(XtY5(K1lSKE$Q(8G`f?K3)nP7Y12eE9hIUkeL1Lo+*zN*VxL zeZRk!pyxTm@32(Z{N$T`CYTp|GBFV1UYrs?bIY)dvip52fiS<5!}>>of7s=9Y<-_c zF{DgW{WDp7X-2K zha4c0DuPbeCTIl+15SJkj!2k46AlI@NRxWDkQ6(kQ%{Qi5FLjPa{Vh}j9k~_$uSt< z_-#YFO)ND;d~3R)Uo@Hc{X^A+mHC*a?8MPJSUH0_Bo_yF9&{8erBGFfbj=&f|5 zFsoEE9V~E{D`%2~43iM|Y`Lv`*oZLbG&w1FZY{+-Ws&{Kk@tqCg`C^^GRnWIkJh+9 z6A~_2uH9bH%PGinnXTc^2Oo~W49zg2E*_41|Ljm;8J_zt=CItKj%@=AwTI(d`dGY$ zR`(H`uiuBc{0#V01;eArZi}`p4yePm=R9md^6Zlx{97$Hze>R2DPs6V-XNRp04~D! zs)~;vCzWC6OX&Fndj_qJ!AIzAuJZP#t;A_C2`<=P2bvYhrdBrC2LHk4P^vtT(URwW zaO<9B_-H`u_Wdz9q#B18%uFQ^I5-t5B36>enm{Mf9MbA6Pyah(8NP&p(dsrvqI>KB z$YB@WDJ2UFO_jZxfKFquZP@mVfJkf?yT}ovWHzpg2Kut%+((KOcM199hwODibAs1P z#rlATIB{d+Y2B6!Rw>Y~bMq~}QTdMIA>|xC*Sw7~$Im~ic#DvH5QXAk(85VLC4+E+ z=MI+UWMq2;>Zksl6fPaSK-k$?JmRaK#uor~*b@;vfAILk29a35Q3My4`be5~-P?%* zJ-EB=LnQot#h~%tT8mk+dda4xZ?9p1BPC{lDeO2HR777VddOVO{FgR*k z^~I0dNq1>XsM3e>H{t+(s|Fq2teih`tUnf!AOz}oZ?V}rb)Sw=Ga)sM`e%P`tlmSX z_o9FYs(~3Bm;NP(S)u3x!(xdP_x-(J`*){_;TN38m-b+#2KjxR8W*Uahb8gtQt&)J z(0{+D%LQ_j^Q?&0=9_4S5@3t#Z$Vs)j=d&$7oDeGcdxEy#)3kb{xhPCJM|^Z%M1$D zZ5rp%yaa~T-|)S0-QQWY-RAu^URpM~F>uw=^Sa>nfXdf})NQ*+m#^Spw=Y&1m?_no zOMoQY^R6^ke8figY5G+n7^t+0V=?(%ZxE`esSDia%1+hXuifwj8;_ovkmSERR%$VM zu}bOpRfO0jil?B7H632UB;F(T?I^M&I%%04DbP0k<(h$6Ws|=Psf*+*(o$q6wQ7qUEkIl7Re`iWN+%NO}hoZ<8z(?W&s5iedmMhs!XEzTa@4ChdC zcS_K6ZPb`e+c4?F2ZLWa3vUziYq$1AHqzjvGSki4w)T@(J!C#UTU^P5YYdj-HaOLIt-8Ny zc}GjggX-VX+1AunoC|k-Kauz}i1J2JEGtdyExjKdj>cl!EmNI~Q}#pMkDt)gjc6{v zy$;TA9U$lTjY6qH8NCGWg9g5U1g|@2iVZH8WgZ=sjb=W7UdW4z&%+ihB@I~Yl%a7` ze|mgK&9mDOIUSdJ!}z7ki1z$DUqT*!aVzt=dm@6AEZ>UJDcFWshm#IbiObJL{_2xX zJQvn(hW*nvWp(52H9*kQ#+LU6s;_7ocWdnJmN*=>e3uY5DAZd1`ZLbL_ zE@}+>e~ReUaCAO;!q^$ru=w(RFmPzIN39PVKau25L&O8we>wF@oBgm zDQjz5k+im<75}@OZ)dlL>@haaT9_#ejbe&HHPl=DA*+~Elz%7_or9fi)~4l6NumeM z`PO#2NE-m=d?jSd-^mWH{XW>ya(y#_ug1V;{pap+01*g_rq;pR{DZ_+v!4qFAz_U` zX;w9VsVI$)a1U^hYRD7NYk!jX4xZgK?EL#WScncS#|N@>puEy&wRDZG4*3P=QoPaf zQZ=pTBL~O0upJ0+!pgC4PHdt?TR_V?oU2^3H3VguS+H$oCVIKb5yM&h)Vap%Xg=n_ zV6IrfV$4=x9M!^6F2)=5pmN66GdzInPe<2mO*Y}p?o%plPHw52z;_+yg z*I)=jVcEIm(BJo^nNUqyS+|=uHE47`W0sOqM0HKnHR*Basg>CI>7&lj;j>kK@c1y_ zCKZQw#qryZ^XU2M-x^Pt&JrO^GcL#e+!5Ui>~%`?1TjYnBT$vPy?}^UUdrLLw394gCa7Uc~bUSpE zBp=G1Q}SgfXVj0cAED2(`^EO1hy?qnI9CC3gY`E_O@3bcRU*TwRHq10M6jALO4L>^ zJP}QNg}bKU*2L9H&Wa`JDuZ+4S5{%h!!2Tk<^r~gfS8i=uvov$Q)iLv zyi`M(rWG2L7_*XrM}luHGFKBRpA42l%wpd@9P28G{2d)(qLk*BE^;;E#516;efgGz zD>Si#y}XQ@cgxx0QlBXFeSv{5tfyIWXSpl*^#2)tU}3*^sb(e52v)kGkHsyk#)ai@ zs}~g3MOYi$VP@1M3*lnt!mIcIMdF?@NUiL_!C6YCy}~`(r-PX6Xibm3yVZ#rcu@7^ zckfW#fzK}n_q7Q3-hJ5ip-n#m|8`#lTm&@>UhYxx%_xI5x6+w1UR+yTgx1smv}>@D3?5QUzej-J7k zL4)!;yek{ZF!Qd8XVGvX#(}8ITveY7(tjJ37^>;R)*Ifs_@gfyClPxMUa^#+e~y>p z-3qcATPG30E2l@*eUf~@TNpi&`+!HMa1AK1BzBXvil7DoO@P@_g}J8!rQHRg$N{CQ zls|^@*nO#}dCG;gza`W|&(+p3V%ITi@yxo&cC?H1_b=1v)t~44sCJ(3#IbGwz6ZL@NH8l+5xYrbt@t$mmtEBqPIYl@8T%f?UP# z)+e1%^}C3{;2a>LcGwtxVq1Us>6r`mQmqcr!{m5H^VUne!*1xmeE%h=!{Wiw7N5(A zLKS#p!g6QlTYvw@r4N*Vf$V@SlV&ehE@$`;0@iGbUT<&6~A)K%mAk&Va0Diqz0o%H6`L&Pp znPx@K1FJm!XTKfrQ)bWi2vSQ*vX8Wc;_<0xCeWw$-KsC?j68dKUG2t+4w=qYU6rpgyB zPH?vo_ubjr^i!XjKOcSIc829}o``p^6e@V%tA6hpuvV!xoNcb~3|-K#h1kP;!04k7 zP@JP%l#mgBtSAGHGy__eluU8u$`srxTVG2duuWlkA0JXF(dtkBYL+MmAkirG9k6i6 z&R>O3%l6LM|GZ{SOK}FG6A10->weGXA>sh7NQZygaXj@9-y&O=CR5uFW^v|cUpN*o}JH*UBBe7g@}Kz-$xCdQZpGe21F^7(X7(W5O9}cKxKMS zXJ6k?q$!X`gfByeWp;^>GaE^yKS1W+v;H}h-7Jd%Q4)63;34*yM>E1ayOqM_QU&#| zZ#S^c!K=*mA>%Rga+`@TFTlFc@sNW}nw^)*+j9?EU?;D`7QHb9>27+y)pC>qlqH*V zt=MHZ0*FOZ5?M*@r`w)3#l>ilBOD5JHD{7;PBC2<-&Q+;j{}LV6>yCBZ9uL`C+VW; z{Mc9ES|XqAK~xHF4P~a9X~oz^4yNu)AwV}j#D3eJ>(lTE^@v!=SxAF|T^w7PF8n*+ znbOOrujwtw!qq~SKKdEdVKkqxuA=y$)A*ct*XsGp`c7$`|f0PsoGYgB}eN7MB^WbaG%FXED4Hy=B~)pE!B(|d%dv=9N>~rC;=os zP|JJiBTza2u}(&Y`K0Q0EdNpD6`(CE46^tvJvfGIffys-_FBq0-U@;ufYoY|&Eog2 zjx;ypQds|}GdL@r#^+=bh#R|EHu}C*;GGgSIT+2(FSd{^caRZq@6{{0{A@iMyEsfV zHvxQ%+JS}&!h?s}9x4S2<)29Dm9scNEXmxJKt1j}ff(R}t0H)Gdg(F%SvUpkJ5GKeggP&-byOMhZCh zn?-GId27tX`>Eg3>H43ZtlvlL*%Ia7>rXRjsJ@TEr)0$inuD46Ac8W#(Zv(jr{gi$ zfq+9-xnxl{yi_cFQP~5}n0;tL3)Q$+HqxvM@u91KpJ^V}N+{It&1?Gzv<2}5`x8^o zIAb#~a9BeMgn2B>u`vsX=Kj`f>g1)a;IJCIBWhp)HLOeM{^+Nw0(td6E^(8Mo$7Ha zUCA?bDJg6H)mm%S4!pvMv{#Hv`pEWPfGBEiCUrWN0>*%YEPbe$uKPE zJyj&0NIa(SF-zSU=ZmM-7x~Z!<^o1)uo(CfCImV0L->rS03?GH)ihKJ{_Gz=6hE0v zi+r`M6bK%yYE@8&8;dQm^s~;qv$^K|cyDXF)$-npnq{<(nIX8Cw_&&6*y20wD?o*; zX@O`R^}0Zj`@u`aeLcl;mh|~wWGcR=D}Vbso~5rpSMx(_EiHi{z;$}}?*}3Pg+3-V z1oCatlxJRcsw`jXMj>6A3$}Vks5I&2s2E5doP_G z1l(dyv%1JMZPA0!&)fFbA#^v?Fa2zpzD6i6okfrhJ;?{ImMRvCjAsxmd7wPF?{bom zI<8{3e*RM~mkYsPpuq>E7_r9V^GjfI%icu|B(7jbM1H6c9)f=uTXuTM2VJ!;Qc_XC z(hxB~L;PEFn+JTLmry6rD<*JG+zZ_u+`8CF*7v^E8`?X`_HG+{$1q3?&W|o#5@-}f zPy zMA)#UU8bX;F6*Z@gA%MwVzGET5MaRuI!?phVD}4W7Ptq*R!;gK&1R4mTcdLd;oT8a z;^paZ@oy4XSnELJ-`cC z*2#~!3>ITFgic=}uzxh4^bx+murnp3R|eYxTZ-((7Fxs4u&=O{#A_q@iS`u*U>8|u z=)42w>&eV_D{bd6S=Xogs7~^f;-P+=HI=*G7ZoguS)ZWT@GUH;YCPv}ED(vK!4sfQ z%m0mI@4#4P(0ZwEiXAVtTo?vASH89$SyH9}oiW>$TfqE}A z+vLH?$(d?)@(ydxmdIn5Bceq>-j;jG&^c@eqSU9%TrSr*vNHb#0&yRvW zP--KAc0ey=$qitIi-ZUnKp)K)Pr-}Qf3Lpr0+Un&=vh1lI-R)NO>9kB1LefxY!`OZ z7jwU*FHe1-NnD=dhfK2;CdXN)zh|8|l&xTUH~!l#h;E;M6~7b~`D_$mMLhmVj8aTv zWArR4Wr+U*nh~&&lC6azY}raMWLU98O@`Hm_1|FS&v}XC^cZi$ByRiY;yUaj7Y^L# zF@>qYd$zF<;?D$Jjn}}D*CrnwUu-DE&sE?#E5)@sDrWdba*qw?jAJZ7M(TKVl94#D z8A*om|E;F_Nvg*G?PzB( z?J+gJU@exViyuJ#q1(ca)vinsflPMcIofOsY2nHfhx6_u@UwZb zc8zllsd0Q(LrMB5K_x3x+EymT>iOG8aLvI<*Euc6RyS4k(psM0d4OPHq!q5pwnBjAYOxw9P zk_wZYFqe01O}{qI@B<77z}qFOk|V~_F-^qXC`MCbi{0Z>)X6>BV|-M|kTdwp(FX-n z=glP#42yPs{QTp*mW8bcEg-VD-yc3L15e%n00_ly@aEn=oGQPo1<>`A#aD~Nechnj zg|b6zB+mmyDO8M4bA4Y}go{bw{16$L-6bIw2Se`>kmoi|^4u&En^y+va~WNdKR;aN zl$UTzj$Uf^-9#LIi4;kmvz{OFi!*d{9>ywFxJGp*YiB?;^=-s?2%C3xu)XyI%y%GT zbb0}R@}Gx?HV&9gQ(|@rAbZm3)bU1=uuhw*+LNGqGV(C4l~8yOsC;1CA*b8khTZnt z)xt)D*WZ?QwJbbIUYjlO0~h!y25%(g3*Kg!ee*lfomo_fDgN94oKKolb;sX4hZ)Rh zPYjaVY;w%~5j*z1G<6p;P4x6b>&kbs=}&G|Wv8z|NoL6-fxvU-)=vPzjZG)`r|*GH zC*}mzltzQs-u4qxosWloMwHK=eHB;eK+Ppi_2c;ENmAMTom3W1@NnW75bxEcbgZv= znT=JkZxhu^^*u>i>HD zZE%>Bf4*W6s>4CWUTdEs(@+-uJ0NcTDOjWSOj~L4TT#odKl`8w*2*fzQ^lF=!Q8L zp(!Ft=?XmV$mx?bxQ!3e;GM0fqk3$|n2lq8F_8_Sxjogvw>(|JwNFYm^b`(y!l67< zCjz~r7Z4QlDUaVdkVg|B;)$@sp{y}*4G{9gHr7GzH(^V zmW#1+4Vj!+^Vgf`+GJZ{o_=o;C`;e;`P8&CH+l8NJx{Tlm(twfoYITrgz9;0O4UA1 zsrn}=^?N^YRnwz9muoj$tU>=~+siMJm{;b+l16opKwQCBM?wcIJ_}ktZ1FNUC%K<= zRFY~H0ERL7r^eSXB1v-zi7PFPA#Xd2m$R*8gpBD}()8aj&RmB88lpPPa(q;71J5rG zJ;_PmfIPn?6c4?4ZkiWpKpVUQV;Mk=4Ie$Tb^at3DSMlQK?MKTk_g~TV-m7~{3SJ#Zo6lP*4?xG|cHrt%5AvUs06u=W7FMQp6 zgf?7BHbJ;9M_0}s74xPBccKPcTj5#h#-wHHRfHHTK!vWl9~bW^E2dUm<%$`}I%4Mc z-cR>%)(%%EfGX4;%oM8Tb_%zO)*kK%wuUs*@}RwIf{%X%_{X)6G+SWq5<>QT(E+VH z=)s(vT5xj9mGj+cK+onR$1jB_9?_xWx;K#bl21Yk<6d*^UG7oo}xIQ01)G9 zp6hC|wjGG2SXO#I;<#F1pHjSqu*r#49G>)xw?6(gtu*HxKOI=P4|Jv-dT5)Et@hum~&;fa*z92Nd;nS4s6Ub@KF zF$eSrsl3{wOT&A;)@IgV5njtvC7w4f_#Duealj>aSa!I<(VXXL#wYq{*)>wj_45f! zD=?SS*m-qWGk#P9^r6|8+iRU-G-n}v7gA$4nxB7^%!wZsf&;iVhlbO-^^G92A4w=_@vSKJB2rU~0i5X>YN(!;wP&x$1KRrCmd_BXIjv ziz~E)dRbTx0yHd*uJ4#@lo6!=Tfg~`dLb;$@ zvnx-wglC3AFT{70P#P4b7Q;+Nn(DbI&la6i3>I3e>{uMhSp1aIB{RF^fM{o4rW?tG zTP9oF5u9N>TjA=iiLoE?08sw9hQIwa$v3w*6G?x>t{j+(*EF z7~kCbm^W_h^t4U?Z?ouXEq8DBn|?`FQL{pxVHLhh&oKLX+a8EIfKm|?-XgI6*}#XQ z|C#YV>vi)X_=8jVGsu7f0qQ)0*I5DM*m~;8V{cTsH;`BSE8lrm7l*!qK)!}|rN%D5 zQw-xBzx>7wfV|=p9g%7h69%-vRe7B<&?y>e>RS=tUK|}M*Xk467#=E`4cuN&aeo%f zOE8P@C^%;>xy1Ewn=o)_1oxHu%gtx1MbysA=DfkL12$`2ym~Q5gs?J$7FkI(gDh5W zIwbRF#Ivin1C*wS=v+5uf>#Y)JZX6b!k?0oGU~ntpuK68VUvcDMYYV=>yzzM4 zew>R)k;skV7t9#v+j!s;hu}L;+fyzdS_#>KAZqxp{VjMMgnXSkj}zMa-o+X{cGwB@3I3M+ktw}v0QgeiSLfye(P#AU?14a$5OC0Ix`i)e{> z!at~CH+38D5-#)NJJr#dUbfQrdn3!$%E-$J$4xQ(S|zdIq}EZ(oUo5T!_iCA)p!2+ zHt|Kwn{!3AcK4;dq$)8BzB-X0@M z7wyhKG6+u5%Yf8Uc#(~_1KU*L z|GDVn)S8{((%k9|_pU^aE$V_Oq?(~$c!D5K@O5XmXgOzAOUHQ4=sO=vHjFMyKIIXF zi9DKCVt$QtL$NttEDa~|9NQgsVOH7g%L6_@M+=~W6T*>;$ zM+}9ldn=wPjsr(xUHj!b2JWcRojDFqr_N#bL+_N*l+t65&MsPIRT)hruTA(;y1ate zVaD^HJu~K>kvN5Tg%;u8YeT}WHyJ+K!@G3HB5;~!(g;rMRZ#t-ZOfueugKIqA@!cO zrTO&WHAtIDCcr#`Hd?D%)C9Ps)2Nsz@%j{B=3&8tB-z zOwBRocuzU=V7}RQzFj%uorm_F>r7!e`b7uRyXYP#$Q>b%q;2~o;-b6PFTx~$^tw4C zUUZWUg(dB8FcsX!b`875iu&X9>>P?hF`kSTS_jTGz!~9`EI6KaM9e0k-wkxan$iZ0_ zD~6oD=rm?*bdL6oI<#iid`%QYbKMvIpTe) zH&6E1W-}Fe@@t%%b+$~)fprBtE*Bt>xCCfNIKX-JxM;ntIx;_uPmbv)&YIbA z?YW)}5|7O!CYHlxqwr~F8(o)#t}$1wx?WWmjG)a(-{|3l3yMqd79)p1P7!=4hE5E)8}zd@Af7fD z4!T!?S+S0DV&i+yWiQg3YENTKDP+{%GH~oou`RU7J0osKcq$!xWImfLi%oZJdQ91$ zfMY~zgl72cNlnlDw(iq9DcS2*&E5ECBbxNG4l2Zcfno2+m@>7w+XQe5+0@_n)(+_7 zI+4~9a$UKPxC%W!IPh~j_|a|{D3vZ;{e0dXV-yureBj&cj!G3SuC+cqY`;)DE>bl| zT0>E8K>3xUEd%k%#!x?`%rgcX51vBUt_8aiCofaxP0`*#+z(8 zbT!c=3)x?{GF*jvHkY+(a6!oO+E(h)T2JAY1zpo`HzK8oO`_v@6{utdO4hD4_OQa6z^pp|l zEkZA90|r0E+g?X|dw5&V?H6NY1&}ZO5L&DILGH$o{3qvJ6bCPE?H`F7LK_k=f3l~PCkaSxp zThY+6xKY<#Rn)UK_-C$}CTgl59&XXFKm!yMidTTC_Rpsrj<3RchF$ zZKyT*pX|;Zq*9t=)1PqlOar2^5%opEFD$3A3krq47exc)fLPgn56on z6B@R=x@s-q@qJ7d4|rhOGgNp?5lMQtuBcll+|Vaaq!C(AuJ_U;-{RWRHuU<0p*2F^ z@rR{PPL+gC`GqwGXqg9^BFIkTOn*`*0Cw(i&M~|w>?I zVbf-~bs@*1$Vt^&jrNyK=QgiR-TqqyzQ!kY>RTw=!0Ot7A@$2fX!G5>%TsshP3(&z za)zS1Ud3A~S@ptyjGWA(EF0&u!|ROTVX+5hm;Sq1oHMT8lyL}Vm)NuCl zb8JGeW#Kj<9qH}`p0U9zJYRP4Z$TyKzlv(vr0I};a$5TfsxdIDgjc zPZ}=PxGX|fYK|yu7xTvsi3VMlr;amrMw08$?o*qE=Gy5zfn$8_NEqh}oXy>e`?6u` z2lm%O3j$yfQ6BDJ1abr6+RS%g=@y<|@8>++R?$=2Q?BOH-0%r~CPqVYUsike&};bB#q6#slxO8m zPYr6jkqla^5oXRCSgrOTWr)e%>_!0lJ5w?_aqXt?gtH{RMT;AAx&E*mc9?cwjF_@` zG}2@LqxrXpbdO;MW`SVI{<3+7zf41`A)q7gFQNb15(Ysx{~b4!TsFtuA3K;V=D(tj ze8*8VyAw$JpQ+oOhj#9^Gab7|rR;YqtJRz0dDk2gSWtnTOc^ZZA)EoQ95De)<~v^_ z^S?WN39gDzBQt_?{}nuP@2mUF^6#Vfl^d`_{63tMKh&;x_E-!$)P0Pc5R7nX{QuA@ zeg|V3OaJZ~p74&>RB3He+JeYb8>2=BORGSHi&S{j)HHbNf|7R8A_wU^^}UwZ)hIdG z2y1>;+kTN+7*vZ%AX>wMM3~ccIcIBsQ@ey{vLbrf7Xj0FisTR=&$q>783xBdmH%P{ z9_qv9Z1fkL!2xw>DliT2r@u{;1W4X?=RsA_esmmzMGngxjr;M?OLVID))ojQqlx#s zjUJJ*+jf&ovaJ4e%LopmNPIpcJqx7`Waz9M>}+AqHCu`Xgylb>!@_QAia1)e6)oZ9 ziT_!`BEP**j7W&{_jf-ew=|zQnRu%ObSv4hOTl7GdDT1kBY4b=g1$>w}GbcMR;$}ow zz1VXR3)+&^)z0{?T;%|Eqev5kGWCHepKY9>P28aEEZ)lE#rVeu=VMaesdR{H*o>@& zQ}-N6JiB}Jg|sI9P3X3m;Gj#!P;ZiEq1=>_m`Bq zJUDffHPl~NwBIiL6xDnIS~KRp@@l^3d#%}Ot*r2sboJgB^S$JSt>@G2GZCMZL!ikV z{CI||Oans7bOOPzL(yU(r1!6~N@!kUfIl!F35(0qf!85VvQW2hXVOys!Qt^jzG$gi z=*l6N9=!ZrZjpEsf_GTpfddRU;@8b{cGaO%FHiY-cu!er%nAl!ToP zU^{OFm-&HOtoa7Uvu4lGu6l?v`GpmAU=E9dNW(&<$e~_SVXTMQXO-peIPiIgf0(Kd z$DvMrAR8m6LF`Zhb4?40Sw;s%5v#M1%;a}9G8+~^p--a`;wgR3bDs?#poMj|Lu%&t zYCPK-SmYE;M?c>D%M*=eGc8H`6Fz>8u1n<_`UXyz^=x)?9tc-UU5wW`IM~=A4HViL zx?sd@aX(3mq;@xAj)+D6iZW~8hsSl zc!&suA9MeAd?m5aOY@17)3R!de7GR{;EWts?Tzs0$4uS38|f=r@(2exnT&>fxl6*e z)&R{AZTn8q?64P6mt!I-+Pe4EMx*c1xO%4HO#NOr%#5^gLW+gwVBEQ^W`bUE^GBZ039SVI7=EQl8^-XkgJE!{-cHVTi$5&(FKX5Oj{T@ajzw-v(VPyK6fh0A}ysp8zK37a0 zvanu7>&>h)PElK^+IUlA-n_TDCpJ|W_s9e6jJBG?z|Hk|S-i)>A(MNeg*ht%Txb7- z>F+6#ge6g7@@+%*o_cI-{xG&ZmW#KfyZTMl$Rid$U}kmGmMN(LF9v_J_4I zvU!XadR{k4jS&IUG_4P6gH2_>hpA7sw@YdSuA780FwyK4t%pge znNg2i2w*wdy=w%Qk77^n6cesJL|-*q@P}z+7T-eJX_P41(%OV7N51LO?JG!Aq8)IN zOa*dn4Lf{KbXY%9TkE9uNvO=?9Q8V~gThO_9x#)O3$_2`ZB=uG~ z%rpiM(oMW*1V>Q94J~y@6E`1bk2!rSm~ozLU8Rz%`d^c~gZzgVk00b%sy~pw?6$eP z*yE%jS8A+jEwABBX;#OF;#y627i`Fjl8yHCBH3LJ+Re9`3RE-AKhCH%u|f z{ZJb<#Ak8c+Tbr8s{dN4B|5K>CBHqEm%ypoL$_$`SkN$NHpkb5#_-A2)Y?U|QqS-q zrq7D~b$vwD$04J*D%5{%1I|=Oz(Y|>5;>Sz%G>hvv)=oSJq;{{ha2rZ>nxu`sGdpp ze!0mIG#z3e_G!Ak&sdPD3`MB1ZAv!Gst_$NJXOHho^6D_JE}5s7xC+8YnifWm?@iG zVBS8pj6H$NwsKqy763~x$!EIB{#Ry-=Nd!d!3u}?o_8Wo*$JsMd5HS_&&g+d{5hB# zwH4*-yKi!S;6UK?9Q<1xJT^eXicUB?Y5U*P65E;c0@q3d)vg=h-Q=ivdtaU}LY6c| zS!0$`CPS^C!El^*Y51-tTY$`u5H7PD9($%9KR!K>&SB4xN@ux9{!VSNod!PS^PloZ z-7E?TE54feL^Yr7SIUH!a>>0HHd?kp2-Fvlj-=Wz%TBM&S1GBE0tAt^@fqT~_cx5b zcHIb{csrAhxF%^ylIr<=3)GBX3RxEpS)(Kg=ecYlPJg zQQI*cN_3>8rwf6wyfjH|Mg^I^b3OkV4?@YJWxie~$)Cl4P#a#tarAL~lo|qgMDuH{ zvsv=~MYi_p39c+;?0}0`HzS;tBN8X~eq^8dY5(e}fbqG)i=t%yEE)hknb=+`+fKPOLAQ&ZHm-v5;H&^n@Twmrv}3#DjH znRQ?NlA+i4Z@JBCXCoWiu4wr*st!ZyYOFGCxyPatkZ zlzODFM{(}Rq~9+8`aeOGU|e*6{GmAe)O+tf@KvwvajGtl0Nz;d=JG?XLyB8A0BygWuk)s}x^cffZiwQr5X zDp4GXa-CS4$=a8t5kr;d{wm9N2=N!KWOD|b@J})q(ujAXQiBs>OXE*1fT$Dg{Hpq4 z^)=0Y_s4i!>$$bHGmvZNG>jthobokH+FF#TLNDxDY-Rnk36dRLw5}OD3pK~Kt3Xs8 z6506N?#}hJretU1c*EOpu2JDw<9IC=b<9{w24Y}PFh!t zqMEfl^+cMBv&UZA$`Kd)AJw^fty^S*#FwidrS(MKU&-wjqsU3&TB`agZMC)wCHML?pJcYtFl-Dtk_i_j{(|3~yiYhxPxZ8E)mkOXu4-3YPGhw3(>q zh2&WO@YYw_T2`0HIz`Vwyp~_bE zw$E!YT38JeuKxhJ5V4()yvC%4QI)Zlw~;i!AYVpieCQJ{Rwpl3`w^^+<{OVKGKw7e zT;A1~#gn3U?@8@jYm6IqgVxKUGk&(;{DQIj=J-hUkLugN!7FDyLY#~X9W=>$Ofq;C z;-ho0c}F85P-P2&4sC2EfV^XoBu@yuj{Nx_1u7^+ib=!JLC)evr}ej9_n89at(a7? z>-pdyXu{`a5n3WV`ixsa4t05f5}X>h*u6y_FsCCk{HR*x#PrG4J#Y4VY1^|hqYhV^ z4Fh5{$WeEhK^&;5g_RX5vLJoApv(dR)qy6*`%Rmh+G-e~5Fbq(Be?TlAmh0JfFS^U zXfR@Py6gOl%%7D!BS5s2O<7xRUoW0hmfj$i4bxZe*(;ti6#Zyp%})rml_Wpi9u3qwQcUMHJ|`Pr zFuO+oJXP)6kIQ#CrHvwKt5h54CYw3kJv^x+$r7t=7F)c}K#v!=%#M;$-CKDW)zymZlTXc=I1d_4YwOU{u73SmQ^@J;Llz z`_Ho7Ckf?Z{C+=HikUhHTld*iPWNt28TgfH@Py4qO3f^G6?sn_d5L6pJBrn$8&7SV zcbTYmHy=qW>k5R83@$lzdb=Nq)y*A0S1uVBAFh@B7Y)O$cHOK2Dv&QyWbYs|=^iz7 zfVes3VZd}IL+#$sbOTE)Yg0HA@<;TOhJ5#xpU~Km6jeV`yt~rvYjaZ6k7cIi9!|Pa z7)a^6vX|02Hz2BQy2}(2*mFBG=9s(tzODEKNpouO2cw`I0x8-?wdsQ+lNS>rz+*u%XsbrGTxzGbOM607NL z0P-4#z~02-?w`giCT(p$hr-=#XDI{-qplX1H`yQ)cHcSaz{$o=9a1GUqPR9*XGBHq z7Rf5=GROr$0as{0yrd{*Lz5~T7xR{hcCUm@PR7PS2GN#F7)|20j+5P2HuK)gb#-BL z*iz+;;nVP;jG65FkzI^p_H>3%+!rb<*42ka*_du;Zhy`S807sXHcVdcJlrgOzlE&G zTu>IBrZ|MBsB7&|nMFXRK``R7Rc5}=5EwJloF|Wo3b(BDN!ggs?Vz}c6w5s9P}1$& z)-KEmtkyV>6oOs-S3uRd{j>=OVjUHjY2GLg&M((Ojg+jaYzaO@hDGQuT)gHir@?cH zA-erW{i_i6jF`x8tlmnyJjn0u#1bj?IS)>n-aLV_%gq%=aLcM2U$ekB6WoP34;6Kj z);zxk!VCyFIGFn1n+uJLId^iT4tAZh9aU{$F>Edw&C30woRYBL$=5Q{$?a9|IFU=< zk;uZ*eZj3}jJ>h3FUO*Y`IE^hP5yXe zb)x&0muI|;+K=|MJNPe{P?m6wN;!w%E{^dU;W}lG^=bZln$iLh&m$8IWg+YHjW>Bz z#q0ZR^{cq+wB*-KuLi*GkM6E?tQV1K6pR!K>M!TWZ?REtSeM=`&DScs1cHlIFV<6! z$xo3!=(#W7ZSZ*_c`$-vga-A=w3rrCInKzS2~pFL zmXh3EM(8zKwL*)Czd7|~JJ+0xspY|Xb*PU+o5L4aI0P!=u9&A;MmCTbhF+`>4Z3=| z1H88j*;>Ro`~3y{VXm@v@R>YSoOn?WOi75nX^!x7Dmnpj)VabO%0K9yC#8|V`7n2^ z?>PQY?NG-wt8_sL%g@B=WnohrWIG=rDyde3ek>YKF4a{{_r=EJk|)0$YFKQDX~rt} zT$kFR&pn=~!M}?f4-N#>4H7^g=T6%6VVunvLB1eE!`X1rHPi9m+6is%}|aWV_+=DD7?Ultz{b&1*#e@^(%x^2v>|aBWbfz|=H= zexQFP>v8~TZ3-Y>I^IXE{abq*BZP)Z*Rg!7Bq{G&#K=V6rrN8%vcO-}L99O#C!XKc zQM!_In9V4V8B(5ZOn*I#ZL%eFYrF=NW|5F4Yptehl1inqu!dAelO$HJ50`6U0=d#J z8#ZS*KkE7QyNNp;{APSFW{5cc{`o9|Nj41TyDgZH5QiPDcsE55zHORs{xO9QQ4!ZP zy3`wSe0x&v2Yg%Tp90(vXI~ASdCX1{j0ng;+&op_xqh?uk+}C_ zO*vxR@jT?_mlK?ycc}K3EZ*HRHP~wlA7rRBN{KJM%V5ERLaJU3;CFR^eLG}}$XO^@ zP0wv#pAnJf(GWiyHV{klqR6C?!@D4Gh-uw~BY*UKrVmmk+D5nEvtonJ2wmZ~SQHxM z7sh6yY8!@VG+U|Wh`9emT0_G8svcG!bU&xTME9OuQ_S{JJ9F#%_E(djnQfxRj6=*1Y3YZY?J4^O_ddDg8b0ka46R(Qltr2u}{66uQV$@x41P6GJSL$JE!9!-zR3SG8Zu*$p0!{2%V$&XH!<{9hLXSN z+Kb}H1*KS1TL+MPxS}R!Q&*{gs4#T*df+n}ko%K7RK;L_r;+mlboLi_yZZ4DsZ%{c zQD6;sYoP%zHy1Ro*&uR+Jr74qBpTA3KEBtr<#jIa9{)5kknDFA{*aG*xPrNzH_j-q z$u2CqMwNT)i=al;);np-h$PbwGUdG&-bGcp8C}*$%=U~d?_6~N&{7^(N>HuPq=r4i ztCc*y<%Z9Y`PE4GXDs)A6}%Oo-~oVRJeVC}9Q(%LA($0moPJGGU~EPR8nA05p_k;! zCCm27u!>RuM9RtgZ(d*XZ@RXYcLxuo(HYz+z?dbGow@g_0?6v z`>(aL(Q^$I`n>^3m@nS}@s(x+Wsy+eeY`>a1u}=|rdFs5pAHHFjqfS%JY{iB^Ru69 zP7#tH9f;KDO^`aj)p9UZihHXdTIM_}Mk7f;WpyEC(|xt40wXlli4Ol_qW(?LEDLkd zwxHPXir}}zB5=c&MD%vd!(7Z#-fCg^^StS8S?TbXRfk1!R2@T9LDq9oR-^gb0^Bi7 zmj%iMDxXOisI$3yj|FN==qbTV0=M;ts5rvPe&LJUQdi(Ra>u^j4)YYmA(6;;Aowl! zd*~+~&|%I?xyR?4u5Hu4w%rut(@Y)Bn*~Fe;CK6IootokFT{xgpn%4mzAEj(Wj|Fd z|8~aEHSWrzqBO}4<#~BeA2?Y(&0P{QQ_qy)1&|+sd-=}ns({qdF}~mJg_dRF3;iTC zS$F*uML9%ol9Voo3=oG`13jLemf4ESHOh*^Gb655Z2&{fA@0b zeJtsR3=B8Xt?#-k!*$6`(ir)lAY9zFVzewL@F1KuQPg}X!)&V)#;TkV-W?oW^oIV%~t zt+%lmxss~JzPtypQai`B)!XIv#7zW+MH-dHJ3d5F@shf?bzprYCM>5FgF5;lj8aJ4H6=4x#ucGM*_Y7d*kGYwAwvHK}=KI1!WJ83)BK}s;a<_F$K74*Xcx-$;lI-o2vT^qd!)J zBN3F5-^V|ZrTR{oO|GDZz5jYi(;0@;j;A{b%+D}duzS{eMwET#@fwaRMBG`$(qNlB z;@VnfB`z5o5WF1#d+% zG(DNv9z>O(vzl)?i{!DY0?0dB7j)d&@hn@*xUJvQo?z0N8D;-y|9{Dses@@_Ynem^hB1aD7WD?6*^oYpL5RD1|vzSi0qY-C~lYXL*S=>AoK@eZQwXO{2- z(#7(D+*jrZ{oYLLuMz^8W_ouY+16c~SuXRrENlk>kH!0TBG@bV!M!k_q8~~1#)XnF!I2< zMuU195$TxT17*9oUKInBm^#CDB_3}Blp(`qU*MwxM?0~S^<2}OaG3+!OU_D z6x5^m$4NS?W}p+kI)+3d6xz!Hrn}cu%`@LD{sLpdifTHUw4shY)CDMA?YG@7II1-B zonZ!MhFIO^k*E#)?RqkxfIZ%&SSHSp9KKmc>c+ds{%{ST?1)gv*LS)U1N;Htos*98 zwCY6KSj-h{g60LU3#7Z3T4eAdajZ%sO*Ad_XR3xckZe~9nad8 z@r~fS1VB3l(p0@-R5&s*7eUjw6H)4eYNIGO^LO$y>< z1s*&PjOeK=nKn4k2BGt_Fip z#JBLjI`u1dQI4sv$<+^1C`9;Tt*3s%BovIb2VFj0*)Pi(lCeOm!E2A5z!--`T#Y3$T z!|=JLfbHEGH$dyQ-AUXP7vUO|iu#+^*tXia#*0FF@s;8{uWSIHPTFd&1VkNALdTdR zWJFC*AkOY>{5GwD+j;riz3mrexTU;!_EsFX*^=DEq^T`Jd3&(I1iItYFmQ+5+Au(w zaA`=aqm0Xy2JK|6S=O!k_`5!XoWA5_bTu~pwrQmRL9t4Z@~trPM`kJX#N;@^BfOkw zXs3xI^$g!`=)SR$`3lur0coP5bHsT!(sKR1K~)Xn1bOdWOe1Rqg9CQfjg4Jv?~Zgf z#C#88&ZfIbbF-eRW@gueUb$7y6m~ftrTsZ=AK;SU9gYd2>m<9oZ_Rfc$RO|<4mW#=@tN_i_4FUhHM)92p>PZ2N?q-G) z5)ZfnfI6k0iWZSc{V4G?Q|ve1SHIl1L0{ad6PJYBS%5ylLA$4Wpi3E~@eN!@>N0f9 zdTH<4HC9(!i&^`{J@IXOQbowv&oMe9EK2JbGkM zlU)?1V{X3+nN}(2$N4p)1cV9euNsd(Mk?^K=SnvZ?IG-DTQ5MRqj~z7#!0Ee(GGE6 zGfiFNxzaV)X)XvlPYI(WggzNb4j;?tH%O7C3`&EssrL)`UXVIm&v0HYq07_ZF_mXgG zi}Gv!6_I?s0l~YLFP_SXp@|2xS!;QuYLw1@NSu)<-L}u{2cJw2U-qUhC;6}CyxXL3 z0`s(jj4joLx%&gQ7~+5rLE2K~_P*=a{;2*6*uvrd7J#S&j6J1qrsBFTFlX)~5tj%q za;}CFV}<9W-WLA*z6SeFdlF1Sai@X?hadKXQJ18GzTcZih8$huhPP{qOh_n?XI6zt_h8F;BLQx%ta^ zHb804H(c;0Nn4mBt!hpNiBg&a8WsQ+IEc~zF&Vwrp8Q~#SFQhQ-*o2#6|89+{}`|0 zZfFQ>IMiSs#fo+5qUVXAm%iWL1T|1?FN(?P3($uPP?2rG5@qrCWY>2o zosKz|x#`&hsXZsfq2L=_5rt)ltasIOYOtUw3w!##g(MAhZh+p?J-#p}&ZYq1gNupO zQ>d-yr(w>J#tEeGh5s&)*{o@p;XFrmi;^$k@aRu|vo2;?-}_e!a%W#LanQCyAmrEo zY3ne(ZkPLGOgBdw4K(>`W7YW13^jQqqI}f`2wv>)P@BF*rWeB>0d?1}iplxz;}2c0oB)f9_AfO^r~PYD=UQS$6Cy1PQU+E+p)U5Q;D8%6{Z z^<7i&d03kMG|F1gL&(DRaas@4?Pw$7fzcAAUA%O zBjro=EyL3bgXar&GgV2_FkBVM^N;;^hmcGIk~=a8}Ll~|8?Dn>|qGX16zRnH@L%2j%} zG<^@K(2`lTA*j%fv9xQ%=Q)%C`r^)pCWZb*+DcK5HJX&*=NOFk_P2q8PZL~u2MxGt zX#k7BUr;MJP!@UJ5+Dn6nj}BnAUiNpxl`_F^Rv`@yOGqm`5IVg{O6SW6%w1W0MelE z_1jZKko&D;Y~r_kJmXOAZn%)8GaqE0b>~aoZmjW45v0syaRH(cb4Y=T*UYwnDYT}uahSC?)8~YzV>^dH5TM~YA*S8dM7SEi9`vcduKGiSr=h-d%z%f==T|M1N5dbL2EAdv? zjew+p?uMRG+6qyNwQMI`s2!RTIB1sjz)vr(KXxV}kf>gRA+&1JUKd<%w#5>JZm0tUM7ba*NnapC>1xlQ>MQy8yTYO*6NN8_9vWoedJ(5n|Le2s5< zbB%`O@w1$zw2HwBs@fxvW=t1wuS3JIqOeeF7N-;mKN z{vmKK&q;hbzdN>jHmD6n-xCgT#(Jo69ozS2?Qb>!yd4*)W9GYeZ#>?duio+B7eBLR zz3fH{65Za1Etx(ibQ~j@+6I2>;F4B-fAKfLpE3O(G=!*K(p(lII!T(&d-U~1e?4!e zST(|U^n(L@2oz@>cUh2EVYx_d8^jc2)W_<>K{YOY7a;-Cm{!3sgNR<8W{Yi(2<~pp+@>rzP z&X$k7`z5WXVq^25>lSrTZGTS)w>_J3EL0>qMjE7a|D2$vxmjsXLJLOb;O~7}L><0A ztmqp?a!ZDFLw@+LA^kYgHfe7Oq^cw$0&B$i1MaTcK=n87?nsD&;rhA=k zubXVC(hfj`Kbqpt(%a)-hK1CW6H9%FpQ=@{2P(*BNmJQP!_`e9;>=5>;sQV!<-Gym z5paywTN|p+_s5S=nFYF!JKDhRWz5x6M5^*6O1z~VRg zsI-;3&cJ=?)`H>#v`gS9o>LcM+*CSrtIvof?NjXN4-$9P700>xuZ*(-DXGsS$ZArvi8CV(i1}Z1!gDo}R9a%|? z4i%yO@c!Q>U7F{02|;u0Z6r}<(CwJNht2oz;(Er=tx~(+BYqOK%@;*Z2p+9T*gtut zk`Gk)HtlskOHzqs4LXL>AoZIT_lcE`X_P+ww8M9fYrRXcv4QwOJPRM8KQX#Mc+{B| z(hsH@1&QB?CjP-2Ez>wa?S0-2eI&kQIDz5pRrE*kl0ophas%bawxaNOUfyR<5?;m* z69p-Ewg1u!ehSbt|A$_%kF<)OJU`xA@ag>LXzE%+d?}h7P32W|dE0434g?YtGc~^I zUw6cHL~!;=TYS2~tR~C9;H_eM#7@8~2m0MQV6PZ_G*A{ozf&-FV#qy$xS}O!HS&2t zbu}s?0+xFxn3)f-!12T|U!uSI&m|?z?H3QaP(-h^&TR@1p%3H$9AabQFYrop&2~!? z=WG938T(`GrzxgpXYEF>o!&k=DzYE+kuK5)NCiMn&huZ;3DxIK@hkqq)U&$Kd~<$`a5LkZ^LYR#{)v3(+@Sj zQXp2b6v#f^(=fYlEw|=49f@oU8~Ka2z7EjVss)AqhJ}k28!5kZ8$QS3rtWS4e=$}k zWOg-9T<=aB?6@Y(6hc%|tO1(3Qnk)AwEq`$cF&9dwJk`dwgrCoeh=mIRJA8{6$@{e zqPv!#o}F5aQPFa)9pC2Y_4ImezpB=24IFsvg;ws$EK$yXAI<@LR1m zg&G&>C5<`lg+bKRuUNTG&)F_l9#~i=7fo6NwEuk*8$qjva%^zWrCQgA-jho>N$R|; zVcC(7dd?&${W;a{Y*jE)mLVnF_xqzndsZrn+!84V_q)o?`{01UdEWFVweK`B!}`X< z8gNX<5f%8|WmTJ&L_IS}uCd30c^kRWg9#YRX?Re@F&1+Jdp0-*gOv_s^%`+A4{zp! zdgng5@-D_=V{==MPe96VC<2RlPw&>QeMZSK zBWD`S;tOx+Yqa(x$A+ScZ=7-jT71C79G8@6@U9y@t2Y27U&GS3@x6^stZ2w(O~Cu& z_SAX0Gi3SSFCt*=QaB*G``=9PxXnj}x=-;YXEvt#2~+Qx3&4@}zZfc_Ywq-%LC%|@ zdFS;$P(n{~;x1mv*sOFg;c42AThm`lxTmJR*>UA_M&Pai(0p<^J)w?FD+Z^=0-fEh z;yW29H5lN_TH+I56n)mRv|YL{ybC+sw{8U%2D*riCXNllEaCi#eT-cm4Ivgkt;YC2`HN_7U#{sg+&Hh0FHr09-oT z`|xj;(egVmFwGqNAP?BSo0iuYnNZppN1$F9Mla^DD+~@`T*7#{9y5470p8J9?z-6) zjqA>YRzhM*Z)jXynGT(=2Dk;Yl2Vmb!dP{1kRlDdc*TpV;p=k%&<&0!Rqb@GR}2ze z(_Lr3Q>x_Cxc+(j0M-KUO_}4Mh|V7@voNb8n;t*GID93(tHdM@tx?gJSqmG{+- zCNQUd+3kvdw$pfOII22eVDqzzYXm^`<79$_(wbbH8yfsSqk=*$V`jKQ6Gjcx-xO+N z;`C3V&1X&udm3?9K3jxrdAv*3KZtmIcqLL>a)Q4#D>_ME)e-suP}Pr2+e0cfErvSX z=Iw?jA_-2$&MS`BO}Wu006E|W+QV|I9?9uD63rvEC5QS7fdO=FFei+vzN3PjGt)p@ zbkp+pTqmVY~i%dcURq#FT?^k$HfJaJ* zA@z2Ypqj(TaAU^mLqw=_Nl)IV-)J;o7X7tK$$+OTZKq%_bHQj|4VrVTF;WW#59d@0?TL_X>fX7Z}hMmNZ%YYv2fmA+#k=JZvOGGgnp%_RamL|f$>(g zqvOiz%m$sQNrOx_=aL;&*_%-c;MZut6n0;SvoXl5^>w)sNBwaC_Zpx=yMK>>|9IMM zBf!dW_;VWQ^ueYRuIAaA>61%WNnYYq${4Wkzghg@#s)f_Ja=>rZ^K*Ayysh2vIQ?F zAT1___p9t|T5AB$ASK{{)^YChK#m<=`tbYb-xiS4l+XkSJ8LhsXJTO8O@Cmja3XK< zn+(i$JIM#i+A09<$zJzzD-FlsSAE*d1|x#+R)sU4xFRRV?Pb+|78^NSbo3*eXQ+qg zpO>6jYXUyk8CC5GaM^H&~Z)Tn(Q7oswRvhTX5^ zvy8vH!3G;<{|%A=k9|Az?;bKJbw1mtas7jeWwyXXanzWIZ)YiB06xFkC*F|wo`oc7 z=eG5obf~pCh7t7UiH%Ku^_SqW${k~__|)=WSa`sI?`n@c&pm+{59pSSL~uIQaRL|^ zCemYyRXbA-2n_MJotZSgqt$-t))2(SQQmyvg7QlEZ$VGdX$QIF+p5Ny?r7d?aHh`x z|9T!q?xmQYGy6X-=b@)2mGg>CUd7;B3^2uln$dy!)31Mst&=VG5PV?I)mc zx>J|jx`zgpU3-+HcKTUi-vQ9^Q>yuR?@O*vv;pt#648klQoPG4_{YdHAVX~Eq^^i` z%+76KMXnv>OHK|4GG4@iS^pRdM>(KByqK%Oq#34luYbjSu&rdQz{`Lk>h3*3-n=Im zt5B0py3O6!GUxBSb~E9<*U^%s#8IZ{tClS{a#C>H{zl-~!qed{w`o3?;Egl+Q+$M@ zjSxaQaw-CptLKA;hasvNyr&iIvD>Qd@<0i1S$Zo zH6?`Oa3P@H5az{5HGED^{~{>=d#oF{#>~f(5-vl`UFsDZeiM_4HYwKp7nMrfU41@@ zFdn+|uI%Acd@gklIkMFA@{$$Y=776bb)U`~+cY5ofvIn4XQu4sBfiA)>xR_=7So#o zBZp4qp+bhiUT2HqOn99VY#o~ngQiXusZL`zcTv$}IGxYMJO-rrxTHY#{-!`S{?D!T z7KS6|deL*E$EGr7(U4KK-`Z6w8vKtIX7L9GW@71PD{&m;3CP<>UTGEL|EMiLt@dmA z+tQq7r5$U=GsNAo2U+jS4YT%mK`WvA-yZe=9?BdMakQD?)0D;8v^k~&1?M1t$XqNY zqgWa_+qG@?{Qg}+vfIsCt^l$b3m8!VI4*ZuCrx4gZLBKykg}MnQhB6FtfoHrLRi9G zhMp?T+Fl7|t4P)7|3Rl=o<=uCXK9vHs?y5qn!eAg1(oA+n1uE+89JnBncru~DR7Hl zs5<N@EhX$EEa*V7lq33Oy4B_gEfKR@aN|u8Sv;LRbG=6l$37)zbK~#yu{;=L-0GeaJd9EnAPXA~L z!|SW>#W|qsPNjivIv%)%*0|lV!-=}$?6? z3eAoeMkdU~^R~IC>CX8m8u#n^LwL=%AO+jXvENW$MNL{v4BPUR9BO1CUam)e6~VWL zgcG(D(B8~w$Wyb%jraMY2wFgg@OO18*c%-}evb}A3>Yc>V!E5iW&BG-fu{U_JAJFR zq=$pxa(C<__Rkr6R+6h*^W#^T`QdWmCGbn?BRi8Z$2Z;*kAj}xdYs40Z{(`Av-FE# zvzQuXlm~|SCrx#fdR)?eN)@r2vN9IaLKuBjK#c~9y{nJ@El_xBuWu5`YDZQp*F5cF zm^oUHBRTxMmOHju-Qd~4J?zIs&2LQ`a| zXwljaNa$I4RCQzNY0xo%UD*J%;MDVkrH%v&e~bi+`k(nQk~AMhkQ^I$2?x914ANh% z{mHaaOuEXXcL0XNJZJmpp#0%u;LbWSx!>_SwkE8|F7h1GXfq^AgPU+FtMNNSO zD8Q;zK!37&C3`~x==YESShs*!EMx}XQsi&;7g$N^fcZ0YZ(L*o@lsf}STPAb@fYna z8T*mDOeHRK3LGXX+^Q3vn|%BWcdBY17GT3iuyD__dYoq#vo^5AAhSX;c&QLJt9c>* zZXSfOIiHV&7QCSu(kGiO1+X+5ASD;`n}GA4XI!Aut1iheV{p#`NGx&xrx1YWpP4kcV_h?4`%bb0&%4;cM^`pTliczP7-7= z9g><`Ui6mG%s}QlR0P9qdBW8H5&^7$xjEP``6O5y8leT(#$HBUQ7#%ONfUPEkV6hX zUR)dUvdO}W{fjK+PVLTkyj)3vZX=t8HPFk~KJ(xBT)F)H20z&!b~sg;Dz-BKf$RZW z%>SzOK-^r8ND7gz9DB%B!Sj}<1x?72Lb0f+lVR)(GC8X*9fiZOHs|QTt6(|J=H4=6 zW^Ot$Ib1wLX8#?A0MF41=VBFnT7jd=FiX2BOj`#|S03M$;a7}2*dwaKW2kJ^0r6f^ zLM~ALIMXwqatTp3C{!Nb<)dZugNzq@k=<s{I9}_|`vY&47@}IeyV{BrBQn){*%F7?3Y;I;&)KRfKSTddW z?GKV>_79>Qu=}bxrqP1WbI9C95UAZw_jLAxlCUIsyb2nQ+8=W3U)qz!`kfw5jsX>- zBKyzH8%V|#kgPLGJ|P?U0QV6U;}ZaUwh{mP#(f|Xs_ncGp~DKu^2C6!Jm7u_d2}_d z&Cti^21EOPH=D+5Hz59Aqg@vKZN807pp)9#4;EmqkFu_KyU+iQ)|kByV9tQjM@QQk zh(;y)E%tIe{0+PEN!l<{4t;<)5 zoI8>n12;-#Pyc*7b7n7`R=PUrDUT7Qbliqd03KWu2&@FG0k@iT?VvAxf8kX>N zR`Fhl2aGd9$07v7WnzNQyhVR1wCat4o~|Cr;eI<0Fr3RY*Uy<>ue~$izLqkDT5lat z{Y}1Ssq60U5CVuh-x|Y?>H=Y?3~AAd_j-V^AUNWPM&P!{fMwQ2rAH3t_xFWJ{8<6a z?+kDMnDug||4MZB%%Eoh_jKjzdI;n*IDfs){MxW>`CU6JGf(uv}= zu4h;5(|k^xeJv7~xNuIkBbg55@MjUI0gAvl5kH6v!V+`w$AG8m%d02m0|(! zRSO`lR6Pg^0X#$htHD%7Y#=AO;f`!CHxB+#Ks!93o}3bW+Z5*rDYvbgN)Oq?mL?WX_=uba*KuZvL(UG8xg>KBz=i1UJ zLH^|>csEks!lW(S=3Yb-hOnKzmB8haHr@ZKv?Ru(mJhgTPm1M_dTzbveyLA0MELGhmdjvZR#7`{%SX~7%Ri3c0N)2-UiG%>Q&z)cL zw7a%^?J)LW*C)F8ci2O~VDV;j#fS2$dIiX!SOqrv>260x|9tVVf;l(Td&%*t9{clXs!P>9u^ z?`P;|ksd1@BYAoj1N-gv7Jek_I{R$n`WSgz=Wwc(xwHTGu;d)Z)4&ppHxn(-BKLm_ zcU4^Y$78Cj^aUVEiVXle-shJv1!Nkiy5A4`QCYd0WJ~;1mpgyema3mwAyR|*XhAKT zG8r82fuQBYD3Ji-G%t`tX@$LZu%L2QWbo;8YLTy*0+iX8_pM~}bUF829w;Mjgaqo2 zp5{^yk>wSTS~5f8&453Gx}-J!_0j@L96WaL~1Uth}^-oYC#EZ37W|0Kf8wX zjHci@#KIk+3uO@)s^>6;{$fUb^FSn2PqIR>9@E$n;XBk z0Mz@qiRNxgHtpV!7(Dq{`tF|aS3TR$C|k3y)j-*%L*+hTk_)W2}AMEFl>u6Z(j~%8?m2XD5m*3hR zzCc^!PV!L^&|v}KTVR|I`N*Dcf8T1q(*UVHEbDU&_Y zEzl?V=@5Uy%VTGE7UO$0f!NPa&slPYoL-i+?{(r$ZtvM;_7otwJwkr_G?*p0+!-Ua zw451$sBxHtiv<|B<$lnLQ7I_!84wyQG;>5yGK$t6>#5|( z#+89bn$yfgo)fpt%ReVod{o!8WTY~3u>am(*apDI`Mvp*^rPSVrJZOy#MiLJ z@M7FH9ebBZmz-ggV&}Ho=gWV{I&S;WOw4#&!}dWCa%EQ8$(BQ zkrp&57m>Ru#NacJa+BAME&VP-8bxIrgG>WQvmsEjaiBBJ%wbKfY&OFx9>Wcv?q zZC$g?x9HsO=I~>+Sm$8Di=KXp;$gl26d1SH4{dqo5TYMh2TcUjvj8QJ2}oNisdg9G zdm{ZiwG%x#*>r~vZ3B?cC_2GbGNRt&^ArC7Ar>rIQVzvouYKl=&j6%#U4A>Y*Zo75pR;vM#fHqb zvVNHCEt;G>Cd&Up8^#J2K?@pA)OgW!{4&@4`{~HC^tMFK@p0gRuIGz|)b`@ce;uQph_6oY^e;B3 zqXR{h}r27SRuu*9G>!66{WMzM?QwV_Rn-ns_7P$ zr6(dkM)`(HFOgX*jIM4(%nWdXKxbm22;Y(TJj4S!Zte;L-;PyVKK$BglrSPVVfEgXpN z^mywt#*#rV%B{=!Bt|;&adbWxBIQ`^q0Qw(Df?gWU?2BPmZT|Kw zL2=XR=e4{A)V8P+DDV($^rNJYH+60_d{{8U4O9k{(YWyv0AOX0-$tjrUorvZySMK~jo>NKWtt zfl0vagvZD3bu>t<{vMe@~1Je1^>e6lZ&+5luO z9-jjWEL1L=26R(wj!k~&9pwh)YiVcR*WVk%gE@_x_r4B3Vk=I&K2G-t9Y=2XVE_?0 zW=Yc)+XJ^%6mB~(bai#BQNwIyYk&N(&r*7~;lWD-$-EWNy;v#S?4@B;ZC*2<;`i2q z@VtEQk6pQrF#pk!;^;x6{Nf5r%}cj9p`|O))zyeOy=~K~F8z`01=(@@8p#Q2kDyy;=TDmX*t=kanNt>YUlPR*vVB)bwk2v!V%bHo7|tIA1{M`@aNW|2$va zeDWetPeYlFZpCGHPYz%$9p~8CN(ySLw%3zR_T?<@kX0ysuF7a?H{qwNNOD}u37(w} z4Sv73ic-fmJ%PmpjLXbv?;kyIDyij5yB(JYelB<*^|>I!F>_CW_Xn9L|=G=-MBg7@1XFiR^@aXJ~{O{Y!>;dWd zz(UG>r^@HeELm%DiS5sD)t*BAAJF)t04!{CilMQsf$x&7pyY9+9^7+5FPXX%({htr z?(f%0D)=59Bi}zcb#L?aI~&*|GfxXl)Ez~0u9Q7xDlET z9rpCj6bb-1QX1%hkYUi9sjYYXoLtD>CjX^%{AGvWohWwPn|Z30E%4EdMmxw-(biz9 z9Rx=UN^9z__~D;cb0%M^$W(B9uNIlB9zCsl<59m zljB5Kn1TQu@8{C;&Sme5@$LqlMIAGr(gUbpUYWZL#nHGzHKiKs#XNN|&x*Vr3aF3F zkC=HMQ(rPv22_rzS$d}Z{0m1OnD*aBBbk3dFxIgH(39zhxg$=7X$gxYdQgG2If>Hx zl(|_^H>#Iy<64Y*X>`m*9Zn0zox%N{DMq%a^)ZtgL2zC{NaN%mZ(I#(xao#~`3= z*v}Dw=!}EAr}Yjm+qf2`vA6Ss+#!ONxzCK>`Mp|N(RQm z=dX6w?vA$JTDeAN7g#7H#o-D2VNKt23+P4_z(Sh0JHmBTUbO2zfi1=S>-SrJ>VpC| z+B<;8jc7wyoS&Yn1$fx~U75(@;NoKgusl9xxih81o_NXD*EIV;DWHPPpvquaCCd(C z1ur^(btfu4L{EK~1F!?SW}9{ho<--hD}|gPYmuKM-0j zC`jJY(ba_0x?e#p$Xy-c(^N!nYk1ySLV*<^RLYqL{$m=Lwa?EA8y(a9xu)Yw;y~61S$@EO z{nY1JrFoWd5T72jO{*J3gTr3P3y*1n_= z+3AlXA2$sYP@8?Z&M}Gzl>Rv#HH3RHn^Rqwy1z5yX(yx zdiuTo7SF%vJI%7B2W(0$`CA;2(xYO^eOF@#zmY8M03BCFP)EGYLv4s(t3X62kSC+A zG|>UJJpqNF$sXgp7ZLe+99d%{m-IT8UFNxBD8_*b<(t}fVqvf+?yf2fN?OqaW5i4}o}Lb2d#)CA6T@ux^$~-thaq)j}fFkf)i#(NkY)N)v+T!;rAy&(COZkyzIc9mx^R(835ix}UoZb8X znrEC46I~tJij3)EF%}_%2Uh8r(^2~Y;eTj23`36oqql%cwGuIeuNx5O>_;o!HPRgSm%Xuk8L z%P(2l6y(LeVCal`6Y{E~6Xq&pTS8kcQS2>|Q89ivQ|Vo#p_r&KZt8KOzGzZzP11|F ziR-#Ak`%&jR9SCbD#L#PCz-?JOj?RUr*3iVX1@22JyGO)0?PF*0%O&y#u=w(P|(%g zz4~CFXzi@*Y7N$>Wmfn3t=r$_g9aJ{W`&c+o^o!kh{(A%tQ0J^E5%iK&)10Wo`;eV z;u9VspW?;}yuV54*Hb14rB#g*GO;JNOWDMp3J2V(0 zT6d~no&`!mJRiKi@Po7g*9o@=p+upIy$-e!BXVi(LRW;Pz4g!Zq6dQr~Z+?~VBm zG9xC6j|EWxJ)~1y!C)AC9j(xB6li&QF2VTDaH?XdM%4FVWys+3?YhmxovMKue?M1b z9cH)BL%Dt_|B#7g7#iB#Px7a%bnLH&pst|S$`pRsymVM;2_9%AS;XZ@F(C*Ocy7SI z8yN6RuPU`EgM{}K4c=-@`$`naINDv0PeEuF3n~_T;s`Dxot0i=OFWczN0H^jton1_ z+um6XB8`_}v~vNu=QZ&rvi+V#sR3PNi@?TwzX`G#Q+KOP1QD^L_+`rI#nf6^-@RQm z_yc*j&nZpYPzr`LHl{m$D^#ZKl!uc9dL&4$~ zhP#B0pb5sTxxl512>i}wD0IG__?))7Yh?62bFRM~s0 zQD(3LHz`nsyJ?uw#K>NAymO3e{mfT;w`-SANVOy;^(h(bWDMC4DH*?hv3aK0KQsOD z1b(eG1pQh5Nq|>AYMl95c%P^tA(uJ5fB3~i@mLC7$dbM&RqWZ7)~8d@G9G zowo9Iuz!L+gU7d8p^6V#m3>r{k z)Co)d>OsQbrt=}#7(mW zZZ`4bszpm8{L2lm{OF0ht^N-#Ebn;1C7a`FzrIBov3)?-LaiN6f^n@r24~q=B@Y-e znQ&_rSDWe8b73C4PxyVQa~%*o@ilT7wOLm-)M@Ve(xLdun@^`po$8Mhrpip<_0Wlz z`sOV!x+cgcxpEJs*LUA{kXC4`kbBKU`^+EV1N_5vG4n>=RiEjbkZ;fZNt5hbOC_Id zy~>t}E7GeY7LLC8*(jMFqt9BG4>SMQgP(3Y<556Z5OMxtB=-Y~i;3$WtnGG~jn12W zy=KmmMF~kNV!NXS>{4+OZ8{hh;2<}8&5+bWs=kmJ(|(%Jv`Ko=E_7TxA(Y=>`8h@A zq`rxpuR{ZOj9mEp({3Q1)7=P@+$w@@sCHj)mN8_wEyS=s%e7iYLd@}S;oPHDmU4VK z?m4`kYvP*j=YK2;;j-(?`HgU*N?_!d^+8v&Wv^}PH~oTKAIZHyB%4k?H>z)bnm|_D zsOOPv+|u3(d9Z*tL3Fr!e6^gfimWbO=mce&UH7{#a7=pofi5{Qy>Dxhbd^tg$0w+M zj91f9WqDn=kyAOorM0@%?^S-{vsx7puq%AV8axVIz1+sWzcQI5U(}4p4i%AS(FL_d zV)?T#MIe;r&7DI!+4}Ecz-GFbl$VfqBS^HVe`|<{_>{?S_&9BtAJ?k39H>*}OKBN% zg59Bid@od{c{w9^ry!e9a4S+`?QTI!XV`lgLIVluZ9%AzaXv+R&I&deRq^jJ&#KmsDi^=KP7MW>O`lG{|<{`)k|QB>8lxdo5Ia)C9UUUbd*f zeyJE)8S4`MUKy{LX@x&7)iM^gN&d7p)E($OX9rv|(*zTXtWQi_K0qxj3HKVX@Ud;; zuf7rZ{Ygx(948Sb^z)X>D~i zkv6GTMVpiyz@=@wU-wWtpXGmAR9O&+(YpUG_B^7gr{>4Ux*;eI>|j>Af`9bg<5nP2 zht<)sz!y4l5394h8__hvhHyy9S-80yb((%#4_dTCmYG_vEH$Q|9(8d0Vf9Ldhh5-A z+Y2Ao<*KbND3V`ZFXOZ9ppmem)Yamt3Y^PJOW>LSj@oy!&um@MseJq^oFfeF+XO#8 z-HdnRkHJ<9|NY*zx>jAfa?aUjpJzY&+55b2 zfzC^W5Ox=jp>B5eEn*GUP_R|TWLQaFF|7r!UQPCKKKM%5XfAP%Wr;oGrA(ZCfXWvN zRP08q{B4}wx#Q6ZrKQIkw2-BikUi{Y#QULZj(Mtj$+?Wv%*iVJ+cW`Me_+Amo{-I| zWlepJYfGgfYEk>ZInyXuHPGc7F~e4E#uqw|_FRCD+r_CXdrc>+fnXm6|6+|!5#Px6|ss`v?x-Lb_%ZqA!JM4#=f@kLIm!`D+ zl&df@`g|+dVH?9bAH_*Bx1b!nCNxwQl9KPLmLP1U1oT%Pe&GBtsE$t zBb!^N60w97wVR$A(g(<@*M8>9F-Z~ezECSOR!+=JTCOxb^q}WWYjoIYVUaq?(uZbu zBIn}eT$RF*7^_ZN6w2%S0+vXEWTfs5YxzDcy>FbqZn7q#%FVRQ^0Fpz&&H9$mmO9$N}dXiUHq^rSJsbKXztw z^bIoyF#U7pnxz-WpL&1wxScsUQ^*=`s99G*YaM)*S2(Y+Rj)eBvcT%mcOfwrB*c4) ziRiWQbZ3{}vX`qKzWsU2Mr_(oFQ(TxxbkjcMBBBQnJF*+9WP%e_h^;MRe8xQz3Gzk z4qfcd3x6z5eKK#osDuAZYq=$-ldi>%H)xGgO4kT64{ph_8QQS@$|fq!Hwc*#w9Uza zOrAyN>6&v9E+%s8L$BKK>8o!Aq8&$R%v%u%&)5Q1V3!>KWwPI<|H1U-(sZHqQv8a? zmg1Vn@Xe-k;b$2SO#2p>Z*=7f%`ZlEg44`|jROaPh4oW8}HLxBTYUpL@qYA zj+T{;WBt zE=+3XZBzJ(JBbe?OV0rR{d8F0nudWgpPI&Zfq;MzwAs+pUeAbf{{AspvcC>3L@S1K_beu zYG7ua!ay_P8ggF)C9zCRxYN{)71IGJdu3I5^N3FjP)t5To$8i76I zAEYmnU%iW&Gh0Ipg?O|hL~9zi3h-OGTVo_~k_}-C!}%OKdBc1dN?6u4qN=+r8h?cs8aWY({-RMVt&gRR_#s4S{KTm6L;x41-=Qo~bJdUG;wUVj>XPK9|+ zcC-esqbXn1bI#@*aMGs34ImZlnF6+_K5nbh&YS>1_@RqeRbqcuDs( z$e!7q@CLp9x479mM!`?!K%On{-J65!&8;D}r>+}jt(~&%S^$=+MNUB6#V2BED5Rv* zp1C&N;+*#cS8{3T(tj*dP^yTc*9-{8x46TtF9wNR>MzRtCTQWwp>x~{Z>?LV`$}(8z43sPn9>T zHlo=t$XD(o{`{P}HJ>^;8YKmbdM$`kF#+csjg2H6dD!f3RDO>d9x?Qc?!p}|Lu%eG830U9+`ut3&mB)$WJ{qNZmZwgTcg1b8X2+hENb>)P z`>1V*b9yGZ5NlPflhRLg@Rzaeis}nb5&38^Dudo}cd5rR4EfuH7Uw*5V9q@F9^7qK z`$wY9){be!GgG){@4F36el1vt%}n1f)Dpim6-3d)(1l~VNY>@@DQ3u?=>ssoMO12v zhfXRx)a0&#uD(DVZ$f$PMZg8^4u~-ypgcZds&3&^PSAax>^-Rm$cOzr4FMTMTi%*mn@?&faF-1zgr$QRm$# zrds(Qvr?4_nZHl3XXAU@WrcgvqHNC{ zD(Rj)tp5(}wq}{AfNgU+T57hMR7&eNgB-AH$}nd z=@TXr3R(kM`=&?zZB&DV3#d;_$~T6FH3yu954!0KvJS`{O$aSztVEv4rT!<{Pl$Y~ zEY_g33tNxFly9$Q3$j^PfG66aUtgxNH+4f(FhS+l<*V`S6N%}n!P%tzil0%|nIy#L zxDdH2k84FulWA-2E9?cGpvjJHXG~qKnGRpPlHFCc9QXrr|CZtKv@#GTckGqmls)Ik zP674Ij@#I-1*RZz~8DPAT_x=r`{;mBX%hCesm@4U>57b*eJ2_ zV)Tmlsj=al`m2W;XsHvX3u>~VqaLH9$eIpxiR?oOoau!idOP~jb`jK6-AE=$ic#sew7}He>?;wW~*X+30pRJ5I3Ed zD#i7X?!N5m-BY!Og&|y}YBRNt?Fubg;$olIRX#%{`kEZ)UV=E%$Zw;^CM=VvLt6+~ zuPUipRu{3Wzcuzw=RK|366Jf?-`8?F7{sKJ%ax?WGY{X&_N$I*gAJ!FhK7@OAIK8MQgS(SrUo1tcF4#2on{#8DlkbIS9NFf5*!| z?r6AAzQhngs+amMChKDy`sf;;&ZiNP&(iY03G)Qo2D>d=I@|3NJpf#N=<$OjIXug5g?j6%o{5HjA?AwMBHxV9o@Cj-HP!=QtWYTH z9MxH8Z(Wg(n}@(Q$WoJ?!#LcYzLlaQ26x-0d(2Ltk44zNzD2rTtlHf!X0Kms5O#%_ zc`F;_I7@Spqx&(~l!Tqfd63Pr{eENG_m*5)`aDQ;eoN#Kb(9DKGG)gd45} zNvkN=Kq8IpX6Xh=Y+aVN1=4Q^owdz8FyEfx|DOrBu1BW}z>X0Z8H{t_+Tj-N5LQ3z z(oAq~8ZhbDu|tm(H*OK)9dby^f&NtD69+mmwP!9eD>{(JP%cGDQm?G{xdWBz$$4S~AaYhKkEFx|gY zoSr=;Q)RehTX_p(s%{bddJl?zW`qQsQg0#-eO)U2Jj3(cdS&l8`0QUxb0d2aHcP>s z7Ka@rOzDSNVuYEwXE8y;xMw|#)(cB)df{TIFFaCz$+co#A~F0i!R5Wg_JDJ5(#hU z*=b$ueNuFUxY2mj++B*yxrPr8o22=1yjR#OXk3iAGW97tG{B#|K<+AAF6YDj6dfTM zISP99cG#zU@&7|^fk0+;(#Srh*DMQ@-S_}hWPS|-V{~h^y5QO<^IH67EBHV_F-OZ! zq3S*l^Qw;-5m7-2^bCO8mj?u%$9I#~D>;~+8+Wtd20TWX2jVc_tTR~-9hpxMr%`d? zrz4q6`3veEtJ5Z9qZA+cEFp>>$bRl8#YLKh_m(_CT~hcQ7v2zAj|tqpKe~RtJ3sI- zkrBYe$BJf;IcL>lQo?Jp{+*|jW4c?(Oh9?cP8RJ3->pqwin=J9rvj4bw%h5|DI#JI zY=?&?L@D5&=mGj1=mpyG47u%!W1S(3rYoB?h{f<@^{-{P5V8-FFxGQqSIkRE0FJWOL)~siKsPipPjX7=jh7hsjLKXJu5cA zQ1?$-=)mUtg~KoBEwny|%D1=M)kx;4^+zION(v~EMwUI!G3HLaZWyZq(Z*7@QQez}K^cb{!Y-)ES?iG7Hsvfw)}~)3;vY`sK!&gjM9Nm5%ihYn5iG(-tRFwKsIjVh5i>#@nzMMG z%WRo^@mmZQ1LsY4;C(C}^@5XOa>%K-S`*Q$MBd~V)AKfKoK%|7Qe*W( zLwZsDZNNT_1EV7Aznf%*aInEqVJZz`YxnO$Uh(L}_NGulbxfdPX)xYS?wUsaF+E0S zyzSlEpnQR$2~~NURlZI?z9feJ#o9cCVAw@LX;m}L`U?z^`0yYiCPUKcCGZM;aIb^M z;Q7PsX}c1gs?74O+UL*gv|*}{KTJM90_21Q+Z552)!Ty`9i_Il4A;xSAz>=J@OfU= z;5NXHms#7)qabAIaY#k5SQ;RRMX8-J;+Tn5phUx_pSOrc7qVY^>+vxU@F2xf5AIf6 zmI zPD?#&Lu_-#t>N$#U>uVXV&b85+N#s}6brM>w-`y{w^GkLT1fmc0MT(7r$NbD}t z)hBp^muTSOk2w#wmKu*kW5@Zm;*ErZZDtM~#ToqArP0`G^XcTqr?bv8ZF^JcNfG86 zpDSC2jz;@bmj+)iC=MPWuUB_1F0M{`7cvl1d8){3bA>YAw(7p5xu#pr8b+bR*{MBp zn(t0gTuWH*)}nokH0D0NXmP#4%S2qJcRY#&+@&MALDz^k#S)x=zN%%_1d7pnviWA5 z);TcE28Qc9NFfvX@qsOEXyPE{^18^0Z?UfHzwvf$rlIgakw`Z%_d22L{qm+%CAz-L z!@fK&;*q;AUy5%+c+$E2&Nv`@JuE32F)#;ex!9)NRx44T$H*XBY+`e1#uTpKCJ9l2K(tdVr`I;- z0G1$(Iy_NW&T>l6@Y$FwvI}R~Dm*zuZc}vMw*ZC%tMzMK8iw>`Uk8JjteHgHun4wY zs>aWDrMJfR@}{hk3tHO6+@xTtKIVQ6X;-skCZ<+caF<*u*eOCs8Y9=JXT&Ag#_Chw z`pBqsT99cE2$}B1{u)>}o1p2y(UqfezUEgVc??QpcOJ+2>FOFhjYuwVZ|sh~)3H zi*^Q8zH7n#yhJ0ln^iOi)T#y5gxQ7>Y*l8IO%yOFqnU1}#|$S5hP>BJeFNaS_~55E z=GL?421UsIKc=hpQNAbKA}U3vO&65xi-_e=YH3a|RSZjCTApx=K;=zd{G%ot$N^K) z9uI-Q04U$Dqpy^vouUuw#f+cauu-f0__`}|KpP7tT)4dUKNGG3Vt%SDI}r+)7*~ze zsl*7jRevDveqq;3?{P6idf^+>T%E(vj**$o=FH{YxsI#Gi*994e-~O^9}sT0wLZ`&I<1l6<8Gg#(hM>K-%<4 zPQVFa?cT_Q`{@mZ(e8!Pe8r;&`ke|}Kb97{=Z!{Jbf5BH8gyHB=_3ph5ypar(TIZ8 zFoXU<0%I4_i$JVtgJKnc3wJJDEG3prZ-N+%eFHeaAj7q8YrSS#ov&&=c(L3>wvv}C z3(ZjfO}wGzh#TC29OCBs%R;vHR3%w0@t*n;gnVP!+c)a%3TEo}%G zP;$GG%T&D2M(Op6S5jRv+x7)@?sD}E)9GvbjMBH&whQ~x0s@4TgTtL81`_|po2h{ zs_M5+p4>1El(}En`qFzsL_D20C7eImZVaXwU(KIxt~q_drxY|txwW}y=+~O5+J;Ee zLVN8;bwtvydS`Ep8>~#_!xmcTY(M^~9vTP z=#tol7*hjG##pB-GI(R>p#u>4l%L^Jv)-#8tC)UMfUi2Nglc^rvGd+)wVe^*#E6eA z8WfUeD%-32M+@q@oNjtPTL zx{~UIdGP6de?;-lr&Hsf3wkEi^@npRKnAb5a2nqxng4+jW5}lAd+eF}l0lI!c8zmt z&A&?SOiUKi7v$nf+f4=eGHd-~2fjhI#3Z@2P5<6Zn<@{cCv(liwsrH9tX_-?U@#%T zw`X-E*nzP7g^fEZc|J5st4zJ&O&aQgibPu%d{iX!l7BUUMLMHG1&o*Zs|J=b3}W_-LZ&%?3y zY-}fEIQ*y1sgX+XZ6qJiHW5m5&DkrE))an6g1pkTzi2|HqsQJJ(0Pgp_{QM!Rj*ZY zG};aHtItH@8^4gQFLF;|?jW(fZ$`CP=Ou`z??8V7% zLvD);Pg>0;TY&fQ?5LC8)T;MVfOhDM&ewkqrn)irw9tD1KNq+d;SZpwmv7D>H9cgj zW6}rVnDg)MKfUdPJzPkt&wyq#9%^Hmi2>v_NG#?DXf&@z4)cMilG{xe6OF*?BYIJ#ZW$Qx{us_-lwXcyTD|?=9Xsxst*6`{c7SH`MSNR} zg1d83`9NBL>e|%`alO@?8zWsm_IEWbuO=zBf9GcE`yjX!@uA%=iL|6(RU@f=T+e5J zM1({oVK}=8_h@x<`5b6tt7A}auP>(0CL`M8)cuz--GsB$Ays)_p3;;ZhhLF?glO#7 zL0ql^E!{ar>$GoX(c=B+#pom(f`Bmp>g+Go^q6)z7y?RACKrlW>y<>g*u`YLMeeTIIs4o0iy0x#1 zl1Y5B(zQDW6THBegpQ0))(=CD#HWPQe84H=PHAyTq@E5L=3)Xj*B?`uqcg?WrE7g1 z{_F#Uurg*%-%RuzNN;pq`4K)EehQTdbzSB+sq+H&ESD=M#rEd#V(3nvcwAWINK)d$- z1f&4CdZos^>CEF}9q$-3sGgU`S9|BkEzN!(i*d;fVB>;C-<3s{Zp0;^HNmD0y4mMQ zYT-Z7-GDve%5A2>T56RR?=V}}OTX@$hS4`ErL+11H&|)&JB*#4rUcSKMq6+rfK$oY z`F^@OKx>Vs3gj8qfm4vU;3K=f-p~2W0nJ?%9C=hJs2{XWYHz$$ zsrX8!!~)14il<`6a}jL_5F*B|mRO?T*CVHe!KL2SYxwDJkvz#=39qr#HI^~8?EgR< zlWV|(EVVs4JR$MYX(1whmGABJWR_V912e+B+Zv&bK7^3&csG=}l>qxunM|mUc4R5X zLm}|+{qd_O%GiH0FTq&wHc4q5$%&tLd& z%bVB%;8jS_N+N%wwa*WR*y#h;zMu_LAy)^YN+ZLZ2AD)9Bzax|SxUmE`4vG$V zj&Y@p^4TQ_c8+99I6c!FJ_(b=VV{v8rEc4!RWm|of+3f7i-lbJP=k}U-)ccpzw$jU4@%;Cu3tyYY@h23*-Qn8gp^VF<`@M?Y z^Mh#~J`i!lu}zinlG@QZ9NyhpPIW3+w8mf$Q``F{N-j zrj&4FN;#i#>0sCgW+bxTEXAGrRPz&}{k*fU6JL|QPe*bM(Tae(!&3DDo6~dSPwe=J z$H&s8I3JfTH@vD#$1x-PmUkYL4rCuL^o6n&G2dm(sfMDQB{`Ar1PzgwP%o=w;t;V);UrEw~WRY zhTJeq9x{%tkpL9<*BO7IFYv;Z5)T1dHe;c6p~`}Up>i57>Sj+(3TRBpcV|7P`hThh zKNscRTB@$fPHHW=kz0gCZ6H^$NMPq{VP}xjufvR-S&|)Q^c^T$k544cZpzQw#=TQt zt0wywT^p?A-udanE1VrDd^~Y}<-P-f=td{j0Q$t&tnWkd|L`_gEoYEmmNVpQXohjj z1g9(FhIbGsZnhV8#-UXsq2ZEvTAiTbgdB1$$r#Vx0aMHVx7*=FQ?%}{fej>p_L@aJ zAJ?Q+VZ4u4ApxSlkn2AQq29j;@5bsjCKg^}shdGv1sP9S6HuG8Ut}Q2n%qw0z)}O| ztxL!zHa-yvfzpa2=@ErYd(=!oF#CrcJKB$n3JjMCffe2S_g;w40tP8Bswxe2Aiz#7 z@TNB8sr%%qxuA2Oj({C9HWs#g98h-S#$aGcC8{GnOt4j{*A!~5p4j$=eeL0lm*_q; zsh~mkqQJblv%XlP?nN_@?C#icI%H@@{)8zz6<=U8j-U%!p}4{ljwe2R5J<2LnVayi8Yj%=N7A#AuLi!cI)Lr zfnQMd_3)K1OnzJMhYrqB5yaNJq||=2K$aZZ3m%+?=Q=>aeu4E-X#SU}7;0XoPm&!;u<{cag&mZA^3PFkAh(pw?|iIw2mgCFZP%T?cX4)hZ` z^J}KyicOt2GKq+Mgpf-w4S$MX(@|RW9~{8z#xq4!$*;`uJ1z1_sfLyfo8{S*JX!t-R3sB#- zmnL`uF|vl}*8NZZl~Q?zDBlO_klEy1zBV(sPAgM zBXPDSy(FPz0XnN^`nk#8t={%Q8}ui}@$2MLTb3q9D2d4jq~ z>7D>72uj^%-o!%7vaAX|#&VC>uhquc){G6A!w_VqLA|VF*lFAZ7v^L-`rCG(JaR}h zbtdT2U##xh=!3AwE!AK1-e0LKKhU21ukrOpfF8{A&XFA{k=sFmo5SwO!O3XPT9owX zev0;(=Y0&iK7;OKt(|o`UIdKTkA9@y4%UeGncuwHbJ&=*+RWTa2Ak%0#RW4JS#z8l z!O?$*;BWZLr^#*YVlGl>x8COr5htk-9Z`Adj)7NHw>>#g{nlk^9<+1j`9tklN3s!3 z^DO)`b*4lL9(P3eU)ZZ%19OKmX3TAGlXS``s|%jG+5g}f&($mT3DiaBA#QW+CrftO z$9Jo@6T%!{*D%7FOoaUWtI@g9oGFgE-8i}F+M}_OppP$$d-fOufy{(Hl~8wyzJvK@ zkz>aRslo>w`v>sZ+`;^Fkod$q&7qC7^&G-)PJ&Sjv?s1JFPDm@I&t2(Ox3e-;ddCu zmn@G-2FVJes+YY-Khg_*-K(@&H2$&j*Av-DKPc?}&|U)MT}hTZ<`8|5;NU4468wHT z5xrP9y>NG%oc$e)JjL6G;&U)QH%X;2sFk_-=afiL8!R@NlCf?C-rhYsBE3>F(IOq5 zI-uDp>|eg#JkW-+9F&9|rSBx{U--b^ZS*IYGK@EwxAtN!4{~hy{-9tgvjYg$!Oy||or(F%c8eVP`5~-p)ZFV1ikn zB%qS$c(oqzDnOSZQ${*FY4N0{?V^Na@2H%J+g5z~o>{fkN-8I`@pl0jaD zfDrmKCCZCN@KT{jp*%7$gslMQ>CKVZrEu-&|F4hCFQ>|$3()e0Q~5^?_Qym4uUB;<;Sk#seu;vij7d`mD`P}fUBf}M7o^NO3St> zSM=&K4*<&GKmd*t)dFzPr$sZ+y>0Hi?c{o4w%u4o$jnj?zBm=g^|b(CaF@w?tV;?n zLBm%A+F6R+-7ey({}215pjm;icqkdFC3Jl})z8`YWj;kvMr-pLfP7+toZZ`!fII^p z17O&9mq8%#-N?1n{9MUdp@kU=>KIws!LJ1ZKoPcG`Sh7Q2bq1T`mT;^o7psW!41l#7$ElIVk~os=K7%L>xLMvWtYojpFjg3a~Du zBE~Zy^8Ev}McyK|wJLzQ3b!0Pe_d;>Zng zT^pfG!4PAxV!WcZLgfO&kQ{12{*!wqG;f31@Qt zfnDf_8BFX}hP5y?>_CWMpnZpDE8o{EpE2$W7zOlxawAy_H0s1f?#g zE)oXX-9B3yh)dCfBu`~%FhKqkH^BB>$0ego(|dNFl&eR%NJsIR3hEj58&j1t{QXp~XJgx$9PT_OgQN*=YrZjE@afZ$(}U`f^o>$5=GWXE$`{K5%2g?* zqE6!iiZJa0e&s0(E$)I7N0E>HapcS zvN}Mf>fH6b#Wp4AD6L7tZ@DuhF`PQ&tIv7|l0daL`|hrd9s`3%RhMmnw|#xB9B?zO z4rv4^BL~_g8d{C<>zV;U1a}@3d*ARnCHGnIr3|FC%6hO^KwW|&vrpI ztjSk}W0umZ(jCXCEsJ9Kc8Hj+M(5RD47)|#Dq9Wcs4v6Y0y8s~@2+`3wRvv62$)?Q zqd5|W3^PmaQhxC&GCHBkD z=a4KiB@5d3RTqF9xR;ZVekujlfFPG4ed2k;ha8bugX5z`6YRxgMIg{Zc(&U0j=H4X zB%6oPQYEs^l{3S6Qyd68v-v>3+Sptf8@xUVdhD^Ud8W2ahG_=;jX=y~u4O~}kNg!> zz#DlT;mkA-M;3}JOWO^6$K~6?z1(f#y(aPE>5^DuNoD~AF0=~b{2U}E97XE8!juTD zOZS&U`#hi`6?o*8hi>^o=Phdnfyg&iZf~D{sx+tx8Eo%60GdO$wjP5eWg>#(a7M_G zGEgL$m8cv6>}blxsybjb-tDv#Lj%&DHO9vw?3zt(8?@?L>kR@S_n`zqi>`n1N(Koe zy}`EH%}@^U^%#%1ser54g6V~5DE4A}%%!kxp3K?!(jr{WQ;4l4c4X}r3pmLl5>?l3 zA1^wRB(cDFZqTFB@owUV$F)Rd5}~66stp5)UoT%H-&E^myNClE?yEmKk*>-OygBUePbXA*IRQ`y#F-Tfkc)S!na~(>e(@1LBT3ddPe% zpm&Hj`;4Ty!p7I1&p_ve8E9yTrLNqKH}$fFUmF)t5+qEMz4rC>#Mc{B;&v;ONKtTW_`CNN zTo(Ctuy!fCBuQ>-z=94@5EP!$hISU4>;*o!ewJU=htF54z{7^>2o~f2>5ki4G9#9~ zJl&IV5hXkdZh^!0&>QwQonkz6OcH_t}HdnGh)e z-*Ko#LMUF~oJz$&h8nzH5*0fDK`O6fav!)#$Y_mDe39B5I{0s0B-Y#O0mfrxVxzIv zZYk(}=L$Dt`nrM~Gr0BYr;7>|l&6Sp1m#!I-m#iiBcWVz+ckAWEFDCOlBZrkRpg>- z-?`FJt5QzwM31i_7IXL`WGD;bTW}w5tT#x^unFfoR1;fTV01&&!^BKCPhmt_Wg$Fu zQO-|?zuaeA;r==Irsnx=Vu&>_RTB6Q4TEVQOSZ9)=zP?Z3QGD{itWl}2*;9h9(Y3BC*8OFklC*UdivRl{ zXf%ib=qdqXMch~Fa|lWwTA(~KQKu!1^?OH77Fm{G36?A5Bz1r*B!5}#X>z!^qov17 zl3FXjvn5on_2#!<`%!Gk~R~`3C zuw_t3i8>S~6XmFxh?n!H1N<>Q86+WWq^=QEm;L(KuQQ%8&O0-nnJBckuRTJ$jFTA@ z_2u@haz9Hb^S3JZTG97gKEeO4{T(CP=vt!c;{F21uBSi|?IcgJ%8xvcO5nZLTW*Px za-S|Us6`$Z4OXX#`o!@jmten_!qB966BZM~6B(nwU1os)Z6=$ z5Z&!o1X9IyuGj!N;SGJr?35i=MMAphStc=Uz0Rl@H_*VC3Zn5CVjhjXIN$11P^o$<`T#~6 z4!6h^vX=@^0pgCWRxA12W7#qO%tWOd#8V2xijIM@K7>raMcIJWTcBFB0Loe(W`I#9 zo*A0}$yP*?d&OMnBHP0pBIyF(QFHVxseq;)FTRzm;`8wxsC{^tW9S6$5XLhzOFb!= zM!Z3`&W-n5Q~bXkbYdV%{azb0?H@>b93xMH+e81|Uf@fhmTn5%4BxL~1U58AqLeaZ zdI)Hzdx5seGI!M{TzOK~A0t6?^CVUOf?AauNJ~uq161tB&v-$J@yZ3P?S^0qudYFu;Nx5)B`8Jv^1ST)fyY1>FdfDN z)E0PwMHaCHZ18_%&&qg_UgZ=ZRgik*4mFotW_&31+q$muW}miPm8}*IfC4x3`uc0s zNNL3FE5vsYBf=C}t-iYxER^HOE&MK_xq%ZXicsDR6qV$4Ak3TPDT7|p|8c>4U0{>I zwXL45ifSoTq1uOb;ow|AS^f zv0e&>FxxE$gDEbwGRdXMppW+EWj&b7pyg<-mVjd|(2zd9S_o#<_kl73BolJ$_OxTl zPl1FT?^9h3L_(Mf%&>aF=i3!qidgo(v${h<0Jg~iwHFgP1ve&6N*fJE>$)<A`{f;G5G0B%Oe_}>%0S@+l!hNLyv{irIR#1bf23?#&*zu5y zV1ql7!FxJD%x}L3Q6p%I5QkxD6&PyzD?)#Sz=q|n*DP7ky-z2at@_tBCRm8r_x6Z6 zjE7W!PIk5TTrO;O`ZJuL3%>mxNMFCO$m~!^ll?zWdIkRm1rmcfjf#7TfWCSN* z$IJ2NPUHMCz-ukM{wI{0Sw19HNTJklpIpO`CO=wghe~l53qgAU4K&+5f@Yd{-=?9& z%A^?7xWU_yfPm*#_Dzhu+9iAquGIuW7nm){Y+J9p8?BS%;n%FS5|s|EZybbNZdiaO zbi0OFW6b0kn*&F3Y_0!)@as(t!7T?fN-hlIG4AJTN_s2aIK><~;2Okb)luzknXK{PC@ya}|~wxL_oKKmixEXgWoYs{Z@Uio0{ywYIR z)B5Nm6klnTz3m_*6yXZ;xNRbbjZ=y&nVuN`F~Zfv^3ul118F(dWa(62P_IY@g)A1N z7EU@}V3~CQN2UzyGR%`!|0dDM+bwXCa3uQ)2Q!jMbZC2PA6rs=djb+3&jA~C0i~^f zYxAR!`5ZD;2ta{^s>q{$w%51Qoh2(&?@Yv^q9*(@}`U?j7Kt%Ft z?ZuU`4bkN_LOf`^g{eUK`}QMmONYXFB!t08!jJ;g*@|`e#9XUvmDpFk$l$BVQJ$-D>U<35AoWJhEuHUf%jiNWc;$yAN8r zn&Zk9!p~4CPc9v@!02+%bMIp4+`M$ZS?&-{p=Gx!CQq9D24Rtek$-Ip_XQm5e_{gA z(my|6Td{vBDI5yN*o()RJ0l@xKtk%@&Ly2u2mF6S!@=y)FQ=M%qZienFSn}M=F+!ChoEn{GKZ_59^C?9$4O#&h1u|Do`_ufC3b2al65E=q2M%fVAVt zpd~rsZ>Trg+!3Cu^CqrJ72I9SqZ{Est`3+hbsTTH3HqE;q0zbuJ5|8#GUXM?zkU@cO|y)NWA zdKk1R0sM4RBVe?aKCQUXdQHL0pG>%?cGDzPP+Hy$uprz+;A>PE`wA3D;2H>FLCrYA{&ckjjefnF!e^8ai zOTki_Bz=nX)O9-K5iA=)K%9-`Egn*#k^p|Pi>K1&8S>~pe$eKUCr>|@niihluBSF+-X_p#k|IXuT%-{#>PI>!6mEFgR zW6R`jMX?Qi^*xE|uTizM%<9`O58aRsScWbclq7r|H`*MWjIdXZ%y$ zZG#?9eH0`Mu+mhhP|JDB@k+Yx`QoXZJSYgbsW~zr8M_$VUWL>m+zk{LmV&a%r37Tm zU`q5O+0ey=zlMQ$a3@`v0zRn0b>z74upv+VSp8ZZuM`klq0^Z5f!ir+Y~Csspdf6R z^r2Tk+%^j|V4kv~W1QMOC^w<~Hidc*|{C{*+NnNc|deVqV3y&#UN0 z%Q;u;Kd(q0Iad8+Y~Iya)&8GC8TFtq>TjORCp^g8?@bn+75c=P1&NpyenV#dk4`_; zDlXO#^L3HYj~;FsbauyFJM;=UF!#QDQQpRL?icBdpOs@pu|E%k|GN5K48RXKSn%>7 z3+!WE;ZVQa|9x`Qq}se;JdLMhlYiS?o4InAd{h6Bh;2V6N(OUIs}E7(9Yt-vLVMwu zB4~Uk#)CRtTyhG-vFOG{Y1}U;tE`0!J6Nb}IxXi~{A{0`l7P9*o|}tg{_q#V0*!e( z27~>S+|&0!@lWWnu-eFAe7gVq74m+-{kvdM@{%rDb7fqgFa>jmAV&LDxuQHkrag-CmJ4x&8 z3`TsiN{dbO5C0ZniXD40hWqH&8sMrC`|gM6a zMvY2pdP{cEKDI2NjS0Q(n4XV53Jg}l+1B~TrFCL{Bg$FzcZ3qkHBd+1AXHP=wAu)7 z1ytS|h4euN{Zozj$A8J&VMBzfcWRNLH+Ou84(h)QuJS%E(kcDP?Nx(%MLBaIeN6IgC)UoK(Q-`Ja+oYdQSN zU;?|;E8O!0(R#lt%4&6rr<`Jr-o7^P7W4l8?fy=SpK2KgZ5#YB*PG|S%S)rUBV09j25ujGc^uBZutza*r0H=-E=kY0 ze$TCXGgri|d@#5Fx!zcr%YKF3OpPTl$k}eS)_d(4vBu>1(PGP;$1f+^;;C9~UT=2g zoBle+5T9U77?uA#r0-BFap_-HffavV=}}V+G4s0`^Et*tFGI3=GM~NMuHy@0{K_P= z3YqM=z5gW~H@nYl&+IV#yITFH8scryDK@<&o9{Z=#G) z9tbopSB1&hT%C%3b_iR+&RP;J>9mrLb_;I(QFQFRzEHz3$GRKGD`#EQX(iy>(sOMp zHtU2)^}PR2wMBbeig*mo4a(I>Bf$S5d)z$z7t8#-a~pDQy1f5EB|rx#hqE-i#uklx z`r`K7<1Y|@J3naa+O+UQ%yU<97_)7iF0r@9(Bg{U{@kV0u_x9{rxV2kh@%zCPOqQs z4o|SQN&cPr``kZ|W$)v#Ykjvjw%l^J%E%}e)*2h5maKLrWSuy3NNXTaiHU!k<;PiA zygi^ZZ1(EXtkCN7rypg;H;uTA0GH%GH`VyOGY~1*uePTXWm}_`OjaPOc7)K$>J}G z_4kB`$1;hhGxYpC7&XU3`apxijva^h{AJ_Melh%E_&v^}{gZ9`Cfh$0b-#NHVUC5q z|8EhNG2%8U4buIO73&Ry1_{6af0TW9IMx0Czlvm}kVv6qgfgxL_vh~O`Fy|M>(^iR)zx*~uk(C8$K&~UKAx|) zLzRT)wd4}9*_y(L8+Gz_vRwZ6B1ZG%Mn{X=X?YD}_wKTAd`uS+$~NDtIIjPaSO3vd zy-3k1%-$`_Uzz{y^iwD0G1MYF)?B9(nKo1t=t=K%7ZGt-nyy^qAdTc>&P@ZcQzo}E zz(hZ^lf-Y+$h}#`9Yu7Ts{NKqMP3-#B>;c$cg->ewhw-QEM9XH`itW~lE&tTcQMLX z8M6V@b2#s2@$ug(2`%O;P+0Zc1!j4nPpS6l@Gi%hNWKh?D1IB64+`$(EN?^M8s`3~ z8JhKWD&mW(sCdd>?r10VUwu^H#mGTZW5%L3{#TJ7B;yw|4D_WinG`)P5rT{t>8kC9 zJ}BCj_({q+Ja+bU9}PChIVC^rS=d4>`oBAczVZGhg(`bM>{@+B!y}2V^izs^ewvMi zQK9$MXl@vg6^vNCzD)j#e(sJjfp56!Y{Kh-3i3~C4G)-!Fd0 zfSJme-QFoEE$3H(YrnEw3XbZSH7#d38m#eQDVj>{{0;NJE}-zNv(Z-HC_}8VMKkML&3jd~@Dx$*KHKk1|DFUP_hDA1$MOeUq ziq1mM2-sle=Yk?Q^&Jc0S*v0x@GIIAv3d5_)f)7vQQ^sTEeIQno6b(`M3Vn*_{JoZ zwu>I7uZzFL?f&+`A_Jdg{AIM_w9`S6f3OC5m7c!u| zD@hOyPRZ4m?x$E83Il~#%am+e>uyTp(4EfX-#0LCeQZN;QLir-Q7n86x2?>3~RA>i{Rb z6Yr|d8G(MmN~1=&;LKr#BELuTONZjF{j|&EMW@~QA1LmbSoWMl*EYY9z{_HFvXjFS z#vOzz?j{cqlmthuIZWc5f&ZY+ZEFFGn}vZ|b}c2n^4p9Wuw9fgVYDAzd=oKvk?QY^ z)kvOibg!|ob+Z5u&!$>JpQ*j$?p4O7{!3#^I$gv{LJkHO_iI>tH;dnpPVM|0f3B(` zE~ziJ9UT0&WU6su8S4Z;h4+A%LXG`-?9{fWEXuEbWX(gj`5ripohu@f3jZPU_I)v% zM)xwu4i+dPMP{u&G`-efyPRRvJG$|NPIt{lL`reIy3+iY(Z2=gQ#KMoheAhT^-iRW zx6qw&C}L-1`C}6e^7JpLU zBoZ*#1PBhe`->8LD80CsA>8Ak!$9R7m?pA>X)u!Hrke!whjeMhz!Vk9e+84@osWpz z;9xiC!WLem;;L+}bo%PIo}1v~pm!g!((r6s9CPSM5Z}wL+^J{A;)^gEW<(-;tLi4M zD8l)))swj8k>}h?PG^~uT8-u2zs zH9{QHdE^RTRJBOT55(iPKO?|QxqHf0l$GeS?8>0F!#kzJZ_!#I!5SnPr!xi;w=8;g z9vw`dR777qiPv~mq)~NTr-IFAWVM{%Fr#fz3`$NjKT(m8fj1Oti5h0+ zSHP6M8_Rr9a02AA%h3Drd+g-L*ECr|btzg8`+hAR<6Ul_M+7FKi0Y2+OZ@tO0Hi?qu1ZmE|vQ zG*6H?gQ{6p{6|rH?2pwTCzpo|nZ>c3*o`|k&8agj39j$mhb5iWZzF1nts-3;{`pl- zUii;e!Q~2t%rd3opE|>P%`hQqvVor@EEG5K+SIAj7FmhoKr5calS%YcVxuu#^JW-( zeCBp`ii-HuR8~xI6kiR1qNg85zFyDe0e7C)JCe(-6h1mu+X-rJ#x0^-RJWY$l-Egm zH~)pF-r<9bW{i#j!Etpp(sGE6+SUGQaIl;z`c-6AaMVBoUWC8C%I%8nvcALwCYeTe z$6O=n!xD15MskVVDZ;puz9_?BIfUgJT3E<}$?)D1gMudp)ixyVG0K12aps-e%BbaY zbr)o62A%2C!ygHGtu-U_Ft!NszIZQPPR;GlPw%*X4;KP3brH0EARY5@*sR>JcWf2l zGIj*u3^Ac42bVlHFvO{y=EeX%w#WBy0_i5l~Du}-`yAA%C^>iZpdTy>!`=SL@gY8$lpM7EswLSZj>UsWdex!lTdcrWI^*Xh z`x++|+(()mKoMN=zD`bT+Mm;`!rC4hSj95B`QW4=g~NNq-2E~=TkY`CI4_%xSn{0I z>(#2H0_`yERMuZ9iu)pd{8i$}DqUa5Q^p*CCo>Ua>Qi(okXkOo?9ad{pFjb2W%Pu? z6-DQ!_?b)ar7g#1IVqW3iRmf5p(884w0#CA96nw!qndtpx{AuR#VO6j8NT-SFM^-& ze22$Z+r6Q8jEW>vkiNF4O>|E#lNGn4A(X)z5fGkE5<%9Z&_^Ix?p}YRCe(s$vTG#r z!u&u$Dc^bhVkw1^lf5V53Dtk&v~N}3S^PT9FN5zKXEeh{mHzd;vJ#~)=|Q@P8lFWz zi}DwFw)&~1W9J7kzdguP*rEDbr=evS=;*GJO-ak|E-Qp~DEOwR+zt07$knVN8V&NX}OeHW%G9uv3#nI|7#N7)0T7h=JMLv`mDwxi=<{Lu$RUGS~#@o2OPH5c2{wd8C>k+e)M zbt}%rn^Tv7h9O}wgf%}RK$%2H4m6z>Wgx%p=*Y*RMwBP|H!t8_eK_cg!oK>RQC%q+ zp%62@)+%gq&9F4GD}=0vsXjHDHLpmmkJpQ8A_hN!eG-6t6jT?Ih%IF^RBL8u6u6_PgItdZa2csybh& zmKS*yNzY-(fA%@DI#l7aq>5Z7i{4S$?>xJc&tP!^$`a4HFm)#-bH5zc+dn)aZ}6Ft zmAT2z-)(P)>E(0WS9gLDJYxhFrEZs)+e`A!zXNPKH$Z2zApUvv8lDW5$l!%O65jdw z%8^joU=3K%3|CnLubfg?iLx4RpK2kXyT&7n%Ltlhm$$r3>)T)Db}3{;+4X)4TsXiL zU=s01Y&30NQx*+JpXHk$@fOUi{+(u@BD=j}aAFU>^6{tB_qLu4Ab?J*c0b>T;F-p^ zy@G>mL}uQ*=fN5)53Tz)i?grw=VICME?gVDz)*eUnXX7dVId`RMH{nfFi?ta0{PWf zQbUd)mZ@*b#T;pR-vwVp09InbU|8CoFwYBN(oeiRf+~Ue_vaDXd7Ek~XhB$;1!&?c zD^03O;RYfgUzLtCX|#u`2TxzQ{>2z!PCP#F7fkijIXAgO7JxNQF@${7&;$XW_&6(! zC-Z!iAUETlMSDY<8jrM0W5VU=D=t??m(Y(f>Udv3SrF&zoU_4ns;qc(e!VMG9o;ec ziNR?s1A7xsGLNk{itW4wds^DoHMJ2fLML{E&;BrqGmg3C!w;LY+ITo6E2GUkI^rRG zse!r(afsG>u@CVc6!0!D>r}MTvKrosR8*i)LuLryCTLLnJny~3wy(nQi#9)lAD@Ce zJ}kmXcj7q35)>1dTNmD0)!QW}Z+0%^TI&BA?q78&dkI~8Qj*LMw)$~X)EbUxc<&2b zpbW9)jnfpAY<0#9rcD#EsbGKKp%9u9p+FLlcm;8;=pq^DSOZOeSfR^{4U)lP;DE5@ zJiq~^uVWou_Qg4FsK{qnMvgae!?X&`y8+o55?p$FFp+JCm&TaAEk1s0mi$+*$_gEn z&k-`~ljBfgf|X~~<{bSTtlCX@(s-V{NOfNS9X7L16>fIoqgQo3gG_f?W$M1_&)v5Y z`iLc9_O-9n9H2m`cnts{{N_cxl<2t*&RsGfO0(t zD-=&tZ%AJH-!uO#ZL9s61QdWWeukT371z^Gd}~CUe7UXgp`!d+e|j>*;W|0vkH#_d zTKc9NhR<;ufnGj|*Y{E~xW$08>w*sIyn{oZXror#_^3&s$qx%=f7oN}zy&7&n@ejp z7iOZZ)gG|0Lx`oc#vm?TzZYVVSFa5y%Rb9)lp`@2{6gDKsr2&Ez~+Jowm z%yZBi3ob|qS3IL4w?7EiBBWu!kADa2ZCldo9z%k(Y0xh!14^)S>(;U}+~WkE#l3uv z2x>JzEm1kJU-oq96KT{E=JP3{ihhw6SK>7=*x&%zQA@AK%6{tZ@!0kbq4?Z43XwX1 z61h~Z6t@x*PGO}5fz``~dAFR5Ky$b?yI47|Unn=hnf1G&2Zua+d`N-gL!PdzVAlwV z=41Hq@**Q+Xr5x8Ae0X_FQ$xxP`5_XqD@aHQ&(P11~5N30^_!3JF`_Vw?~4fL~=l; z5U8lI%Ly|QX@8FhE){S@ajn%Su4-iKtIQ}Bl;+>i>imw%3PO6GbGlMoCPo@@-YQ%v zB1AguY|()GcV>yvsWaT>IFo+>tM|t#b3hSFLdb~y&VvjeyDy*B(fZdIe+&w9>d<{_ zc=Am7jKICiX#Q)A&uy`bIOb$G&w4_<#|DiHJx*S=juG3uG*7>}IDd6%wSJYS|jSXu=l&*QqAS^7WxQquBF8t9J1+T|J%AO1l_-`o=68Ql8yZW-slNk0?BeJ9_`s z&1dmJFhj!wYMd+{mi^2GCQmDiMMOG=7jdvtqrkiI2VTd${u; zjQQp!8n9>q@jotFtkD4n^m$ecC|gUoy`4NkmBzK_2Hd%-+!Kjx`m1Gat?&Qgfab_b zC`@J`5A2HsM7gg%`8zLG#vfCN(#bvqbxM-C#ULWhJ!~qWdn_#`a3LHgy>X!#cwp4y zhIjR}BYkh&6)*#uava#Y(T0+CV4^psY{Rko_tF@Wmjd|)WAzVIh zWp`R6jKOIlBZeTB^dF{uUR$AY`04|vGC)8)c}HJ-u%Hje5oD<&ZN|J4_a<3wx7liL zs-6oa0vRjEYb~r(3@=OUGp9m_q>39If{aIb>l_kbq1+UO$UN0xR>v%imb#Ty!Yo0_ zM(hupiB<2CZ!`Bm^5J}VLq3d+bn@aB6xkk}n|IEqp{TWpPse^GL_X~MO*{|jt9;6j zbJu+K0`xw?!QF46zMX}S->IGSVls0(VctmqeJCA2``bEF5T=lVJS5i}vRviY+59qS zyv*V3CT zHiGG*Uu4aXf5mrY;?BTOu}%wJnXfZ`&5{4`{4t^ne-TkNvaLBuEIlOX4u2e_MA_7$ zZ`VR)$c~=~(6K2FOsIaNCD4^JLtSa(+!xS{C{ZG5mBR>Lbpn6Q{dMq9;YJG|IX7eT z>+m*->rqd`y~qYmCx`W+&*ct34-Qr-$=lVRH=D4APxNjA-$iCgs)&CB@26%fDtdow zd2bv1n4j}I3s?2z;34-F-SU1dz0oVkx2!k>SmaAhf>q?=Y-Z+ofzCD<=ey zIZ(k1!hUs^3Foc+9yUPq&2KLRgDB#Q$*(dwHGdiE^Epm?eL|(vez0z730A1Jd~XTj z2r*3(8{S!a36K#ir|?uM>9lB9(Y*7^Fbv`BW!u^`;CkbScXwy_QrUCL@u{$8lbZok)0| zOz|&%ko4a@Z-apreFs#VslLr87`fXFufz;DantEi=dCI}nU~CHra`#eTrBgu zZC}GRN%-rdZy_ljLs+ip`(#gMI!MzVPD$pWxWz z$@7!OpwLu~y4F!4v&(w!KD5;yWVtoSbWBo)yoY$M6ot{KlxTXh!TTAOz1mCrxz^Gl z@f2Fc0NQ?13>|s*&q(bq;J|I418F3sR=4`yP zKoC8HTH=J=z9k{XU0|mTfViX^NXK4q6=_V{%%!pQ_{++_i02P=r|!yxJcnl%OL!p7 z(#zzR!f6Nk3bFU$6L>n1`@Yjt-&?sXBa@qt=ES1U;++>p|D0=p5ReK+9qt3FC+_f@ zm$G&>7yMM`CuHD?7XMjt@=tF&#qokE>bX^lEPFrbHv@WJ#Q>dFd#$N|gCtSS4n>O+ zRG-!Hbf49=9FwziRY7b`sER_v#x|zAmtyEGnLTs73QCtPDl$ysFIC&M4AVDOED%PS zPD{)C+NoS?G!9Gxqks^(-nOKIsg7)ya>33AXXhNnf`g0r)q4lr?`B%%^=_V%e1i$z z945EL?j`A7)PFaJi8|arO-`PZli!NAIfWMx$|;KG{)dm>uaj_1?gNZFaJ7hEKcOr9 zHhAfQNQes2C)jvLdubW=3Apu$5*u%jd)_8%LzA0nx&-<=<@}w>fvklll9Z!SgvL+__8!EJWM{(hB2CmGe4XY+dzo;8s5R>^*{d3@pNgu`M8Y^GC?C zv#^kF6Lup*k3)0XQJIT``|awt{A+f-?d*+-*I z^4(j77cLu8L@wWtBD?d1w~y)JQ+Zoy}C}PtYe*xZ1hrHVu7?0+!HAYk)BZyQ`Ny2@4L>3?U*Pb6~%)4((CZ!WJ02B}cDgVNd- zKI5-@t9P^g`!HbG3wk#x7G60dzXrq_DX>0<>;HEDGXmEb)gFoO1J378gS?i@x0c5f z=OeN(_1V)z916UT0b3yuM|;|?fz13~3)G{!T3XL0z|?|S*Z}fsptUWH{HOs<)&yXE zW!lk{PaDuZB;4(=ecue7auzD%@MkLCaXH?Dkk|B4!gxJu9c-oF%O!szVn6XLFGtb6 z9uHS5EfbQX+{=_MbQCJ4Hb%nEuZ&U5Vu12G$W!pl|G(>@)j-Y=^R}$0ulu47Hn0T? z!_Q-#0FaFT-k(TGEF>4iQuzo_M4PVt&OpIY>LquZ&ev-(e!~W4xvXRRx^j5$L?$2% z2DYM9qQ^$pp1VmPdfY`D)3Jn6OckngT^Cdl_G^$_VAIcu(cETkxqH^uGb4w{fJG*k zFk?Wjy%$mVbejz=*bnvP;UIMLK~!qM5%2-TWxT6SPT#u&0i>fym31AK&h9HYbuiDHhhI3PIZp0JQt*(fmd;d^12#qHEbr&G1mOj@*>1v zt>@R6?%wdK(_$Za|4CBr_Ct7lI5cktEjg{@t*De9z$xiIm1|I}bAlfwBE+VrwQBMuH8&jgkWo6i2!s|Q0t?-fO z$xD{O#3|Q!03lk3Y7MTu={?B z0SWKY{yH)MhXluoD_dgU2?k;9j1wrZk@Z1ZWq#>0glNgjeY%KGGPeV_+p5U1>Z#&? z;UpmylC0~3(!rp>=M{3O9l*{Dm530zm7j2$PL?@9$fjT@)R7IsYE49>Weqyoi%1gwL@-p`)CFKhIYX_Z&L|8~8*itwc5M(pN~SK~Y3VK~ zH}A2<`6GCEsc9r(oC?7-NpWd#Q`bY78eVn}O3(cEbsTPBOW&mb7l3@OukryBooR?| znkDDA0N5?#C!Z$r6=4}Z&%8c27(iph3s|wMNp*VEW@6t{e@-#68F=mWHj9DOZNH&zD3$Dkn+HjG3SH`PCg3Vdmh}q z{cDbAeheD(KY)?V@o*H<01!5(3!I( zV0iB@T>hLg>EDhV0Y1`P*#Q%b?WXg!fxQDc&u{}$O@aX_D&%okRSzVU`j?c0hu*zD zLnk(ysUq^6$n?oa^}FEfRrc2(4&l`LunY z1R-)>?#o(d89{RZmwE(wE8FPE8;hPe(?Wi*t43;NW*Fa;@Jy+=TKhdkxeLv-r9r% z+JgSixL>=Qky9C}K%v_M^h%@7eS+Y+j~RVQqGOebONM9?5ZFEop8?WL=)B_Ybn)QT zSpxY61q(FfxhJ9VOlD_muBL0B`@~hyUX2z`RUi(lvJEh=(e%>QzvCE~|`_%DI=kivp?>^m`klxykE{-!#@TDo!P4kUI2sWdgiGS^=HD@2-t zU|WP5YeB}QX300%G*;nnBCgL}P=)fo@67YQ;cr55yDp17)Dl@XnX)pCOd^9ZTNair zLO&t4{{J|xJrrTVH^Rk#A___($Gu5q|Hp)SP^g@5q{3Z2^{C{N;62Iye;B{JSnk;Vr8z-RN}>4AW{8q^eSlp=@`6FHe68*4 z6Q97)<+wHa&tyWUwT9-&KCfav*FqvpZY32`DZNfTVvrILCq8QVTEwbzE1?7kib{YS z3UVJ^cd)s|ijuNx=`NjrPi+I(TnL8S%lfbu{YWj(+a>{HH6!iy`kwV~PSy`E{QiYp z2=fU|-i=Wo!5HcTvk1-Yx{ynEtlBcgLc4nI;Ed~d{AJtCJdic|D(K11w%Gz)2AvLV zSb@pdnv3a%Kc`0(IS=`tNM7;dI&0g{gZSK^N`37Bn$VLdYW{}yF~PO?@fN2*9nZ}; zh4Y{J#7j-Quq*d>wRHHNA*GJW@ttry!6G}@(hC(NanmjOVn_hyItJuG29T^3DoBu! z8eFgId|+I8XjLALz@z()TJ6q3^#k7aW zz{-ye9i?8c7<0cW!5YrxKQ|W{ zq;UhTb{4-l2#E340{FAhg2MoH7AxF7876MJjGok!uQpRlEAYU{I*%eMV?;Y0=-Q!#Z0qNN>NA+JaVVN3X4mQZxDB{Ux{E zi$>yNu_ZoX*FUD8#YgTrPq&XBZqTjo`UX|&M*ur0NIew(nEu2U)hS@SbYRnQ>!>%x z)3by26l0V2AM{3}J^L8aN&m)uP~(f615}j% z0!<2YLe;oLG&d)8E$L**=y*EIxp>1Q&>x+0y}L;_&S|vje~6r28~3p-J_)F}Ea=xM&)Iw4h0$ z)w4Gie+A+yC3OJ1j^o(V32~z6UZIkaAyt>fpiX4BpcSPLfOhb>+*)U|_BN}S&b=s@ zIR(>9{(3mRSEXsotyjB0T3RI_7u&*n{wX^4t6M5ZmBLmn!**=jaNU|8?7HRADA{eQ zlQ196;Z(Vku*++{sE+t{vx49Wo-{F%T>Gnr)%^%fj5Xe~uI@ltYL-TKLC3>@mMcqN z<8biK?bp`jEP7~xz~9h)XuDAhN55K~hxKsR%o4RH6M*mSAEnKpwwG>NJ+jp+H$Plj z85n&S5YH6y?i1@>y@?GpBKgH|P05J6jvi6N-1PR!knOGQu4=;EX>Q?A);^|%eP+48 z(Z91rcvtvAeidJfwb*NbSQ!_Og*Hwr<{qQh+{$JXK=A#gkao8l6tEQXu7Fry8mZfCNhjx9{+emzgM-9Uw0Yt!E7fAWwgXV2PA`W#vqeiuJ zZha&I(`W(Q=U6)A!;>)GST^k5$_1~@g7z<;buDiO)9C#Xi$(P9S3LXEV>~BF_A5?G z&QDA50jxo_Lb+}OtDV1fPJ90(>)&NvVovM*#C1m250?Ii4l&^4u@NruvVGrA5foRf1CB} zO}O3}q3KKlATzg%fPmJ4f;$HF9Tv4;JNcz)8xl~ZYf~CJ^ns5rKuTPKL@~kkiT7`4 zko^*xBZWJ$o8q9(f2}}F%OS+8tKb;(V1_*rvRdpjZm4HhU-;ZMf`y@Q+wEr9!_knJ zmL;_Z)?A}}2OE662W=~HToc{`n9}(O93=^#SH)QD`j4_jQBCiHOY;XKh8UIt5tXZ5 zQ-N_!#C*8Q^2FpksygfYF1Vf$9r~iCfZ$ctKj>7f-27KQ(IXa)pDF{3#T0fASHNc) zsbw=PBaG_4{icC`p?E%iA^|Efhq+)x-75Qbe;9Qim6bbc)7-K$+lElB!=WIx1Chww zI{!0VH2HFI>&{&PT!sDL1px>@bMqCL4Km-QiJ&w~&ypKiG*k(kE#MUEAnk3x1?kR| zA+r_VB)TmmrBH8P;_#hy1yYm*b3n~?{W^Ee{%#1+;zTPu_V4~Y0nfbVJ-2daC;wCf z)SJMwNeBsHsL2AyR2CvWIgPpLT&^+W`y#a_UdNhS6@Sk`|`#O8Q;gzQe~=UYaQ z@xf`XcR4MeHR`BM;@|g}5MTc+(&=80QW)q~x8Xd?Cl_npCfQr=_*I}bVXUcCF#fFy zVsG>si_#y7F_#)39_KEzYP7J(XH_DXc`yIJY0_gX(A&o}sOrQHz$0R96+sZMV~`az zBc^{VsM`*U${ScO{YDF}ZajS@E#^i1UdbbjF_`TAAm*d`q-Zn;)rvphHljnv5V$c6u@U}S}v=Q(0<;*MYzcWZkK-VtpktlVZw|WV18j7VJrA)X-n7gmr zx++@6F*r3*ZiEQZ9H?z0>6o*TprHfmGjClHwYsObs8zYR7EFGiepiesKUl8=JeK$x z>q;iEU^ZSP6qX7wI}9onCA+x#96U_Qkt?Z05orVSr{>h0yw|w%9>~h_6+W9g_I5mj zc%0ztd)3>36Z~a1>`TIlnW}FAsdbazs>sezg1(%ed37t9_j=-y3-}@&!$sQp9kq^r zAHyE&I@=!k+9VvVpsoL$O4G(lCqaA@-P7Ul^^KX__~Pv$>srws(;lva?Ab4^6SdAk zEX@L;`Mc4WCl((jAGOaFsV}WwGhFQZqjIFj53LnaEoWQKP8cs;|HD#yB)Wbu%914T zS=kQDB9xr#y@_qD1shm?^DSzthMhTL0XTN^T@3Z+?SBOypmb~HRjz`r_Vy4w(FrsL zuHdUr7-9nE&uUCP8kL~@_;$_W%=vV$Dc|};wRfeEe9U!3_m$?@W?ri9D)h>4md(c$e}|p7d8?y43Zk9r;4G%-{a>-~k(h zg+oC6fszX6PGr1~mrX6?QPszs4*_#M5UX0|s+6vPkY}e6KjStvF`WmJ;ik9@dyV6VFa>yN=<|Cmd=X zlR|xtgB~4Cj>#$YUT&+N$wPJ9&vw&SRIv8kSN_N=JS`7h80i+WU1Tw1)&V&KV2usf z0v;2o%G+lUa%u!bxWL(sbMCFD#kxJdYUL*s9}K{>*C#cUlul|>RJ`5Y6E9}i5H``W zJAA(AHO+JHQnELx-q0b=W6R?%r)K8(>7g>p8cH9|X?yr&_{i-s{(Oh8d+;#kuR!qB zy0?Mz^xp@JV;sjet$W9C^4-m~L#(t&H#huN|8EjX;^S0M{K3@-vBXeVu-q|80$k6@ zS;swBWz(uth~q*eK67CPP`s=P(iqcnOr=BAx_!Fa{r9Y{WGEMjWCS2*w>GMh-#h*o z%XF%F?)pbMYYDAgO^{MB2?nj@r}J4~yi?Fw7&o&M7S`T|i3eHWEjo3!FA>am%MUWTVFR zbt#4Su!KIn+s%gBc27N zo=Sf^Rf(nS`zd?92_3Yp|HIgawz6G8N0a1^yS+V1{iVy4qcH`xZeurH7wvo3N9Zlb zXhQ$!>SI-T#R{}i>8m?D-7Lzft@hTsq(u6r)=F36yT{erzQ|_gdFibD(fc8hoAg!= zfsdFr-mT~`AyZ9Q;@oafTQ$DYMXb4z4EJaI2* zs=*AacOaj*f5wAsGwJUD#f1?pW?h_71|4 z)snq00nDEMAqd;6w4D+bH1W}$hg-J=!kZFCqDlDN41k&gC;@yWdtYoeRdeOHa_&E` zMB?JyR=E`1KQqKRIgc^>vebda-L5GYGi6^?)DH&a+r_fbYWow>pmwxMs>dwy2kRyFoX2nO~qopl+|fpgqicW3u5xV3>qKPt5JW z{Qz>S@cq^;0t{}F;i$2?sGp3I!2hAk=xV_@&TqjEW9$#xZm+2`_VC7GeOylGHR?Z@ z*E^ghvz2H=_G=VR=(gxten*Fi2DJ|@k?zf152K16EAdDkT5VEv+?%@eUwovOPNGCg zY}3ZQzPv^$;^${<`N%b}_Wdlv$=+cR>;B|dYaEAqu3F+97JM7dMG_UH-`khFtsl|m zNTAO|lg1#8C1#QP)>O)=F8KvHxE&P^_B}sNoe7A#0%S3B*>)n^$27|c(=dV{Bz;lC zU3-BV#{#hqHslBWUO-MdSxPAsP7B}8=2T>EZTosGFt(RT_U~Rf2WomKnjY(Zc2!Cu zS+w9+b0^10S8aTM8YwcC0V&ZxN$IAvoa6WE#STQe9iCG#9by2*NK;mC|0raa+oWwb z(c~noo(u*acoH@WEok3!u-TgzY@5y2Lw=w3dHS3=R`m?;^jYVp#5QSUe0e*lOPZXA zzL$hlNH08TSh8Kbfp6e_xUM;~)2$Pe)tam;u+HF>%e_)h$iO~o##oP%PuAI@$M_^f zwW?G3iF&xKa0EC_&30e^yu50FAFr!hG7#^)>ZvCu%kCyh-^4q<+W%q;~c&(nD0e z&^(t@u6}8}&a95#=iS4(2Vt-)mR9*!pH%AiO0UxwMkfYuw;|yaHa+Vc%wR9^S<71z z9=S|ZLOysMpzO)Wc^)BX^Y44g9qkwTy>DNyXoCOr03#j#`!Wil%3L-X?N5{vv!IL~$Zkq`gDX`J!jeeqOkZvit7p>G&jVbgo@8f~$b*;Bb-m zRi4Rbhie%w6XII2hm8%at>d!7d@V+VVtXAP1MY~Y}nXex;xiC)5 z`^~SZG>|Dywm&|SLEDnh%ugjkKO*7$m7gbXxz{RS!gvQJcMUFMs!eL15pru&-auHG?32li_0iP z3m0A>73SYdL{7O#?0|nu5g<+oG$UXbLWd9=0H9s^cv-*GtYcXP=q6iI^t91QOdVmJ zac|WR3k+jG3mxTTt_-rad;~r+iQ_akeOsvI%Df&u{r_XQ!m#`P0pm zR(o?&b(PrsWVcp9fsQROSKW@^uO8{iTZjk~2gRL~4QJ6&&^}3W(H;KbpqU&&bIX+> zMr8bkZnA%r`X8MG<@_$CS{4Xxx8(tya@0+|#UvwwD3(dHs+E#$FS@^!T%?s*V=YD?0+it#uVpI`z=i0t5F#J7f+nU zHW9}LzU@5!Ei&21iwA!iPyn%4OPXJTCss7BrQXp3;lJ7^$8q(7EH%uQ_qd&vZZw{U z7R2-t!B+mkqtX!S<5i*mNCV)3099JtaL*=_{j%O2=NQzq5yG7PG_ps&u^_HZ#Iik# zgfK+tdOhkj$mF}+fFh~ce#axL_XRCn)#l#0@yf^Kxrx`%W|&0R1|isQqP9Tum^o|n za^Vs$RYsO=-#sI~_a!Z`t2Mtbe&B$z`BB_t4XbF-X~(f>778oj4@XMhSL3f>Za&!g zl0326fNXHuJ;XIj9KI05Em!&IIwa2~Yd@~&oWYbuwsBBfebu4osoVL?MY0~saOnQeo_|iNA&zT$rV1@EkJsVK(8}+_UeBU_XHE+| z{)TQ4`k`@x4&y3Ahjd^Yd%J<#@X8PYui$pCR{E*udo8cUWhT*Myx{vbxj2@8yH-ON zh?H{89xQDct6`I9hsGhArlE-f&?M1M%KmtgIHC%BSeOl(N`3(ug(Lt2j;a`*h9`ra zb*PmL{N7toUyW~UWQ3U8YHP)A$Iny-?kg}2G9|ubik*_^ zu)HjAafZ%k#mjLv(S>TJ#_Q)&L-nIQasH#Nk}8sQG6v7)c=4SU6JE290^;87n$kLB zuYCR9j7MDYRITb4QAY>Mnrc^X(5Qx6k{XB9`ZJ6ijXr%>kMdZ-!3^ADD9{hh^!)4h z@ueTu9ZX;8-RpbTU_C#)VL!n-;O@8GO_x)+_is6$c~I35KsAz7RL-g9Ji8v%Jd9n$ zKUEZ{Y`MbhijW+~E^NGRIla7;kh@Twwn`;H@wX?51ePXBCbaI;b5zv6m?NGIHWC{L zH6U*qKFKya*%JyMlc-pM@57}`ARamFi6Y%Y%4W)H3V5gg&iA1nuOGuM`0;n{<3Ahz zafXvXm^YhSMF|>pPC;8Y1c5(Hq2zt0=UQsTuG+phc#bJn0mrR!^}`flJn@Ol6z~=T zk-%NUu37z!{Zl{~l9t~Lm;+B}lySeV%t=fx625&w8U~QrO3y~SXBOM}r)$zMil@X* z=HZgPKYvW{e(F3-YPqt)F1i&%eeUvly{VC+%?-+@?%i}xg^L+yMOxQWGx=F+OwpHY z>Ugj#@o%R?0fk{od%Y{td>`5JKsI~U_V)E;PvezWY{Nd^C&RniANlNcqD;n5nGSSb zmiH6f-=@DY%1UFk*B$0udml>S_4{9( z2{6p!DP?Cl{uF<*^n~rV|2(Bveo}mMA)gGH*>fsvq1x*n5hI6xzfz-^7xHMrjFB!XpDM&*i4d&VQY`m` zUD}u`QW?O>sF&wCgtF31|LqGDq#RUL0$?aCK6+vCTe{_CMivaDlGV7OXxg!*X@q    MQ4#w$frhGCQm~pkWowOLv%Z?UlJgj=H2upVAr^4*Ms9f1Kh%c{M zuja9x^;$7m|Gd24Zs%O{sd#+W=BBfm`{CtErC!HfDA}`9KK%+vJ&&X~c-Y|nb$qUb zny1T$<%a4RDHJ*jI(4bWyZVJK837)Ct>@06U?btqmO>M<^xl07DNIS?ZcS~-C$xoY zxEPIkjx|r03R@Xe{2Ahl0M;3YI>$MgMaW5PV(^iX$#tda=Pkg{Zk|N#2HQ>9 zMdH(?(_iv5O|o(LkFJTl*5tWnD-{!^0L#M*-bb+ zlj(s|9s)lK$2#eZh;~?##T?SN63&)tgr#nmSWb{z{h%SovykWPiX`EU!jD-qKz&;Z z|8_hbayTXpNk88ci!RiGoILA zU+&iUj^X{XL#Bz07OJOfReWP}fG`Y1g6B}ao1sj6yvK|cYfSQHU%iqI5n6rE(~Oy} z;@b6PvCoz4y=_D$5rZ&yPP&OPxG#*F9f*h5;pYRCZ-jWN6;8tICN6So1=IFm;*zDu zr^2Hj&8C}QsoM&CHdkgqdA9N1eI;btt@0>dS}Z8fgv-leD1Lj#FHmvhV!8IVoE|NY zEy_8bAWY20+rE>lU97~%fc`K{wrxw$*_5H+16H}KcHIj#8OT3VyT2@0a(RX4=n%`Y z4j_E{+fU0_2d25S@=X4!yvw?7{Ru*Vj~rL`lRjLd?$p~)79)tkaC$q-83+*}Zn>3> z#n)zSn%hngFt9qhHHvN;=Lmwt^e7gT8MZc$qZ-PYdP4fO(Q12n1GJO#TBgMMMhQ!z z7pYIufr?s<*j*F7xg!1PKNU0)Wqp(=p{joWcr=(2dT{i7A(y8M2 zS5ml7X#Uc<9BY!gHaF{kJX2IfCvY%PE)J)kx|5Ih+7duj9c&MP4c|-|QyHyi(Jz7= zkxzo&zp(MQOfa;&G@t+B=Dz2g$%kSF1R<;XU|VTjv$90NyK%0FAr}bsQwsjAl_QLG zxRx274`W}1@IL1f10RF}Q&Y1<`qt9LqTg6mnFLbNzC^!5mB-ai;s!L%^9)^-f}LQl zW`f6EStmYmn*3*BmO|=XO;kJG^{DLUFF!;O z%_<-+>r6T=oqJ5LJ~KaET6Gdzpj!AM6lU|=km-CMROf~x&+)=IoE(V*kPhotHqV0R zP-YbL78_vFc^tX+0n^aFtKE&SV6!_{&mSK9&`-g48MfA|_dFE#hUtGaq2bC$R+jai zqgeeIlxGU`%pC*xZtMY!*WpmiL(EO$Xf7QD;pN_aWzMdRW!F!vF@;o$26<8S*- zr!tP3Nlh?ZGYtyMk}6Hut_x>)0oj`L${Ule?SnBE-^nYj38oSIlkQeal6WhYa#Tz8 zqyAl7=24SQrJamf+|B&z5u3npDSMpL$~k^)rF_a?48`14*keCfsiXv0z-3{nXYm-y zi!ak^efY&hbKjA<_iLb;4%XoomiS;!KZ3)!zi96swx|hf+#obbgbT@V(&*Wav7evz z`&xS`$G=ys#MHxp*GCiMiHkLwAMUJsl9AupV~pSh*TkW{lr*SGZ5(T>ZHAe;fniG(Ulcx4H3p>*W+7egu&}-M zo|VtHxH8+LRBUM+7pHX!%^7`BNuM>7`DY{tKDD+-;qpvfTV9(!D7)JLWA;TAK=Tn! zSZ5^Qq(Fz8y!RfAP)5*|-sgEb{;V)oqCO3zopmk5Yx*5;XKncPHk{@TdSV~UqPPUc z4TB<3Pivg4|LP>53_)S_o?vhH>L4Evk-$*vL;d@HJoP3FK2E;U1LH&e%_P0^@tY>pe^7TI)$-^6(yCh*Ihu0!toS*9~zRa|2Vvw@qwg z+B!u%Y>;(Nu95%GHXaTGgm2Wu*C6CqCv%I-vN5Q8nE2FzT=~Pn5Ynl`7tg_*OfIf*UX&%>_w{)-Z>7Uu5s4!FtHcwdM^YP}+R>c)K?)v)fGV@HUN)^J?TuKMW z4F+Bxx;%>tK6|dtTv`9zA>wFL%{fAoFLZYsm>g>V0lur0zryFq!$$w0!Wu4y%Qq6 z_xHtH{r~^H_s!fp&fGf;o_)^VYp=ETIcCG2LipsQ)oB$XN{6{gs=$S43$H{>mxrz@W9Kb*s^3iM?JuI!+>{-xs2o zBr48@OMhCrvbfap$tab0+h;CH&DKb&y}@lrz?@!Kz3Ke4utN%v?<%G-o^>I+T||r9 zk-u*TFcQ&rTJ!v`9=*e6Ti}V8{lyR@ED3FUbO&)!Oik4;@5r>USEF&R^#BzuwQo@j z1+q4ge{Uy6ZVL*}RTN2G5fC%jmP@}RZe4M&d>#pKIQI}2Makv&q-}P?3whDD6@t#L zBCN{Fzxf!VYV|3^qKl7J1i4`RB_@&<#g|i=D%2(x=kLw6jh7qV1tqbu=r7Bom6iVV z0K#6QxjvyEzR9=(R0V)Et1C1tzSQNtOn6A-+_QMEvoqzko_o6qeo?_m)j{b=${VCP z@Z-Ee1!tY0)@FLG&0zDEWQnV9-R&Tv5yD?bL1Q2LqIG**w*&I5lheff64BVobggc=P1_QnD2kONOIkpn*} zruXF`#JQ%#M&|w8ieKA^tovGf@Iq*Xuagv6%G@4G?7ZJ-0L00X9}fXBH2%KV_s6#d zjqy%rmHx-_?Kx*4&nY1GWTLXUry*0HPkyFIz3cg5rWp0R40YX;C^39iN!W~h$pr3% zR+vD{S8Ij6M@;Z5LI!f0K1`{wFx>2d^xMLDVf#PjsO*=bN@U{SPapYTbwVbeMg6o6 zNV1+M97J)ZPCZPb*a({@7guXh7M!oK*@}EnY4;|m>(YJ;cxxI0N@Y_IQytfi_iWk5 zfnT<@4Vsw7D>B`PJK~FByTvX`i!~X@oA9{#iEBW3YGbL>XA(1E*}C1jZ;}Zb@Ziw0 z85ff-$7lLniI0MQbt`&g5dRmQMMcJgU+wvjX7gQKu~1vYcAu5Or4^X(Dwl8~6*Sqd zX2svvDN48x1tz{7{V1_=o}M;5hv}Y)Fo&MUz+FeLul`@l?vw+XAOT|f*(3Vk4W=s> zf4)-zFcgRde7`Kar;iBq$ov2os!J6&fY&*+$0qFEhrYSj`{6XiFQcWpD_PcPN8Ym7 zCa7V=_nwO}d#xU*Yvw1QU;+sEI0!j;&M4`yiXMN`HD*&-r9#o*m~OgRIJ^JBGN>U2 z_qzijo9IAzu*#*5rt|kRu}ME>5Lq87ntlo!?JU9DO3$GL$A$~vt5SWw#LKjD+q_n) z`4ZpW;_Du(L#Lg9{*4sTKQ-y@yT~lSPy0Mj4p62wUqH4?>x(C14Fz_E`>RcM++^!1 zSoZ`RgE}6H=bwdHF@Z<2SzLjtvF7r!A<)3kuFw-tk|OhUdT5E3<7^Jg^oi|Cdt(k) z$x+bB-Y6mNOViICkgvzN;JZ!y0^#AH8<4(2f$%YQm!Xj%n-C?NM}ztgDDR#-MM)ja z#nndA$n%2r1?%b0?^=W}Yj%!hn;jhP>v?VIW$XmhyiLMm7WV=(<~Q0kw~Sr&4ZK() z3ijHu%`HBLW<8#Xr9w<>QYBi&7Cll=tF@pV&O^%tBzwEL~j-hFNIb+Mj$ zJUYBVTL5go$UySOa!RQRvz9`aaOA}MK+EK9n9>ri43!bw2i#7TonOeUWoVIt;}-rx znUHo<{MOzzA9CeDIpBK3ne#?5)^*B}E7>(($os%MZl*}|kS^6FNR~z~ zHBh>60MQxNWhJzvLM`)DZ%A2K4pYGH8zkP{Z>vj(6xX~UBDe0@tG91;Z2tM6XDBPS zM!1RwX=qa#j9weh`|38H7vgpTfjEBUK0sYmxx$kD&9&ie?zUl?upA|CD{sC(u2fR) z2iBNADa>?o&0Rh@rita+7PzEtAAHn#lA5_1iaN=UI=2^D*jDPocHxDUZ0Tyt=d;g} z>=_U4DS=L}y^~CENWygP2xN6WkbTplYBalriXRXef4!yOZ+;fv@<~bC^_&IN=8ltY zGq~H6DUK!dhDs&{lQxSMM_F*_RDlS%4&Z3GtwlY3UaYGo-D4i}C z>tuZfOLq4vdmYzjT}=m`uvV?ulI>2c5OV)K$-+my0o~q>OVpq8>spj5Kn#MO&JV#B zO5Q=b2iD{ycaAM1)fH?UmPV{DK{_&SiQn@1?*NQUtNZ}3*KrWS&BIrEVDM~>-k~A| zM6pKiGzA8a?dZFW6%ljx)=e3w0jz8Tz!g;@VPif$bzPftySJyq`eUNsxm^n$yM8ZP zJC$iHPpdzWTY;)gGqH<00SS@>i%PvhhhW?BeXD&j+}AJUAN-8tUvbJ6Fs%(db(1OBhs;u)9$u1y2EWr<+jyXqBHl1`NnNkdV=*$@l(qE)X%(f_^fvFou~_v04IbB(n-zNu2Geb&|I znd&ISi%j)vt8~QXR9}%v%y^sH45Go>A11qz&9a5CXj^NA1Q*@$ED}yaz+y&!BseB) zv0p`9J$tt&lAl-U99j~?Z3eqG?g$(M645%{VpZiTv{3C8_l6%xi9A<5_H2{S7T;05 zo_6jZZnAut@d(Jfc-NKde@w;hY&j)jl`ip(<(XagP75_%Sv`F6+$_S`btk%T(*E^=OGJg>Jlzk9C zAeQl;yB$W2<-X7Kj-8qlCGMpA75}6dQD{t+J=|XkJlf*MH__teGH2_}*e0DF5)(#c z6>&iOux;*JT3$l9cghIbC6%FPl$7c4;i@-nlJ}A3Tq!oDBo)EUq^AI7&QO?*Y(rdx zh^H`08<)E?^Bz>K$+*`h#hz^AkWn`;#I0pbNCdJR$j%Lg8whiU8YnC%&*Z1~-H1(Rn zN;Yxp#+vq%7#4d%%T8h;XCMcwsHZ_Ns79lg%9Kf=*GMN5x7^c*iwj*ey5=kL%>^R# zVso!JR}qx~L{Z=sh&IL0?%|GVa%gyeh>vCA)`vg~TgQe)BNKIysF5&&M^sGavwsY- zAJYG`#4kNVM4R$SvPh>)WVzFif~WzvX>ti}!Z2U*2~yasnJR`bo39~I6^~qe(dsP- zWQN=K9n=^f$PPUFF z43g5V(*z>9^Yr!KOIB70Q-@Hv;qExqqU%qQJVTgxxmsW_dv_8_S*o%e48$PyPmw^p zX-0DGzbkqL^_?Q=!ggPP6vc}LXN@9R6{t>3`mH>l#LY)vm}+iuyuH2wT*7=)qQ#ew zAU2gT!7Sg?AG^YDqvsf}*(*JASA^=S&DZekiQUiLl8`h^M5C4Kr zXdS_<;hz5+sMx0`jKe?%aM7X zVS377)5z1|rHEIJhifqvT$UVy*THf_hYKo6I&Z4Aj5=|j0zwy3mu2HUQ}o*mc&F5Zf}IIi(=cUZMH6C={FWNE6{NCeLN5cvEIgZ_3?;Ey#g8A2w#9~WhbBHpd}Dq z`s!b!@FLV?q4@qKrymuz4Z>r%jN_b@vKgz{h$g1@v>ibZqtL2DPJ{cSYrfXC;a`6! zgMIUnaDNk}<^nhrYI>g@;p{C<$|Daq?oYSqT`Raj*xPWMn7+l*2@+FrjGs>r`(f!x zTjgz9`>e2SeS`!60)*IL6r+E!-fBzflb&(3X%)GV5cqfTX&H+}(~c}qO`cZB&q+5dz_ zq{a(GcM86lV-Mo~P-iISR>TU*z4Qu58X(CW5Vt7)!Vqix|6Y7{Ano2k-2~u-ed^Rg zkLVC237y|13J*rF7_Z+S&CY|4LJjV3U^i<3l=30Tu2(Osg4s(DSa$%VybV$Mf>z15 z9^==jr|u&t=_0<703KHZ&0Oh ztCoo-(_G)3#q7eyDCQIsRmb8hx_eXBqLr`cYI6_U)>?`cF-N(qqQHk-uFHH9D7=SH$dz5Bdx1B)n z4C=8H8*3)iy@M;E%`(bCbp%(~7aI9oVp=Y)Jj~lX7$3iLW}iIAS|hOrFh!kgMU)2E zOz&4%Se7^J+)B92lbdn$Q=L$?GWNLsxOz6NNR;OgJhq)QjQ?S7X6v>A33@Xod(Z`J zE&I-5b?Y?$yZzQaF3iEZ~q2I9$)h{}uH%jo1!Nif|luWbZoh@WS;@)!y=x#Os%cgQr$%^JlpFg)b~|>tML`Gwr#$TQmEoGb3(I2K?0Yj7jb15y!UAP$QY$I7Pq5T-X>q zM_uT6e_MjdWpBDDBCK(937Q}EVQ(N(kaybi@MoTZ?#ES?#DW;c>|y|K5>nliIe%2| z$y(PUq~6azycT0(Kzd2O^BdCA^K#sVs^OhDg2*NFfN#FF`L40+hTk(czkm{RI>2uu zh107xdsuopmTKZXlLKmYjNB8{)IHWW-WHdav(3NW6l8u=*w&tMRJ$d~axc(1H3r{= zURrU^V+ah&7LIu}KQ;Z?9hus=0%XxnasWd91!N=dIH|`ZRs}gP^_MN4A|Bz4LVR9r z@m@$FaHYCLVNv`%kLoZf@ma(fiapniLfnNHH>;vB_Yn7-;$lMiy49fLK%HeWyg#L- z72R2D=jmbLrbd~fETc@`+5Y~k&xdrk~CVXWJBMn40Hbp8p4{_ zoHOP|j9H&^o&dUCwn?xD2N&^Rnb$QjL=c00**+p<9F#{I7%J0k%Z!e*qA z5`ZZkQ`p%agr~8V@%Z+=;r`bj{+p93uu;zeUP9$_4y3F!l^2;hyLbXQa{-@i4-IO} z$5CWUa^A$6&ja@*sRw@LDG%Ycqd`&jrH+RCMx2y~U>PC%2ms?NT2Og;#I@0Li#rdM zC3Gygr3(wtyPF@v|2yx#xTf^u6mHLHqc(YP6aRLAr&LG4-X{pYUOmT9T7Q~kganI` zWffF7P;=VvMQts0gsK=1n^x%6DP`3A+15~9*5huzNHRe_(-2S!0-DMhVV&pPAThE} z+%8g=AXpbIVsA(MYD0g1orzCnFW>y%_~4(2e5K*|1BY_k0}XQ@>|tu3p2$yWnEyfr z#-;m_H3J#O6)1BZw|pIiyBRE56%ZU^Lkfs{4iSVdJ!QR5m&rsV4|i2B@-wJ<#`w$E znvatQ9hoWGl&TRUW<^PfTnr81_2(1FnOL)2l*=Px1nTZrlW?$WQIIixCsVROXP{mPu=Di#2cO%}xmKI}L>|X|)L*nb)2oDU)9x zzhi^|nooE7yxN)9DGH?sXe|-15d-v5kUcJGpTgb>$K7O#${JVsddEp&oqhdA)S*A{ zpIgXFncIA$cSY7c&%NP)z138~D6dWq^_8p^O^bb}fzWaQGbbS72?3Gtm}LbBsl0B5 z0|B*rC?r|RCsXgU|6Pw^EU&tI+&Lj7jtl}!BZUHJZxhv5 zHfdxXBr@yO(0z&9l9@g`%CsI9EDW!j-j>Gr?Rdn`@|_j?{^2!c$^`ZnS3 zArj(T!!l22B#E`Lbr)8-(NPnBgcS;h(4_`FFKq|uWARE9D*_L;zx+ynr2k5P2*$T)bZ*QuYP&#@6KQrIpmb>*dwrWFAvqJ2FZnA%mzvP+ z&xnoOIUhLiQq7WDZJ(8=Yma}45gOx43<1eUKS}FcNu2$=A6Q(tjO*E(EU*7YgFYG8 z)@I?Z+xd7AB5gjFmd00k%C zqh(?^gcJzuo&R3H`KFYd|HB7r-yNf@=opn8Pz90RXkYJH9ngJi+|v_wNQBU5aMOT!Vx ztdPwlZ^@T$*uW)J>-D*L`3B^T)8wt<%`(Cd=p8+_heq)kK@BLh{L$raDY8i*NV1~D z*b{_s2aed<3_sGefU@dRq6)6C+@&1-~)u)4KtiAV@olLlJOjZ^=0OF;DqEi5TLX1(yjo8u}<_>2Wq=F+_2 z8>3!Zo)$L}nBI&OD+x&%=i29MK_6mu5m!@1x5$5m&O0V~uqh46C`=WprTerr5Dt%> zk0zNp^H2A<0tJ5RVCSs9(^x!a{rtnM`Hyj)2dDW(yC5veLL~--*!H36og{b0%+PiKw#s^57>EEL>d6Frd zIO!t4;xtlN*w~&b#|!FIEw10cL9B57ZoJ}d6_|tNstk2fa`YWfQ>P;<3n=bhZmXqu zrzR@%XAHSl^8VzNpq#=+&Fd0(={pOJkItug+R$0cG@xtb^lFl-Xix%|8)&b{b@lo# zYhehkUPq?%2SkK2CgN_~jv|P6@dwo=02>9$yg>}%zgYv4XPbXeICrm>oc+aCI?Q$* zH*QV@>^KgUTcd=TpTWaqRL+t-+g40Sd}!}>L5rU^Z5?WmTmHvm!md+jX~e5@oIYb0 z?#SJg2ijZ`_m_pu>v9|~ZiX@aI(yO(l(}635?Ip@8VDY-fKd1qYYcZ!F5VC?kzYMS zfWf*3@*O5HdSVlA^+XN?F7^|YE=B$TU#t^Jvum_m4hCu1L|lZlomaY0vJ-TPo?h;tom{cImwWie_N^vb58@5D2to~eTdoOMt&sRcZo=)} zbY1BO98@U46YuZ4HEWQt<#c>p5yVAE^_eqzP*GIyQYB$+FY0$%8Gv%KRsjiHba$^d z@jf4nr@x8j4&N8lU@oAi zO+bc7=AiGI=Vf2{pbk;l4+w@|J_LPl*ow1}rj#453t1?_DH537xJ45rU!g<8T1l0w z#flhd$Hw1t-TpbOCw(Xl5XT%MxggQ+LRZMI z=g4&YJbYx})Sgx`o-5N)Xj0$fn>w3EWPoLkfhO%5r#uJB)o|#Ebs+_!Q1s3CodL@f z-k_&6`YdWArY-E^X`YEcq;Mg#yizf*q>XS}$yJ@QB~hO1V>K(hgxe>F&7-Y@iWa?6 zqkdhXD=Wb161IA0mSs`dX5jW%{$Y(fli1lC@t#1Vlw>`seDy5O*J?607^vrWd|UQ; z2!g6#IIE}>nciFeu2TzkEgp&_BzD>lgLBVbgN_LQdBgT9m0MbJ zD{_h*bnL*E`~NrsI8x+}Yj(Ap?blamFu)(GhW6>ry+*1t>h?Z^VhV!v9C+k{Dd+-H z3Y62|I=!@)GJ|aPQ)fwVUMq@FhiGMDSi`&Y!@m-9x(GW9g*>{l`n~U zY}hf`Ty-YiKZ@HYUvG$WPDQ>}lfJFC?lD66K`3Ur7a}oQ7zJS$$Ae|mh?ORh?_ohZ z+g@9SE41GdC@>@7^za3s!dTatn`~%UGlVyx^U!idQAvg72k6ptc%)$UE9DsPWC|9^ ztoB&J{~(b_NP6z|8yE!v;Hvf-Kuey&a)17z?>Nnlo~l=h7%Y2qeA-%;1bkzik&=Yu z2bI2=`dMPX3Vgfd+a;=ijtaDd>2bfxJtm&hYYA1Xjc7am|RHoIQ= zHiH!anJB@J!2l@-t_3mI&q3b{HqW{j(4go^NT(UT&@<1%$NpnivKy&Gk%`7}Q@1^B%;KXDK&xVIy5neFr&+m>6^Yq4G#wEK zLQ~;l+dH=E$g`u?oN=;AXB|LwcmvM7_hh$HoM&T~>HoXcm6C7Un4~s|dahIR&@iPM zK8+)s>gxU|#roo=Sp+}dhr*vXEMCxXkB2g}?g z&)FU)I<(fSok~n_$_%$gTM<*xhl>!;+&o=V9Hy`Aak;z9j|glG9D0`8=Fv%L{``?_ z!Ym+opm!>qpmTd08Cx&fs>KNS+Kmo_#FH7$Bq))sV^)S+`)*1m6;N;_K6iS$GFVjD zdAM7e!DR`tppp-gdY}TfpxSt}JJ?#4YI4vvgDU(aTgZj`bMLvz!{-7wMP)zVx9k@Fs;M z@EViT?(Xa%QybRSwPKvp^ft>Bs^C)WWYs_K149+6427NBwu zXka6h77qX21a*2*?)d>rjtUDiLKwj* zdl%wa)bPF$2vQ1w{tu?lFMs^f@OHGumZf@XJ%eWh981{$JsELlJTjU&K45<1SW*WU zXgItWEWJ|M78g3>3-XqeB0YJ@-)#Lkb;zUWC~g?H9Vp_SN+p#z=`$nA>0dYtjzhT~ zzZ6@pvYpT2Sg#xk30EARM%;f|=7DDJ#fqy!?OzX?$*Vg_E1t|w ze_MGj)!CuXydzRt-?|@p^TJfZA2J2MsP}!f)LPLtx4U+qliealsPiefJXC2zI<>vi zHJ=<)KJ)P~yU(07-1jLhZ^pO!XuRALCEQUJklyUWr+kG4(@u%vt!0)E@-bQ3vVmlr z>c%xsFjC&VDyYOMh_}u=?Ogj+lk)_CE+u>w3t-22)1vA8nqwN-1@&1$iM3u zL$vF+4`8t&QzRe8egXr7J>wTkyOw~gX9WJa9*gu1cuuh`BgG?@rbx;x8NNLp#LDDn zPZBKN33_;92s{>6pwOH3`F21f;WE0Djz;I(YuDbjo)W0@ki<7)=H#G7Ime&<0RSI5ezJVNK&s%F;sqk) z&P$y>NSXa)rB%Y!b&%Sx*59paefKn-?gyO)%M*tfla;Ph`aC^Mq<#l{thi>_@O)$tlqE=k-u8txzZB`JoTQ54 z)h3Pb2#C(}@Y&qtc4|%;DGpA8A0*(onMx-(oao;no1@HF*^}t%XbMcn6z!t$PYB>A|8Yk1+7)(%P08th( zC!}|6`ew9P@`mU%=Cmz%;|B84n*{EQ5SpN#~m`(OiTfObUXyG5kN7O!pS3r-D@Ep0k6*|QRwtP27AdN0FfiJRLeLV zB7cNWz*4BynpYgJ1tkcz57~O zW=Qvv1Y5IItYwPTY4z%!SmRG1g!Aq2@>pIhcgm}#gIfb?%B50NpM>>=F`b*oZZDTN zJ}Dr+mGiT7t*_IxUTwtH2sPvX10caE+5e4(}1w?*V3fN73O?)hxCl&ALzF$73WnzKxd@pT^j{v+m zDSYSC6+WEN%G~$a;p&u58d(oDrrA>z_MK^L_0{6>TFNB~=Du;ck!=Z{Y40vTcR(M&v%NPM%g8P&u3{MvI+7?Rl}`^PceGvNa~~bd*-BWJoTj z@e6nNCBYKtSK(U!`EAoyZ<{tWKa9Xn8NQhL{AGM|niY@u(vXq8=lGQ8@!C#M&tinw zgJwRd<(5y`tp^J5UwqR)WCbGQ@h48xyDgyD+H5Kr*pzaCRdpxsEaP8iUk&DzteL}B z;SL22tBM8{H-VslF^V>N28?S_bh6k@Zk0+)9+P+J3Xn5PYxo$4O!s>V-_n;`w*CFo z8#!6ft3-&uM|bLd#k1#HN%R?VSdH| z?sdZ|fq#WY6|h=fn96JMy+u%~?GX2NPLwc}vGCP|$$?5Yg+U~Lx0y<$j%vT&p1pHYU$RV`Of9q;&P{n)*#~Yh@K$RL<+h z&(VyQmKt(ehCQ*z%S)ro(aLOGWS#8PqtV)yKm3cS00V{ zdQ(P^u0uPqPrOpxHQz(_rrZhOO0s(9G`yz^r~i_H%e|}`Ii@Nb#&K-(jZ0PBuHB<7 z-KU7|P@_VbtH!+Ck zH`qpW(EYR2C>=IsAoh>$sy`)nFLlBRTQgB@iIHy()EpPL$6m}<0gbJgL_pdb%u-9D zK5+juw(?YPhud)@(xKwdL=nNoQaR3A9ofVi9^XEQm<+feV0b<&$a}#$Mf_ zp3)-8cL}$5Z8YCm5X;>y^cWOHpI2zNorwz}<@lh`^{c6ys>xYLGs=;4kzRN@wRAApZSmTV7V>-pTlvrTMQh=5Kl`I@cKm zmwEKy_T`g~gX{Z6Rzns$4Nb_)y`DCl)r8)4U+lM6>;~*z(N4%zsd<5?E}w!|0TmLPs?mwL>p0yDw}w|x^v~> zDDs7fYfeF6URU?+4~gyZckF~=c7Q7?Yd5lQ)2wP;W;il0PYa+)P(`S5=vUP4M#gbg zVQ0=p4Fci`5w)MPs-AdpDPixL+uE0;SDiWl`ciY}7Z*D8%XgRQ&DAh?SgINz|87Fe z?h%>iVxJKpuS<-2i|8*G=*_*y0eN2B*+0~!b`oTLr1&H$ubYkK!QA@qQUt=hn~c>Z zhb>Xu&>^+_{#b$2(v6c%O6&7!MDaAG*L18U{a?jiNKIY5df;X^xOxo-&vRii z1DVT*tF2@09kIC08>@l%bg1yBHnjp^8_bE+d0p?V=VTjlOo{o8=Ou1{8Xcr+%VQm5 zxVFJp?1@8es-TW-&h}N5H_NPKxJmPpPqU{g(RzW&CxWtrAUBId~isc5${VQFso(ANxMqUf3`0TAwPuK9}{W3;N=tzYs z{iVa0M=>u*4C9Ahq@MDb9!7gwYUD8#+b z53~Vy#ZI|8#Bb%;%fWlQ6M%x0{DPj`qDt1Fx$g&!BPwN9B*BT7a~AK8XBJEe_O3lQ z$En&~e1$fP*1!;;KNCIU1#?b1T<`T=D4)q>LvuQ z*=_MYX(pbt`u!_q?s;rdp>SZ0wtp7nXb9Bn8HMgm=E`RsC6EG5p|i2voBFy-_`?ms z`~4p4k&c0C9vOb=$i=A|c{O1gloO!JsK~M`r~xhyDr*6T#M0elKnYMcl4p7Sn;G*k zLTgiqOdX#^B_kXw5t2v_ofGklj9aK)uH7#^J{|1RKrhu1PAu~A*VEo0?9yOO0;A$1 zukGZM%V|-t63>RI<9^HPfzX(jm@`RD(SuDMYfm+s1-r{(2lFACatwh=|K^~(DZhYd zBWK9puL-z}ExMHFdh}{~c}R4BlS0b^CImzt*L3QFm0*2$d(d4W`s~mcz5ee@bgRsN zYz*vdZrB91padT1-G1!``N{YMSko)e^M5CP5+Li;vWg4gP3999is=YlrlkF*CpII; zxA-SmU^})JE750z{Na=4ujc&d{bQbUaG7xq)g?In&K{kR^~A=~^?XW?6@aj))QB=w zcHR;j?d1_;5|E9QGZzW5Tgs-yaDzmZazW5g^f^A!V4vCgmQw4Nm^Hk)j{am)e!+qU z_4Q4CeY?_JP*E3kYzkjQ{hjBh%yZGE;Xx821EK?@_JBIw4bU&shFGUuVR1^J3bZn| z11d7NCDa;F(>4JYo~ZjS7tu1ewLBCWaWT^VaFDFb3Flq__SOSZfS>#i71Vg3K_-#B zexNd8SX3(T-qLt#Txn8XnRfuI_O!Uv@jzwsFqMu^Co1Da{=`jU%l{3Xtjr=M;X0%2 zjLSH$*OGquH^vb!U>+dkOahDXaE9ob8xMnwsQL5*ZQT0;u~zgDVqrM zSlx3X^Fvjwm6}~-%qcAl;GtQ#^fCbHTS&2LoKzgcf`4ol&4W08z`ejMRl{!0I+rpx z-=Qg9y*KL8ym_pq49Xz?kG?SM55UJ@!}mjVPdSS!E)FMu%`}hI4AiU!lXyCNohc;@ zf^)f0U8l1|I~sUu<RBus zA-Ir}>G?kYtQ&ET=77l*xjnkElGvx`(@93{|KUpaelsB50SEw?7T^=Db9YVlD|CTm zG(1pLVc8dF;y%2lPZuN=OaY-t!J${J3WAPZW_?bP9ESg! z>blSbsz~#Nbq=tvENr79)?QO;?{8g97$@F;X8y!+fKC0fqN7gVsPd> z?aYk-wcZ0xdY2vfKL-i^RH0#tK!~_Jz z^Do6T!I+XuR6IgK^|W$|LA8Wcq^)x5@32c33Q@3{% zupDHZXsM`}E0zUb>t5{Uz5wA9Q3^)yc{Nvyeb=sjL9w&P%7i~q0{5@9DcJ41yJuon zXD$RZ#-}TPBlY6#BqN#728>Id41YU%8?va(3_D_{*-JuBdOLK(servC1pdTEvdb)+yEP_wnmy;Ph;`w>(a$Q|0&87vj`ICX+HX z_m#eaFNuKdi!U^-il+O5mX+pB@T}aRVTpmY%zTwF z;oR+&*tuc|=vGr7UX8e?#j$#<^Y4vr2W1M6nW=ELvM<7{eo%N_iv#e-hE<%}Z7^Py zb8b}z6x+<6!0|&_n6jO`dPiFvXgcKF$Mh!VdFSJk$C|^R4AVym)v?S-KBJO8dzU!! zmeSqbgeJ56$}LeZ9DEXyGXkfopG4P$qkbx{7oy7dRdhQbA-G37*QRUM9e7tlS{GznyUUmQO%glr&T`= zmoC$j^xVB{~l zV8HLeeCe1zEoq(MkL)5Dj804tip6n@lMRs(y|_R}o)Jc-(IEgS8gEX-&dgA!0hWsw zyF$N+JnvJ)2m^Nh+A2Y=wiLyID#$`H|Ax4Yg45|6uoX3l71_}vCeU|3e*AA0J%_Cu zwo9_KvL&Wr7oi3@*$pb&8AB|*pKT25kLL8P18%_zw+1YKntWn_Fu8^dU&^~ei))U_ zig8hDs}pt8`Iv!FV0<4IJVaSti6ZIg=2 ztTF2t{%$I50~^RQdN@hwj?+5{qm?fSo^;;Wf+fC9eWJn>7)YF1>$lvELE@I$0w#`T zq`U*uV;ZU{-COCBjCalfB9Hx&hTFITf%l|+V|8t6sm*ir^TEf1FD1bnQX7Z0F||i} z^H=l+9(I~9SJbU+uW4={&bp=T?^3n;eGXi~S+2ZVk#6z4o~{i~C^1I=8j||UCWW_S zG#5?WK7Oz7U;)>z1@{!$``EwjD!X$5QZlH}E1#_xj7~bHolIB-&*tih?8|@$H`u|{ zvrkG8`2{;_)USzW6r73iQnb6c34XrFT$TLdIe1ozgyb;#_X2KP`Ia)0TKD43M@lWij=^OB@=EPcO*yMr>t0(3_w=6O z`a#R9<-Ik+*OH9X@vi`|9`R{5ZM|+fAfQ&g;)k-@n5X);wiX2^`baoAYVhcLUcCkb zm@wBjt!}kf{O{fGNV#0UmY<;!e9^s5K9fYA5?V%j@}kyD82QiX(?kNhb7+!)Cp z1esPiH>)^}q!s911qhhMB7XI^K)0o4awRdCgqG=Uw|@;J)RF*VuALw@e6ks)5Vs8W zV%0Q-c~>pRcpAl2)yjRVtPAWU#N3cmFd9E=E}eAn82n&ca&#;3YoAcqj;U7^)u+;~ zWu}By6VUDtU!LJ7A`%Tx4^^fNAH@++6Vvw98IQol&e6j=@INL6|I+DTig3*%sHVe@ zoe6`5_ty8q`=dF0iwyMas?FJep*I9S@ULETpi0T5?0A6(37252pQ!L%FFB1EZK}96 zJu?u&U9dPEy8`?c3-$G$aO9P;Z!4UD3x@7DCkG&gD8|A^niSMneO{>8eUCHa zcgp5_$rLZ2lg7eLLbNTqMf`9eVlortV z{$))aEbf+s(P&!yk3VhiYN=&biOBfo|4OQ37Kr5-d!Y`(2=37-<>F2SDtVh~m!I4F zq6kf`NkTh%iT&PkDBf^Q64BSRQ0(flb4yBq#@o+b3kPl#(oig&uHrjPS5>l$YrojQ zl5^b_2p*(#9(nPXPy6Nt3l$=d2IgrtqgVIy3qm;L9fN=qhzFhkfC!E$iLPj61=oEh zT*+E271&%m!`XB9YaEJ|5$;~Lqozkih1BZ12obB(Mpx4ZWzH4cYn3}gvVP{bh;g$# zx@$j@ycY2&lZ^%oGX2yD9GrI~z~mrobwdMWfmc;JoU&}}H0pT#d8vNbW5YvL-?!Vj zG13B2d?{&o=lQY}C@y9s0uqJy=}2)tzMOMVU(vm!QvbVd#RV+X9BAAmetIOUhQ2un z63a4;!h|=mR;XfCcNm>^ZP;9UeR^Yq`it0H2ZgH{n%xgTakA!#CA))zE!b*?hL1IW z3K*)82hE`40zw~kg(h*@1o)oqOi*a@@o`*3UJTyV)9ZhA@|M+y^49>+ALq>#8-9*@ zlx4NF#G~e}8Nu2qQ_;&A>E;*kLn;YwHIR$AwbKYIBm!BZIYqN^n<^E!8fm(UoGn8y zi-Lx7)^v*MnEJVTmWgLTdoLMnXci-d$IK_H{DOHhSnWW#9$PRv z{p9ZR$@%-!U+K6F$M>B zc?DDMwND-`KBJEoKQ^6?Wh6X!BeE2!c6G{baDNbSq z|IhUh5evE%>spU7mFK{7~R%fg*>Ro(B~KH z&z&AS_eU9_v_p{!V$Gha)ItlA@c}J`l`;9-!SC=SV7>t{>z^qNQ*jOKiswK?=3o5 zt=;^zhjUnCIPK9Jb*Tp_A4d~rApE1`^?I=qGs&aU+gxou9Np0pfvK*k>*nS&D9m9( z(A;c?TlKuays&JN;;{DFPHV5oset#`6WyGEm%7EIho?FyDS>u5UQ6>uV#2xd3F`3= zzlPL)rH!x%jl|lSg)YGH@+BuPs}!i;s$+`3=63~uv0^vHg}|r6gOPVU@1%5wl$>hw zygu*gHCo%BeEACqXo!d2t+F>0CYEsXw%`ZiX!)}?^0tVX#x{hhce`x!2@Bhe?BOYj+??UZSBGB-O((2H;Ux)Xj#d0s6w^PGzd!g5djXD|*T%m$ z<-l)^zx9{Y7oPD2VD(lR{vv_<`#1mw*f9ysZnyX+`O92Ng<$Zm{U2=K8Ve>aMx>2a z5IXn18+RMfm7^GX9{`fX7$!zr=PUXJ-cSfPL;rs`d-Fi3_cv^K?4c-2$=agnSVLyU z(xL@Ne5FPU!q^!zb}13jM&y*W8M2gbMur*7SVEK~WF0Y#ttcT$wj#Wr(K)~6dEV!J zp6C6ePC3)e_p@F1bzS%UxhJ0R(MY85{is^6+f!%P{?i!8_&P;l&0p1jjRw*Z_Vt!@ zR$Yfzdt(C~`+J=WAoNB9iGPyA+@OHG^#8le5DZb@=l>qm$ z>4t3|R(Njt&oH*%5#=XZnG9z(nHl`MgzfH*a8Q$Ow~c&})EOwO6*!<7o9q~EV$gh& zpw*<-Q>o6kM;vyl_j@R-(ivqJlTh_AQ$IguPA5eV-RjpzZH}5Ki^EhdBFzd)%|z^|F5wBKUSB6zxxUNJ}K79Lg>aI!erK6v+r)6zit?w`llSoabCjCWl#L=I9TZ)AiWp;u2u69 zXpk{>J8Sorx&LVy_R*s{P1IF8Xn#7zX$A^+1qybxy2Z8{5VTq!<=%Y)u=8OnQOv6$ zZf8LZbbI1QbDQx%t;zk)TE_?GdPPd_{=~<~j`Qo@sS4F?3rPLwsirCC#>tdj*~par z-<^lTTwEUL>~a%UM^cokLG9T_BOe} zZKwTGWyWM<@;wthUTzFP=Kt>i&USvhasDc}Nvhq#NAeZQ?^p6gStrc zL`ZynLsDJJ zk$qc||J|uYcXlJM1}L&eNQPcUVqCz7Xh>P?p_i9YvpTFBG?Qcb$xM>z-#c9(9`6(X znU$gu1;P0j(O!J}pFM3zknVZkYvZ+d+abHQTF$ZG>8aQDy(B5+{=xsB*pwM9|Lo0I zvu#aEd-M!nD$Av+DvvAuYdo#wNX;lp!C;!wucCw$?VG1gaX)+WubPg34Mtp8xkCL2 z2pCT|S*I4OoCp4_6h+0fKgP}zNV=i0*6sJe-Q}F{iNy<9`mScV5f-3iz(u5iTKT%M zB_M{7+L%zk_h*^xD1ZE4^)owldjeA9iQOZT;6xu#J1? z8zxwZcEM+BrKi~!1@`Z!+L9|y$`4!Tb?a;_(a4rhZ#|;}oj(*X#>TdiQ`5+f5{W3U zr15*3KJ;>~k^6t(1LYOBchm!iuOUYM$XTlf8evawsfRE~xvaf0KRJQZJ72My=xn;R ztI28NZIQ=oq?5q@XS`_dufolvX1RrbO$2rdy1}EVUv!TXj&H3K-MA76KE2%VzX&@x z@qfwxhwH!%K}Gunsiaw7ffjt#a^BXg)}Z9<_{InfRt~ybp2+d>iIhkw zmLogLrClUQ_k$a#2lm{x-zeXX`W^cu$!3E=ikzY_Pz1Hz5t|hn@5DLU0V^t+g2ySF zE+BpHyg1fG_rjH%wAFvB?sqb4j4yq3s#GcdWXUz-Y%R_jfCxT18ghhqE3fh2w<9>V z;{W+z8a~>3drsFW^1)Z$E13sdpE0P7gH-~5ADQ9TYR}h{`-xs*`;f=( zb_S|-Y5Fg3cCj@Qa`s9eVv1gGQ{YJg!N+w-Ht1Ey@z=hiy(jLw08Ci2)(1C< zDQ}$qJ9YiPrKg-YzAI=$c^2%m=p2=ZeJf$y(#&n+E@Y^uV|aC?eYe#=OQv=C>|x0* z`K3?y-RY3%EpM8ASDqSe%KfZm&X9N3lVgBe{RV~>M=a-H$n6K+rYw3Mr0{}6ln~8w zmTpmuCtq~`uyAi>yE4c5@k*wCDj*V0F(dK52QOPYo$E0ME zlEx~{llEOne>1JfwksTeEtYiYj)SJD{1d|7|4h>V-;DGC@?vN9o;@mog7g}Rsb;{B zpN3HX*u-}s;K@jB;3?|w>fq_ui$uuM(%SS^e@GwD)qnf zTKAwRy`LILkNPN+`Oc{0NWn(M7b%|@@70f}x)J+nO{BdLxBd?cN0 zjB!yMGRg{lsPjT)Vv+ecetdNL;ESLy^qY#z%Cp=bdP(CCMpM}-s8A!q%bzOk>7P-5 z*}`TkGj;RU`bwxT`)BsP99s1K80vp8-Daa>);~TN*wp{W5L2&xLE@0qHnR0CSn;Oy zl`qi|7T>5Z|0wx;Q;Wu@=RL`KX#LzNzUzTf6wC6^(^>S@$Kbxvea?NO1Ha=JDBCo% zy?JrZ1E;{0x*cGhb6ItM=6iNFZt**6)_Cf^DQ}SL!>MO2oN~RN;?vJ$%wBD4v50z_ zXZdFjs-<`x?(L77I81rn8sha|b(jA)RAPsC&S&4~6Zozs$kB?6??T3NL+a<(0^eY}6q-SiE}iTMpVJIEI|KbX=) z>Kb(=If}MlGt=uR&PJj z>O!97xc|L>fJUjxB`~|lPL`5~#S3u=o{zJ4nogXJjndyYlh%2Z?)|TWz`No+)ttMR zi9*aou}! zZY-w!)y6$A^x>SY=Cs=$_{focnV?5hqyOZXQuDIch}S7EhC~0lb3sWgJO85BxIegi z{5P~ZGOMQ>6G@!)!+c>`%7w`XP4&0_-OTa((Z33H{@1h?qGho^o_Pein^>QptcO#+ zIR_D}hhnYIr^*Rk*EvSHx)D5fVN|UxPuGjSv*^sw*r!Qv$^wlqk!Zsg+7w5u)vEW{ z&)pF}4s)^+0~^}ofiRsC;;Wk|qI~ABQ8Pk6P08zUlHHh;xTU4=+3$E)ej<;epLbg+RpE#XA6t$2$#Oo&tky<#%@zR@7JX_ z4pzX&|89b|CUAB;Fq{8F`u?Z%YT-z)gtSN2N}w6#dCapMR<~Lg-Q#E9`$qLGe9sxm zfubApQml68sL0vb8Yjzn3n<6kB0TyOp5o(kBBx_FX5Z61kGMkzPW}~gmveaaHxBRE zal+(XTF0v_2~$JW&TkjibR~Zx*)&?6*8Qr}ZL5BJ4?d!ef4urdcjpoQM{lR<9uJ!~ zGH)*(JF>)J9r&mI0qfU7@@)&If1{+Gf;fs&ra7H07bMb%vi?6Cok#v3S2U37eQA$m zi!b{sXMB=;pROWwy!8xS$t=gE^_|3KOO=wpN4Vw2}>d5mZiita*hveAG%NO5#U7QOWTw`>h6vhGu=oVZ$wQVkmy`9_{Vfj_?7t~ zz^zKkw^!!xSuNw&_w;L0n+ksOcWwTd`gCGCDKj4quwbA*BpxbOxB4a>ecVT5X(B;Qx<;Yp!%fDY>=guaP<+1o(zn@d& zp1rVz@2rFJ*9(%$@)l4%kDMI&6kd|fsWn+UGWJ7$kn~sOMp!bo%P9Z87a#1IIPN~Q zXg+XVp3-+hKes1XWaz+EGcLr?iNB{fRcUo}(k&JBh&QHYppi)D!M_(5#pJCkL})_g+*M4&sA0W#HIx& zx<}2d#e;olz8u=qq-cJOg@e?KgYkpZsCxKSA#&;(XAw5=OcgxF-#u=?1-h7DgSWN? zRb_Tdf>|QAuvX9wX)k?=pnvAEtxusn^>8RVPQ?&}9RvIy(>mU^FRVa^Tu|zB(oXg! z=i!OQ1G*p7%A)S=x*Np2)VbjD!V{a|F7S+{_1p>D5*_i^KD63V{qDj%{ab=oXR$Xe z4vqmo2t=_w`juMW$=)TW$qQHhP)47-6}_Smdzp|M6+lp?3QKPBq8TFh@3sk0-k|jB zyZ@{<LJICk zOHSi+AAJ~?c$~A5P>g(Cv9O4sDU#5?F0mti#EF(pXWUp7Xt?-&`K$}58U4N|W20}E zoeAwj9@9oyhwL<~>R_7{22QMg-n}tYp5B2UbEPFeMs+|#D)sLtecogB z{~qQBfJQWyod3OEph3uT$d9%AI%A{21bC_+H>~q(_5u3Zke}U9lI&>EMQ5R~5GPRI z(TMOC3){AJV?SPwkaQb#HHEUSiJO|AZ-no%oC672BjDz1#hpE=;&?khb5Pjr=ap0b zAz30X-*R#fXWWQC%|5pAOCNSVx-e5!aE_o1_GomR#ZeoA^p!)FzdC%Cr6qQKWm&pM zL0dpKp9pMTBzE?%2KLxhg^00@F0Oswxet8t%3|6TEXamg+bfi&tF72)o$gJYI6O2% zk;Q^s);|{NqlfFZ{^facpZhtRvHd|+U~{?62Eyramf!Wk%Qt%0=C7Tib3~?e*QIf5 zmEX-G_OuJ^MwgE_Ca>z4tDBT~wuP_pjP|(kFHT8CG(U)Y{yE`5y4ccyg8TwaOa0u_ zZ?6d#OONdw4;q`h$r@7_yHyi*0#uk?A*l#87`@Q$8zfo3z)(LMwYCW7xbOjI(ENNa z>@s+w)wF&0y?rtJ&}V#RuXa~{J|yHte%fucF;5w8O)AD7fBNoQn6cWqjU247Y2kn~ zeZu0dKDs0tYJ9UBeWr7SUkSY}$WtgxPNjWmtKx56o4n(SpRxEV+mx$)b~L)8Y?aV= zF!qSe<*e}^^Mm>cPD0?a(%;F^EYk_9r*diuk1Y^s8Pg77yS@&nUApHI%7Itr?+CG5 zniC;@&(I~)v=Yfrdf-B}NF6*69M<3~-Fu_M=bqWDKaFW|%YXTGxoo_>5qsZ6^2qHr z-P8Kh+Ad~C5cH;(b+(%-`8KxAb#BSS=74WdBnC+!D&#pa3okap8sio|O3c?{WRe3(x(-ZMfXUC`Jhhln$k7oc{Y%~}>_&-JNlRE;4 z9DkwEccQWRs!Xq=RXXTo(SInrG+%H;aVr8*$kS`#`*6o!ft-FWrl6n8k%?#sn|?*h z>o9z6>1%UYh;g&-+xKyCe~g}eUp$kx9b=EKFaU|vFQB8-mBB6E1k0qzfn5jq*JMC> zh^Sbe&eZ&;=!oz=oZX?O($*6V4bYX`13jYy2#%DdNmlWXN(-M(zV2VkKf5cx7DybT z*-;WVCPOY!&W3w_>`9{bx1qGm8%r~V^_;+Jw~}L@zPgQ0(b$95)khoF!3a9bQm1Ta zvI`tfWly17FVAm}+w@qyeQvAbZ&gD6txCknoL&X{ENq|0@MY}%=b|F~CLeN|VgGp} z7n$7#KKM-xh*5dcDs61Lq`;k^)N%jsD91A3HQe?s$5~B1t9o4IOIK|vlzR^M z(i!j7?a-E4EcdH`qJdf+9|?Pemhg!WhjuzK!$jt_5M&$yA1Wy6 z8SgRI0Qc+&`$&L33yTo&*D^~z2HE>7rp4IHjehLQAuoygvvH}16I`s4T&xyDlyES{ z{%6mTqD6n3YrWT8JBc%-`qG!)+gpFssB^Qlg>lShuJ3Kb=)zyu22?A1capc)H6R7h zd``@PTk9Hvw5GR#xcJZvWtS}Tcj;47ute6&$jp=_yh#S3X&t4W9 zf$dr6xyVmp;>#kGZqCHZZ0br~zjMD(I7Ga*!peb(r|sE{XX(VyBaY_W3*PFjy8NLWJdhIvIK*C>tzPd}FxKZ#WLf4-C)1M0+ z>c$KD1Dxm%BbDE~u1%*?3hNPsXg!;-$4)6{qt-->*4K-qz?X=5sv&6}?+PV#HL!*4 z1omTpg(S7a$<>Q9yK1+%L32gZrWHa`h`%z}ai*^}EQZ@{QqS~j!W8pNsjVaPj7_O6o_X39Z8D5qBPcbJ$L!J@`HM*WE z$ha`$VlUf^$hLP zbjl}6r_MW=1d{@o&>3$urNM@f`+hsSOQV(1eY%LUJb^qH_MAvrpq95TU1pz+9dfYA zb!8=;nm1>k^?e4Ndt0pbu_((o$wP_kVzb?;Qbl@(p?1&pg?eRUU~Lt{Wv%Md*sql= z&B@A@>8A3}JPenwvY^JRTj0|v8~GHs(?dtw83RX$A6M?M9eL65xYF&xVO<$p!s(%^ zH>s5`-af8W$^RLoy>{*Vqt)KL?>SO~vx1i%TRB`$-6?0hI@{*A(%!LCl7ID1@xWU6 z&>4qUKbG{Hrk&3+2yMNzxtrgE7n37ytJ$J>HXE>v5(HPkH!@gddEGFZY*s)$1cs%Wa3wz$>e4^=4m!&&9WBW zErt~Yjnbz)->%zTAg*1J%YROn8a^3@CB`9FrlcdQeW_Cl*KLXGKE&A2)&9vGsZQ%_ z&V<-`T1?5OZ!BxwBihIcFEgsHHr!LaUGC*&h`PFp^7>_~y>>l7`+h!M!1$+8vSziO zkQ4Q4;8XqUfzH&c`zCKZC|OK=5csL)U7+jwyApKFNo)CV0Lgwv|dxBjbZt-O3T63^W!*~IK)^6X4yKFodXjnBU zXFC*lYpSh9yehBrOXa{qUyICiQF8fLpC^63R`H>qx*E#Zq3PAUPVu37lZ?+-*!vs^ z3>)7=d3}dac}-r4^giSZ7x$u2t$;UTMY_@$QQtv{pr}EeGOOjAF{aKT+@l%$kkYNU zkC}cM?flrNX%xCyuB`hI+MQy1R3qPNN9+{;$=HSxp5w{4NXAcE;*1(S)i2w|(%1cp zD%Q0o_O2$gjh7D;#m(Dz$=`3d^JF&jdW-7vu7>KC*2vH&qtz|b$`^`q+x?2P^z8cf z+WOeBv>g zuv=5|#ZZ+(actEE!}{41NPNIAi-2FWV=^m;2r?^1({pz{zO4KiP^l+5dyy#MSTxhC_!F>G9Q$^yOqS-npv}>`5|Po4ScW=&l?HW|nKUdrkfA|ZE4p~?;r=IHnt}O@ zwJtTr*RE$-Ui6aBE}gS3Hld}D%94)~@dt)oJqxb%2fZl%+U!P{PVCfdc;9|9IVh$7 zy*^?3t{lUtVccx`t{buS?l__KT=j*Sw=rj)hk6=)EqvEC*f~3A)NrQVc+jb1vhy0D z^>YiUve`8Awc z`Tm@Z?$;oO4Vt9P%cz1A?J-@;+X+1qGJ3f(v5Lswf<{Y^`Rcc?a7%j7*j@~q1Iv5xMP zrctbHnt$6*%Lr)PYhk=z9t75L_kNMJUP~!5H*1UlLfKPpbZvk4Vqqz&YW^sLIJ|yQ z0KFP#B2Bio-)a+29AvVKzfQ=+ir|HCShkk|v_s|w`LYOYVw}GY7avLDx0yH?39;|* zh67hD*vs=4WPaBCyhi-cWDVRyO*UbMlNp!1Y)UVA$#w_aB8K{1;V1Opy-%ZZ5rU7` zAjv}-Vv;l^zA}$hcd|96AMUk{Bz5;|qDwC4L5KBvgjn-Ak)*CJ1WK2twEArUxzMq2 zJ_8nL6l5h>qlWZo9uW{V1;MG5{_0cw(pa%1;mM~4}YmC-t4XnjQI?kod<##Fq;>HY$lu@{S zu$y&4W#qzC!m-(R$RTnp=XLa8Eo47_gWU1bygeKWlgt5H0Aa4#&0C{n05y8&YNrod zPSnE6JQ+>3P(C-9BNOQicr(j#->9+9 zZg;U9lLkB=#vzXpcAN`sYcCfGHG1XD`ozm{X|K*=P)I>k)m7VA%W(L!Ryb034OIh6 ztHkCD`!FBS-wEOU8t)WPG)3^avlj6Ph#$wC;q&q1V=2m=^F*Mll*6%Uhjj{j5cps| z4e*W_K~`~?A`U#;e4)fvteOEVM{3 zaItt(JeDM@{RZ4G+jgehAZ1OZ$B#C+^SWjLk%Dma`+RNkJgTWA3kgMm2D)R5HRxOXdy&-z;Ik6pu`9Fo@?Se_6iK zse_|%ab|^&Ht`|bb-Kpod^mhBlm~pgpbyyNvK_oBCPv{<%VAdWKo&Q;NvdQh@aOi9}bY>+}#0&rBB~qFTCCGBN2#4}LopPGEpee%Znj8^= zSQ*6uhh}waux>#4GKAHwqL`~RK?^KQCZriaXYRPxAPu0vWWu6``2ErhqyWC+&}6m^ zq-G=v-Y%e?$uJK`25qKM_>&7_8dP||4)Oq<^+ga6Y?Oh#U|=rd<~E#o2CR92lYlhS6(T#anUA(6AC= z1Uia7VFP$HUs&nf_Ep@t+S-{KxLk4_J=c8N{G7tD6g z(Kp)r$1Bzk2dj=(tJ(Cmm$0?DbW`8WDQ?rGz-dx64)f}2=5(5UPE(`7!nEA9Oo2kH)srX2 z_dlgx$Qce@4Q*T1{~r9%b7zlc-oE^nC8^-)`RUK52dYy8MIIZc`{yEORs!ZjmM>qu zf4K&^s)zc4>R7gDPkdFGY?h@$mL$Gj>>D8(7`TA@=Nw7wJW)X|b{gbj-5cl@wcnk(pAaA~b0E%w|%*z^!g}R{E#3}eavT9bDeBJS+B?78;Bt%e~ zc9PFdRnbjqU;=0}Btwp%Dpf6GkW%DSs-O>Z3x5xcKxZq+?q>kq4F&LZOQ5PkwD4z5 z_p`gj+z6-CW*P7&3Y;z2gA_%fh6r^m%XCe&;DDw6AdL4$QLF{f+4!$M3>ZLiZodo} zp?z-1!y4=zCfr;JLNvB-u#KgN6DL4cxcH0YN_tZbtNTMNq~`xA1xL`kdX&UP=EYaI z-H57%`|c512rLqgsC-Z@DABM{grKMU{H=}?mO%w?lw$w|Wl8e$4Lq$yY9pXW-0l%n z!N0KC$La^h-oq@`SSIZ4MSUwp7W)Jj9DfGlh8W8J1M4-UfzfpmH-n;tSe9HifFS?? zPlu?WWJiBy8Gep|Fh?1Uz%se5HuCuB_ed^sB~@?{o*MYWhq(~`NX&=njepxY ze5K69nwUlv+*<=%&)uPilMk^JpLFxSnfMEX7G&|}m>`~6i(+*BnKQ<{q+u|zQ#D98 zJXm`&DV3_EcblqYRRaka^#BvI0e;Rs04RXgsVS(dXRH<}egXnweK!y0YK})70umua z$3oR2?s(b@by2Xc7?d;@Ijg1Jwr6WeC$A0IKq$e1u^JdDel7zEK7HV(CX0m7<)aBU zz?%og!jU`E=t|&QmiOP`Eo(Xf4Y3q0n79{wUXGI{2(L8pULE(>NI}(afhNy6|k8B3mRk}9u&kv$qMv&k`z<*##G@AuJJu&pW zYX)-X1)+fiKC~?WsrZ8^J}2y);d3C=AxHf2gE;J7BX5G3jd%@m7(No0f)v$8E!-1w z!Xn5%17Rh^$@QFz$jucepQxCPLywm(Ei zYhiKGg!GXxpIC?Bt%S)_g6K3mm6m4zU2tN{`A?Thl`G7LlU+wKKMWX17i zHgkNL!!(oO`|6}&U98AR%A=sR!oy)b2gfz%0()Yt_-;rO|Ln3bGtR9g*)J};fN!b5 zR-Jz~M=Fl}?A9qg;U6#yx(AxF7!MKg*VC4LJDcJQckfw!d2cZ{-G2D~C8$jecE?;rk&n9M{f)xdoD+!(cDwIx+;M^Dlg4g=Ff*E5h9>5F6y*BHn}1Yc3~wsc_a zpmaSeftURCkAp}5bnuK0zV--%KF6AgENNns>R5^lScpZ^YCwu=mb;F?FKc_Wsjm?D zh;k(~Dzo%tG9Ny7-Xfmo5d!Fqu}tL3RqgBiG(i}qbZQEfnWzhQJ3D$ZV>@RPa^3T^ z96g&0(I$Le%WwKfZ|}tCz7>!s1c#l?UacXMBFZPK1Vwy=8aAlbkeov7XzpfJfLB5c zWC}Qjg1eYohWf`KD6FEo;Rax1A?u$r0a-gPZUF*^)>?(0vXPr-FpmYZ1m)-{MpKFr z%$fKm#bHzv9ViXVyI=reNH?M%1Ge4^=2wa=%Nh&zakeE8gHd|dKThiH#l@GRTy}y@ zQroTgSG`3tQVY+|^H;9kX09#QBjoxws09L>k#IsD(%^5I`cpP($1E{Shk`Z2o zG6I+vBDG~Fzd&4G{W@1DeTW(*E?uHju_a#$1L|L;fQCZl(Xsh$-QDBccrr{z z;A$F*%Glya4AyocROo=HLs{?td?n4-BEH~~2n@jA3_-5z(RPmn@>Tkylm)h{C!rmj z0T^P4gag1uXuE*Jm@kj72zY*jPU#_&>-quiap5DV6CR@4d^r<4y*$${t>9$$pM>J(2Y=Wl?kz@S+Ht=_Q*(T1a}9S0lWVOfoH zy>hff3?KxC40;m~vs&oHeYNmT1)%p{S*1(65tiSomo1e^Ix$xPQT-G`+%X26VTbX= z)hi)(Kcj@_$5FSH-hH0I%?D}MTSP#%o|@qhCwCwlE||f5KdjJJE`NCTbyR92u5YgD zZ{U18p{Ou$Q@($}ux*V4nXXG6`3D41nw$N-3~k5;CFwtoq!rb2k}>&w-KqKuYt0&) zv3a{$-9PbH6a{JSWqi}B-2w9p7(SoQxL!No^bme|q7L^a%S{o=mPEvg!dC4s2h2)zXm>8L=bH$;(=fZXR zz)r9%31Dql&NfS{qA?)fPy(j#BH8Y1?0KFyzlX*b0$B#n>OOEh40V!pjUMYr}0H)GT3#JdC z6Qp@@4a~k+XfLEq>S;9Ic@ccJB4;0;G9=pS_dHFcgCOeYSs`Koo`Rc|aQz#9JaDWJ zqN&o}fN5SZ*O*8Yhw$}^Wb5rD1cwmbfUwkqXg(TH#A*wro4OP5DPB0@sdo@Ytt6a` z^Q>rniuc+9U{Ywo0{bxyEeS@6;llgju*xkg2}vB-MN0^LAwa^gbdN^@oWr*Qwa99s zb#qL1lC2MQcXK;2zvL{b7XA?fsTH-zvUsua-Bx5?cd#MpD6oUB1Q=kuSo7^WC6Np? zm#dgR*06yUaP1ZVl?!h8yeNlXX%}Y_uh zPEPT6$cy%TWt6s>9z_U*PE-`#Bm>r4`Eag{#Y+Rhao|S;IEyq&?a74(n4c#@@QJ<` z?ZuOpaMD8@ct(ela@`4B=O|!a&0$Z5rUU!D?WL5^sPic`P+RNWW`@036QwDZRvlB1P87k5lKt1LB86?&LZM z_Hls}`B1k6AZ0)l2;rEMYb_7~`~e$=0Mo?XG4>v~KEFQSK=RlyPa(|DaG}&@iUxR~ zvpk;I%_u%B7-rJ^?QD-*&jm;!Y2_x7fWRpli01(?7Nb#SUNa~&dyPhr5*qOVv0SX~ z4p9rHw3{dQKzA5*n^Sy^8JD}Yn~Xpn21pMY+R$mVrZF~>bZ9^uNP5j~#ZPc75)FQw zc85F(mT*w@6I@}MN~hS;lvR-q z?;#fNU*NQ~0dxl;Ae9O@|M4Jp|ATfJ@D$zPRB@5TEaHn@=Y=~152Q#V09t|&7ek*g zv#)D)29&Pv z#H_Ms@hydYjD^CA<{Sv$am)d}F#9uh*R!6jr8a0}%W`tn_u=2kK7N`9^LDK6x2{iH z$h^3&-Y3^CPd8oNoOF2j`I1wW{XvlD^b)Ft+K>Fm{Iw-{=+4C?7t^Z!)u;Qa;zA!5 zd1u`u0S!Nya9YPNbEu4#IT3pwZK>r%dd+h;KZ-xPPWHxAmx+ds$cggM1kv9e;r-9_K1-j=3!%B(GjRH z83Pd!KzUExx<_CO?*J|vhjJ@{U`q4A)WG++Fpn6vJZ4jET=HJh&g{oB&i#+&oI#Lv zx?76g605h_2MG5rHuw%{5VW{J1arbpC8?NA#peJ3B}U_U3BlYwfbLu%&)G=$Ky!8=X z>HXv3(8NA0v>AmObOs12?G0XpMwf7i0Lv+C_ zRV-D-J_hBKqO!LSc$%wkr8O15y{8P|5#;HHIAOzD{u}rk0DR6?`)c(^4>+ZTfIqge zB$Sg|_<+gYbPSS`>rj-;06Eq}9b;V26l6O9a7p380WzxrHbRyjN2(TPAiceSq*hkV zKq?U+CfIQom?}WlAmA&TSfG~x&&-?1-4SqwKs5lGd4fdB zDOp_Nz={|rTFSDtb9-)9>lHRsE5qP1bj!edfc%&{n8Wo+J>eRq8gP`K?wvHFp#{4G z&Q-CG z3WqXlSrUl-0Q2x5V!7dk0Kv(~&L3h)0IPstjpQI27z!{1#S!~OwHJau!KfYAGA10o zi4WC*MJwC=v<7*!fnz$IKbZ_jE$Qn?Dvo$`5Jiv7HD9 z&xX*x>KXr><4XXe#6{pxb4<}MN3elv zF(4dNfIJfFYY^=B%M)0~CU=NG$9lp4aKYXu6;i^qL6WHY<7uES!qE4;uk}Vk3eGj) zyV_zWV}azaW6dYpeybUd35VvYOXfbUuQpy4UORFwOx;Q9HV%6M)IN-+?O4?}er-zA zdCxf4a(--pf$wYnFQRDXc6O83tFV;i*5vB8zIz-rEaB9Z42KolpUQ~>#R_|V9{F*m zx2aH-Z1Y)n;d+y32!K$}-&B#8W^yEF!jeA|E4l0bZ4zQcHTC5m1rCDaqv+6dyQ<)i zsRgwu$APKGeO*_4j`?m%cdqS`?)c})UhY3k(#1)l_*edpYV*q@TB?@PeqEl=(|OeR zX%pEy?2~#Ga*r`O_Zqtm%J-i$h$X&UE^^`&Pt2(j57=Ef#%`&498RSy>;o>oC(v6W zgoqMwZXE#>Dk*0mJ&qcHq>~xj%Z-Ree>}b`sZC)qf#0nouSWZL(pWV=P2H zKNCNsaW)U~prc|7Meq@HkIhCrHrU{44uLFQwBE~6H9(+Ln}dAN>bF3C99D<{&Uq7j z{(k91;wa|>qNC6yvKHc;n2X6mmPlA&865Y~6v*dNu+T;V=%^CP5SvsC3TJc zGq&zFy!hsDNG(VWy?;ji4!!BmDr%Dz`JvCoF)WM)?Dv(<6IBLk_4NrzngC42B2;LY z&8-`pjAalvDv|B|lnWnyKOQF@j-*7A5EyW5s!J_NimdsMt%;xR*(lco8w=1ZZq&Jp z2mmG!HDT=|d`bnRUb=G$Hp~R&6<=;2F)TCIghpw;j-YvHA>dOt9vw-!=rSbGp-4r~ zKyO&2AvxfJ#Eo)c4AU&sEST)iWw|%$fPjpOF_7MPV1qUu>PT?%JS9!es@^S`10b)h zADGh?*b+$_U_~n)RyDxJLM+l|kl^9uIDk*vP-_OfH-vT+9rys&E4ek$Sy^GgrIudM>@q3@NC^%7)28(%VI>lqV;$!uprb(ut~BUuTgLQAtA>k9F}!rCb3wGl2~Ss zJ8w7GtO6Lo(;H%_CW!sQITRzK6p~|EQwA4a3=6DM5FWg8Zg2}pw>%n>9b z9u8xa)DzdJ$gS9TGxL%zMDO_FS?OMFVr^-2Ig_YU(!<75I@R1v25#N9_H6 z1Uhl>dy*1)Ey*@yDt-C`dkA&UJFH#(@$3z-3$v`!S%$z9+dd>y1HbI&(?GYbA}53N z$6HqxxmT~oI7sdI4%&Q2Qy{+vpgF}9K7O5cR^)i=s2ADEm6l3VBHeGxj^H=KGx+_n# z`}JG)%Rb6oItN~yW%jc>^6-<`De9Qf`J>Z;Da{&{TycvSd30yuP*vc$pH*Z@d9(eLqE9elJtkpAh_w-vdGJ(m+#52+s}M zMy$-E5Gd{98t6>2nWj8J3n)h$W-FY1EDu7yL)ZXQ2(Y{cIENcm-vjHLnPwNEvz6Vh zI5E@U>=0N0ob-TFfW5@C_gu+9y~gS4+Q&ePV<8}2&XNecPkb~N?(t|e2D(}cxUt$d z2GTwpaCE_rVosu7)*#+;1pfRz3IUp#;FwX5B!L?XL|EDx*EL<9Pp}Y=6IP1P9axg* zQf6kpF<`b_2gs4N4S?TFY~pW|Qz=T5+TC2{UU@OG0A~lk#6qPyp5n?lW@|V}xz!DG z&U(VK_*5Q;EH<2)n@CWmqeA_h8v5s(Vny7WwOORBZ44yBJe-6)_ZlQs0E7rFFpv}a znWN7^!SwTTo;^D$^twtM~=sPdvuJ%+*MNyPFU=NOP0!F>;oRBnD`zCvYB0b{s%?3aA!oU=9b* zYVnkT>=L#7N_jZ+eC1ww6OXwDa9f)B0ks1J^m>4;143Ju<2lK)o`S!dNs)n}n!Uq; z_igbWDY6*=NE-mLpp=4v0`p2~e=Xz{T&KMdTBptH2@-dx1sf;nWj-6GH2X6VirrCQ z2zZOMK%M{xI=LQoG=A9Dfb4A~u8uUS)qrV`=0Ex#2X`Q}xAZy74gf!&3n;f-g~g|W z;n-E08vM2E5RRFBy071~9>hM^3IaLiY97>J1@?9SV+3j7B1TpNSS*4ainr)WEWj+3 zz+@w!&P_C>bSlWVp1Ee$no|W!U_CkCk{FnjP(-h6EL!@0Hy+!hrH&zorgeL6N!Ob=~CpO(t9(%-l&5K?s?{#$wU4U zajjZI`0HwyYT3HV!LYX8MgYF}oV8!|8fKU0gEW@)NsfQi!ubo&_{raQK0<@<%NiDW zvp>C4kQRGAFNClA$qYLYxjXali^Z{l`;)yEIf(fA&`$5_X3=fL=pMs#^358NFYI)G z{penbf-ql4vB&F%)H&fm{{VHaXX*L>q?In5lJrC|Q6=C3r8v^B z2C`~E#^)(Q5QJ4!SnO?yC(I4gb0w4umVp9pksg=WdQ#`IfjSyYLgT8)=zmD zBtAjT`2Y_d)lq2Ow_Pj}jh|^9CcEjG;EYhKw6}K;DbHJK%~L zH7XO*6vmxZ;G>Kyk2>%PV*y*LwK#54(10Z|mXv6$ieW9i+0l=^YHZqc=PMrS)gK`KUjdvu$ zMjYkJ<+V|d$Z%-o#?%`yEd;a=^VxvSMgl{imw*f*`8Mv-2aqM^)<&_n&`|rNBOxAf zx#Dh6)y44yrvy~RJ%LUr->!wGPKb7Rlw(lkuey1in0r@~WDFqDmXs}M6QDC9L9o)b z!Cu;Hf%V1+vBrcsS@IjC;Mc6;F0?(Ez@tJPAov4aFp(v&5V5+}bM1Dz26f7pBPsHU~IefHV=-EVoG=iSE;9U0S^ zL}}SO9&st?wX!Cx$0;SwX(=U*JBU|-LxPRuYy?MKAlokX07I^Jdms#T#Y_i+ z8}M2?^&RLSnIq@}7m{w*nmfDHKz0haXv)4Vj;&qW(~-JU!8|p?_f#e6-VJW0t}W~y zhnDY+9|FMUz8aU~9)yvO%9h|lds}Yr-CaZ4%$Qzw%3mr4uebDX#Lk4)S~N$<>-QT{ zdDO55Dg->Q`Cj(T1tW;>{hXPrnz+$b=vBKzl?%##TW~aE-^9%uO#j|FvRNY5G5N%_ zT-|RDrE?j}w|@a)68(C1f$+_7X=9a1KKVtnoG!_RTA_C-^A{jB#Q(qwzFZxs_yV)P zA>4^^0`u{W+!9<<{_0Sp{0??xu(?icS`{fqDK}oI^5lXl@u4%q@&uDtT1RMU`CDY= z(DW$0!p`qg)6Xu5B`-OGke zg|3FGe3w9wX!ZmiwP$MjO2KN6<#FDJq4FU z5>*EZuA}xeah8=V0wp^5$=TOfJ6ovVu7i4Wcc-UCEAup~nFoq zvU*)qQh+|8;^gjic&JM&H1D2PJ+EVqO+DgAczW?U##$N5Rmh0yRWUdA>hA!~NwR}v z%dm0);FV;1-x47tQlSDBYSSH#gW&R*2fZg9ffao|2O)dwd!i&tY?A03vx zYP*idF?3b{b)FNwLxvx?1pyPRQ18&ObsePS-B`@1q(O;Dp@L|auGRegXDO7M7NI;f z;zH}&KmxQS09+xgpFp786YIy8ex#F`uYfIY({)(yhh)cb;#^2Lw7RZaLpsMHk5u3O zDNrC=0Zt0wq61E#!cWnox@sGJ=PSvV~Kj~`wuF%FYx9>*?b~QAR z6Y+ynp1sLw>*4iA+y8r29mr$T1+yBT3-ec!t^*Qx2)M|hM#u$^;h|xU1$+$`0rsjA z0-zs3c=d!C4Gf^|pCFyZaVGUTgi$MovVa^#D_0bX_o^ zA;^#Lou$Vig*hhDyjFGvvO`caq{G%DX*Xx%P;FON+w$vVEYAZB4;$=xL)(xY=Fm|{ zps}qxXK!RfXBH%-{;vU3aMUTQgi2l@|26pTUlGi}-n0+`iLqNG_CQTTK@C(kQ0Nb0341zgvKaBy2?+q_o~*_bZ>o(VS}nR?_;=y>xVp$=~`^B z>XI4sE*YipUBMk$Z{>ZJ1AX8Ld*Q>Wd2e^Og?EFWsy7G72mQqrPEsxS&kFo}Vtti{ zfM0#*iTO!QCRTD=R?5bm+ft#jJ%NdTE6<#;C@J_tdPm;Nl@q3=%nO@*daHsHUyNln zmg7f_IXFMgXF*rj`j@6mD3)n*W=lrqO$RX3`Rk=M_KGN6Qhxj9j>o_?=)j|g1Y6dM z&RXExh~gmaTrhp-y`a3|YG&KwUMP8sHbGxq=4v8Akbqa+Q2& zvZr%ZV|mWN!f2jtySI{*KQQ;O3Ko(!r;rRL-O*H}bf{}uB*h7{Ga6U1XRB$DNQ7&;*u|_%mT2e# zMq0BBoAd9SFM$I-=XzDbKttQJ`{5d1o(~PfAXCc@=l$ zaF@)oDG_My@3F0=)=~3*O7h$9q}x3FJ`40bMprFD3($R={V^j$O7}s2mkf2~$k6kb zr~M#tbi3|HN`%f-kgWF^?jn&y*Y6-&9(}TwedYA3=a{+af{4fsy<*|wTv+f_a_f4p zRTRm#0c3|1GUnKO>6kEa3%k@jv;GZ*aGs#LMIg6Ey4X_KVAbQ zL1CxkND{o(KatnMt3g5rrw;E z+{rMF_u`buEoH~mo%{&pn0JJ%|_IShe6ZXdI>U)HgF&yw${-J zLYkmNM2xYA6)XVh%97!*c0%yrCxn$Go0~(%U8gl|_rwEfK!WQ;ekNdXkkM=cLf+;i zD2Rys_5!93aL|oI<-kFv97ptA0{!M!fUj74Ve>o8;jT98oJ#Q>f*_hF!BT>g0ySVG zfW7MyR5A8j;@0MquJAh2Rwqj+%v}KT*f>zuxKgvueg_T5*_-FSre@FT!I543{s^`X zv^?}Oo$eu^q>BbovK&rEwjF$zY&&=^{f4j|=|LF{T?7CPlAk~=4E`;RL(U}XFuF); zI~GzlmQ@cyWW40XbI#GW?Y{us1dU7JyDDu?p$HHo4T;wpf&RB>-SohZ=uzE~*K$n_ zQ)nM%^XrFGd;+(KhdeAox73K+9712$#6*JRooqK6A%jlWSgDN!51Ml0LlH5*Dn`U{ zCZEJQ9t<+88~zs`LW4sN4x@%vsI>Vp4is{c=GaX-p`sQ@&i9geAyg7fI5MARbQtug zV>3ysaG;8n@1KfCw4ljrM@UAhnB6GpJwUh+V(>g2q%@%}-RMCMIa4q~&o{T;A@<*7TX(RJS@5sJ7zNB6KXK^$Jy-Te zF(x|)hNA+N*r+5#jT`$(=rFP`VlN&&=4;ErhZKaMAQeE+?QR>PRE@Umrc0}!3i;@ zq*IFK1^J0aBa{y{q@wb*#=vR}|lD|W;diPQwVdd=Fq6z0ivFn;L;T`x`@i_1>^<1FaB-#3} zt^~XvB$6jyb^s^{>hf)Vq#HYob;8Lo5k0{%ht$m-Bmt;*x;lm+g6MEdbJ(sUA*y#E z=x{gz9qfz%u?B@yR!^XIf0aTJ64JX53fLd{WI*s`5e=;d9VE74hq&K)gg@J4Tc0EQ z(jp(J;rkIG_Lb6{Do~*W5*w!^1wloC@8-x_S(i5wt82NDGHAGKAuZ|_^G&hI^HEMhsHUT#?7r(@7Uk^``Pv4jf{*@m$ zW3d`%Bvm8MBm2_4^;G%cUO*K968>Smy>0Otpi~H@&*~xx1eW4ZO+TMtB?jYt2nzY& zqvv!~Kxl+0-x7c!3|fn@T>04&+&F;cLRZP&Ewb?syO&Z|1^9aV9Sd%d8ie{2k3i1@ zny2R~XPd6?n9gZG(z&wqv7B@e;UE-xYRM-XK56$j2^%{IKR;HItT0V$fTKd7$d{_2 zLenxwd22|tM7vXoBhB8z_Q3K(~J?{Y33lu3m*to&J(SFw&&4 zJKt$WRP$w!L)VOiI>_RL@#d|w1@C?v^F<%-a<1j(-rn@_XIJq6d9Hu&VT@ge+jmWy z^=@!bp8j;DGhb@ms77p0*fx(Cu0`IVDB}(0p{vW^6U?tEe5kJY?)(dU+}p$Y2aF#v z_^oGz`c5$3{e1Yo68?(|E0!GI{P6On!%O77v&ztW<7w*lTm0tXLB8~z&A$R)5q-k3 zHJ8ul%+|e78@p(E#pZa5E{a(#tF7oFm2X3%BasjHf_aF0Po}yjb6jsDe@kDvi)V*7 z2MhITOjB0u@w99saxsPcow$g)&AGRtPXr`p=vRm+W-6=qgswZTZ?$QYS~jV!wzVMP zbBY&(c(dwRYtQU~Rd&?*7+QY8bU=ra_W;u7$N(d+5pP`$N^NsH0qYhjZyti-*-=+8 zl#MnDei$vj+%da)+U#R#^s|CEPIR|ElwanpYl!{)0uK;Hm@x=JAOR?}QF=o<%!@OU zt4Zv5cn6dw7QmAr?PjKIK`x|_>mq3L^`WwmP{1vRIg}E%8AK(LDA`jc0UpM!ErLPd z!hS{AKTsF1?Y*WAC|x16y*y4WX z$z5MMO@FdKYiz0LDuh*%=k~(>+~)k=+~%mLNgy!f z!T>l&h*@ZR+0O--o*0l3htcjxJp;`Q*gNdE57!OGi!;i&qfpTQ#xi{Xt_`Hl(4oPB zW9e(Iu>L?G43J7L#*uCVYJ>=QCe0jD4k4O9Xu$!$iHf$rmr;_kZ!JJjAXrNUTTbGX z(~IPXqAjKVyTY*qa7a}ojn_Y_>OAxIz1pUMirnWNdI3>&z)Bfuj)!Z?OxZ2LX_j1FRwmVN3gm-i2%x!JI z>jL1|PO#%gKkyBp%L84fc*!b@)%HiO+5z>A!*nBit_FU-5wjzCtsg)PJpQE!A+q~I zt7?kjbUNlL;>~_jFmBc6met@ma-hi%;|>rpG^GF9HKfih$6@KTyHdP!E8<;c(jP#^ z_1!BQAkLVs78@X`s)Gs_b(915Q#^E&`bFtSit|UIWSOhGh8|#=%0!_jr}Y$nbao18 z*YmS8rR4xp6>F-*1hG5#0epZuzbg;j&?OeZ{X7>Wc;>CDU4+Ymt5xhLxQ{_sa_@Jb z$AK^lybZrC;MBLEMIbR9gAgE~R;ofIIaMTuN=;OhP}?=Y;8OiC)F%Y%=Os>oDT3wI zZ8s5#`4Ql#r1H@=7CN#u`;A-ejSo0Nf?CdD4Mtm56A30R?f}|GU8RvzIpok<#r_h zNaJZ=?u3d2iIuxxeD?wAa(#{XE^kxoT^oUNZR_5~8H74EhJSscGFUnD!g{5FF%VK6 zI?G|*GC%f;;c|_Kp(K}%vHDW+YPuzPHCDweIsD-I8{ZPM9PxS-gSq@_!K}_J)YiqF z2u~Xces9Lm0m@#M0$nr-h+?{jit?QQyBi(@pM76B;`@x(;7)9(m_2q8B=9xY8SunM z)%nbtX0)H_37(0JzMzVJD}+*J%}ML=Ob+FqVdr!n%%w-FYRuDZVrr?u*o`@`gK6$Te_7jlj5}(hg-%;O-5l9t znk&i?Fs`Ik2-218M~KQ^n=jr|JnY0lY|%R1_rTPqmDv0?-(^MUW7~H#3{*1U1VCT~ zcfdersDJ?<`WXjW=^iJpxMNM%3bO`XF2*{#w}>LnKx0(h5GUJ4VbX;h{IeyT@ z+FJg-b(#B(lS-B1DIid_bW&|y&j~IBq%TjEr{9w3nUy#EHE4vV7P%8n+(#vhLlH!G z1~^c_b`P~aY#?ar%0oK|3Uk%Y$sEKy@hD=xNsCZW6R)EHKvulAwmHTDoK9e5VqG#a zT(Y33;zuOe;Dw3Jx1i0jO^ifJ=2D9QoD!Occ^x6=yeIe^0}5{JPbm^pPX5X*zL5yt z3jx8gv=_KFh!gz83x{QyhV~H1EJ6hh__JZ^+BKx>Wd`D4IEd^@J2X#rL4f<{Dx_Jj z!;mO4=NB4CV2Qz$a7O?)EG>dedMTK|4?SSUKwXfB;PZmxJoGVMOGsCPs{{dxXQ6|@gI@H62F1tHvhAP^U3Clo z3!o6tfrS84LS5iJ$Ks^X7_Z5b;O%N9?GA$?)`EY`L@48|BM;7fyh1uj5$<1>)H+&0K zr}1$2#GcTZ51CC;Co>#uJR;`A!>?2Cb6R_p{x%uqeSVz@{q}Ah=F%&mSu+B_?WOJ7 z&XYCdPqb`$62>@MEO0_T6o?j=Yf>y(m#rIZGifqmUP=PLo{;^xB{c|R;@#&FJv;e3 znQ;IiGY)CqJz2p$Q1<=S2W5TRLB=C(|?v{=|OoW<93o-(l$apr1|00wE7?X zHj228Ln+qVOOf7tjYD~CG0x9^wkWB`>%!)BZ!}^BjrNO0E8Ck7y<5FXHaJG!fmWSA-P#9-Op#$|^b``=dWyvtQYEDEWC$u!uZ?!Ecqb ze)~1GD|MaH42q#)LG(I(*3`swF6GXcMl4>Ty)vv^cu&`_F{v!Zb&zEOSN>>pUbTF? ztHZ1UzU* zEtqzdy`E@fPFXo6uxM9^a>1<68PV@(otF@)Pyw zsAp?@G)wepF>1B>@$Tg|tGQ^kfpurz_igVs`x&|5#VVWbweU80t|_8o+o%(0%_d)H zw%iTm4c9t)GroTrxl}I#X>M45OSKpkhT_^oRcc>IVsu&MGzFc@iIINti_8}MK1OTg zb5pKLbNM$^D#Kr;&bB!@_kx!4VmL5=rzM`pDkoiF8g0fYET^hq=geWyC!6m2@C|uh znLnK=-C2TvJyGj|Q}IYYYtu9vbX~ar1G|m(8age!Ux?k0LxR!%Vxul0nvkb}1JqmEY?1-Ng4hqlOl;HVP{_$V`8PhZ06htNfQfgE(tymi5V9hr-yL%?~?dhQ%pUn1ubUDO|a-&7^TV(~Rr?<|%? zzkC+2K3jSYzQkC)#cb9m@k@S4MRz^s6I0l1Qo?#2MYqkoV|q?KPCSplQoQkaY((b5 zl&ARFtg&}`)1OJ;FDJoXW8wDh?fMUVC)cw1bdVQ*3ik#6DC%py>XvxGm9r8cTp4JE zfam47xiZWv?t=2G$hp5+p|F7X8e z0Rt!&fr}8uT2~QeaCeHfdnn=N^?kQZB4z)fJ)77fujXG&1({l9xY3_>22XVP%o>HY z5XR&qT6(`%n${+&z-^7&%S6Y%Tx(@OS`{92hqOU?K0!J$6wop$vFww9@4 z4%a`GWM&G_FH+8DAGx9>Fdw*n*5@VAPqv?x{Ld1ag9Egi5zYRp;B6EtU&otIk_S1dH@rj#I-3p<*EgI)M=Qaw{oB0Vw&FVQ6Y znjuAAklvu<^?LEqm;Ns$qWR{XLOdN&bs0waN9gh{9KQ{D3Kvc}?~2B+#nCDpd@0_q zTeB}`tJwXnzWv=xeD)RaCv?~*2V7QIhmK#^DX1#NQq0@f+x93%s_nL|wRqm{_l=QK z8?*%ut($ys1 z0`mLlMWulrpGF&fQoM9pFIK+fFu{0A=2wSC@ za{9l{fpE7lY2oRwZrL_dm6c;aOARmg0<5gLEV_`IVzj0M`G=R?^E7JFL7K4n=0;6c z`6#VDcqFP}o7LAh&l;}K$=-hl^mQ`exoN$>u=yvIcu`5vOR|1V>u$a$KTUk#Pg-v{ zW^XXE6Q#t8%56_j?{75R{Um7CJ<0g_v(;fC6F>LNDvU#8UZdBlGk5R|cB5lo;|}TE zxa^@pD&eps{XU6+3m`i^3nHQB~w)7&k{hQ#}X1I~Cu@fsViP=7Pwr{vM{-R9x+ShUL`EcZA^}bxDBJM+Y#jhZC zymD5SrS!}6oj$=b%H?UwsZ7z%Z1yO5-!s`(ywtOz-5&kV(7pjz?j7_{Y58(Zk`)(j z-*+DrbJGWx<5Rp2TvKd`Qe`P#4(yp7bj{1!$&uI+e4jJ1g&w%gLn*#*6?*GW zRp;G=-ye-8U(SyHtNZ$W`f6EsnJaXA-zYmbyYNh-@KDpXG5wkEU3c;1GbXi49@4X`zj zZU5^WphOU-5Vq$`tY`76+Xg@M>`z{6QetUB@xBy3`M;kvS|8LLJ$&o% zzbF?-_aWiHBH<9vqAZQN39z4SDS0awu&{m<@z77dWB#@6e@@+L*N>y)DC193mF zKLV67>tbT3oF%a(i<)A-t2g|+pVp;o?aH!2l*e>emjfID(c`jvOPspb$uC3KNxi#J z{^FOO=Rf&{4b>ZQ`#x;rB(9Oo#?3$epH9CD%aiCm*3j{E;bwauF<_iZ_}Iir=nRp$fiy+SqiG{@mPo#&s7C4KeOr~C@4!z%yPJrO>O zP84?_nK zlxwgE@48d|l8OG|%3(M5|G&lkzp=Qj2}osIXZE9_{s&jeL18eAZfTwW(*`GR-nttf zJp8HU7F>le=~1!x+rW54As|jlkw{pfbdIWA`%P5F<)1)5T3<75#&WLPUVEoLX7u!Q z?3)VnjmDeSe5bbU6}nTdPV0`?60>p^XvAf%w5}5%W0g`w5c+u z3m0yFO?7|%T27a9FF1GiaNai1*l8ScJ*9o-C*!hD_OY9I`eIvCwF}z%+FeXD>Fz4K zTvOWV^weqj)QnhO)F-p_hJsAuBG;WDgXt7@^YIYpw@S_f9~M-86&C6yO7B3i^n8A) z<0ga~WaKhU371tSx=b?kLOb>c7irX*)(zUzK5&)orC%)9+O1&}=_Eog{rn}nj}=A} z1!f^Cy01hP&V)#nat8+2@ZE6hja(UWDYE*%AJSS-pzDVD6yH|(e8$DaDu1!D7sd3s z+7ULYK=x3n1pP2-Hto~SP(GOhnU}35$^hc;$S%2@CZ296f)9OI7E;@nH^}XwMM?0A zJspyFWLS~n&a?7`k7l&Yp;8wZc&^u_aL%7wqvejvL^GS=`?Kfp!+}@s8&K?hDzApP zFb$HO-5v)q8L=+!q&ibIu;I16i58hdH{>Qi-s%r!{5X*GNGx4bJ{WKM`MZ;O@Qk;BMoax;#!0^v?6-UH{J@*8c*wpgP#zd(vm&v=lN9~s**f>f)9q(M^hr^* z@|hefGcV6{8Ge5qX6*>eTR)mjw^i}`MeINZSltMpgF1dSmuf`=-;o8?)|q;j{Qh&H z6IQ|{4P@IE!ti0au`WsX-VhmM%KfmA0rhgTzZi0P2Wv870}pR7h5h!$`)F?L=b?=Q zr-DWMAL8nEfO$y$t$Cbl!O0)gKkFm9;PdANH;?J4eBazFDupZc(3<4l7?Q}C9<9oz z@!1q#nF1 z^qw z$fsMk#cX`4-9%E^S^2c@9^+lpbF(!1H;dnm% zR&>M&pCH<_ENNxA)z)gXbc53~Ts&?^z9?gbQ_1?LWAmy1+0$K|xF_sD5j|QucyKDW z2;M!pIIWLtFd4J#Ppf+Sx?{MfbJ%N=n@;O$3wBH5^dpN?sky_0qx=7CE?l}!OX+h$ zjbM1Se>Oa4S((DYvIVuk9`rlp0VBG0wy9IL5sVz!EDLW+yU!J9O_>>^AP{DG>g-PyQJxo`x#Xp*> z)}QC<*lz@fx1f21gw3Ss1xzbmT0DM7jEPUEjXBVRR=KNF8UNEMBugBys*PSwiMl5FBHxEXTuKsWmpZY`AwaromcaZ z+4np6hbERkr!_l62qYJE+B@FNlg+|=QyP3M|Iu>9{&_jFuBG1+o=D@Hq4SAZ=2mHF zSG3(w(%k$vZOtXnOw74qxgF^Y~Ky zt+(k5YIlqDh#U~PyTtcuU{h_STl0-Yq~KVVpgTu8hA@g~G>7VRJ%fQ;II7U_XAg=B zi}FoV;tpKxD)eO0TS(~*+eX7^EH##gqH+*y;`j8x@nYU|zs#W{)7&rDlRu0r4d?SL z*1wMqq!Cvmhw^l=lJVm4K(Tb)c0T&kUCVK9 z!wc^DUP95se~R*7oJ>*nSo6|m^86h!jRs?8Zlyc@PSvBbF9A*}mC^S`Oaq&5tJaD* z+)vmazCEOL#e7H6Ky6G3Z>O^3K@FpR5g}!T<fTBgbBn_Ha)IhW1U{KdYMV=60yPZhDV-RZY&(O*))OZvzb=hkVo5O9t+ zovqEUos+FLs>o)CL^-UO>Hfd7eq6;tCHi8aU3EE)duoqHLr=QeJoVUK-CX%EbHA55 z<=P_9`(b39vUjrSJRA$Ey-4zMr7@%i!rT;eDcReAWV^d{xTJIV(^JZ~-2*eizKN}z zQD$o}$u%F6IGj!>!&}|Jn$w?s*#?w3bk6^+xq4jT9WhH~Hhb4%MT;ZE4rsME2H{^= zQ*2h^1`2iQ$T#-Q^ohTk!MmH&z0<=nJ)&ve?@dGU6zzIGIYw=E?Ty5L&eTw-a0rWk z=k7AMkC*>j^Pf9`04fB!ZDPb^F)22MzeDZ2nQv!bF zJHl^%`qupGg>WYFUWPteQ#3ePov-~Z$oN})Ih<|ej_I<*vPU*xmi^atLs&Vvx%ODk zgx1CljYVsa-O955hU+Mk;qLK0HybrwXF?RSSttfuU7-IIxg!d{Bd(4nIGt8Gl|7aGHm-kRa2utla%7<%m-_R_R&OCOo3H$m^@m#9OWJ$kW$?)5` z)34PQweqd76l0BXW@@({`}z-jyrKu@dzUVCD?0mn)(rO=$EBw;;YbO=cU)1ZqkF$S zkCl98KHrW}P3AM#2np{HmYdFu=0d_`1cN_L!f0aN)Tyb`QPOI#HL4a^r(^OFN30pLn6Ad0|**wVq&Rd1rvQ#&~l~315NLbqY1r zHh-jaWy7p<;ls}!1~IW#4YjWg|6Iy)Cl7s^7?$r6=*m{EppN@5pyf1L77E^wNRdVc z4?Y?*Z=F`?B$4chqEcW~=}i|kT0W&tGz9mRR-o0>aP}*2v+dg7$Bxbkykq>lY%1TV zD9tx#?(IHg5JPt;+_2IEp4F;42l7%61cC%f%*Ly|+v5cI0&ljpXCivm^ zL?>~5(O=z!B{a61%AVWa+baV`0F^%cQdNtd@K^EqnFp12@awaGhRpsblKj6bnsA(~ z)(dINLyCJ(@sX(KGd_o!b&=!8gA}9{K6xn`AySs@n(0$NZSRarXx~67+JHPtrnyLY zc96RpmBsq1Sq&Hw{nI5~OXXFbDD>C~&Mo+*CZ5)}vo3ZSU7}sa$w^Baa~EAf0O--T3Nca-B4jG1qj#?_V< zc1dcC7bw_U+sfq>5F+K(IS9WIZoSo~)Vw{$*FKUWHujrtQ&&`pas=`O6!HM2zeyQ} zk#$qF?77K|$(alfv~vn+GtiTsWE80ALr8bCn`%lYJW3yUUognk)NWMaX+o)4FeCNsueY5zDw2N?rJB_a}UykGQ;nEbg+($m% zX<ZOUqJ%WPO!UFoIfzuS0((%Pgp->Hm)+&FS30|O8f zM!w+l{%8HYmz3t_K#gusXZ9Sdo9G>XxNG4!EOUKcr3vwLnqf3U5LuB?{5MtvXm}L+ zX>mzkFSa+xV8D3s7kK6CB@m7o{l3;b?=HvwHv?TADR!NJk?aZ-AtbGg1nB6X($9|$ z$XBeql=3&SdMjQ|RP#ZoveoIPgUWyc)41R5(U3Hjy$_?jjv7E-N;UQy@ndCWxRH=g zDJw67cOmn2o(s`WvK6OBzfMP%U!E5kX!h{mCk`t3jVM2#W(Y+-Q_RVc_(iPf^9Zr@ z^93da4*i}R;Q&f4T;aK@KC{-1H$U>FpS#!4lQ{wAD-V9Q;hx5CT)zIbj@i(4H{*)Wza zt;VYC9(VZRoOUj4C5g4GczZ~CcbZ|hK$p7>PP7fvS^hx3Q(vQ*}nrRSoS33WbtB8FXG+T9&>ag#0{t=mmqMH$5hKa%jZN|!P?d)NNw1j1VrH zo&V{>8E5`@ct{7UEaI~Cq2BtcV+D{Z&3lc0nB$(qo1Y6&FleIKN{`m0O{X_?7U|_4 zwUR-phJM5AM*72<@GmWIq6$O)Ul7$QU&~RrCiU3u4LlFtHN_t@b}9INW%c!%+K^<9 zeS9}}Z`oS7dRCCwk>3GDE|f*jMFoVqk1_`ACYmcBa#^J<%Y_ko9&$-9yE!aMjZ0^S zjmx$ohF2aFx4k`<`jr&$^AU!9i%f*D&14L#w(w)4bWLKHg$*_*LuRa8WDM zY_AQoUOpO*-+D)+jNrCwhqWg|%B`OThtrDc)b4a1+>ZHO z3OU6FGRTI}Y%466VMt!7o|^-!t7#F7FRF*^G_DSZ8@IEPli_ioE-QzGXGeBkX3`ou zcRvrHF&N*R@K&2iy}lb`A9fE8E0u^hIF$Jom(B!ecbFK|-?wC0`TF|k1$);8X#0E` z(Oz<#aNgm5^Jx^na3&kF<7i>2e*_fvM5T*q%-3HeOY zmqR$t4gkzovd7-N&^xIGDI?{WbeF8Qq14WkF7vZM#e{p>`##5s6j!imb)Bu8c6R9l zWm0CbSs~kQn&$uKYUE$0IK3Nd$DFhnyk5PXR6j9LUKpg=$9h{3J~Q2KR&Q0VY*=%? z-PcT`!GJOrHHg~ZQiPV(6Ww3GYd^Tk)X35gtQH z8&=Nk>7de%Fy|$`%y?U!Hz$0RqlhY!IfR*oqyM=e`y2^gP4swGT*4+;)zmaZh$`v$ zu)Uv^THgxN*q#l!m1tWtBkx4y%>1BU!%-G zmbjhuo+j(R+o5rR7f3MJZQ=IlD*>xd&yD!r?@ldg>}o_nBy5^T(D1|*caV_dytuv^ zyXfYBMiT!xKqA>56*@^Z4Lm)28zk+M9ZnLA$!~4?T%LVuHa_P*+-PA&&VDS~qg$V5 z#d;mN%>Hb@Q-TSpnIAIIS`i0T6fVZ7m@NBKjF}ikHk$MFqEHTAP?gnTc#d zTE(QY)ID|YOFSrRz#}}=$W_V%22Yv-#BGLCm!fX=xGdUcR!=Xxe?VA=&V&1tR>cHP z{%4%G@i;`_wfKyK}>a0w;D_YQ>?K@H#Fu z{QTQh(=*0;WtI$=4Gnu@eZNAB{L5R+-)=7vK6=E|XTG|1_$9roO}8&Hg*D$J67^$X ztb$I=4#7)_>r=*ZCnn_#++!+Z{mx1Z9(nGFxiuSxxJ65?8;c8P2_?H(Lbv^ zZ~3jW#hoU%Ncr$#rbjd?!%ikObt-2TKfQmLvACD!cCFs5r0b!glIao)uQS|E9Ir5F zKZkxi!*{H&NW&;&#WdpXcd+^~UZU%b-jy838`3!Vg44L6wT_O9 z+(lo*du_%CW+SfXcK7~z_7%PFE4chha*RZLZ*!)pdaTGn-$EDLs*)eeaB331UUXge z(Yw;a3-=3Ok9J39G9$e=4@byF%sgG?Gtk+mYnMpaPd)e^yT|0xO4iZ*vhjVdg4-|l zrL6wBfe`|iK}cIqw8GqF&j4zPst5q!cu`c`0E8|DaL53}hmx^+8fj)s+H-c~jmi=6 za5H84Ho)V`*h!>rMO(v^(t!4k^?mdXYCfbAu(=K> zs;L}4NM6A$-Oe_o<9s`oTwG$**!X&!9G&S_$p2OJ;SV1=ZBW))5F9O0F&i^RvwUis z&>A>Jyz~fz$rV0!*wkl&&76K#jBOj}l{WD#{W38+R0i%gycb1Jgd~zhH@n4xE{N z8o5+!l~kW=!8DWZ39YSd2rO4HT-jM`QjgWr{M)3OgEx1#`3H*E1HArj{?NRqM-%A? zW17+?a?r+RIEo_ATPeQ*VBpAOs&agNW`a2|X~TYU3Zh$~LJ`A$Q9}yDBe_ebJ95q^ zE^3s4@ilek7S%buqIZAmj3}8gPtS`g==jV>YkiMeo$pTV6Ck8@Ra>_G?97`q&xcU_2eWU&YDWJGY%U6(vP=?!xUE`_!w$eXlX-TG-Rm1EKwVFW zN}W`${pN9*w`F=R&90v;IWipmD3#|_&m5*rM5QM~UA$haJiUB}ZGMFPkHZBjm+Dm} zV{rrD@AG9Z=(3Ad7IoR4i?4$K&o_DgIg8>zC`LLj6)Bv45U607xR+8+IGdcmbfo2VuwuNmUz|efZ9|G}+`tawn(T zrvvR+WjboVo^r)EmzZhGTpaBbufLy3tk^N8C-->fSs=x`fMhG(hDEo_9ga@3-Q9Aq zEa|b^1I@6_duy>~nL6#3$rT@Go$WTaA9Ro!9@~6>(I{m6vkh~uU<16=ajp&W=3o&e ztCXYA1UeTuCv%I|nY5`lN8IcXU*XD@u$gp4G*ni}CFmR9e-&2!BVSR@)Gx5os<^OJ zacpFOCuLk^dC+->u+ls!-ocBmxp-a^@7vVSuU%gOzt0V555Skhizm)5p4WapryIC2c(ImsH9qc>Wv&g zigm?}gqCQ^5y}pi573K7oS%xkV zNoJk{pE56cvwged^*o;^zWmqJE!e$PMNqiX9K*zz>MIDyODEtZS%1tuzUt9|e)V5i z6{T2Uu=*Y|P~rc?o^O(i`+TjRmi`vd6_=Otn432`Mak8Ey&cY@y+&I^!E3Hl$!AD& zp@*s!c1|wZ6R*>bb=dceS(GvpZDFNgpXf0)yMEZWNm0s|Eov8Szg*%~n#ee~Ql6h+ z#@~h&M@UQ_0}X9o@DJ4tsc`Q@Jg8B1SngOvS2a|u@8()Jab5#kfp{0ACcmilS(n^J zBLB09<1>^q#I!4~O>3VV^xWHU4m|Y!*>lqplgH$TE$AI~7Ogn5V@EG84F)FB+-{BM zRi&_$rk83?x|dgrKkKPbFkBQ^cEU?&#lHJgc6R*oO1W@5zUu8Ho}129t!|6p?V^)K zi;kBMO&3a2*P~F_=panP-f7lK5z!eH!b$>R$5wosiEojk``6?qf6TN3W;(fBXZTcS z6U@|8bkb*gBBQTMmpOa)!%TeU`Ny3VWshAxcs5PS%7r^E8i+SQpc%*S7?xnA(B{LOd06-kLxEAB#-9}rmcsW*xq z=FibUm#|+0`Ff)Y2lP<0FZed)6{TTko7ux3m~QP@Mawa3%BoAxzbXw{fhYN9Sm=R) z_VKx-*yj#7)}pUbOb|w|JvvTA(V6t=L$uEDbwSFK55D5G%X~7A*`<&3D)I`ZK0~a9 zVBZgogQ6ZzZ-Xv`P%=L+rTkHR*4YqNTGXPuDR8P2Fe{N2=+cCWh<8dl9=G}GWis7! zXJ;V4Rj#}`^fd{GibjZ7ifF^UE4i4R2b4+?1vP zOrw!WiAz|3FYw{^^$V!`kG{&4h-ri*`s^R*fsKpkA<>BbBlcTZCDenZ+1B>w`nqO& z$F|q!bMLLsw3isZ?hv^=k%nLtP1Wm{m-e227$I8jvovU?!1$;h?7XD3$3=?nTyDmp z`l>3@AC9Zpa4(g?iK;ZRf*`bl&$=mz@+)hvY#(xz8(W3lM!fu9zWOSi3oE6q5ryhcUT3mIrm1iLtW_+*c0f-;^jN`5dz^!+V0f-w;hxMT-w!sPaTlX?p+ zsZX*ZDjuZ#9pkm=u$jrEZ9d=wCI5bg$6$uQ>3!bJQQ}^Un1@2I{^<&4n7|ChV1~}a zfusg$3uZ0F4vuJyqOvL4>q_cn4~rDLr-bxkoi?oH5?k1FFSRJewll%1{{CQR#oNhe zY$hW+gaY`^*UZfV(OwiyxX)Hz`aDBmvl?{-iG_#0>hH8*1;=Y=%1qMj-MlSwN)@Mm znx!tsKi(TNUTQe%g+@m!%bF@Lk?+pjpOzpu>EIz*nB{iUjPMSuX}~8^k$z;N`GbQ!i&x0Xi@qA%-p&@(TecirRMP|!M z{rdGKRzATNT5kQ#GDsoPn4dKz^Q43ObgK z?yfvVCnbggc#iPQB@xc6!3rB@KO$J)AV*c7jEo$3!Fu zqlLXE-bd0#p4nDwle<$`6$?z-@=|f`@>1}0lvJ>=eCv%t-MPEm;tdV`N0ukboGf6O zX$utXkmApk=p5XBcqx8nKI0+T z^GG_Niln8h-lH#MoBSO6e}r!T-Oi$h%gdVtc(1N)g{ewVLk~x<*R?mp^gN9=pF8wg zj=7T{8kMPYEKcInv13uwpIU?K^ea37u&D9Tp%TVrRwaRxcoOk{^l9e9#%t}0Jq9vu zdwZ%qG|QzfPfzBua&w8-QE98~_B>RT&u*T7$!?6kLzG zCaWg>;DHTS#`(^_Q8?DF(|NDbX~Ot`WcD39`enFKu_^`DCe~{66GYPX@JWFt!+u|< z2g1fTi0PEoRev~1If9o%oW9w=7j&eyHkxu+lOgdQrArT^-=&4=a43j2Q- zAytEF?`MiAT!kltU6!i(k~q1=8zMBKjq2nKK-jfLK+zY)HzQh_(&h&OHVIMFl2ZM3 zDJlNeLJ_>uIuyxQvHJg4&n_vaQx!G}9vhd7_Eg;@U?DL@MQ%=xRfFzcTG2rwBtWq=l$lVf)VX9=ixZxGH$>~gPorB|| zIr9Mi4tqwmAq3_={`5y)21+pJ`joOYw;yb95}K&pfRm5{x4GLYQ}BCtJS^)1egHp` z5I+$AYO}(Rif8Z-d=wt{yIVdU0P4=d$oMTk1gv&QN1&-4N$Jovs7S@MzRMYY_<+iu z)s_a;=SqzAV9&r?Z%-`m1&zwB^0{^HRN_W9NV|5uNqfo9bX!Pr0(Y(cxi~q^o8uvw z?Bk>y;>S*Uo?pfAXmmtmI_qx{`i??pl$B^)hN(oTt;IgL4 z+B0e&U+hVAWo@_L)JALda|SdROwZh*xTXf`=p>&)sDLhb!WvR6CH z9cLz}UCdeSiqMOTj)1!O8J+E8s0-T|+2#;_F4TF^vfqk~|GZ0=_vVv)#cj4zRG?)j zmq6z}FZ#9wow}Xrqx1c0cLJgE6v>tGP?jru#iJtv9Nun?%3}SkGlp`I2nRKvRt<5a zx{$(Je@X3wh9Ts*jYO|Kjz62e6_Ftq@F|nu=EBd|bbBM~XY)nGu!AWx!^)YAJ2%fo z|2x!&=`il34SQM^$KN)@FsYQkk7C=g0}?aP3^1L3%?WSYnyprW%r+79GN#@}NDq}9 zFteE9H=7$}xfTt9^r-!YRpmS5D^pv65260weu#!47D&U0TkQo=a|v|id|4b?1vp>U z-ta_#)i`Vuf-E3`soRL0BbuYcx|p)&Ss`(?xzTl%);WFv#UXC(szaww{|4a<>zAmZ z!%Z2ELxbmSivGK!Ls7HMpYWa|+uvujY`1R?Fs>)~E`g01cL#t%Zf+7XgCADQr$ zJO8*}2^3V?fV#^FI>}F7^m9KWSs{{u@*`Cc9lBa&Xjf8Hv{H;Ol9&z=*Nj1Uc?ya9 zwhzgQxsS~1QYrH;1S`OM)-L#QM`(FMLJ#BC!JUwf6aFV&8`ht6$@>4bv#r$JVY%)T5i7FYp|=pw%{>YK>jOXGWhrcb-wml`X5 zB#GpdBBW4mL(9yJ!(>F~17V_dZkUotp>)>pjt8@YUgVDz{A~&giNeSYsLr%_1td;k z0;ESn7w^z>Aa{MwGsvr%g%}eM^ zi;iTq`PRwld4R8I0b&lrFJ+s(@!J!63BZy3>;E0A$0YuvxKUsi!vg7Pa|hI1)q81ZMaDxKv^RoW&%jD+xY5~>LB&hc-~#*LoWb!Zy)oCQWTGC`P5jMX-AX&73* zT(_Jv|JnrPW{*yiZknLnFSD_KE9Y+JUWd$I+&03`OnvF7&pE-s9g#b~H5>jjtrL&4 zV+t{_CWSh5(v&cQWD2tuwrDu2Xgt59G+T_FPVy;o)%r zW)>T-7t9gA5xQ#Q=Zy8Zo|w?fwL$(iIj4PnYSu|{CG)KM5pvQdG>Ua*Tf~^xQl|z! zN2Z?SQ(C7T`n85n9a{&axxFW{5QY0IpW>}e1 zE#<#3LoFMyj_CwimTRb*nNET^3C1vMJ~d_L%!}R1(u9vfq;SgF6jqJs`jM=5z#ON` zvm3dGW=;4Yh4>;gE{^c$Rq7F3@Vld?@e`FlI`1AN0bZSVuRvzIXL8khLLTimWYVx6 z@S;k0{g*J;SpGTl@AutwWsz!zwc8-D-3fn_GDUJUVb86T8EDF6G$YX9fXwwD8Tt-# z!?gUT>+l4VzOP~`xRBKO39Q|t=1%`DMyY0X!g!m6#yD>F=z5QZ!7(XY{u^!i|AhopGe)5uD68~$CB4$Gn=b*ipe zv+0zQER21DLw0I!eyr$<20~`Kyp@qBTnIgWw~b+1C{(#s8M_VWk`+9mF$&4#i8?Y( z+r-ygNPMaA>^x4Q`TJK2f7>cxb!-HC_*k)k0$hlRb;vT8IZG!Yzy}nc4&xP?t_yIj zGNzETiFIHpJ=&Ma-f6^`&-#)E?(z&eiAt&~_O1d(_Y8j$;-B;hcfiU#D*c4u@8`9x zi@f(5`HCxDVmdP-2((sVmwK^nDxU*aDmlm#7cfdoigP7oFNQIlZnp`Lo zpksm!@PE5*cT&flJ%e&MNl1ZQz6tO^5M>JxgK-g~Qr=x*^0J}n(UL)2}WEDg#UjDKI>9LU{# zS`o8;c^YkGn=&djgo)CnfyJu|q9=Ul56IsX*`}ww3!v^&+079z;JaFJ?xA z(VvmN>=S^1cK+;3Zp*cQcf8$~Mxb&C+DxDT(5{;5(#XX@Yv-O`S;MeRKjp&?&?xWR z{>0N_Z}|M7<&kmq_Cbn!)S^bYn&43&bu$>@V<7!y-kvQPT#&OTlBHMn*P|+rO zQQy5HO@Z3i_t;a=XAzR&XFFj*xlAT>WkrSxw25P^t7{^CS}AV9@82Pi8*DX^!3ZBh2rG}=I8!pE!z7(tr@^sn&~ZX+EV zMh<7%5N;TGS&#`pA~rMgY;}5(?;Wb-JS=Qb30Aq`)P@a+m=``X#m@)`7EJ~RV939K zgY$sY9V6CPLt~IM>!qGPJL+1BoB`Mio4t-q+gi@_`LpNyc024Z*$(@Yqf0%8%gK?$ z7a7+Ct|I8bggrS`=3qk4sgnV&GU+*a`Pxie5CZ&CPFczA{!-0)2}DyRA~^;73+ot3-PyA*Gg$}d3uBMD5p>Ag|Vx(+WQZjgCX z;;Y_-8O$&LXTs38mCWs%I_lNjIvm1D(o_f_u}#lJq&&c9t_uEpR!F_sk=NZ{NdWHn z`nEIf39hE6m-S|wW6Kcjt21ALtGs^H-9XCl60i;k2oelmU6eiVE)_#8s*ReCU;ROD zX0!lJ+!gHyD+{8-5Qdu}Nm-gNDx^-!d;9r~4|w5$K&VR%N2fn!?n3hEd#pNB9RZgm z7fk+Ou~>xHAyESu-GY3;oXdjJOdIsdV(aKdn@okad_(nV>JzUsXh87scjM*Xo#f7C zJ_G;)OVF|G?15a6l>dY3!-Ae7|NeXXXB)y;5wV0ad_hB*8}OY6fE(rL&W3r(6gNQm z`@l^GX3Ef;xxqk`ZJ{WHhJO)L)kD8ejb@N`%?S7L2X55$O{=sNA0rzljkacw+~MP; z%b(+k%L`pkKn!pj>-A`jSl-$I+5lyl!AJa^dU4r0la^E!vs$ao zwEW&Ow1D1USeKHdYb#@}Wj9 zY+*EN(K@nvYdO2*PbR0h62p_J)K@uN)sWT)t+WFi1L_&H&1w~limL>H#*nibL*$lQ zWYPwtLh3>%bz=fKO3K(8SIOKiVe$AAHGBg#Ns@K`_BAzM7gu?W#vaY;9NzjOrj8$3 zQo%;2cw19_y{0=hfEN)f{P1B^15Df-wwkwEIyN?9n%RL`On5C@84Fy28m_IZ!d`JZ zr)sr#MjRT;8@8M~KjCk>Ng?QwfXJ=Pe5-LInrI&EOOw!h3 z0!lo(Z57~i6XgMg-UR;?WTpnRf{xp$rAC=gV<+5*6#7Rqg~}dDVd@rp z@@et9)%p^yC|9>Gd-3r*!(8z|V z`U0kvI2c7@QQhFarV~JeGinNq477+1SlVW2cpPF#j$WXG+t@1q+PXd~&c0B&Q zlwKw^g?^p>7?$LZi{}-SSdx(GdLcgFG220S-!V&(K|MaW^ziXP+f@5=&mJCpQ!FU_ z_RMh$k(+xh;<)z=XF3dL&Lxv*)8NYvM1Rew#H&I!T^nxj6!rU>UDDVjx24rfQBJ%! z_ni$oa`V}VtqqYbZyTFHD9U-%nYP<#;JV*(V97J!@G?U)7P_8Y6BfW!LlTH9#g@1w-CHkejw^5Ncj+ zY9b<+mGc)#Tl7m6Qtva&?-t5moOtx+RnEwG)fwA8saHQd7%%N}Ah}(;Gr@;(qQnRtq#CnBZaR={1ISEz$^5zHt! zNdbe|x4#jS>>MO)|pKtCl zTz3`vFH77Nk-{BnUdSwxwOkP8T2d|Ojy|f_2UC^YtC80l%<2M z*t6-;-_grY{M_3PiP(58yyeIq32=JbqWR;rpk5KwoL3;|$S%{#Pfcn`*&OZzO_Qs5r8s3MjSVr6+4z5Sl5-9@Ou!lXXKd@`c9Cd|CO&Hv1*(|2YOEwqxqka1L_)MOr z5NgGxTA5SWL4#}9Y?gkfgP*Vii{Gdb)JI1IzK}ih1P{ko|VGJH7qYZxtkq z67w&@oVAyYPsOaK(^ICr;MW7LwvH}k6}gd-;t2|{(53(k?G1;mwtGyv09f=+VYbE; zDW}i0cPszi$f8()G?>W`LTxwF%63$RXA7nF&%AhJU@ zU-ol2T4@z6aA7dI1A=YZZM5vTz;fb37a`5*G2}@|F3n^qCcNMYX(K+RbiD>20Ua=^ zYZQ;au4>Un5p{LZzB@OA=dx&yyx!)~Iw^9iaE=&im(kQ~>4$M-Uq&t*4!X7zEnotx zd_*$mmIy3!)#-HZaOAAkX&S5Qjx$aR9I5?zqUPmUYr8}JA8kL4mu7qENfE1XLqi!B zP&Vhe9H#>5 zTNE~!>fHO_^G&XIv0(6yLy!e=x-Lsf4faN=o9*c*`I-H#%gueQ7x?US9^a&eKiPxX zFRo-p7ee%yE#hGjKI!9eoZ;FSnWHaL`D~fa4?ZAG@<=-i_m#kP?B3&zV^$9O^?Ue$ zRpe_&hP0lTMpaoEp;pLM@EUrN!jW%#YLdO+(@gyl?j48v+aQt+m#b|SG*9`qXQo^j zz>}-NQpr!FdwO)1NmIVag-#TGFO;j} zKj&G?72{?qnbmIntPD={C7ps{F9%+q4HkcTk#@y?Z_f80`;Gi|lG{hD3g@hQzvT)_ zuY~G!xOw?lo}cz|C~`A6E}O**0aZZs1EB*LF`{0`!=8K4I{}9%n=T7-;a)v;5mh=1 zy@SpB&j#%nyjE1Ct%Gj1+v{`bbaZax5qmZL=2)>W>5mFN{gCVnMzd=}-IFdF7T#@o z!O2%K;Ztoawct~^RopI0THbW?r+&Z$Hu(x=xcuQ$i4_H2L3)Mkx(b8qzf^%4CSdx+ z*~egZ*&>{CgtUq8q#%Ej%@!x>f>fHE_F`D*YgQQZ^p>wqAf&3QSDfcvOgj&;g)}*z zw{e~srQC5pT0tJ}6u<9C#zBxf(_3Q7+<5YaFQ|oeFc|yP%srq&=Lf4N29jyJ%w72v^XA_>_u|jL6U4O#%hm+{u z&q;)}oAlts-cqxfBYO-bM~`1ykA--eBF}7tdHSh(B!1F3E;g15yu?1YJ`IGt?$JC> zVcW;-4~z*Dlz%|E!g=i6!ez@cItsA=M%o4G{BZUwOXSGx0xpnN;^n%F1Tf6 z2jyZ87>Jl$s6)VY_9D`K-ukWm!GxpCad{J zzzc0UySy&lhP^Q?#cUYY6-1!Bj^f9l`N|$cS0}9hu++a;(0wM2}V>r z-%wa*zM1%NfDN5H`eCyuJigwrGTZ8!l~mZ+{vxEf2BZMmD60}?4Gg2TtsiBILbY1H zJApshCKJz&Zh3;c+yT;tHP!i;IrGq1Ue=v-o`u|ze}HSm_LOaV_eRPKR?8Q(8g71>*Ed zNAm!uTv^*89V%J$a(RaCucVA+&Gfqf;-p>SZQPNlaO&(=bLBTe_o{G7n|5N4_;q({ zR=r|dLb1N^NI@V{LPMgRM~rb;IBdnNu=6;D_7lR71=eSNd`SA_ojF3CxNUVrkk{5r zpk4s+;1oJHWqBFi*b?5~^<--!%3bNGeNW8WD=uICC5!LFmy2FuEzdlL&=ZDD|HBYr z1BQr;gR8%X!`i8zhoLdYb~b_w{OMni?I7cSge_4oNe-sdutr)dGgLlW4o=yr-4y~=h z#+-07IpZfHHh~Z0tTo-#_BhE-Mp8G}y*;#Hnd4rN-ewvT{FEz)7Zg?~WWbcD-H1{6 zd7?j=7G_^Em3K*=^Ei0Io>S(n^0^iJm%7{wu?LqVE6DaRxxwQHp4a?HMez963NIgV0x-pkJ*d?w*^4a>s0wI_eJQzsqA-t$$0 znJe5*sHly7d5TU*1%3<#z^9*__aBo3SYK_0L5^4_sOs4AM!OPt+@WAN`ulr?4|!`cek#`OjlRMYobBp8in-Ra-_oXvoO@{wMim@qlWFf#(|}j^ z80GSkYebtaQ`qd)`UxwB&7VK_UEh@wR2y0Aca@5uHCn_5)2@b(zFQ&^?`j&8Ei;5nH5 zOr$z5@$T2Ob~8FI<-%QkoDlK_)mTvh)?8lge>2cnqRo6!K&Q}VX}&y}`T{XqvQDK4 z%ufwOG)<&L0IwL%00u_nyOvjNtd(cilb@^f8=6<~l~Yd~ZjKPnn0K{YJ}xm4I+OEylanhcnXR}~VK zCt%hUkrstdw-4tb*6$PKYXcb>mZ^^+&4kAc;HT(01sJ7w5&TYMVAeo;r_jrRrIPhH&$*|Pq4-vGQ)C=c2ixzjKzLVQDEGbLTsL!mnzPi4kcsPsly-a25Y30fW zo^SBMVw8K4TSQ7=&+yTruG`J&_|3Yg+I|oAQ6mu*`TFF=s$E*ycC6|uo;9oo0wKEv z#_5B+`&@RJKx+zIcN3arteEVkGZVhP9=qxxVCw(fTQzB@d-y_fmDo^G9UMG?<45?U5t%SZJe--P0r zr^KD&n}0YioLa3|uPr{2@!Lu4j%sG*ZEqJ=iQy8N{z6miZ-aWhV2Bu@)a2&{1-e>V z_Y$3ueP2%Uh`^lcNFIDo-m=#Ddg%i*0Ol&Q`a&X%I@bnaUY{0!sYK})yWa-kA&@xJzPwj2AK z5%Xt{KWm$Hx~ZE}aFR6CCANQ$PILPGBlGNsKrFAl=;p{XpZ0snuT-_MPvwwZLm?DjPPgxszxw7iriq9HF;1H6R$pnXt=sIaG`9N5}l&VV4}Hgkr;_)~;R5s8^lVA8x|}KT`4E7UE07c07}rS)m2rxjJRW z{<`}Ei=+DL^4vChmB8F%1V+b2%_e>tLfU4R26ayrCSSuos17~^x=;f!&{2srEdayJ z_9oCkMK{EJTY6Wk3S8IX@bi`nekm^^99CxuovsbMc5-=)FC1wmLasE#v@mI>I6)B7hfTI#ovz`_Md^)amxf!)E!meh5OHEuCTb`CX*lg--xZ}*ZDJ5^I`ML>dW=~g050; zC~DMT{7#`X=b}+QIcb_y?2f1=8GOMjO8lf?f8$e$&EMnzMhtx8?B&IM?a+JloPwOS zmgb|<2JFtKkL1`LYLhsjMGmN}oNyvMQyXdM8M4J-vwcj=V^yY%3eQFRj9-ncs0eAq zyPdq=qnFOwAH;x25y|Yj*Jq0*pk-MZBEL+1Go&Jf^O%gwR(cUah1C?GQakj)`dP!p z-p`AivJ7`d)359nq_Rj}$Qxb@UTlL@y=4O)8etCjfbKX_IR!^xsc?TjxY0abL$+5F z%82gKb{)-+(Q)oF@AL)Utjc~DnrK}$_Glld`%&ayS+3z+k*i@|**CrDZc%+?{@3!&Nyjr_`Qhw5nQ}x~#yWDJS3}#JrP<2L`c@cvlUTfCK*CNG!DNI2f z8*i)7Sk|B^=xUm4IAlH{f8*!=~JCvLlGx4Q0sQBs3W#iM19D-0!V1>UV!V4W%9(#s4jGbBc zXDpg_MT@Bp{ih_qGN>zaWzgc;pYff$ynZ}Ay6%>54ugJ77l)p@FANfo@aNwgawcUi zG;R;v?Imj5*JbXK47f!%nNhlM+-$g#mR$`0q1AWzPXV;*0j13Rh?a8m8`AphFRPj! z_DSuXB5XeN^Oh4t>xN7>d7qm|x{pEN{1F==Eh|-9!3oEfe#i*2*PTAB`PD@aF0IyF z@uU6a0-Cj@HRR#dtIVG!Sz5H9*TD+MUKOP%Pvsb_tbW=M=&D;N*{2A(D)L*?&v4#H z-h}U6RDRWPcTq!gnE#CZqd*Af{hpX?Vv(9oag~BxEStL$clGC|AzIEOG@tQGJV)~! z^nD}1jGmvoSgs$?Q`p7eLdzm?=qu%mXn*cpTb-C92e4e>#vAvG^5HyCdfue#X613k z!rR>3viwU%Se6R6z`+g1f~$?43xrU2Z%eRtQ=PdM(zK+V{ zqO9WYE0kx@YmH!$)z!4jKiHYlM*t&Q5q$V!*c!)zmiq}l_+G$!xD}$wE{*i*+gy#v zTI1fQEqRJm_dKnbt{Z@r9!f$m0}Iy;Zh$;p{h^iTp@6&`up|?*YKEr=-d-vCy1t)8 z!t1N#?Ks5~r!D)-lD2KufbGi89-6l>S5gWl1&mtPT{JD619Xvege2FBmu8~8Tlvvz z-6s;AtNq^9pO%Y-zgKFI{&Y(jdh?~( z9(>U?Y(~cP^}Q%vC!On=d57CQ+dG}11-3`#TVu3r?hE?~&R%!FLt71)5P?eTDQX*1 zJUxRl#t=VNvoiR83w-KB00ZaRnPh)a_1$fNO5BEJ^b{2sRd=0I$1FhQ7aofT-(3;B z2l{%FW#3m2r+x7*DBUu|smEJ+!Hcc^3R3eOPkRAquFtLg__dE`49?w(ZC_CymH#-X zU|WIh1!TrzmlEO8NKDoLu-zsxCBsg8t(;kvp6gKaX3+MR!72&D+q-m|st74N^E_WQ zHZ)|lD7?M+qH^VqYC&>Rz==!^Tfx~^uv@W%lI4bk+o&yx5n1QgATZ9)*V3LcJ{jS5dpNNSk5zzPQZJC1)~u zcSvT>V}8y(A03Eu-+h%&HGgt`4llgjps%S2X|-b8rFNG@W-s5FXTKYS$OJ zV?aO>SD)GQR|f9qMG(lNwG$h&l(-R+H9w7;&L@6Z$c#=wJV55lT`IXfj<%13R=Bqn zi*ge`OO1^3Qpg>HzBEv`-GVqfQo2|_`SrlXRsD+AlI0&S1}Kvb;(hA={&6dnJ@5Yj z5xuJ(Z|4>U7^#a9$YYU&@h8l|7}?7_J2v$@mOs(*@LBiXgvKdZ%q_jtmD-aZlj4ln zonLUAup80-H=kG zSxOUFbKluLADW(ql^ySNFU$1z#avmBfkAbE=f&d8J&IJ#0l^G%b?=GZ$roDU<66}J zJSXxpN}O^))N+`qV!*+9qIG%T%n=L}!oI86Ncy&-G9VWClILa2DM6buJSzEs{I-8y zpE-3ThUxi9(Yy9F0_3fQ$3`;xqo8}2_oC)=2w_yaT9;~V_P+`9BR7k8;3FB7wzWQ! zqutOFx2`Gkq{jWGA{O8L7Y5L*2R>jJ2olvA5#T!_6eyF@+@V|3nbwnTl!ME;k;Dzd z^PFWS^Y^+pJ;=)fg!D97+GETHF;u=OAW6pFKB?40InUqr$pOSNdfDkaSBgm3ACb>2 z*}>>Lup313F4wnWXP9$$7f*WK@$ln*MwJ$9w%h&9;lSOIFO+9DSPbSWZA|9?^8}G} zpl#j!>=0Y-;@5;9uMMe_bghC+X=K%i`5tfRQ*Xk7-0C&^Bbj|6)^oRZB z1SP}nkr!wCij3uo^=(lN{WW(KH9R$*g^rWzzIt`F95_8EhomlvageM^Mz{PFvBtz` zsq--KFn#m5%-~v979kz;C>J#Jberw{3R;cF?B7OPiT^USAS|<{_l3CJ;E^qnN~i6M zdkHJ+dGpbBg>&m89eQCs`S+v6CHCImJOG-bI3waqjlQ-x>IqkyYx>oXiY2j`Q5yYC z;cD&5%!*z9ok0HBVUYPys9tCu%<0*SJ@&81NX07mk-z08c3G9S7@9M8X zXULoFLG^u=;GCY!VU1sjM1+Jtq1(4H(~`;G)-q}pV3LPO3$kGH)N@VmEs~Wvvhprt zC|s9BT0UPPYj=490n3q_EnogN?JopEqFKSe5FK0F>-!beDt-=k6KGPY=qKoIdteyC@T|FO!K?aKYAAVO?9edu>q! z#x@Y2c4hE^&)+@FpqCdvc%Sc*7!wPG1adKYW0erSt6nqQDK8L%=jgBd1>@w8D`*z8H-=LO@Pz5FgJkfgVbth` zn$8WNQlMb&HpW^=v z&J{4hJ(?i_V`78p_XJ0w<%}a-qyTk?w}GswFxxLy{T)M10mUw62HtG}UDqZ%q6Zcq zL!PtO*ewV|y+1rA?wB@=OQ_H61@e)f4or~6&MrQNi43@Aqn8GwP5zU{{+yqj=NO~T zbIoQCkY!#t+}~E-Fm~+OEu9%_J?5(X!dD?dP2%?>m#)tffIRa>KuM+bi3|m>o`4DR z?%QlsYwG-)6KB-+pkChko^9r9jl~|rgI1%)O?9p~>6f;mc}S|Y;`UU3Lh5y_Zvgqa z!@|UFxX|R&Tem!T54WT=XEA*mANwr!)hoR99Jvp$SgN+Z8cJ)8+4yz+EnWWAgyFD% z`+IbB8yj|4b{2|a-e3pcH=p}x+PhehQJ|g9daF<pLQyH^IUzQ0!}^iwqd8L}Bs^V;l! z%!wHxfuM!C`S_@^QkAJ&imC}ld{^w0a?3iSRueL6MUrXRPW#*Ib#Ckro;>arj;OJM=3I_haoP8{sn%F~EQ|u5l+)I*CUtBx zekMV)KXm#&lu$F_Az!urA^ZnB=*|X^bGvSdZ#T!4X}J|r^7*$ZXVTtKqFdB z*)js5zt!Zi2_pJ=mmaIf=gCiBUe`IoVPD+$@~~r^)8)~}xtv46ftzk7fMd}_3z?9p z!Mht<3c1u6H~L=)4Zk!P1pIp8gJ#uo01AQM(?r!E;X(&1gxrgk5C7bd=MOsbFtWOK z)7~#3^_gpb*5KIH&zutKNGh8K^PP$k=S?2#D>3U1=i6C1H{_){Hw>UaPP1Hp%HiY# z257sxbLIP4u3TL&i7ZJlLq^oCJ)e5E30c) zOK^U?8I@0dAp>lR>O-@ute@#0mOq+CF&T$gaJ+2I^3s6U3z6NcO?8m4S06ujEmn+= zuO`5`i8ih;_XR>KnS8&W^7nUaJZ@in@bw(|t4D^|{{R_ai8{~ZXeVENsb^2Ne0|bZ zHXHc>pp9lDo#l{44-vD;o$|R{4ho|V4ye=iJ=c#di2#AviMRk+8J+|+kWS&;GTUTo zZjeWPW^tpa{0Oo%BMt92VKBmF&q=j%TlnEFj~rMXcoT&|0xqNt)yf!f^&oc#?f(rb zK>L}eiecJ;5QW#rDN=JqFN+*74y()-*w!~12E37V;?LTq(a*LXJZk}hD~$Y&sl+Rh z%Z;?H$<}jqiDzBgWwqkpgUo^p)@t9^J?fu0_L498O`i0T*m$G2#L?k*a#BRS^I>UYG8~jMS1vp^qx5e6nKJ@z9)3^ye^AhP&iRqE*fImn|Pvj zWTUZUx%6%>_`+w-^Xt-gfcDmmR~UBaZ_TP-yaG#q^XmZ;0+NGkW3EN|Y9Ad|Ev-BF z%5Hdj8R&K;3A=h2%&+ujkI*izC)15i$K<4)Ww_usN4keaL(TCD)xyG1-6t;$g@`}0 zhNP`xT2}4M>0r9>IY?)gLZTA$FO30FNf;oK_rzTp`oi&s{%9f?kb66{QemIt@9I0A zb~7`uMA_xqFxvP1WkKv(fBzG}Tg!7g&{oQFw9>hX!_YOS;G*8T!L1xFCjK+&XN95W zcgD$A&O!68D5`5Fm6}XFH$Mv`)y;3OCjFwHB}IgVUwqN#kKh4YEo7akx-^)c?A;Wv zJorfmZfzeYzW5ka^$JP^0SAkg%m!?;KnNpuJ`HV9CA;ct&$e^|>*`jI9cTG_Sa4JI z(|;c*CE9+*SWy5eo!+(v7f*_rd3JD z@e}auV+awL+*D+)`N(1JqZ6=9)82XRl`qmizmulKrQQh*|^Z^51fcSC2?)!ce zMadhLj`m4qbi}7{cibcodF*vn@`i81-E7FieM@7v>V zjixY#A43o2pATBb#yPTphWsRIP*uKa=3qxMydV&LF#H7`=-7EnWr4#b_caeUq~42R1vr+jx*hwc+T6>f-k z>tj3YA_RQcygwii+4tTM%Z`eii9UU5lS(K;BFm?oE~Ha&H!7_(`wl?vU28oc*eEC9 z!K#pa(RHQ$+(1(}eZuL9@#eD@Xyzwaq}s-~y4i>W_?YnB_cqw;GDpe zaSORVcz&P|!Y`>2)U3vO>O$$k`n40ItxcjSFb;qPZd?QsXRq2ikz1q;qdvxX(xslk`ewjz;Tg^ubok z!`^wga1+FkZE(=buBCT}e6L^*XlDXqEq0AeTS|Tz{kHyXv8PcUUtw|Nf25$EtUJ?`1FgLPOG1r31ztXb(#_Cnv8N@V+F4 ze!P+;Y?l8yh*G#-qCHg$j~t|QxV<_4+g#HwdyeE4_C*`i&nSGiRf_>-Pmiy0e&}Hf zc71IU@B_Ja><`=Y53ywfqGn{(2N0GkRZJLX1@aMWBMWfYusRUhq0#gI16MgIGnj6x zI!lX(5Zjsqyi49f+Tu!ECfal&e0xhsR{|bEO^k+w(f-3$RB~+bcwywyByVp`?9)Ov z9{|u?mqo(*U9Og1^>HjQCf)UG%rY{ksMRPG)h-FFlsxBs2N@a=H%Hc)Yj2gI5UMQl zKw9nzA+^1*42b9A!oG+wnl2hZO%DrntX8cIF?j>x(jAQcgy&XtX2>so4HYgclZ^!q@g7T~GwIK<`MsqEi zEX@AzMJ%`+tDLJ^3fQQJnHRwv(cQTn-@Aj{&xP6s>VG&e5tW}WI!2@w6arB;+VSZ# zY@Dyd{kdOrkkZZpvA=1_zKtI>U~{B*?{qys%Ss}HrR-1&l&ak0cg)OG@are`&4MKO zsoS_hEnKFsIR&#|S9YfQ4g^4e%K_CpbY)02D_-w~V~id{st%m$Klk-}wVM%3uI}F} zLjN$E9J85F^ZxhZfu1kYE5{@x{9R;f(F$CuTyxy8S4=YO?5N-8kADfo+khMVjl$pr8kq7g&x+vq;UY^C?_`J(97$Dc9E*+n@${$MoFFA-v_V{YMDh59(^j zB7Dy+k4IczIqY+HRPL?ynfKak^LG1NP)2;p?{C9ghg~l!G{4CZ`o$x{8N(b5t38rR z$-^(G(@Jqb^vtq#sA&J&`_~)A4n=FSkOzZp`!wofF^?fn-MT*?!Z0ra>t=jI$e{X2 zKQPCz!h^VhmG89~fb8O&bvN_u2*M}(7Oa3Pp8j54jApTFFX z_WQ&)t#0^fVVCn;zll&ha&Vgs>o5ZwME7jSpxpQ2s(g%l6=k0G(638NpA6T@Jmv^_rrG6)YCJ+yINV^89xyr?^YqMR~S z0fVF_Up6Z?``hgHYVSnO4kd*qH+(84f?)@XeW5quWpjZ4EioSDI64vz6)6QkbHpp7lI%fW7-QCU_jF^N?p016Y+4NU7a^C1_%?TOc!bcPy8hh zRF4Uz24zBN{6RZR4`$%=t@lYH+$sbG+*EOWBSU%fc>&wd6wrm@Co1jKKQ|0uze192 z$U9}xh-)S`YPgs;Gmc@W?xk^{-f9oLuDhfEQ9L~K#gUkTL+)?*DLy)$zY-{*Jjt1w zVLw*vtxkhEniXa@@3&+NyK}&2hQr$M#tD|LS!Bun^85RkA}q5QIi=zc2|cVL_D1Ie z))JGV!}Kpjy^8`PlXHakPVR+(nQWP+un%TE-?w0@EzT(QFR4as zvYE~ z+dKW*8w|R6U&shZF`r`z66^6LfI5FI^kwps1XfOmAM?^bAF%3}*LgIm695GJF%*>W zDqx6U_` zfPy5gKE2O;URaZ&DUBeh!qj?9wb~A-i73sx?YnK67LoxTW&`OzNvM>z{oNAjOTD*i zcH}FK&gXQL@%iz(2%8A_-2Da;*7(z2-Pa>SA~z3^*DMkBnV;-5yHo-tH+kfgLGzWe z(y@-Yq>t3|gb>px9*H>Y*gx8A{}8C2m-eF0X+?^&dbA@mrP{=K-$`O-UyHj>G+1A4 zrA6%|yly=7*YvAv;T*3{EhA-+Y4Njq1TF9@^|aLg<0A-DR6ke|JRN%ExY`eZc6E!q zEyi2ik#QKWBiy??de4VKBXT3L4P|FQPoQB7vu_qd9J4bVYEI*5vbfYN)B zCPDz|JxK38^dg`FB2AhQdWX=fv_wRy(jjyZ=?O(zC?VndAT#qiYv%oozxDpImjAF8 zlKVXOp0m&1`<%l4oNG&FNrCc?U z(`bHJHwnb9q(HXi08slP*WucXMz9QlT6-%3h;tgHgwxTmP>TC<Og!emRTji-GGE zs;xOQxi3PEur0Rb4?XCuz%xa$tQwT#n5uxc;bb)sqoF%kT)*1i=oFzF0U&=vHPJ~V zqaQ2%$aI|;_kzA^W4W(Ve5ISr_sZ92e(CfM%^42VQ;$1RNfVy-S60Ix91FKV)pX(< z`njY*k?>4xBPpKk?{jkj^alABkUeHa!`kAQ7%gosZWn&5ToYIBW|yDD^Epd3lzxjU zR;!#vM=Ffph}}pHX{fx%GDK_^X};SYsZjF9KJ#=Y+0Fus0+o9mL}HM?XSh16__z68 zqPeY+eR!3~&8_NDAxp_YEs^DBk(au*Pl|R3O(sx-#-dd@4lt>{CbpmR^Q4I%aBu(! z=tRo@aAfW=F|p-4=5)NsFaud4=veV#!QcjS&zvydm=j*5=3O8t-9b&m4jtpyxD6grPbA|mP$IY`8=2u3SibK!w6!>3OpS(Zq5-YdF>T!zS6lL+SsF&rXT8{-9tjCj^IsBHwbiMPhq{5 zJk*a8%puPrl$Bq_ui;?yOPUK%ntumMbF;rCO%=C%|8xk^BhHmD_uvbGl1nvrg1r$F zhx@dbGVl4{-ihJ6Ys_fE?U5PWGfe%wV1v+Pn`Pn-3maQLwtpx!WpD5@uSgY(QDfYQ znNBvPPRCr{J19xeo3Xh8q?YZ24?LdPZO=#pL4()+a$>pZXL4TX^4dp{wJK4ymI9<; z24Eo3=`fmB@?kk46^uwvggHQ3AM7Kqg1dME<);(=JeOKbC`CkJERi{1y9gls9(r{R zJ3sANtu7}->j~8{ zWqC`YUW1$=JULmXVv0ApeL+@V7rTn`$MdK@cz$K#8c~B+yM4Yx%nO>1@ocaG8eS96 zlmJ3y@rJc(1ojh4R0&!|vo_-|jYTlsp`kbyfTK)PDK6G3`>6Bz*h1%1GWW?)wXe;P zjLo!cJy(?cL}@D{Ix%zr9e`G=!EI1-+f8(p>JR#nX6p}~5Irig)c z5&IC*!}EXN9=ioI>0PptnFtqnnl9etCICg#2wjb>`-TPLyVi zR1tZi19XyEa)y|d2n=ewRn-Y}y@y4ri0T1QzbbK{2^W-wiIMf5 zx=sjv{g@DHaWB+IY$yMu11DJIgp3kNZpx`!DE*?-$AX|#H$VFd7*_%n@(i!x#+ZAH zfblc=o(cPMutDrcIi~x<|KpZ<0wK?a1U+)veVcda?&Nx!d2;P>k-}D1+m)>o+{%Ll0vS!#9D(kgTT^B)^oL00>SfcA3}o`rmB-*%ySy zzOfP?$JWevS-=i0#qOm(2e4|>3Gb*l`@auhg)Y{h`f{2X_wmP=sX(P(>1>!SSM9D^ zuU6G^`^Bi1g^w@a#H|ujKPy;+2-N&pd+j#>xO|P?=VXDP&rE@!%9zja)C0AX zHqTFVCsH)vQOxJM5<9F}4bY0@qP;N=n^=6xtXRzl^9F;vC7xfHN{Vb^mH89Z{11PP zuj~NS*r2AIFMsEq2D<@6pQYu6$AI_)2$gNNK-gr=tT4ha;(}fFx^^+cn31y9qBm{Y zrA~u9&YyJJFVysys5*N%``C>o6U4(8y+BsGiW?D*C~ z(hffpRH>|AVphM2_*Ei^dk-)zRQ!##zt`0gI3%$@S~*x6<=KOMx>3Uqmd@vZfJuF? zl?5oYx9%g)Mipe%5(V8vg#owWk>j^Y+ zOA7$m7g_Q>5+j(&y4}cnXE}9a$KRnnCp_!P9L4{7a!2#hlj^4Gcx2L~qmUfmuMkNt8vb$0Hd&s6e3E8wj$2U{S4xz)v z)z5&jCONtR2yb0Z9n>g+AV4Zdo7cqgv`OzKth2@_b#LAN|KlwqCz%5`2lCC9mV%d<@lp@bI$Hd?aXFm*Xue+gf@V~6N7RD+-E8?vH*gj3kT>yWIwtr4DI?PAqiKX9Xctp=12=B!IwI+TR zns|71AAPB@wY_F>T9;{9^eOW!MRi+_kG{$QT9ob?zI_ z3hiPbv8`~WPHjF4ba9pauC{sRf5gT8HbY|?YvB0U-~UbcLncgu zZIb-$r5q^hqhxX+H>p2{VcKV%`Y3OH^O;z-tsUKrWu7$q+w z<`JpVF==hb2bEj=#RIO9C^qhGi+rs}v`b(9Q4wgjGyVLU{9e-?!o<7TFaI;z=6o5! z3F;xZYBL78&k+A+`-VULb_UjZK7}$&F*j#WyAC$KbJ%Ilz6S;lnS|oc}fUhorPTzkI~NVlHt? z4rfr?MnErZI-Q?Je)HpQ2GvDDW!e~7v5*eZI|*3T5+D7n;yw?p0uF0qY-068tFw`V zi^$jB4IDRjK%+%dS&Im?iSmM)v}sJ&6J=u~FqBz3mD`k%oND_aAV`=)0@zboqb z232;GOVhg)=JDY>7qw*{H*VTgTGc7Ex9sPcdHG4>P}!rf_)wJ|g9IHLLhCJV=ouUocU> ztu166u=r>}hhhi&Sfz99-gKA~H9M7yS|pbcM*mjbik}*xiPUG7EO(HVO3`7ePQQa2 zov?jsY56ch>E6#wlm=j0&%TZE@n-+MwjesGEr@Q8Y;TW?GA$V|)*UOl7hYv-t_We) z>;254xeuD;Ebi1>1ga$GiM`CHkvxo?!{KtB=UvI*j|1Khhoac;O zyRTP3TWrbe34RWiBX8gzzzjndWal>%HinW{0-j#*+bD07t#9tvem)dFW{jP1;=X0f z`bAu&T&d`K0&q%8?84i|$C)-4kio~*KSyC0QJMqxMW%801P!^pGhQPxBl|C9JkZ1x z7xxe0I@oXk)Ptd8N_-Pqt=v6q`lSP_Q_z$Hq>F^IFC3bpM#Y>5SY}}rc$PFg+*bACKf{^@)J$U9 z#G&h;PWFXBx!MBk!IpQFK6Aji3p}@BFm@2^O~+lRgGzC@_H97X39c$2ql@T=|0S;j z?TG#VnMm|!*m_CA3vrS5`Y18F7r#MV?y4Ct1#joGj9hB$An|Z;t+=l@Y*#;~!f+#& zloz5Uku&Fm^Hrd=V?oePV$UgylpJ{!ONfs3Gd_cY?MlQ3rk@|pH7tw>Krn@a*TQkn za4GDpw_Ywz$5VBqmdXVli~X7flP%jYx?3y)`KqwDf4#-Mzq@3ICz(jeyF@zN^O49F zstNGGCH%d)&(d$(oq*FrU&|M7BpmZXBHLzY2-=-|bMr7Uc#!+D-rYR-Lx!zt8P4LV z7&-kW%l=n+HUih348=I(P^ zf>9Tr?*E#NvPvxggjG5>w=d1+^tpM#n=kr+PCwt}D4$`?RT;<>|3ICLfgz^Z9nFlj z5D7J3{`SjkrknL-(soH4n={3cm8q|kBMGD6{MV~B?E9bp_A0JFA0`q8yW-(yE@jm~ zK+%=~gruLQV*Hm=#^zGGJa6hddnsucZtcMtwF`Bj89H=sKpD zKM{7EFpp=JH4o(@_|r!I3to;F1&bqT&bMdM%g!YVJl*dziE{4v#wu{ztNSc48RTm1 zx1qd=8g3SAOi)(YJ;QTZ4ygo|Kpo_oa=D$TzM1oxk6KId>yl4d;Rg!{)VqIL{&QhbLyNbw#GEtngDA7WFLr!fedbZidH;AQ$oTljawmIb zOwxHBi9DmrXCW;%mdkOo5Q$L=YRRFp$U>1Dal}E*<+JECKpA}Eqx!Y7kX>5-ualyl z++$<=bJEj`D?%q#6EI#t6)=_;1-t;~eLdNFD{EA~VkP+Y^X=AJE>*kQ<6N~R~>Jg2W;P@Az4`u+e?jNGVlY1hKKkKfs0Qk2I z`E$VFixK~m{vcok;X;We7o0z#h${HwP+}dyQ%k!lQhM89TcMS9pm#&Tz2+QWwE489 z+~`724^JBf(Q50eZAdVJX~#Wvb%ncoD8!j{Oa(Ix{y4*6}^`9N};O2t-t#EH9J)OyvR{mGbg`N1@j_N4CGNO!bDT zt|zU;7K@|eSX;kP)ZHq%wc6lAZ&cKAsvOI%QR4d{MykDWvscYxS|?r*fz4 z$-qOU$M`*$#``*{2e(J6y8-*Zw|!UA0l;b8!=gEU?VWwTVPmx|J2zXPSZk+e#efh) zP1K0NvNHID)y=yy9oc;a|M`q&$D|ni%+>>25~$+;R=3#!#!gLCPhf@(Iy5pEZ?lh79Cf|R@N~=cl0I&ESIOJC z&>S7c0qHjAvr4kBHV~^8H3j2d{?ZYvdKUm%)xWA;nXdmTtP7kbhr_)S)UJoAYOJp$ zBNm#|AC`nB!(JWwtYQ%74H^Eo#R6RtJ8*|?gaG~{*B>%e2VB%7T%6`Bvt!l@G2>LN9PtB{D(Brc-&MRPvXiJVr%F=kKIS z4ZtS>J*QOQH(!wGR;1ir%c|SB0fd1KclE%j{#JF`-!AT!ZNHVA%Cm^>q~p{~pxU>J zmU;_s%?FpR^w@s_*Rb;39isoWqo-tEDkmvE5O-iY5?$LvS+SAX)d)*spG-OkJ+)c% zs=~~-pM@Ev>UUa#@t@P|ukK9XWsyzWK7?ORC}J|OQyA4$wa)5ch{9jr-{r;lrgLdd z6m?-$N4I;^A4Uvk`#NsD{9H>^gJ0Y~h#^lq z04Cx6f?XR0@a4xnR+=QrY4>KFFL@Dc%}!bI8gOK3imI@7*0?_Af15g_y87>@=}o<9 z^Tu3@w%dd~x8`vP`fPI8_uT_cx}S)>qwlYsK{dL;hS9H{v->>Q<$zfA-c5ki*T1pt zU8FcrnaZq$$e4^oH?oRMJ}6cc#EW??PEHNRuC10lpl9?$_;o>UM}IN76aD3u`CA16 z0j|X_0wHo|ZbiN@deF!;@MtOdg)-TrpkAR*hETHyUC*1YjT`Ego9f2dYOnRwr{0E% z=py4xO#26 zp>f6LVu{UBx!)-UDifbajjxHdeecQ|n`kHGf0^TfE{|nO#6>jFCk~kqLirVrf-a<+ zA1P#!!ArK1oAV%LJ$I>Ke!VSKH7V8SVx+t!O53$Y@utB23dbLDmYc0*PDz&-UzGaA z;wo2KfonF;1B`ydd&S{efQ+WOA<9xoMEZ_se){e1xs%^{#3<$-YYeJ@1{Ngx-~;2GS92Zho#4Fe;nTweN|LBFh1~z zs9aH>R5X`XV8-0zB6H8F&(Dh7pBt*Wn_}aE>k#@F&}1leo3>3!0V<}>4h7RYC8G+% zbj0P}bGY8ZJFFvvlOS#<+akL!@t1?FXEiy%#i&&0wy`vNaOe~ z(}{+)wHBZvu$rSvoxU`{EJ<LnH1Lj{@g>^AiRO&SSLAi+>TqpkYbBoBG z3p*^lCj03$VNs^0Ih@hMHaXT2gxaE;z7`tMbVNlhVzc1{DEf{UH0R@`th}&t4W0$&+}6}I{)m51#3AP0o+%7MT>J&16VC^jr5YB zCLnGSG*<|v5)#Ml(=n_A7ttSoUOe*s&eED_#&;E%`hnLuL~?;7u=V@zW07>0S?Gwd zwjrv0$!LnT_sc_NcpRKF=dE3gly8{+So+1(%05)HV%=6Dn+0WRrtrGO9C#;!=sfRB z&1%0+CBf79@S(usr(xf+yP_3QPp;T-YW(;U zKUNU=y3MhWW)ax2D_~PGHmoD?(=+liYmpzqom;=%)L*>F_`<>P{cWskuVKRa=}q{L z-#R6JcaEsUsnF7OmevNfcE{6MW!kqag}(m{kubqPJ~bP+OKmb-PakIHi&|Rod6jGN z)j4L7HtbN@N?82YU!u;2bD&)zg%X(FKKm(p#bwP*{u38dm7B}JRwBt*iTo8*a`^wsU zybV+B+uv_ndw@@t#&B&jP*VWOUB5xXJIQK2AhL8Lgu`5;034fIKOkXC>r|3YMD)JA zMrcrAOF?K$}>uN`vBbw~-c#qey*VnDn z%#kF3axRk8QxPdzY?W)Ni(Yb@eM6uqTuoc|MUmAPlLXVFd%{jYN8d{QuV+^Ld^yp) zz!{+)*_V6b)Q`>+B~H|YHkC_G{eH}sh>y>!ed44$5wtqRvL9IO6Oyw&6}kSd`W6{X zn))t{Sz!hvLK%rq+m}%pLOo+kdDS94X_YuVGKdU@33Jg`*=cL}j*e@ZKW4FhX(5`o zz}dB9$nz!rZ}Z@fh-}+<=hmWP<04l&zr^20->B>MY~$irul{Oe1~iAs$!)h#KjBHJ zu;^S_@mNkaw8cIT%`@?->1K-U_ETx^0laVryLVyOk>+0K?U*e$fx$1iUsSDSrHse@ zv}^`Pe)}vg{OI4eJ!2dGuA8pmqKE6Esy-1A*&j5DRM$#fj&mk$#{%K~_|teC!e>Dh z)a!-=ny@gxvJ^>BJe`zV;X#g~pi|Y$>uZ*292%p`jS1C}q=6~*LpS+WW6933)vb>5 zF>70X=M>Ve7P7FnNjh)w z<~}P|Y(j$>m%bNw+h)|RWJTf|!-41m5>K80$7!(nXdb*zEN4!9Fqr4SaSJ_Lu=Ji+ zhUX%7YvnQ0(}&?m8Wc41MXqRda(l8&#*nNLspT?M_8;bwk=2}avaJqViy@5gC&({Ar`eh(T5Q+p@TB;96{r_KLePVy{ZfoFFH8^TmqGHr zN5>DmWZT9oKm~bIo40LuB#c$*#(TzRdi7=PH&^mE2>&$>T{+VknFKZ^?QlNpnig?! zBc1of6_RVUO7R4yYuI_*$yR$l6*(&>umHrN%e;-HZoTx(R79Ryz9Z#(9zyzFBTu-h zhtOvHi4CsC;_yGFlAZ5Ov!z2wV9$*0=ma=<+uYUz6)aJbzDt6CPEd9`11JkOCpO(K%s_Lg}t z4#~2EmaOR9jZnXL%F?@?fqrH1!kj<@dU~4Y z7q?fs;?i~!0%VKe;7Y{d2R4d)QFrm8bb7?U)^*W zfuPCBtd@69Zzw{hS1zP9-n-UtxG2xg!yY$Yk;*n4bRecrBUpI^Kvo{f=&Qv@yAJ%l z!-xyp3w{a}`J5rl=Xohv#}O;^C#!iZJ;$#R?hH5)F(u`xaX5YelNpqHC+)_qNIkSB zdvPTPQO%ia7ise&pZ)$z3^Yy(_ga&GJOVdeKA#7z2n5_}wD@Sq4KIz2=h{Kz<6S3Y zHsrU3X9glo@kES7991yHxsT(A=B`W5c#OMoZ{1;9j;WUospqRr#GmFISvr~QqWP9NA;rwxSa|5y)A@m)6H}5i?!}lPz(2pnYB$!Y;Rk_4SGLF8Z?}oO984H(3msuUgB66N-J;;owuPLX3Z^yXH z!rN3KHj$Y7+Wr_nCW5TFhmgk@ikCf=^Wp|G(LpyiD|u{nd)Kv^)T(7<1hU~KPOF}S zVZ@~HN9FQk84To6vswb(zz!clbolCEW`Uo6e15!U2SaU#oJV}(3vdI>@0H07#@1M; zl^@9L+k;+B>qF8g%uoq(@NFlpFqvvtW++^5Rjh^8m}S|~RJKxLaAXIv0rQU5+H}@IBf3&mTw9H*{>|j)u9FhU7zB`@Uu$C_gQ< z6CAolDgj!vOKfN-LnTx`J+j^r^0P#)2Kn5sc*~n&5d(vzUFD!JtBy-z#}VW}mH7HP z6Ao~nZ;B;p59f)=+-DfMX7HmF6z6U`c;QJ-U4Ez>-qKdishZGk%{x#f8+f1ILyQ|1 za+%k03AaUF7PK#*hQLwaZfJfqZV?co*+yykd<{0IjV%-^NDbNUlGD&B?UW$yYMJe^ zk65mWXo<339h}@-O&t!pjg;X6InD|6uX<=$^|Ez zd#$O*h02|U{Ho-s6ssYTmE%xom>nu@=W*W3)eZKcFZSElEjz2_j9qh#@5-*(SYFxf zy{7I?(uvA#amhC2f!nsDy3td)akesjcf4I9^jyMSu z3@USbD&Z1cb{PSnF91OC^hv@G&l_)$k`*kq%<_5!N80e)9RgEc!v*Kf7(Ko>B;$o| zV}gVTe6+W|O$Nwizvqm##|JHaR_4xS#-? zr4&EnQxTkk$fnm!X_(50+qj>dfVOU5yBuY4vxoGo!jzg)g>Ru|Q@*$coeQd)Pi22% za~wHKcsI1zVBus5v7v__CQ@)x)u|c=kAV>NtVfh(3=}?q`>m{Qg*| z=5DBlOLo}-lR>{AD?r;FH*k^>Wo;F-^Ai`2(y}u1LtnAOE>P!r8XJ-Ol#eLxfYRx= zx1F}+SbZW_Ia1+mrr!fKt~ZM0QL+AN#svNp&D;3dMvFPh)HAiX$}j_JG$q0pKB34% z+{AUyVie{!o_%^JsZPEwLhGp+I*qYY*mO%rgFN>2s8ndjn9Cw{ z*fgE(TunR8%uFqnG5=h4dT73qDH0NCaYmIAZ1J z3=86`|7eo9r-_cxgY=%AH3Z)2C;me#)m@ZxntHC}G4m z0;SQ@X5%iiAEmvh1Caafj>Ot%$sp*#8KMGw;|Ka{Mtn)kWyt2(Phb97G zcZi@j>MKHD6>W=YjcJ103)TEnUXSgGt+XS;#Vl26ab^mKk3in5dW0dTe&7VsXE$SZ zX|K@z%)m9b#T-{Nd4^;}a~_1s0t=yoJVAkhQZ!Th`oW_z(JG*1)lQ=kvhan%2 zDKOc!XbO`04C>3y^z2y3k3V$ENFtnP{@vip9j1{_!WGp6skuw^Su3IOp|gH)iqMI= z+3n9_3Z*L2wn4%Q6DO>P=0AS-)0V5hd!`M^}k2vu2+Z?9+M{(X;nQ_`7@Zl}+XFWTk1B+^DMXl&NH-YgIc{zpmt{<4}-8itDbp;xRw>`A8>+CQsJ3@oX zP<%AE9>N#;DlA2+Sq7B#R<_5b^Vz{4L|U-F^2{CHb>)O&rdL3m(c2=4Wg0yD;|u>5 zPGjHUm_G{AC=C%%9r+F8-(lemQMj$Y?$H+QcNLF}<`r~p%dv8pH|heQ-R%qyOhV8wf$O)j5K>uZxkATwU$5MHZ1Qfz7m* zF$29^eA;NidyC<^+N1LC@S6lRRPh}+LeCW)`CeYPlpVV2*PomnsR)=(a2fpxqx(B9 zS6MvN3Uui@C`@CyZ(6hX2;YxhVAIJr1HDDNPgWb#`)~?Jzw(aF zJ|pVn0iI6?lu>$@U+gpKrVHr=CSQ0JjhBLAuL|vTmbolqd?r0Zsz;YIjG4O&hWW%0 z;x)oLC3#t)6364&a8T*v|2)%#RPGzv98A>%{#0XYJ7 zT8Tt#BQVWoW|mjbt3p~RNG1_pl!E8!abET7uNH9|*m_`YEKlLH7lu$c_(nP=;7*_# za^~M-#6TfE3Nj0SjO%*$q#Wr+xN1LoI@eBQnb%hDo@IYa(NXD$H`=>SikiND=fcst z5-$qFtnXI&(1JQ87B#Pc^Nc#!VVCX28=d z2F#%?IZ%N}f0oIdhj6~J@XXPq>8iCfao7z$(8~;7yU}!AIzy0cVlS<&IeDx_KWS;DSI5O0XkoNr0oIewXf|P`&z1 z7bH*LJGqKM>r$H`Hy=^_5bPyOUJh!pIk#^9fzKc6!nXg^M-VILrM#~$FN;-=Ptpx~ z@-g*kR;=;$^gBO}Q{?%%_p0GfyX-gvK?*>5V_IA?ByxBoOc+fT6n6tC{&3EAdkp=o z#=@_>__u&c4(9Xl5Qgzd*0ws_g`jlEP8cZqk5YHng&2f?Mzyb^?j6@O0DN@w0%}O+ z!x63|za)#>^<4bk+>5!r68Y0gc^OCj;Z+O4sx`!1rWL;R31WktLwWGBPz_qA{v(Uo z$?335A}#t10gq|m-zZh)J)=5I2d^egzrOH0%FR59V!uldW>Mx=R6-tc7i+yaz297{ zixGpRy*iMwa^j9|Udw8YNaR%1cWhH@4_i&*tb1?sp~DXmv&29tLHxj0}>M>eQjeMTwxO6%rN}&ny(xx-NUr zGHfN+R1C;?X%SkY9bFxCF^iG3?DfWuSIz7Lu6#V(;h)1cS_8qAsGy;2l<}|He5rqY z@#pRgt*K6hz*(WSF``PWvuNWyB6!_bw+#$XE&;BA-5wk1CAE;5g&DKve~mgi7^dgK z&mT_F)J-U=Lmb`Ta-I28usU^%ew4jWG%U*WB`3je+I&Cc8^8xzSPt%bxQ=Yx^@^qjJD(#y4H1{&!6AY->AR0{&K zWXH@kl5I8N8dPB!5``pK+hdVN!gH9D@zs`bI-tX1;z4Iqimh^<1Aq; zaxP(ONT5isK8giq!>z~4!5);^+P#D%&1K2lWT|sqy`C(XEGZk2nhj>x%lP)KRn6Z1 ze3@@33+p<1_kC6joJvSNxpP=vLv?xJ>u@}=CIyrRR42Gl#rT>M+A!P%`T8jzytJ3U zh2r^kFzHxs?+~s13f&d~)m(|SxkTuD!h#J^{ zEcJ@Fvpips7%I!J3zh>&50$Gn(FeN1cVTP2$!?X!*Pi8T{ZxoB)PD8SJKvn3n;5p9 zDo$GN+vZqIDeQ4T!DCHIq(DL^n*Wi~Dfw|xQE~3*R$TA<{Oid=yEKDE^cFK=LfmHk zHdF$3iJP4dRhNL&KIq{iYL&6RZXm1lPJ*w}_RQ{8V4+0%ce>um8#8xhG|MWYt4*Oa z>^ik}(XQPU7VRB7gUZ7w~=V15AM-JSza_U-mrtQ)@7BwdEWQ;+O zy}d)vRN<{lRn=8bF~gmM0^PcmDiqx)5S-UngjoTaxoV$OcYSJ+xw*Ah(>OP8^SxIt zzXi3g?VX;)buXNZ2}pgurNbTux4-Ax331*1UEB@k zN*RUj1)klPVbSt^kZMjXP``C=va6zi2xDuy0Q&ame7fe^rOr@v{#S*U7X#O{^h|D; zsgQJZ0=2{~q zI7Vq>RGn&%6gf-TEv8ge0FKgVO3-SamMTI6^{*{-jm^ zX}2{50^uEyEkH$fmv7`FC{^X;F+%xlqP2JEd#nZ9`sOYywqC-Y_9rJwMkUQdq^yu` zkU2ZFZtuna@FdSa1*|(Vz6spJx5u=3GPKqb=#%I=@CP;Drpa+Xe6Loc$h~=4Xg1dz z=5V#M;kp}%5-!vMPjwJqQnQ&;q-19eldz+)d8{C|oTW%#ZnD-tPcP;2Q zF7j^N7m`F!$==ymATXWHHG?_Fw+7eHG|X7zZRXB;KGn{L2OjLVUD)9x*%tQN)T;^GUY_MlNZ>AE=o7kQL!wD|DuH@2Hw{q*=zjWYL@Rv5hM} zV4o}0nQ%q=)~FY8Jv-3Tsd)w~kf+gravO_=^%~f-s~U)^!4Nc`-eSM&C_99T;*1J& z@4t#jFU-GQ{zdmm#R5kNtV`wi4pOr&J3k`m-lZf;T{MLB(W@<`=%VeW zBrDHsQc@kvLTBQ-VvUSQ^x(?s4oc_kf8@mHb4=s6$8rH5fwGzSP4uf{&kLaU+Jq~5 z%2Nk*I2zuaPB6=kLZd8Dae_J<710g7*PN1sdTk5sRi2TMs5yMk8PkF3GE;d}=b{Rz$~DwjL+OPz zW^x_}fEsLVA+)2mbOPedT-1(Bb0Ztha0GS`Y3o{jc9rSD2)E^ecb!vJWHI>!$?~_@ z={syApBO1g8s_HoR2I9^6HzQewxe)a+SK8hNCoG23>sit*E)-h*E=XJ;0@(eSM%=p z*34~iL45VD%SI&k*;3@`!{{p(*fh{iBMU*P7|Rk>0RgLIR3d7H7{zmBH{hy+*l10& z6*#Y^Is3iQHC9Jrd4V_h{RP%}5PU9)GTVv*yZxS4-sE(gfgFv=)* z9Jw_-_ia#5oKqTW_3*x3{QVdl8- zYWkX~Uras7we6V5_?jjhG@scJd!AdGmql%AT2_a?F($>t(lW)ci0Kro?07B_tdFw_d8~%4=%nh#ma8YE@Tg&`53}Pp zRvU(Fi3r{0>BS3EOuA3V?11``VMXw0fYCalyP2dJipAj1{1n9Yj)Ry&#va~MoC$0% z&`rC99H+Jz+@nlU{yaCzQphyC9E$9)B7gV#*2t}STY(23o1(cEIZ$yyoDW9kl3xY~ zN~Ujj6UM$VB*Si{lhql9Ruo6U4S;*vF79W>Rz-`X8 zI^Gb&rf=$FkR7@^V@F$MDWyG+AtE#~(dbe=-q^97P6QFE&^qIxNK;NW3_cVKs&oow z>o-*O2@AZVm$3M6@?C#h)K@d}p)Vu|6os z)B;jn1gP2 zdJkSfAphBR!;98LHhr&s42)ycG4pJw1h48Y{%eRrf@ZMV(H=;tM0A)SjKxAQd4 z5c_nkV>%3$@r@!1kl(Tjk_|d9ie0+5zU3|<-|GtKqIH5ta}ySnO8_1yrDMa8vt%EuRDKN`5b zUc*kUJAJTRrc&Bl0BD?LX^+_B?8f!Y@LCDqvoRX|US=IE*GP=l28++ZXD!G|BQ`== zJ{U66+}fRoD|`9UEimpJFq6P9L7Fr)6;*8>VS)W#+-xh$zF5cGkV{4mE8n0(Z5y zRV;N5bNHpXxejyfNThl*od%TRJCbmsjrcNF&XVOdRsT&9&=mUAlD&yY?9TW~&XdxR zT9uWY;g(l^dz`V}0FAHz9vv4SrS^YTQ9xMju@D*_RQg3-dLa9diQw)SwWYCw=-s0PA9=`4=m_724c%)VfX%5^|v`cnx`vp+`7WE^lmPUg*> z*d3!Z>zbiHbEa09^5+=sOL?`7K%fN@N_sR$tKxDG zm}I$N2RaCkzG{=msSB<)ur93Pe$Q-DVb{z%x#?c(l)UIE8aes|bwhD7C~E6Tl(%lXbbeYdhVmM8{Yf5{@OM zyQFjdh7A>$t4@8WBy;K6>Z9fs6KtEGa6yM4+DnX%)Ie8pN7NttZi$3<={t zg2rwye}A|gawkZ_eKKTV@ojU;SX0i*xz0Q}J*6~&M~kimDjK&rjK7&;QaVz%)IHWt zTez^ee4wG3CigivJR zbVhh5T4RSZ`g$kVed6_eB{brQF;DLdFp|Q&Ta!_|R>bS!Fc%XAb}8LggL$f_CrELx zBW|2BXcJ)kBq-Poa=u|B@+GW;eArT5G=8@h9>1>33=5Y#=#xb5_ApMLFWqA}25^EF ztj_)6($aNUtq9<@fLiTMJdwB`13I^`^T!)gu=e5uO|7nr@ zZ}~Qfc7r+-E((9rwQ%imMZNC1n7O(YFD_d~bJGrd`;2bT5#mM7e*Nd1ae8csYhg>= z*U`kiq^U%jQ5%J*_a@-)B~N89{Y3hd`2)#x1-yY9_#g`}E+@I{BJf})naynQ#qu#d zptA-rL9?>i$5s5rOX~+n>C$_3z~rDEC}fyIVY>aAYH}9)3RT(?_%vpaIl!66uE#A+#M8O_( zIVnNn=R+g@)v|w{`cz!5W-HOmF~aEz;37xS-C4K3KfN{QbLF`S6FR%F*^F-}0HmNQ zuUSG0$q5LIM=Dnc?J@QOAmd*Wn#bb~deYotIqhEh!Z9>UEF?r#+)YQ^o+0NP*$NVOszQhP3OqrC$OFfvTybl6Z97 zjylQL!s$}bYAS9!w2a&36MwSa^#<>ycx{)(Zh}c)Mb0hyF~BQyN=`~bExCK6izNo? zrVc0rKvb;s-XVlc00h)cUDI{r0ty-%R6YWRw9POpYCOBf46sn^_>Ppuw4_V%mDQVM zpcEdkS5eEJL41!)_;8#)($@S>s0kc_52w;DK<0Fd#HWV2*(6|7oV zk0{%7y0FbxuGn#4?W+0^P|duj6pxY?#cI?x>??}46%Ols{Q~}UpfT*XxrSgY0smtR zWn^0&<1zm{)s%w?x6`RZ_#04W(lfQ7KHv2Dz8EjWww-$quN{pyP7I?{KN}&oulI_5 z7o0lWqcM`7$>grlmy0CvWHt0FF;(ve?8$>{cjy~+CJM&E;0dR?C_zCiZ}YvM&O_hv zc~B5JJ`YmxxJ?LO;CS`Adea3GWkBcBt(kxU6Z)81@^JtzdtAfTIseeO`({=6(^AW( zx9W|AZtmC9I9e1m&}`cKMRp$Gs&SM>|K*-H$~1@jCVTG;cE0@f=@~nYXA#Wu{Twu$ zP7J0?SA-+CF+z-2PVzDRhCn*i4m01*-rmo3$Mdo{A&)?p|1Dp5gvfB!!KjBPu>PfCHc$V&gS>k8^-;wI#aUcGPP1uthP2_GxK|xrq~!4~1!p6J^_d z@w#%ybp@|o(@=7K(&uri6?Sp!Yr<=~3DyhCxC~itr$d*jsX~v?z(>L>70mNi)yxKP zqg5I5wzsXXTV!O(!V@9`{d!_nMtQ<(UNNgf^Ca! zTpH)tEt9XiG^c2nUc$ww<)8iT@ z1_M4LFFE4H{TR_1g%v=40Aw6(2$8M8q!hTYTD2vEYRAx+^Ux(EnUG_LAFz$sBDIHoW97na zpGFfXuNA(SL5uG;dvOuVx%Au z$>!Yr4&AqBh{?Uob??-W1b`*nq9{@6^x%aZtIy*^Fpdgw4~+~tu7!LY2#SNG2CDR( zh0;xMq|b;nRRQ$o1%XSyf!ANLjSmUZEWPCty3IQB3Gco1qGSRbqq!VM>hcE;2VRzV zBIn|4Lz&Zu9{TqimCKu9r-8V}e`U@~uZ<&~aGo@7SMJnrVTD2E@We?qQeOY>e;UM2 zJr*t3&+q}7aW0w?-YU2IVTe=%Q1?M;>{QY=-*_j#2QuDc`Y}| z7pK_@3WlJd+l)RbU6wmnnH!Vxr)BTM#X4p9QY+h=KLO|T&ok3<42TEhy^pvbM3$s_ zCwG0zK19P4EL#*4vmdc>0#0~XuH644?YpCz&bGEu6jTIs5D;lrK#HhHFHwr9ROub0 zSLro`sED8_s0c`xB1o?Z(nUc8r1zFcuOZSBAcTA;Ff-SCFL&nN_w$cg%e7|7`R#M| zv!DI!g3vTKP(*|_mET6?A``B;o5(*5^EntNmiC&s=7vZDeCb_Ac=Mwu_iql1qI}(M zy*&MOm-Gu0*$}n!QWr1w^u{Ddg(pb_+dF!euPlVNs4}<2m+E1X0;MM3N0xi;uku-X zc7%FqlUt3HVi>S8C5_HeVaoN-HtF|RdrYaq*p@qps}*9qZCJ7vmAheraVS8lCF~G;h&#&tW)CZf;Rf{$eE>Jv`2Yoy9 zSp$H*5m)tj7)PZj8xa;3-8qC{XHFCJ6WB$uz@Tc|ivX~CdN@AEMzx(F4KzmGjA!35{wjJs-r>KAz)w~c!K9IcBNHooONl4pzUfCh`QB@r zt_=a@E=yM@r1Wb!>Fe68ox9&BV2oo5hNBVCU_c+Rm9>HpK zjF^}Et#M%np&?(D<1?*gUlXF;h|9g=bf26?s)Ok`B{9A*wZx3z`ee#GZ1ED_mjpjt zavCnzOkk+Me>!e#%qK`g=Q+aXHxq}j>t3HN!G5}{&FMVC--(0(eyFP5{KP*-AxLy_ zuJw#bZTc8>c+YoBp(*|pkaD-bSL#E!L*=~@%ToD0$MYOe^Mh5`g8R@v#eXvXcD^JR zBgOltF9NQ(A0V*H=_Y*TG1E&UMMoPqA}ek7zvP+FQ|{F)24zmaz`rCVpasmjahuBc zQ-+`_+Cc4+H}+v#deo(+is^J`oS5xT4M|XU7p{VI-NCjNbi%E5vugypql|sqvt(~n zjo!zmmr1g@#$`Um7rQtIN+~D(lI@90nkNGKS<3ky93c|Fk(zg%3+CNDwsH`$V`mf>3R}OXSXv-<- z1Z0ObpE-y1&2;ZV*7zYV+Y-Sm=|ANl(1JZ2>C;B)8nx&yb2yecCJ{O^=s5 z>Cw?NmY?{TYxLC$Cc_P}<-C*;x4fLcF(*mxZn=Zqe&VpUF_CH7eN=6k4M2jQ)|OVw zktu1oiSq}YC?my6r*NARAj>KiHTd4l_qh8jFtE5^UFLUtm*jnmM0J8Zp!sdNN)1IX zz~VcwTz&X@%F8vi-n;+BWwU?|2t!d?!%>K;)c5uDSPm)Yh~UnSjvke~-b?njxc-Sn z4Y*KBWqKf$U?^7H#_0nMYuYo=HvQ*trQZ$~Y?HA-q5A$ZLO71C*GEI+W(AHzXJ7P{ z21C8vC3&aD{6P(mQoF@#fKV7u7XmOmZ4Os1@Q zDtGIfEk>t1vmg zT#gUrn8kgOxpYz6^An-`dE(_j>sDj=I3yadr7rN#;qF3oJty0XdH7RaC>=Ap_;bE4uRA@wpqamgKFNxyIn?J8jyS=P|s}wH2 zpa2owmMYvSAcyd?`L*k8-}3h1>t|njs`aWBv)UD87QPP!Q*fC;yYy_BjZpw0K)Tqg zy@mTL{ryMne;w{`7CbHN_3o^h+Gyxr`iUrv9PF=<tlwPIA+8? zQT6@s@t3*O>$c?7kW$f~^d|9JpK^7cbrdDH3LUffe4K2no&}e&YV?tJF5)HE=AsqP zwVkN58l1506;M*tmbSCi*;nF`$IYfZ)~DBl4>)>!qcyO(E2esqMeSEwb1Ip3j-HC{ zr>>>RIYa%QC&(3oWPQgEUYXE)?bK$0%We}yh6nPe!OYuQ*TT(HjOb#>JayoAG4o5*T&uJ(#%e zOy{HzSUWKut$ePx+kUVoN8>0q0xuBG9O|E|nD_CK+UeF`<~!bz;Xv$X9bRoV*uQGR z0Sw&!W2Bt?op$?4`_+H^2ms@_BdiqQE8CynZ>(nDI&(5WnEw1eFyWFDZOse@kX`e0 zTD;kn@RE~bkN-Mi4b-N$UP>vGWWO<*q&LB$5^l0a{e((jnHt)!+o01470O+0{7n*8 z*rb|@SUOFZoHIZy0(r@v^Wl&`au|Y=@%-}MkRudm9O}C9*01Mie}T7EG99H(U*Eo1 z^>SQq!|$I)i^1nyKV?Q9PZIxF8Y%ASOhMiYDD=#pH{?)lMzRUcp+8#$*k+q2p!rJSwfZH z_dbEabcn_Y;;&rBDOf3xB%0sQ;8_}E(gswr-)A!S5>PEc8#D)vdq2-*iW9kDUPyb~ zaVp@GUU5E(&q@jw}Wa<7)p^wzBq5UMNgN}Y8hj!)xma_LZV6GQ8 z%@3VXX7u%E^H*yTj3m!@k^h{g{l@X8M%cxrMx20Lq}_ok>&g5neK4TjM7T(?Bp(oS zaXxJTqf{{4&d5w0G1pWb(a4v*&bGL;-O@4P+rM<*t^(_vO}}9yyv%`b)67}r>~fmx znls&0sGRG>3C{&m^u8CJ$OQEV?K3`tpprP#`?RMX%3e)e7Q+WR#@$c2 zwUxBdW9fX$|HIRNzXv985A@(yE}0l*K&8nOcH!j(Ki_Q`?hKBTZy`-A>Wp~JYt!?~ zW~SBq9*~oZoW;O`=Tg*Yxk(t~1D`VuHbttjBYJ@<4f$pM50glVrYekxMC!{MeM41* zacZuZ`3nz=PYJK%Sk@n;iCRt&vGA7SR|r(GS{Q4tzJzuE6p&-To2+tUq9J!h6}qS_M^UG!U5Ldo}>Pkp^Mxr z^~FMpqpk5u$}6@f_|E>$-2EGF33|jhWd0}psC7Lz_H&@Ho2tlI6|OQ48V>$UN&|Lc zmnn!{GPe0GwV(R3K-=o#8gTZ02&$#{AX<%ja`GE_s|5Ma%Q3yHZovoW7CA&A&XU-Ec%S>L2k=d**v}I(XNuafV6G!ubO^K~QMwpn95MQm1MFL@F4Ke4; zc4CY)#gc%VDxZl#$dy@|209xjzIwU@44rWA{S#}FV5blOf*`0=&6BoQ$>6t*ae#JE zVc)0^_c7t5()JaK3)H2c2DlNnk?)(hya^oEo&b=#lekTNHzut0{-(WWTXlnO$Cqi0 zJ*S#5#B_9nP*a0jmtB{%t+#q)pQ7dv zbm^cT*mm`++{zXSL+3}<<5pDew(->0l5k-tN<0{2`Nwt%2$`D5YKCBwIw@I1z|`q2 zya74Pah6)5>B^(sl6LoK0P9|V76HmZ$HfY!Gg~KraDxBoaqb)k%T~Qcq8v(hUkGzb z-t1iJzzdQ76Eh$htrgrm4WkwD1SN!RY~s&$QRvpbbkxK^^jllNL*57^I`uaVs@l7G zcR_`uMsraUF>!BQYSTBt3@7^FDCe!ofvl5>k#-XXq%WoX&d_b7q3+j*f9c{XL1vmZ zx<7pcjM-P5a?7JEe^~?YfD=ThWN|Vxc}O0P+HcC8Xs1*iMJ8em$BH?(cPCN7XFfRb zgnDWH2YF%ibE6Szb50ZA+bGk0A=G0^%ErdmDmtj*e5R7U(>LHFu)d%l!SZ0qQBRoa zTB+?L6}Fqp+XLo4DoKK7eeP(}I!A_SgcshDz7Htzu z-;z-jSaO9g+=1|`t|>((F)bGW_oP227If@$H^aVryUs#I;g+?~0@}X=;ovflZH^Rv z;8_oS|6ECKf(U}ZX&L{X9))67@LR}<`XYWt9XH@Hi-$$4K(}_8!hN)#5OPCKR`;1S zA(X4XL@1*Xk1vyy8cmgEj_ZNf7F;?ca)m{jUVS;BDO=Ki{_4o! zXoa6@?cyqRVG%qFPc+WW5U=K*sjp3^p2TbiN&ECo!>dR&?-6mhNs%sA25BoPJBtK3 z<-Wi41Fgd%SHM=gRj*Islxd-)M;N%{GftE zmm(xO0;UPuyx6vvT3bsXZ49#JkZ;J2F&OQQVzD65M2G_ub9PfmKR<_O(+}ICh4^MQ z+BQJO1crpO{pZ8=G?n=1CG0v-RKo6^qs`kaFMu2{=+(T~V*Q%l>%ch>j9dmr9y}SBpFFE%;5DHU1O|n8V0zr8xtI!eDu>M>w^njY| zLuETYbTq+SL>j;ZT-TB*1Zul@YykfIngWe@Fp(+#kdh$jt243-69F`>S_fb}PfQ8> zo}T@fNJinD+Vn70joPzxr0ERhKheRL@DO=kT1Lm$%QA2&^g>+BQxbkgo0*u& zy?UPLR|-ixk#DA%njQKzz%b+Uon@besv;3IjxWHg)45JAOG=I*2@>7-MqsUclE3Y` z=V+b{GCSAilxOn*xf`bvy3JB}{x9Q`CQy}&-SZ^px?kWmwCRSaTW=0>{*vAN*axy3 z+e=GCO+WJFDPJz!>p-n79!C*1ZYl7K^I3>QPh(xvfdeX!O0+;WPQZfVIy6o1> z*&Ry%by;b0$Fm?0B0W3ES?K1*Yo&ueA_k-P_gk zvO+J643#(qvyzjW7q0obvlCtNo+fG`2sq!FqEM#A`|t8~puGeSSK5|=(RZI4a;w!f zPtzxsb`?>oZd%@^1xpfcCJB^weU_#L6BV3W;wC@D+g@<9HjXe=hD%_!d|05{I-f-P z4E*8VP^dK-j?gikvD-*OBfw(4USe%U6;-}2r`jz>wx)<+6P)u4Y|o*$3bTMkB~)Aj#%zbLBygKPeny743+mW04m@% zA)_}8DQ)_Ff`#HGm8H!@6cyc~(|gt3Wb@c2B2s*k+G5@O@cG9-{GL!tzkfv)cisN4 z>$Hr4D$i5Pl!8XA-tuU(RhDq^ETEJ2d={H#8)8@i@pOfCpvpz$Z=+%qcLv&tBD*i* zH0{ek=mr%9Idu9>5;b?Qq$sh`&(`a>;~nR}hI#vfrx$r0Qfrh;=VTR#7{iF{4riTK!fS6`-g|i!)pWyI2)W)8sUSC$BczpS`NPi>I zlBNu+dI3M_{VjoTs?2>mNpYLhw|#rjF!h^pdHAqr+vKL_ua}WCT7afhyF z-}k#|Re0o+x5lm8lNUAU4vT_C4X1X$GHyjSs|if~{A-Z{VP4R75J3sDYJ!$=@Hy_tKJQq-T#g?jQXn zzxx!pAZP_Ya)!;P$xD!M@TGy?)k{Q!YU>7(=ou68Ubm&SPqF4B(p}5s=J8=&6l52T=3{b#$*RlhU+PD^;6>2?k`{4T!Y>ju z4~>4(L_!AyA9R0t{VH0(w6s#rs=SX0_@n=KP_?fxbu;BB*!*$HXQ(%qTfimX_D`rJ5{pKf1NNm| zih4eLW_fL#`seZcU`()@^=fyT-3AXt3D@w)F%{_6Cs`>E-P`Yf*_2axF1u3Am+jEK z&u{Q*zVL&mIllRE%_skTY4Vg^fnCczP!pcj$HoZDoJj-WWu~W4+de5ebi~copmU%{ zfb_=YR|@wpM-?Hj#Mn5s9Js!7*QdZ;Te@+UyYw@TNWUf+4bcD2OFB=A&qO=Zoql|{ zfOqG>f~s@jlxLLR{_nQUT_2b=6a>XOuv4xYmhN8gv{+f(o4iamlJx)pkIJP?nfMdgm4apPL-%AO z|2MNfGt)%dd3ksIxR7Ypfff+S%9($Yeg4FMcAVK8&ZFs+4$pR;=OTEXfu35TUF1D1 z0dEvO9NszHgMH7~wwgtcfU!}1{PW?y?M(WM3Vgw_r+&H|c-*M-zoCh}=}y`N4yImi zP@($<4WBw&(N%1sZJc2ceE6sc(XBzHUT_f1w2S!N?E*_h5tmRTJiys7opsVX2+VeK=48V(iA3UeH{NR-{#YEgeaILVCXT#B` z4(h1q-(fAqxx<`~FJEjTWK`DdKSpmU9kJHFKt&aYn-_N-C)y$PuPzH_p(ZqY^j6{*p zFE>Os{k$p5hHLL7f_yu+wCe^u)*Os9@XbbEiCnEQ?Q5?#BKf-8&NjHKtPZ$IR!NTB z%n!?5#jLEpU_ykq0Zj>8?6gW)(yk_Mc}A%uSSYEjH`3&jFju&%qUjCLuf-9HWH*~hD z8Dc>L?={Pq1h$ssFDm~z7ox28!i-rBcZ}P_LevU7tCqbGCavtH&Q(q}asET}rjz1y)GuTY#&ut%TejRJ zLBAsX7`4pBTvkVA;Xc7%WZ14QZ;Nt9kFq2@xwK-+fNiT#lToCr3YMHoQ&~f4>NITG zzkr-3ZGPl+f|1H0iFhMZvx3`xv(?j;0b+d zC{`r7_uJ0n7h$+Hw%G-ul!J6LvUMPOWszvIwYVY)7WQ6mY$vg_lYFn&9TPZaxi7ho zA*aML`$_^-$~ffP=UYrt%j~RKBo#FCd#9CV?l|v&kQwE4JJJ#L1Aa-fFg?%1B9V%Z zRPqc+2pGkK-qf|%n=Ii`j8;_7P^^QTIz1rO7e$p#!bSz>$1P}Pw!RDuNMf5$ISv-V zKSSp`oh$oLu`AnY7A3e+_~taH-!wX(Iz17BJa%-m7Y$pe^2RV=y9J$lbTqPFEN%M@ z6ENI0rY9UXnb|r0Akvc4RlZB2D7Dt_y(aWjaoZ!_4G!6=?5wenDT_5?e<7sO#Pr5& zPf{D|FpG3A(N&;*ZK~c7RkLMHtU@+L1SLHJeS|@?^$cAICl$k`*{_v&j~+QQCaogv z+)DxLPw~uf?^K*9&837b1!;=4i4_J!jsE&<`xZ_|2m5@hm$iH=&hN$((5r2dOB$2` z)?{}QL`c{FX4|&9KusIWfuB-EGjBV#ZCgY9eQ>Wfp-!wL^iel+@q?GH6FL#;&VeTA zcZPlRKKTn0YTphY=SxO-l76O|`o`7xHQCVz8Vn7r1*P&KRCbn)JoqhzB=?SV?qSG2 zr^xd(M`tO6(nKV$TM`21kK;eycEW9(iMoY>Am9gi_E)v7%H))jT&ERLb2TUHf9qcg z43D2T^h9hs5GW{e73VLk32_MUH61-sC0YW>$W2p2%Hn|QETjWm_G8L-{BNx%3wWP64FJ_+N%>62e244r-(J|Z(kk|J#g zni4GU7R)Y!ULESb`J}e#)t|YN`!d6f*B-p_HMh-UvM;KE5XKt^p`>|qU!cm=IW*w| z)1#v6I_D0F)Mu}m4uOSLA5t;zks1Bzn-F!MG55vd^0ZBeku4B8~qSVp00u(Nos@u~6H{^{L4Td}?6T+(=>Z0?5MDYRBMviYY zrv|H2jUB=QbcXKkpd!zeO$gN{A0l9n*App zqHO#)&zk%8Z02JqDM~nUqr2ODN^*FF)K^jM+XY$Hheb9}HNM~DVvX6@c+d7*-s1pE zOV*Tqx=I7ExwHqoKX0Yx!_^I87aa;_E2x=d&~2@xbf$E_pI&+w@6bq9t!1O@K+sEg z>xI-7l>#r-#4veo(YZ$#Y*Z`6Wtu{{;jRuHGJ!z5(w(nCf_1;@ibG0HYK1K&*CTQ( z)7qw%?FkbDCU)I^`I!B00`mmdh)-d5rum|0%_kApyZl)*FP!hW1{>2WcTkJsfyAJRJ@lDVT5fw<+xRmtpE#(Iqa*_5P(d-7;-EsZ5tVW=4>$3a zue(!*#NOMszqJMdI6gz^#Z_-y*n+`8KGP766RIilwQ8CM^ z%OnlA{>I4YcvZq1Ei+XKfjQt>p|AzLCkI2Tw@dpRutZZ%*0omn&&Cuyt?_m)UJ<^1 z53}ak7BJC5obpN@{wk{_6X44tnhqB=U1acXoevIXdSrg%-~5Yeke@?AeZ153xBIUA+BgRa--JN#}F zpDQ*$yGp5mrNz)^+eevoz3)(~d}RtBBVy5PxkUUl2eDn!HIGB&RK=1cHi?w6i593^ zHN~NRZZBqNqL{bs7h2JuAE_9Vh)?jTsa>c(Zxj4>W8d7FcW}bQTTvlhH6q*gz(N9k zTadIQhZUU06FwK(VX3K|{pg)Z-v|R6h6p?(i=%{4jT+?TYTFcPgPDYRg5TN_-~RdY z4Sr_Jx4IkRZbNXc`FQO5X0gCH=tT4*rQwTdO6`-g;VYKJ6~oK(ZBuQ|eaUgCl@)AZ zTSwXSxFlhKIH#4%AK+%)J0Ax+uLT7b@C53^B39b}u7J$9E_v{c7WDF)u@+1dE9jaI<}0#&A%VaQtm~0y4h4;35@LolbN%SW0hg8v*A;lT4%;Bi z2k`Pz${Y4t1-B8A;i@%;^n5HeNoZ^r95PB&Gj&Hh$iN-5aMfVXAJV52y*-hRZ`+nz zxA9%xcq%zm1Dh1}eq?gPyIO<(9C7Qj09K8(9J^A!0S}lr5Qw+TA;oPrsm;~+nRi36 zgU(ns!9%s_KD%L!!n35R8+RhQEE+mI?VP*(C1P>I%<#jS$vWSt>0s!MIXDg817(_loK2jAW8~%qULgd6TU8nSB=Z9X~*%~T4b{j2{jz}?G`x8 z%67hQpN#M#F~hj8ialT1FKL)=sZw&;(7B67v=UzGG)$;Tiie|3U-;5HZX@ty&zFmy zA5A&k9Jam9#v$MEhr>D%?T4O?`MI6+0{nd88cxIdITB$$ zyb=RRT)j_3nxqp{m7#zkko>)J;1#alp<^|$g@me^s9^ekzaj{sh_IEbJy^KrUm&m( zfOhi@K%y>oJiW3LY)nw(>zVs0;!W}uaMQl1;~@K7o1lg<-S_M|R;Y^pcwwbIu@AS8 z!XUg?Y0gHz1>2Sck2&fna9R zlCAz->vuC%$;5lw7y7%m|25{i#$>mR8ssL@BZJ6J`^UFZ@LZ6%lFncg!edgSW$JoS z<-xc8a>y2Wn(8{UY463tNoYXGg}eXVCm$9;Kn}!>?a~d3?hc&Bkfza8b>f)5aYtfx zn>42*%}!AJ<7cbi@i15BZar4`kQ3LZYbHSm5yck^_Hq8!FL#81Pi~mcAAovPTo%x> z#1bbX)`$ZE{!TSWHK^0X%L=DANC*u-qiaCO$6p!e|7;Y8wwY@#-MoVMkJEup$-Ph~ z=08qHap$S(^VvFeJ$a09hw%FKrLL|<(muSjf*l_h z7(mKI=3?aVh7TB0BT#YDfhNw=wXry?1@roER4MuY9UuD5(H_1>XbnGsygF>zFcy4# z$bcMF|Fp-O-x5xCJr%0EeCmk7Mt=+v{@7BjX3ln-2>gL@>sC#3>KT9fbA2 z?Ayi225Qu5f=l zG1Wa~Q&qNf+naDrWV}{kU$%%RniS7qc_czR?wD`Ef!rH^gByD}k)s?Y_y{J(4c(Ur$+Skdui&Z|1!`_gBCI3wc}Vj!K+K=gGiN7$IhcEf&87S8gxg#*1B)s@xFf z{&ZpzJe5{lh_>ec-J$u_X{cYYWd(;l0m)?mZn8Wdj*63np+CciR>Yuf!Nf(GPJ2Ru z*=tOn?48X8H3U8$mR7BT8XuZQ!1`?p+bjudko;M=2_KDQV&sdUA`gh($2}2A+jVOF z0fU+S#A-6z+GG_6{+_&vpbfnt`%pmVVL{>7W(;TPquvSs4MpPxwf^9LrP|^MmvB!0 z&guKN5!cnjY&=3sR#;fGsKXuwc$B@>j&bC~J-=%Al2@6=S3l;sn|V1cgK?R5Cnf#~J7c`r4f)#=NKWPAN4ZE)ke>4RV2~RylB<)==0$c(5MRe@Cw(%`^#e{~EuJ8hlbrLNI1ZmlA%a zL5JUW>iF}H`C6XKRbKn}R)5b^HHpcL9*BM|2Hk#Ek)Jjwn3e$j4x@P4Z7LHpAB`@` z>9tgSt|~#0&58ZL{)8UnKt3Q93D?pD@NG7 z_2YQEH`wxuyZ;DbFnWfth$v1nGBBI{65xD);-x6wr0tP~T+ri~M~iwRm;=#c{>3)! z|I=v?H=n8H+D&Z!kc}Q+Qux*&wN&;w33H({K)sN(vba(5`TbG%Nclal_KvvB=*U9< z&YNSY9$Qq3ukvfzFcgYEnXvlxQXS-cS-W@RVSx)*8mo_Izx!{a0B_QPIHP~!(+uTW zXE@zKS}fDj`&q${Be(Ojk)O=lJ9{1~E5@oPJ!YJ;HDGZ8tDYpvct}abX{6^TQ6CZc z1}D?)&i$ao-Lur&5n8h%gVwBQ6H9(C29>0jAl%5w`tP3LAVh4EUF^!!3(MW@Z`>2I z^L~x(=KG!M&(oqyI*aKmrn?>CI4iuA!K`BRi2LWdJsF=)>(Oix6;83SMVlI} z(Tl|Ijm%(3)qNn;zbgS+ z=J7lDhk90j08D72E~;#C=WM}nnd*;8`q1SZAOp4gd2BU^UEY=dzE*_vyji+Laox>> zKi7$utKb=*NCK=*I$X!zDsTGn(;l)m^hc=sgPP}L2?^pPZlv*id8G36%U$-ktGUCL z+1&L(vHpTMV>hH4gQG-s6?%Z9aPId^{yW-G@F2GM;TNnV{_NSPw&ZGuP(lm>rnsvc zk3+sb+@;WtW|g6Ow^^|JDb6c4bPlGQ%SO8$Ol_84+_*OMN^a4&yCe;TXCT zCfX6{*os=hLZtC@0`&Ot=IK|QMEkp(7ETZU&SV~r?X*8iK5w^GOn34|^M3anAr>kq zXY6^xo)?B?nM`+%47BRFcH%|c>>J!$Wl~BCUQxX~WtS~9E5miu`RkKZlaa01V)nDW zzk}b5f%_O=Ex{4%-73CgzC~JRfjNsDf%cu`CyaEGdRI>R?896bdlhw%;#OGLdxT2; z36ljcIkA>*SrsLgQ$sz99MJMf#cA0W2)wxGR6V{EY z9M{(0-rfsa(NnU=0Dmit1EteLqL@x%|V+5ACv`?yBJvHd}= z*q>8Leo)T2B|k}ezYMRWC9a#?3HUQ(=DXg(Ba(xuI9}QJ1TM2U93G;_ksGGO=`II^ z0=-lJ@Q%;q$0$I4jA?S1o7C%t`K3vSq8=Z1s94I9_9nJi|4U%K-lLcy@`+kTbidy(lp znBi7w9f+WVatKOuWG)-mv^i)u_lB(^+)`aYe1Y%l8n6Eva1>28{Knc=Sk5`8M0p7RD zdsktiJ~f`sKFwv^#|w#w@~V$;@iN09N(w!Re>~6>@&l#ad7xypM4GeC<6Z4C+_$*zgb%Cd$HoYUdxB+pBSc4hPR=KKxk#TSHOGmX0jpJq2N;6EzO)Xi98Vp4tA z7N}e2Pv-3jp^@e?GlTpyAADk3sK}pBnO}`v<Y2NjZU2DU8=;KgcnpU5yT=&h4%Fq{ zP(uutSbcuxnPs!XQB*`mLhd|uC98!{EAeRvW*l6+gQxyxWOT_k<)_ZnKSTI2YVt`N z$tUHMi0bu1&Kc<4PAU|3+YB;szF!#xL3tBjvr5T^C`tb~=&v)O*IyZ1c|c4t7Zqt4-}v z5Is-H*v14D_6>Z+_fXY%Ap!3db;D8G#ED@ZehJ%f@`S%Q-~aeq-~~Mi;O|cDgnaBL zXsh(IkY;o>rEdIo-Q34sD1{z}EzFAT85>!oJ^v6ugSaK&0P05v zqwJxERyK5N;%%5tF~r7zGQ{ld9a>g|fppS-#Pn-lSrslw+JC?TZNQvlx^J1If;j*c z@Knqb&sVUkdEixu)ktTI^?+<1JM$Eout-yAzYASLvzucbZH{_F-sgPi2cxC)tD^JO zWb1luJw4|)AJ)Sf{S%PoxohkcQS=hq7JnH1US()MiX16;=*W!4&r^$ z8c%>S9gjB2jwAOd%*y3lav)MYm<;YU{++?UWCC0Ob734Xgs~10?I9Gep;kdAF5Vf) zH1IPfH51@y@7WF8GAJ4@J(p~wD{c~MaM{zD_$JpM6Rw|oSlr_GqeEV?wHhmR{Z@)} zK|AaZJ<*o&o+<7cfv$3TxHROW2af&Y=V+;YgKW7qe;A5}Y$!Rhm$%#)(sqJpFL*?8 z@;!I4pTA^73i2%+qGcC0luS=lys-#hwVEEdr$f&57C3#kcYi$%FchQ0uDoZjioH#u zao&lP>#axW`Zz+AJsnrmMIe$jBo1fX7UML`w+f`(^B5@~8^-iSLedHfkQ3B2flT(tza13?v9ow1rQ`rHo?9nHj#cuCpLcXjijK^ zI=MZToJRx{rHK5C`$SWA# z_SGuaA_Io8N4w9!KBao0%#-*))MXtu&2h7CN^)yu$$-7v&u;mG+5?>2{FUEh)i+8I z0VcW0Phct)lZ~v`M&hIdCpHXq;>ztKHb!qd=K-)fmdWFU=EPMr2&j`97( z>~h!lDf6L`Hn}gA93rea0LzwYH#m1^nxmP?%?}n3XDTzW${70y=f&Zc z$T?M5y7JEbXwIH_fu4Q?cV%V^+MUDxvADb6w}F5u^`w<*9*5ENrHL9|N50D!XoX|Q zj|8_we%bh-0T{_WnNQ}7j`0rT(zD+UXV+#xzJTJZXkB@)Ru^x;z8TC(Yy!!Irm8fJ zy=T!pjiRo-@xceU8}o?#YI>%2P+NU>3xs9lP4Xuxg(6D_Rdq)Ok}V-u-}Z;8WG418 zPOT}ez3i-C^fR-YS*jmIFCbpYp@zv^JZ_v^0>3!GFIeBu81WP~e_v%xfuDXGj>6ZI&_=@cAXVG=T zTdJ`as!X*Bk79{)IG_+TvCgsP!d$_cqY_fcja*eD-)RfyA3b;n)7L0Mf_tIqVh(5; zvF(dZP3qY^Oo0j3tZ~l91|B5$0r8vyNLf!NN@l((m^>ufr+LRYr=l8SlJ8BQ)E1o$ zzrf`QLd5jRy*b=j)Uvfn7~RDdHcl6m>5%m{b`vEQA;r&9ad}aSB1Fiso@=Eg@y2vj z`oYAo;K#|wTyN}tiRuo8Uud@WL!UKgKnVJ@_DSc4Q-Hv;wuRi3(Yp?sECQ`TuIYN1 z9HrZTD$%t4>j*%5k)ACS*p%TR=@n4>S)K&o-E825&` z#X*QbdmXPz$kI;y{^XYSXG0FECPeS01L3}hbUWU-`p02))p!ZGA&is%9q6mMQB026 zmSmz-!sZm}nRsfNJ&DJoC;fce+@cRCpbd77s~ik-Cdo*XN@HqgY(jFEWziS%OIOS= zU`?IP6C4)QuQY<s!^1=Dvv}E~Bc5U41 z0UMoZ$`j_Uz6!@yTbe3&5m=6E>SfDudmAPcmA_x3rDzJ&B>njuY#D(!(~z~ePp?xj zMXj0^BV^#4c8bCDPb@&XS9F;U#(pm0yc5sL;$G@hgp;~*>3IoR|N91z)9K4ms?_Bs zdr-*Ov##xh(H&Vmb2DBOijyQPAxzb~s3}|r18GL+&ra#?u#dsR1S`T|bT`KgVetu2 z=BA}9?zKE^_DedaGsF<>+!q>cU!&pdITe~Ale%`8qA7IfQg;u&c0U<5`N?OG@EN;G z#{9`(WS@lE3mR)*F6Q@(LmfKypjY@Vc50CFL9>siHtYx02G4OydkT|p4iu! z{~_H65}s6L2%=W7)@noHTENE9Lh+r4K#mb_X#PyzcA8pl0YL;@G;@5F#MH=h{TmlE z%bh*_)WVBZ;x*%v)~3FW%gO5_9%u~ns@yX;b_dVsvGDn0u?iE0B?DBA!t?fI%5T3c zJyoW^YyBi&j8G0@yYHc6+%^7B`lWWbFZmcvL4V3`JKY3ir3id|Xo9%^XWywPg^~Q& z$$=!hY$@S$!@#2KCKpA>Kb?p9A3T-(_m_a7&PxfGw^sJgOL;3<0aBNA!-hI|#7RSMwMhl3 zq1me*f$b^g6eG~uXA8`V*h!IvTJD>BMuLzHgsE8#j8JD_&hC&Q?0`i=dZWk2peF&$mzHTehq2h)pqO--I_75aEn6>yaWIRV~& zk7A1mQPHbY3y@44W$>o|~A4i}VCiR#HzZ#V8|!|6 zn@(WRz2WS?Fz8U2nqL=nm=8H*q?adVlH42I5kFs5O;y&M#^{|=Zz8uCNfH#5`aq67bOp}Vr4uZHtU|K_%T;nR|DTWI+h)3yE+HauBiYRCo2*)^ z*FkcJ0h?g>3t2seRM7-r&bUH@h=Z~GmEAlKtR7~)0e<{%re;g%za^YA%xJQ;nLMo#f? z0MstbUg@;2BgqTui7FVCVilZ$EoBCHrrJboN5`B2iV0Clq*_CoZ8cCb}!1OBfWni#gXo z8ojUos-iWF&%G!dx-Xy_olM+6L2q)7=V3ZhapH0jcNXh|fLAfSVS5D8!)5P~9x z8k80x0`DX^-``v7G4D6O`R}du_=mgT+I5^IKsg$fFBn*_F9!3l zrdqRf<3ykQn?P*ieblB5VtF=$|CEm9#n>b=b3s(Tf6aJ6XWw5Kj5W^)bL$ZG(5PT$ zNkL+?sZ|V493%ah1Iv{;g%RB&YoWXWEFX_V^1OFB_CCf|P;%urbz6 zxErvoo&P7K2mM9*gs6tDi zyJdm}U{=a>ykz^glfB)Q0r(Ku_6um|D!*7ACXCr;el;}2-SET(Q$_~Pr?d$~Im%6| zXq#s@HuGhO8|00md5;3GVz5xPHdmeh?VGKFLh#|D&yxn2Vz>U_qUzAsdQ1)|6ru%6 zEdY$dr(@b%)a>&xNHJvaW%*+`>KGf%JuB8OXi(kH?8W)(=dZHmf3P*ThrhAUyLRY^ z0>{p6^Ebo!+dV_l?`(|S0Thk1Cb?e$^#Q)Sw4o%1KjU0LV+F8gqUG{u{;f5Ozb^(DSDitl`e|V{Vkmf9>_XHUuzM z^rQ174D(`z2>g)9L*TMpV4UrA9yYqDktZC;tes0O8@}!fwosYzdV75RAFQBQywPo@ zu-wf;<0(!_?M`W;zEd5$Sd^iDL>G?@Cg8o;?exXqwXX6Yh>!#!7+ zEP`h0XOK~(z|b#^M+cJLFf1fgn zAc_1sUsC0)vR`g(L!LTc`92>0U9>8MLRr0+E~DB~wL%H*dEhasnoU!)Z~UTdANuM7 zdh?f+N~Y)-t8N>ndsakc6wzmcG__3(TLy2VMe0hN5|!X%F?E{-Ld;6vBQEmNgV%BC z*9MB1zMnzt7Y;A;?MhASnzCspzHWTa+4ObK`Tpey`gtVHNBqoZf>on;_|V{TAMx=A zO$nZBSSl^FIXTA$J4q_Z*|?muB4o#KlA6t9z=VmH8f~*fLQJx}b>QLjIj9f0eTLs5 zLK#CAZIHU=fZnuYS>i&SZ9}2!HhkjV%OV`=Q-M%sCHAl@2E^UGb(&_+FozM*4;OCN z%p?3_&yBYkV05n%;84_dmMIv0^6jH1)f%Q!NlqWx$n&OG-kc$wnEi3rZ;lWhL%7je zssl~YDPjj5Pj!s3R3SUFKy3J!kB^QW-YnZKfd zH5BdCYu2IT<358VQI?xcNN0@=)x{t5g@$B0zhWj^*|{frBTYkM#k>NFK`q8@knOM@ z4g|31>Y~z>=cVe~DaM6##lg?RkGSuA68?O+GTJIVpj+};?KGE#Qb*^fwFg9Hh9&mP z&_HP38>d8?a$LnI>JplJaLK0&VD~IYNxk&HiWiw=`~*~dVNEOpKk<8anSplIhwJ5% ze-~wTd6=|{_;p>i&0K$Bswv%TW2IGP`Ba0)kFv<%M-ouCCUoaV8|Rn7&W{NKz@5>E zBL)qWnR8lx`;r?BAT-L-c~fvE}R3 z1I*cp$!`mQNylAnq%)1XVaxlOg4YPln|EFLo`f9!JqWp)KSS4c*16=vwG=PFv?jqRfA{z?p*lfo%}%?BM6_IHQXl z>;M4w2C;p|3ohKu@!hEw+aN@BO+}mvZ0NDO;ory>EAQ!OT@_xqU`9T9A5=oVGW53n z^^@YA)uCm*@WS~4;_oCdL%B>>q9{at%762YAD6bhpJ&#bLksHvE?Z}AZ8zM}Rm1e4jhDejNe$DfY#D^Tyq7h$^OY z&2$F&>X)|VK6H#zA6MXpQ?IJzle~FY)ZD_EFo{JeBb7Pk4jM4%^(Q-ktwC0XFTPUD z`N~w7b2&ia<3oXxq&8O);sqsr`cxBeGUb@fWC_cVEXwV+;BLiv`4`-GmqH{T)OKGZ z;R%nN63H*tvUQ@f-1sYhnOzi-x>vDx#`)_7i)ii2^Dc}Ur)PqqZ?TLVd%QT_4R71> zt{NjT<<<$JI0>exJ@4Pv_pe9sG`lC#90!1VYF!Ci-Oj5?A%c&j`!t0&d{mX&;q2&5 zgv$|d`%jFFMw+b&$-YhfD*x`O!tLHkzcu&wT|JZyZ&f0D7hj3RZ~L8)ZjL_5C#GB~|{;jt`a6*H~M(<_TY@(=J*N~%pv^J%-iL}%A73tpa&a?MO!VS@}{ zv}QC+*I(K{b>DmlfT5THe>SZ=mni0C%xZtIyPc3BNI%sX3gB;YR zqrldl{ih*x!o1}j($Ul?Z*S0&-r|~e5L~6F;BJEOZ@ip-C~(G5zow(bmq5F|4f`$` z{ZJ#s9Dill;V{R3tf={JNlZv0u9#Z{`vnKhEn>>$jF5w+E%b~3rn-TItt~r*?qxG6 zdA6Xhj4={>Kz?X_B7&#UXf`LXvW>=V?^_P|_87YMX$02{qmDoDc%v(j>%0~0`g_EB zV=`orF^)7byYq%7pd6oEnNrtWH2;D-&!0jvob>fn3&gu)ho}U4`pW7oj*~G9rPpSI zLm%82`^x}4JX4gCn^Gq@+|#Ni%5XDd42WHLrah;|WbK-C3C4dYD&!zYW6!N2CDyD=_*hoRoaW`w6nJ zu|Haxs;V;dj(M(a#D85>kP^t_Tgg;f8g}2h>B)&fVtoL0He81+CK(B=O>a?z? z^^3=6bA+kcX3ZjT7LVMEAV}97_zuh=;(;T*kWE78-XAG<|;Hqbl|>74?@I+P=Bh;#Z9G{4F!48Z^qDqIo;L5;iv=LX;~MpBz% zQq{?ykNcyGP!pchN>P=hf;rptuSru6-sDAIhR$hOF^-wxmAl-CPImd{i3}}A%jFG} z^Hiu!=}&w1Q`8S=QFECZF9&n057g2!`w7y1gS9$m$GD@aS z(UdapA>lK*(QUCuRbNFBPVQGXlmPU#jI_+J!XIPmjPK(_-zhq%HQ#6~SunUogV@vG zw7JWDx%I08O#O`4!8eN12MLcDcK4)U?Fu;l{sW9l+U_pSJDW-d@*@AN94la4AV-jb zjWS6znBc%g7kV1)bQQ@^SV`v)y*7MBhYmxmard{`wbCKYimZ0`KhV4ZZFNaKctbIkl13jr$>^NJGHG??42W5wD59FAZecR)U^a(~z}2=0E% z(bl38?j*Bj9$phS=lMA3V=f;s9gqeedDX>8}GB;bY zm8Wl)n1mYoRxd97nCAg^swb3pT~cFiqo2D*pR-4peYf_prXWu?)X10q zc(jZEPhID)Bt>_QPt%sq_;)O+*_P9)o|7Vwe`#s(TkK%g1CVdF8zr69_bpc(nyEYO z+=DT(F&38|0o4&%qXM7+a`;;4cCCmhmYjVB0TZ3cqbWWz}ZzL6*P3bRx zx|s*kB@SB^0h~GQ_U=gS8|M*u;`#0)#=W;bjHTg(0tEB)Z{_TB#D{Xq->E&?dPG9j zKB|)$$@DOmLu^jI#o+Vm)=ZvDz2|W@CcFeM+4dqcb z%!VJDj$<3Hjb0#>Y`=F^m7``H7v3H)ybAhqrc@YLL93P2NdItfHIEa4JDu71Z2 zhn*PP)45(7c6d$?9R2|J@iI>=k$JVxOM9%nU#4$nMx?dqPoQ>Giqbwih>_|&vX^bN zj*X;7V^R8f$Ul;N=~$#iL5ETKhbY(kK?rvjH!t0aP$gy6sqT2Ya%Bho z?{72>MW96s+fSYIz-P{;`$MxYA5?`ub#PRauRgdOwIP<6l)U%gr(GPl5Gh2;RRUA2 zVEyKfm`ekz|5nV>$4qu!StB|J(b4+HgJl(6-l43v#JoOMZ zZvc;YssqQ>uW=Vgr7WdK!vYGAwSq$pSh4U=K06xI^9QJ^0QKVAhG6c-&tqObCV?6H zAY?vLIVFX~B{)yMV&e&0wh@*pE||#pJknQBd%7GoFI(wL3Pcx48G@vIGvG(Uo zG4Gt-ABvEwKawD{#j%;-F5BIrUB3+$1dLr}!XyFBdnGK974Y~|zwGruWew8968w(N)tk2#69o7gQ{@jy1J`aFInk2L*%tN~IH@sOt@SK; z_X(C;IoH1HL{T`DwcJlc1`Bc@mDK7ASbZJvc#6tIutYvzNU__^Aa9PM$s4D6#+PV^ z|Hfsxp1YV`FdZ=PBuPkO`l43aXH_CT!!220%bUqcU>mJPjuw`iro}nn{Zs_76Q#wx zg2itbB+L2YdgsaY0kJ1$Ng*v$GuG(PZlwK9N>NnKQZsPDx8b4F*H*Vz%h9k$`my!i^9f4rX^cB86MmC!6z$zs&>gXs+!4SfgUhKKRRmb!R#3ae zUeDG2g+Rs1p_;I5qeJs{Ic+wF$mz2ZFwI^3=gxthaRqEjwM|%^|vWnV0 zJo?Q%COglVx1Tf_KBGiOk!s{Up+vg>CXCt)>)(-prG0!YA)E$51{d2cN`7Q-E()}R zCzMVYFTs)Y7{Sw$Uk9#)wnVdaU)uRw<+y8#c?K%8y$z~uhZlCgmO!8ZoHrs*y7FdPhHf74u1z$S4RjWN$NASu0bsn(&;-Py~)=NGgo( zJc898s41CiL%JbCcq~TarZugsBxn~*KGsN49F8x5uZmQJ4mLX?JUyt(OkfjbZ}_h{2`^sh$1keL-%s!l$=Dz91tr7YVf*FR7RK-s+#sO z0KHIMi-{m%kv80dm>Lgv36ZIqutWzx*=ZXRWzGg1TC?7ml@TrXWAWjE;b)cg`0i?_ z1Q=ARIbp7)JyL<6^j5(0e7l9x0U?>$wHf&(G<|yG-t=mQMK&hO@xzKL$C6dB78^Cs zf^y!Y{7O`2j-cpm%CnWUSs!Re^#T#@2Et4sj%GzF{w+;hnK#1ajKprnykri!f9xqN zr&qPy=iKa3B8C(?J2IQuHtmc!cpcOOZGqNXTw;9kB3I>NKj;?U9-4xtyY6ua%Wvb0 zLmA%<->G``YwpfHa56D+=h~>S&Hj_$DJCw-^3~6Yr_MevkWO_vf&&O5VmEm}VQm2+zpZ;PX51e_=rXl-ctgO=U=O zx%wnl(YVh;SzRaZtEf_Hjh-2{q^dxS1Su8QSYBp1H zFn3tAm*zL@Krdw&h31sQRQ1kXBD@3cNV2`1y<%nd(5j2dg8~<)j+$zd4+jkpc+h(4 z_t2Is;h~&Mf`6FBkCuexlMn?iE?(8%wn_gJ9XnT1IekrohoRX5hmCH)9HT*NzW8{~ zamJ1v?B^g_8fKcxqc|#kAl}FEhvHmQZM5Y30VLY-&(;~Q3C{?hWqCS!oD{H91^=oV zM(3T{eG+OTR=`cihV#@}cj%TUYxFO_@RMHn;Td5ws(nKAdoZe7Y?=?YT(!AL8C|cq z5>V`W9LFZps`vHqEp}_tfb~*al8fLAvz&GstBOK`ZL7VG^YC)@; z=JcS8U38Bgd}bAkLEm4d<@y;(mEsn#csdI{HWTM{#$HGihPWuH`Qcc9Qa^!x(4&Gb zSnH&!QdpDxt)4>=1^EuD@Sq>nDBQB-U%c@# zUV>AC&Z;Kc>v75bgrrOdCIW6N`Cb@8Fo{4he68F?l^j`_&F5S}b}%a}tKjIIRd-2q zbJOwRAK%Pt)B)#SR%zH=8-$i-6mCEIMng^0@y4J=T(|wrIzO?;}B%gO!U->^*GYT!E|pTDxQkT*;F9$aIbC=7cOQ1|US6gE?wSc4E65WNzrpT}Zt#*WP?>NCaZqjpm{xT`pXWeTUuZ2z6@} zw6s~@+QqSm_n!LFal~P_uE!_=Vt7vT&}z9=15kO+35Ku=0WQ~JY>Cd`4_vo=!{em8?p5Xp-c^q?(87MAz zXpr-|P3;h79uc8t>BI^zc#hv;*5ICd;1xDouTbaeE)k^OsSPIyRs3$(~8KxG02h_JeBJcnPbw^QEqDN3wL_mJr{J zR7D@%oOqD+8ec?>G(;4bPmbXu@Cx%yXTN0RZ%w59rJ!ZQ?Vq%YulAe%U~bq-mCs|B zEMW*QHr0qCy}D}Hayk47M?;0}WPqc1i2vsDY{E*;V{OXDD70or zlJJzrv}q>tk!=q* zhcY1i8d(FT+ITCQHBQ|C@U`qamPXjo<0u;v=F+6Fj0+ldZuBk79d-iVW70-3OHQ>Pd~DyZ+2K1(b=kB zoBC8Xlh=Q&HMx!V`oFN+p^I2DHwaSeN#6Ik>QjI$bvm(2DS@@5cTNLFqNdXtfJQ#P ZDzi%~H6Tgzum|&h5N$&(q^48k{{n8<`OyFX literal 0 HcmV?d00001 diff --git a/docs/provider/pulumi.md b/docs/provider/pulumi.md index 22f0d976828..d8ee9f46cab 100644 --- a/docs/provider/pulumi.md +++ b/docs/provider/pulumi.md @@ -2,13 +2,17 @@ Sync environments, configs and secrets from [Pulumi ESC](https://www.pulumi.com/product/esc/) to Kubernetes using the External Secrets Operator. +![Pulumi ESC](../pictures/pulumi-esc.png) + +More information about setting up [Pulumi](https://www.pulumi.com/) ESC can be found in the [Pulumi ESC documentation](https://www.pulumi.com/docs/esc/). + ### Authentication Pulumi [Access Tokens](https://www.pulumi.com/docs/pulumi-cloud/access-management/access-tokens/) are recommended to access Pulumi ESC. ### Creating a SecretStore -A Pulumi SecretStore can be created by specifying the `organization` and `environment` and referencing a Kubernetes secret containing the `accessToken`. +A Pulumi `SecretStore` can be created by specifying the `organization`, `project` and `environment` and referencing a Kubernetes secret containing the `accessToken`. ```yaml apiVersion: external-secrets.io/v1beta1 @@ -19,6 +23,7 @@ spec: provider: pulumi: organization: + project: environment: accessToken: secretRef: @@ -26,7 +31,29 @@ spec: key: ``` -If required, the API URL (`apiUrl`) can be customized as well. If not specified, the default value is `https://api.pulumi.com/api/preview`. +If required, the API URL (`apiUrl`) can be customized as well. If not specified, the default value is `https://api.pulumi.com/api/esc`. + +### Creating a ClusterSecretStore + +Similarly, a `ClusterSecretStore` can be created by specifying the `namespace` and referencing a Kubernetes secret containing the `accessToken`. + +```yaml +apiVersion: external-secrets.io/v1beta1 +kind: ClusterSecretStore +metadata: + name: secret-store +spec: + provider: + pulumi: + organization: + project: + environment: + accessToken: + secretRef: + name: + key: + namespace: +``` ### Referencing Secrets diff --git a/go.mod b/go.mod index a051d296112..8b67bd27ff0 100644 --- a/go.mod +++ b/go.mod @@ -89,7 +89,7 @@ require ( github.com/lestrrat-go/jwx/v2 v2.1.1 github.com/maxbrunsfeld/counterfeiter/v6 v6.9.0 github.com/passbolt/go-passbolt v0.7.1 - github.com/pulumi/esc-sdk/sdk v0.9.2 + github.com/pulumi/esc-sdk/sdk v0.10.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 diff --git a/go.sum b/go.sum index 829c5202924..ddafeb9c512 100644 --- a/go.sum +++ b/go.sum @@ -596,8 +596,8 @@ github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJ github.com/prometheus/common v0.59.1/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/pulumi/esc-sdk/sdk v0.9.2 h1:I+kKa7F/gY9lUiHEYuczHyrYB299CavG7rAB1yXybSw= -github.com/pulumi/esc-sdk/sdk v0.9.2/go.mod h1:J6+8bCUJyLXvYOmTAc90/EhU1iUPr1Koo3NUnFzY78k= +github.com/pulumi/esc-sdk/sdk v0.10.0 h1:tVZGVSVgSf/3UkKI3iC9E287eXw9VERvmdI4vN2BD4o= +github.com/pulumi/esc-sdk/sdk v0.10.0/go.mod h1:J6+8bCUJyLXvYOmTAc90/EhU1iUPr1Koo3NUnFzY78k= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= diff --git a/pkg/provider/pulumi/provider.go b/pkg/provider/pulumi/provider.go index 6d6aed9440d..bf75fb6ec18 100644 --- a/pkg/provider/pulumi/provider.go +++ b/pkg/provider/pulumi/provider.go @@ -39,6 +39,7 @@ const ( errNoStoreTypeOrWrongStoreType = "no store type or wrong store type" errOrganizationIsRequired = "organization is required" errEnvironmentIsRequired = "environment is required" + errProjectIsRequired = "project is required" errSecretRefNameIsRequired = "secretRef.name is required" errSecretRefKeyIsRequired = "secretRef.key is required" ) @@ -52,7 +53,6 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, if storeKind == esv1beta1.ClusterSecretStoreKind && doesConfigDependOnNamespace(cfg) { return nil, errors.New(errClusterStoreRequiresNamespace) } - accessToken, err := loadAccessTokenSecret(ctx, cfg.AccessToken, kube, storeKind, namespace) if err != nil { return nil, err @@ -69,6 +69,7 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, return &client{ escClient: *escClient, authCtx: authCtx, + project: cfg.Project, environment: cfg.Environment, organization: cfg.Organization, }, nil @@ -100,7 +101,7 @@ func getConfig(store esv1beta1.GenericStore) (*esv1beta1.PulumiProvider, error) cfg := spec.Provider.Pulumi if cfg.APIURL == "" { - cfg.APIURL = "https://api.pulumi.com/api/preview" + cfg.APIURL = "https://api.pulumi.com/api/esc" } if cfg.Organization == "" { @@ -109,6 +110,9 @@ func getConfig(store esv1beta1.GenericStore) (*esv1beta1.PulumiProvider, error) if cfg.Environment == "" { return nil, errors.New(errEnvironmentIsRequired) } + if cfg.Project == "" { + return nil, errors.New(errProjectIsRequired) + } err := validateStoreSecretRef(store, cfg.AccessToken) if err != nil { return nil, err diff --git a/pkg/provider/pulumi/pulumi.go b/pkg/provider/pulumi/pulumi.go index 75ef8e53ab5..d69b9df39fc 100644 --- a/pkg/provider/pulumi/pulumi.go +++ b/pkg/provider/pulumi/pulumi.go @@ -31,6 +31,7 @@ import ( type client struct { escClient esc.EscClient authCtx context.Context + project string environment string organization string } @@ -49,12 +50,11 @@ const ( var _ esv1beta1.SecretsClient = &client{} func (c *client) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { - env, err := c.escClient.OpenEnvironment(c.authCtx, c.organization, c.environment) + env, err := c.escClient.OpenEnvironment(c.authCtx, c.organization, c.project, c.environment) if err != nil { return nil, err } - - value, _, err := c.escClient.ReadEnvironmentProperty(c.authCtx, c.organization, c.environment, env.GetId(), ref.Key) + value, _, err := c.escClient.ReadEnvironmentProperty(c.authCtx, c.organization, c.project, c.environment, env.GetId(), ref.Key) if err != nil { return nil, err } @@ -97,7 +97,7 @@ func (c *client) PushSecret(_ context.Context, secret *corev1.Secret, data esv1b }, }, } - _, oldValues, err := c.escClient.OpenAndReadEnvironment(c.authCtx, c.organization, c.environment) + _, oldValues, err := c.escClient.OpenAndReadEnvironment(c.authCtx, c.organization, c.project, c.environment) if err != nil { return fmt.Errorf(errReadEnvironment, err) } @@ -105,7 +105,7 @@ func (c *client) PushSecret(_ context.Context, secret *corev1.Secret, data esv1b if err := mergo.Merge(&updatePayload.Values.AdditionalProperties, oldValues); err != nil { return fmt.Errorf(errPushSecrets, err) } - _, err = c.escClient.UpdateEnvironment(c.authCtx, c.organization, c.environment, updatePayload) + _, err = c.escClient.UpdateEnvironment(c.authCtx, c.organization, c.environment, c.project, updatePayload) if err != nil { return fmt.Errorf(errPushSecrets, err) } @@ -144,11 +144,11 @@ func GetMapFromInterface(i interface{}) (map[string][]byte, error) { } func (c *client) GetSecretMap(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { - env, err := c.escClient.OpenEnvironment(c.authCtx, c.organization, c.environment) + env, err := c.escClient.OpenEnvironment(c.authCtx, c.organization, c.project, c.environment) if err != nil { return nil, err } - value, _, err := c.escClient.ReadEnvironmentProperty(c.authCtx, c.organization, c.environment, env.GetId(), ref.Key) + value, _, err := c.escClient.ReadEnvironmentProperty(c.authCtx, c.organization, c.project, c.environment, env.GetId(), ref.Key) if err != nil { return nil, err } diff --git a/pkg/provider/pulumi/pulumi_test.go b/pkg/provider/pulumi/pulumi_test.go index 741d91ff890..e0a8b4fffc0 100644 --- a/pkg/provider/pulumi/pulumi_test.go +++ b/pkg/provider/pulumi/pulumi_test.go @@ -16,6 +16,7 @@ package pulumi import ( "context" "encoding/json" + "fmt" "net/http" "net/http/httptest" "reflect" @@ -38,7 +39,7 @@ func newTestClient(t *testing.T, _, pattern string, handler func(w http.Response mux := http.NewServeMux() mux.HandleFunc(pattern, handler) - mux.HandleFunc("/environments/foo/bar/open/", func(w http.ResponseWriter, r *http.Request) { + mux.HandleFunc("/environments/foo/default/bar/open/", func(w http.ResponseWriter, r *http.Request) { r.Header.Add(contentType, contentTypeValue) w.Header().Add(contentType, contentTypeValue) w.WriteHeader(http.StatusOK) @@ -65,6 +66,7 @@ func newTestClient(t *testing.T, _, pattern string, handler func(w http.Response authCtx: ctx, organization: "foo", environment: "bar", + project: "default", } } @@ -73,7 +75,7 @@ func TestGetSecret(t *testing.T) { "b": "world", } - client := newTestClient(t, http.MethodGet, "/environments/foo/bar/open/session-id", func(w http.ResponseWriter, r *http.Request) { + client := newTestClient(t, http.MethodGet, "/environments/foo/default/bar/open/session-id", func(w http.ResponseWriter, r *http.Request) { r.Header.Add(contentType, contentTypeValue) w.Header().Add(contentType, contentTypeValue) err := json.NewEncoder(w).Encode(esc.NewValue(testmap, esc.Trace{})) @@ -342,13 +344,14 @@ func TestGetSecretMap(t *testing.T) { } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - p := newTestClient(t, http.MethodGet, "/environments/foo/bar/open/session-id", func(w http.ResponseWriter, r *http.Request) { + p := newTestClient(t, http.MethodGet, "/environments/foo/default/bar/open/session-id", func(w http.ResponseWriter, r *http.Request) { r.Header.Add(contentType, contentTypeValue) w.Header().Add(contentType, contentTypeValue) err2 := json.NewEncoder(w).Encode(esc.NewValue(tt.input, esc.Trace{})) require.NoError(t, err2) }) got, err := p.GetSecretMap(context.TODO(), tt.ref) + fmt.Print(got) if (err != nil) != tt.wantErr { t.Errorf("ProviderPulumi.GetSecretMap() error = %v, wantErr %v", err, tt.wantErr) return From daa1297f3d0fc79a2ac3632c15c4fc9a476cc403 Mon Sep 17 00:00:00 2001 From: Gijs Middelkamp <17021438+gkwmiddelkamp@users.noreply.github.com> Date: Sat, 21 Sep 2024 16:44:32 +0200 Subject: [PATCH 309/517] Implements Previder provider for Previder Secret Vault implementation (#3916) * Added Previder Vault Provider and tests Signed-off-by: Gijs Middelkamp * Set go version back to 1.23 Signed-off-by: Gijs Middelkamp * Updates after "make reviewable" Signed-off-by: Gijs Middelkamp * Fixed methods to naming convention Signed-off-by: Gijs Middelkamp * Added Previder to stability support doc Signed-off-by: Gijs Middelkamp * Added installation documentation and Previder logo Signed-off-by: Gijs Middelkamp * Altered last test name for naming convention Signed-off-by: Gijs Middelkamp * Adds Previder provider to api-docs/mkdocs.yml Signed-off-by: Gijs Middelkamp * Ran make check-diff Signed-off-by: Gijs Middelkamp * Updated Tiltfile to check for new default image used in helm chart Signed-off-by: Gijs Middelkamp * Added optional tag to PreviderAuth struct Signed-off-by: Gijs Middelkamp * Removed toolchain Signed-off-by: Gijs Middelkamp * Updated to go 1.23.1 for CVE; Updated previder/vault-cli to 0.1.2 for CVE fix also Signed-off-by: Gijs Middelkamp --------- Signed-off-by: Gijs Middelkamp Signed-off-by: Gijs Middelkamp <17021438+gkwmiddelkamp@users.noreply.github.com> --- .../v1beta1/secretstore_previder_types.go | 38 +++++ .../v1beta1/secretstore_types.go | 4 + .../v1beta1/zz_generated.deepcopy.go | 57 +++++++ ...ternal-secrets.io_clustersecretstores.yaml | 38 +++++ .../external-secrets.io_secretstores.yaml | 38 +++++ deploy/crds/bundle.yaml | 70 ++++++++ docs/api/spec.md | 120 +++++++++++++ docs/introduction/stability-support.md | 6 +- docs/pictures/previder-provider.png | Bin 0 -> 21827 bytes docs/provider/previder.md | 64 +++++++ e2e/go.mod | 2 +- go.mod | 3 +- go.sum | 2 + hack/api-docs/mkdocs.yml | 1 + pkg/provider/previder/client_test.go | 46 +++++ pkg/provider/previder/provider.go | 136 +++++++++++++++ pkg/provider/previder/provider_test.go | 160 ++++++++++++++++++ pkg/provider/register/register.go | 1 + 18 files changed, 782 insertions(+), 4 deletions(-) create mode 100644 apis/externalsecrets/v1beta1/secretstore_previder_types.go create mode 100644 docs/pictures/previder-provider.png create mode 100644 docs/provider/previder.md create mode 100644 pkg/provider/previder/client_test.go create mode 100644 pkg/provider/previder/provider.go create mode 100644 pkg/provider/previder/provider_test.go diff --git a/apis/externalsecrets/v1beta1/secretstore_previder_types.go b/apis/externalsecrets/v1beta1/secretstore_previder_types.go new file mode 100644 index 00000000000..03035982fa1 --- /dev/null +++ b/apis/externalsecrets/v1beta1/secretstore_previder_types.go @@ -0,0 +1,38 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1beta1 + +import ( + esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" +) + +// PreviderProvider configures a store to sync secrets using the Previder Secret Manager provider. +type PreviderProvider struct { + Auth PreviderAuth `json:"auth"` + // +optional + BaseURI string `json:"baseUri,omitempty"` +} + +// PreviderAuth contains a secretRef for credentials. +type PreviderAuth struct { + // +optional + SecretRef *PreviderAuthSecretRef `json:"secretRef,omitempty"` +} + +// PreviderAuthSecretRef holds secret references for Previder Vault credentials. +type PreviderAuthSecretRef struct { + // The AccessToken is used for authentication + AccessToken esmeta.SecretKeySelector `json:"accessToken"` +} diff --git a/apis/externalsecrets/v1beta1/secretstore_types.go b/apis/externalsecrets/v1beta1/secretstore_types.go index 899194ab9ff..c9fd73be705 100644 --- a/apis/externalsecrets/v1beta1/secretstore_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_types.go @@ -138,6 +138,10 @@ type SecretStoreProvider struct { // +optional Doppler *DopplerProvider `json:"doppler,omitempty"` + // Previder configures this store to sync secrets using the Previder provider + // +optional + Previder *PreviderProvider `json:"previder,omitempty"` + // Onboardbase configures this store to sync secrets using the Onboardbase provider // +optional Onboardbase *OnboardbaseProvider `json:"onboardbase,omitempty"` diff --git a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go index 9ae94b7a163..06f0431900f 100644 --- a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go @@ -2296,6 +2296,58 @@ func (in *PasswordDepotSecretRef) DeepCopy() *PasswordDepotSecretRef { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreviderAuth) DeepCopyInto(out *PreviderAuth) { + *out = *in + if in.SecretRef != nil { + in, out := &in.SecretRef, &out.SecretRef + *out = new(PreviderAuthSecretRef) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreviderAuth. +func (in *PreviderAuth) DeepCopy() *PreviderAuth { + if in == nil { + return nil + } + out := new(PreviderAuth) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreviderAuthSecretRef) DeepCopyInto(out *PreviderAuthSecretRef) { + *out = *in + in.AccessToken.DeepCopyInto(&out.AccessToken) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreviderAuthSecretRef. +func (in *PreviderAuthSecretRef) DeepCopy() *PreviderAuthSecretRef { + if in == nil { + return nil + } + out := new(PreviderAuthSecretRef) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PreviderProvider) DeepCopyInto(out *PreviderProvider) { + *out = *in + in.Auth.DeepCopyInto(&out.Auth) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PreviderProvider. +func (in *PreviderProvider) DeepCopy() *PreviderProvider { + if in == nil { + return nil + } + out := new(PreviderProvider) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PulumiProvider) DeepCopyInto(out *PulumiProvider) { *out = *in @@ -2583,6 +2635,11 @@ func (in *SecretStoreProvider) DeepCopyInto(out *SecretStoreProvider) { *out = new(DopplerProvider) (*in).DeepCopyInto(*out) } + if in.Previder != nil { + in, out := &in.Previder, &out.Previder + *out = new(PreviderProvider) + (*in).DeepCopyInto(*out) + } if in.Onboardbase != nil { in, out := &in.Onboardbase, &out.Onboardbase *out = new(OnboardbaseProvider) diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 7de4c50fee1..724a772f13f 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -3788,6 +3788,44 @@ spec: - database - host type: object + previder: + description: Previder configures this store to sync secrets using + the Previder provider + properties: + auth: + description: PreviderAuth contains a secretRef for credentials. + properties: + secretRef: + description: PreviderAuthSecretRef holds secret references + for Previder Vault credentials. + properties: + accessToken: + description: The AccessToken is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - accessToken + type: object + type: object + baseUri: + type: string + required: + - auth + type: object pulumi: description: Pulumi configures this store to sync secrets using the Pulumi provider diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index b5622fab92c..5e6c873f927 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -3788,6 +3788,44 @@ spec: - database - host type: object + previder: + description: Previder configures this store to sync secrets using + the Previder provider + properties: + auth: + description: PreviderAuth contains a secretRef for credentials. + properties: + secretRef: + description: PreviderAuthSecretRef holds secret references + for Previder Vault credentials. + properties: + accessToken: + description: The AccessToken is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - accessToken + type: object + type: object + baseUri: + type: string + required: + - auth + type: object pulumi: description: Pulumi configures this store to sync secrets using the Pulumi provider diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 2f3a963d64d..e72f9acc579 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -4163,6 +4163,41 @@ spec: - database - host type: object + previder: + description: Previder configures this store to sync secrets using the Previder provider + properties: + auth: + description: PreviderAuth contains a secretRef for credentials. + properties: + secretRef: + description: PreviderAuthSecretRef holds secret references for Previder Vault credentials. + properties: + accessToken: + description: The AccessToken is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - accessToken + type: object + type: object + baseUri: + type: string + required: + - auth + type: object pulumi: description: Pulumi configures this store to sync secrets using the Pulumi provider properties: @@ -9947,6 +9982,41 @@ spec: - database - host type: object + previder: + description: Previder configures this store to sync secrets using the Previder provider + properties: + auth: + description: PreviderAuth contains a secretRef for credentials. + properties: + secretRef: + description: PreviderAuthSecretRef holds secret references for Previder Vault credentials. + properties: + accessToken: + description: The AccessToken is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - accessToken + type: object + type: object + baseUri: + type: string + required: + - auth + type: object pulumi: description: Pulumi configures this store to sync secrets using the Pulumi provider properties: diff --git a/docs/api/spec.md b/docs/api/spec.md index 9fc7d5be877..24a1618fe70 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -5951,6 +5951,112 @@ External Secrets meta/v1.SecretKeySelector +

    PreviderAuth +

    +

    +(Appears on: +PreviderProvider) +

    +

    +

    PreviderAuth contains a secretRef for credentials.

    +

    + + + + + + + + + + + + + +
    FieldDescription
    +secretRef
    + + +PreviderAuthSecretRef + + +    		 +(Optional) +
    +

    PreviderAuthSecretRef +

    +

    +(Appears on: +PreviderAuth) +

    +

    +

    PreviderAuthSecretRef holds secret references for Previder Vault credentials.

    +

    + + + + + + + + + + + + + +
    FieldDescription
    +accessToken
    + + +External Secrets meta/v1.SecretKeySelector + + +    		 +

    The AccessToken is used for authentication

    +
    +

    PreviderProvider +

    +

    +(Appears on: +SecretStoreProvider) +

    +

    +

    PreviderProvider configures a store to sync secrets using the Previder Secret Manager provider.

    +

    + + + + + + + + + + + + + + + + + +
    FieldDescription
    +auth
    + + +PreviderAuth + + +    		 +
    +baseUri
    + +string + +    		 +(Optional) +

    Provider

    @@ -6750,6 +6856,20 @@ DopplerProvider +previder
    + + +PreviderProvider + + + + +(Optional) +

    Previder configures this store to sync secrets using the Previder provider

    + + + + onboardbase
    diff --git a/docs/introduction/stability-support.md b/docs/introduction/stability-support.md index d89ab0142ec..fae64348d6f 100644 --- a/docs/introduction/stability-support.md +++ b/docs/introduction/stability-support.md @@ -33,7 +33,7 @@ We want to cover the following cases: The following table describes the stability level of each provider and who's responsible. | Provider | Stability | Maintainer | -|------------------------------------------------------------------------------------------------------------| :-------: | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------: | +|------------------------------------------------------------------------------------------------------------|:---------:|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:| | [AWS Secrets Manager](https://external-secrets.io/latest/provider/aws-secrets-manager/) | stable | [external-secrets](https://github.com/external-secrets) | | [AWS Parameter Store](https://external-secrets.io/latest/provider/aws-parameter-store/) | stable | [external-secrets](https://github.com/external-secrets) | | [Hashicorp Vault](https://external-secrets.io/latest/provider/hashicorp-vault/) | stable | [external-secrets](https://github.com/external-secrets) | @@ -61,13 +61,14 @@ The following table describes the stability level of each provider and who's res | [Infisical](https://external-secrets.io/latest/provider/infisical) | alpha | [@akhilmhdh](https://github.com/akhilmhdh) | | [Device42](https://external-secrets.io/latest/provider/device42) | alpha | | | [Bitwarden Secrets Manager](https://external-secrets.io/latest/provider/bitwarden-secrets-manager) | alpha | [@skarlso](https://github.com/Skarlso) | +| [Previder](https://external-secrets.io/latest/provider/previder) | stable | [@previder](https://github.com/previder) | ## Provider Feature Support The following table show the support for features across different providers. | Provider | find by name | find by tags | metadataPolicy Fetch | referent authentication | store validation | push secret | DeletionPolicy Merge/Delete | -| ------------------------- | :----------: | :----------: | :------------------: | :---------------------: | :--------------: | :---------: | :-------------------------: | +|---------------------------| :----------: | :----------: | :------------------: | :---------------------: | :--------------: |:-----------:|:---------------------------:| | AWS Secrets Manager | x | x | x | x | x | x | x | | AWS Parameter Store | x | x | x | x | x | x | x | | Hashicorp Vault | x | x | x | x | x | x | x | @@ -95,6 +96,7 @@ The following table show the support for features across different providers. | Infisical | x | | | x | x | | | | Device42 | | | | | x | | | | Bitwarden Secrets Manager | x | | | | x | x | x | +| Previder | x | | | | x | | | ## Support Policy diff --git a/docs/pictures/previder-provider.png b/docs/pictures/previder-provider.png new file mode 100644 index 0000000000000000000000000000000000000000..55d867d63cd898aa7752f45e14250d9df83d58b1 GIT binary patch literal 21827 zcmYg&2RxPS8}M@+D`ixu?8?eWW!14WBFRYhDzb%)Y)3?hj1tN!LUuy3PNY;aPBvK$ z$;>)NobP&0@BjP0_xF39)AQWpy05+N6Rmgg93uk<1A-uoTAFGG2to^AG56`wkLAYc za`@Qgp=s)cAjglQ|6}~}lzb6{57AOnG4y*p`&Hovr)gjHOceLrrK~_37H&_QOLJL! z1kUj_9%cEMZ8^J_)tS2Wg%hjPt%n?#p2xh<^vX{~+N{CrPIuD^ySNY|iJ2^Rh0?(McH9r{q} z)c<{6OnHvJ!_PfMr&In@jvSz(hi~|_@J}+SSF%^dzc*ZzH_Ec4q{w>?LUBF`mx-f0 zQ&+3e6YEL+o95i4{n}4nZo`@TyR_4zEHAD1@ATm{a$1>kPQSs7AyaZqpNiED5C83p zZrxdKA?WL%D3q0uMXx3$Kzp%jJ^$Q7XsPeLPzEykJmlZ(^~@Pla^a#<(#i*!UFh=# zNAxeEJJPY4zlcI_V@Wv-^1gEC*k5$V0aiwI#Qk|)t*7rRlgs*4QuNnRye%40M(RDM z)5`yMnro~(D1lse|C{kEc1S#Qq(V3 z5dHv1n|#KMOfZEt?8*5)P-Oi_T!r0_@EaMa4?)_9!XJfpb7d84056q(| z#7qAhD0i{Un)!GcFTZ7>8?D9QyP>vlAo9<_!GELZD2OiiD0qqE%ivv9Cl08pG=$4l zwT6D#-hp{zMH#E)E4@v-(G%8bQ20b*LwMR2{{VA*Z42=XMPl)nQ;cax zv^k0_51pvoQ?=;ld&7BS^-D3i;`H|eC}5K0awhasFTSVa26^Gl4<9cNe+8)y+n?i0 zn_mGvw{x4+|Dfo>s}{pwgz!vJb2Fj3@enZmXrzNRv6w7c#kd!Je)tu&KF5=R ztO^%f|G4Hwz8`zCj&dB~j1l_U<`KIC4d?{W8dC54t0NmIyrkBG>P%#|nNF)81ia?V zLdrzOApXdMj%y=2l;_{dd3F+cAtjZla z{Vw+Bmk(_?EJBc_(5<}Ok$TUMU*$GTn_trcwc-rkjD70lL~sQH+xFa(Y)5BchcSwP z5r~uJdqvv?FpzW^)=77KVbbG=x8_>LU!Hw^7TNKdZ_&d${rXBtK*H&Id{^n zKY@{h)jRJ2??*Qjd%BZ5uezWV=i{fGesTV3ZUE;nRo?c_`)P9Y!;@dom;Xt(TKNFG zV*xBsMS6_Ne_8c3ggqolyMPy!@FrEmQ zwgy`B#7>f%8*;}4wr2o0_a{-LB`8rijqf$D5jM9aq>MlKgwD?vAixf233UEiEJcal zSe$c3ssgvIqgz6hioOnq&S8^LD87gNd%a{H@Zh%!@%B(N*?8szI?%9IahdrKGAMy~H?h@mYS-m`0t&1+R z_yo1+Gbn4HxL>`86lnGpi}Ds8W3JoCdWT_L(YFusixzzMQa z*t2!U!+Q>X*#kx$Mfsh0%2`943lE)O9i~>VG&$rUP^dMmj6wQPU|F~+3|Q<9EcLv4 z?_&391{trX`SwT=7Rf#eXU6}c5IDOM4%|327uM0ruA;A?>CFH2xf{LIGbe;_^8byp zIab1<+JdSrTw0&-JqDF+#ZI!+M(@q0CofqxFicEpK z5t8Wb{)pausRM^%0$;O{?}L8%J^|z}%B{%#17e~#7lUVxOhlh&JN{E!eW;fLtmLdE zlyv>>H}sWqA_a0A2UwkhgQ6~M!YSDBjn_a2AhW#x^bTVj<(~t*6dDi6{To~!NYU3e z_Jw;FV{-$)okj;Guu;aGAOW9;$jeP@Z{EwL`{$`7&{1A_d;>_&8dwt-{uz8e`G1dp zz~h;3gC8`BO>Z|S`<0`Z1HC%^XV$LTTaUtlHae6|$A`WRYT0H`fIjk1@Mk+5JPS^u z6OK}b;J+T4nbx!Y2kTl4mdqW2m=7_X=$p9{J|AEKuLt}0A*)H2r!xsI`EPfIcX*T zv=BPyf9}^~e|fnyAjV_xU+OQ_DRjm82%_)*P*f7ar9F)84KQOPm{QJ$`;WXx5lm_4 z&(Ow!mMIlr6v#M_d#O!>t}97FlJW`EH_6pN4YzKu43#70yz5L9K>5l67*Q?br29s+ zV(FN3krn8U|9M(%Z;2oA%M|X_P|mO_M(rWOpo*RcY16|=jvr|N=HIr`{fsx0qK1d~ z*?)**K+UP>w2>}jSmTfeVQXd6<^j4L;rhR$Fx)qyzxyy$LYijNnG;*NEr{Z--0dHV zG&lQLQwtT&!6QW3;~$@+-@!e;M**Gk{m?(sqTiJxDcnkVoN$y1&P5iKsfh5o=lbH#mx8r; z*~xcl2|S=Q0<{)o)^**dzI^C+o5FNiz79E1W=5=V;!8F4?vh>Cby%LZtL{ZvQNtkT zN>0eyy)5$fv&QoQjW5<@wj23_ul*2T^y)0_?)dpdtMV&9QZ3$F;H=PFXjP)$jSM7t z+Xm;aJ!)LPZ1%gl{tvln{ZpWpqyl3Edy|0)Rkh=^{cAsNj(2Z(Kf>oS)HYn?OS ziCfaVv{{`A=2oE2+kSu1l3RC#yI6l(P$>xx{od z%z84}LnRbSG(%_l{dUY{r~7|IS{(JX#B3!gCLbuPa``NU^u3hY{i%^l1I4(6vRVQV}q{XG`(d82dZ+wyr+InGryD>;X{I_0{)>vtg`tqES zZgN`sb}M$N((oy+mtF87ue_pS<0?6^#Ji!?pq`eQJZ}o>C?f6-Dy*U5uW~PiHZtVb>N~Utm z0x9Jk4(V$-cyKXl#^791h>ip>`hhCxLeY1n!nb>av)gEuMOb^Cn&-AFG{WXG-h1TXLoElxebLc$bcuyY&=LnH9`#~&r zCpT?J)zfmP{p!9i*0J`4Al#v04XWzSmMO23j0l6eD0g9o|BAW0UT})k6O#zdloY-B zfI!}Z=XoEutccWx4fifJY-_k3wQ=PVAwr%)qr~Z zyt^KwK-^oO+QJ_hBG-EqD?LI4nitLL+Db8m*{+gJzG>W7??eQS$hdHTDILc}Ys0r4{rz-=*4=5ehbOXhV9I&2JK@V;+01V#pOpjYnN zV|=0`H6c+``gs>4V!yTURY)tpK}9-U7edr4dXag-Uo-$iRzt7n&hErssNJ|sJTX`M zp-;I;dP%9xd_*?PE&9Y(mN-=cH^W`Lu2WIgZcod3h%P)zA+)l6Oh*%A_LN}|(d16? zIypSnoRh1>E_!@GhN`Z4>F0}F=I-4a63>6m>do~jw~S`v9Lhc$TYex1uD+5j80~I< z!~Q=446B9hT@>nldYqq|^W3q)ilMpZO$Bb$?RS^6k!}~m91g?@@jib2B~MU-_oEm! z+nEz>=W+!M2jZo|ZFBLwPttHnD@}U}tb0x9e*H3>jf$VULW7hG72l!$d!;!^n^&NB z)*#ICW1hw;^9*9SLfcy|TVS8Gv#&K&m#O!7)9drRk%V_(Kjs;qYY?k$jhS@oxa+Nc z>HN#A|CjXZsln5J+#OjbqwP4KcqZo=q)k;sBcMrltYVVpjAoz(Sv-b}=X9crNb|e6 z>R6%O>c&xqm?xUYeOzV0OMMH?RSpzk`~5WcnQTEMSAC?9XU4;5Q}Put+McQ*w=v;T zh1w+Yoh2RgZOBYv@luQ+0Nxx=DQzL~fxalfe;dd*sdSrn}8E3ha<{A9i< z6}kJpW0xJKXTIZspQ*n9x}#LKp!97q*-`O)dY%Siwzrz&jGZ8BHGlJZX$2GFDx!0D z-JF#SlJx4PU<^4?Oi-dio2D-%Fz(}JEFa0;7sJ#$&#CZ|iK^*U$EODji8WVQxO;Pk zTB-;3X&T@-Cq{AS==L(yc!((|2TGhDtz=-^tMKR`h7kRdt-mU@oVE9==q15sn>+(& z!{Z!CUQp%kC1ZEJith|#6F3QT=RG^(A!}#WpUM`z>pT4TPB{af78w<34lDrRii>0m zHl4@nF5E>Pn>c^mw$Gq(_vQC3B#53b(od5?h+zyhBHtfbrdl6kQE_IzATs?dhBpsF zhQ2f9m$Qf}=6Mn&Zm7()ckXgGG^hK;cUF>V-QMYPE~!^q`6SV2@Xj-fivxL7O2Snd z*KW{z3~9UZlcT04+!R-7AAsKP!qKnYo8jV0f6&l6DB)8Wh3(8wE*i~#5#QZfcz<2vB_WI z=(XZRoYKB&67z#YEK{HC(o6NuxOe%N4qJ)gU-!4|)g#=Z+)NgWJHyuBn@(7WhSTD2 zgX3miRp~9kKMgUjkvU7*Wx}?&g0R0tWDuaq8*&qiLY5B?ERp@AYI0;Q3p*Q@G)N%^ zhksejJ~es{7Noa5Ke@t(W%lCh4hgmJGCx*wtXDz)14KXu!?EFxyvlmR-3q?+)0eAX zAaanaio>g`^1T;$yLVJB&Iiff4V#mmZ6=;n?uTA*4aY=eQFvOx{*(aR1VM zrt=(y4IQ-=?D3PK73?~AQlH8mwSj=|Cq93F#|~a=P_VpQZGgPoA;rv$6@hJSVrWl? zW@vePwR)8gp6Q51xG@Oq$pMCEf`m_3A~EjX)0voWU=V#skmOs~B3f1R5qH(lvE|MVry6`oqRzH zx8ONsC)e%RG4`u$)z5v4!HP)q7MOgf4C`RTuYA7FzkRrIaDb

    W1BP!kEiRuU!%* zW@mSMdx|;PabN8RIln;602O|ueKs=Z<;_~sNy6749OR^_Oy1=*;gy{3d32Pk8u#Qs zHpP7>xo_}hy{>+NDK}*KYwoR6!D%~#tXGdMlpN%{QdMDcHg@%|SzG(^JAkdq2YGcM zM@wx#2Txq9+8IJzPZtm8du92@bmMOg;$kw6Rgd@5D*sODP*Y*4^RXCENi3Crw5qFr zpzQoG!Sk1djDE8X?yUaOX$2OnL}3Zmn`OdGRfRaKW-mz9=mGCNbE%9Z0yW~CWkZG# zKi?;(WG~FNsAFy)zL~mu&nNds!qFKn`Wd~nrcj7Oj!wS;RgJ>*v*AOaQr5-mC9247 zr=Yj9YJ|P%H~gL&7)jJ6D_$zppCd3cA{PxK6IDI=7OlGVTWQ}tId-?^*p(C9SL|;@ zh+En4mF%pd=0m=vk&Hho^`l&1WSHdYR2J%ND7RRGffS;&kVwnGnc;o2qr~ZHZ^LfW zq0J~$se#B5x-TdJfnz<2P+5u)?iC7eyJR#PiF5v-o!jH?+WIYL`&L;PFQ|J3Pk`spG4(~OG!8GS6>1t~ zG69zS_seU0%kQ!w%IBuf;QBjXxYZg5J{xZ?$t~k158rftuiF`VZ`U!uz2@YIzvdn44UBt{?Zda;anc(pW7ktyl$^mIt$t9)7FC(<9E+-n~`kv7c?tgngt zwELb=$hz1FAwkAprJ&51vmzC^Rz1>~Lf-lk9+K6u*zuBL% zuq)2({+!lA);?N)lJi1CO;Wn0%;AT$-##xb4A1~1&`iOKJFFs$(9eL;+-!XzmH=ajRV4+p9S&WZ7kT{u=MBZ z5|<8*`nc@1sbZk?-bE<*BH1nDX?UoA&_aubyB_$PV#Tgwm7w$;GbY%Yz^*6y(Cfky zV$;b!@d_pv5*$Hhs;At=O85&_gOmB*9`sYp;4*P2hiJFI?~Lzvl{p{3AFDWv=lU5U zZ9bLHIw2|G$bE#)=@BIC#~K6khVEMxn14b12A`bhsrQ-gIi44uukmp~@Kg9Z&fMlJ z5r+!&N2a#~$JI(BHL>smKi zU~g#}<2AWmS9k|f0%lTN40RrA`M6?M_`lCaf>}(F>L}lvu-wNY*P5ba{%0;EJ6`t7 zNG|iQ$7{IyMDM-RJB?zDGUuF09lRo0TigC-29Lf;`wEbm6{}7Y_LZPo`0&D58?g;X zh!+#ovh&yId}v1ZO>^}qTP$czxSf*IHF6Q%QnMq6~1rC zwM0%N)_r_nS&V!fl<{ftuRO=@iCZ%ThC8QnaQ(U?9y-BtZ{DXIWDtN}YVyvsyuV%8> zbmz$noni-Kl;;0}8!`AdXieaYCC%E8*i6Caouivdq7|6()WJtz5Azgay)!v5XT1A6 zdOPgiGl=C6-PvkjEwMYbMOGpDcQ981sqe4x@rbTfWzC5Er*raT3oh2uo!v1;baq72&HKB%2=K(!ZbRgO~Nw z3*=@$$@EB9$aq>2XEf4_K=`*>8Zp&gqiOp|bc5GApgc9VaXG+eo)ItMygL|523si% z%vD3T&VLX4UHhxNQTVf;hf+(=L3Oe;b=J0Z4`09_q&|K@q~!T1Z0ch%CP6KA^~Up8 z{qogMQ9bWT@_BXtQ$rGVJn{B;B{|l$Ij?!cY5ars8F%Z~Y}2pn_1YbX!KOV0bSv@O zkVK{Q0vumEGjZlUEukUPeyh{<>A-o}{wwZ!TAq)Py=%GBiPbxIHod+^NjNWHSsDBG z`>c^Oa=#=kY@u=R;_tGj7iykRLT;e;c2XI4#6cJ7K8#+ql*(1djBjx~{Jq7c8X6jX z7@3u+Al!$%oL7lb{?kQQFWPg7%m=#XpH9A!*Lmu3>Lzon#OtH7Ng-*vLfaeO&2PB0 zflc-1IK`i|^r)y2A)pTk|82xd4*hwND3P?&35!*vzGB`>_f*!I*U_O*r8w`Md&!#F z9eYP^n_+{*AOB(|!a$f|&r0L@AMsmqT&FL$@7lNfX3{1rIWd+{Ne(^Mu-=s5`+L1+ z=%*e3xoLSUf1yV2ok?=1SbxEVo1$$wm_<`!6Bs?qNh2kf)5h($64b6tK6?3ZsATf< z{MS4>tZc)$1HH2sfl|Y@PvuFrS0` zSZZx<=KDUOwiWo!KPkPjTe@f=@7eb*+gN#))ix86>uMQ6s(*L~wH&xL>I9GNH1U1Dv(t)u zpI)FpJzO;)Ji7Wyw9~~n6KQ0=mwjjOrvo+?Yh3K*D(pO8qA6KPHvVJp;65B~ zvRb)+x<$^wYdUh0Jd-lNk;u`cI)lh{K{DW0UVH2F5^V9JayT#3o)WCUFclsJJToilF8;+Z$YVgoHIlt4@n%C?*k(?j*Vrhv`2z^d+H}^R5(tnjGL96 zoH#w~EitX+{3x_|b1*K)2QNKRI3C!HBUbHmieB+dcS?(svahY^=vHy#Mz$W5N-xA& z+ml5*2KAUZ{(R^AG_5ht|(3Oc)U?F|B=7#M=j*qOw731Jbk}8MO>vW4@1EX0cMD8d$v;&HNqFI5O;7uX^E9)%k7=cAL}uP?X6Lswq>jtN^Jt0! z(jUd@j`zju+VV6p^)@gzJkV&O-tzTB^}&iK)lB8K0y=u1U&HdqftV@=z9HoxO957L zWn&>N>qPoyyH)jYV&lENMi{RAyk~=VUIbs(nwn$n*y`NKJS)hx7?L6O^w*tY8nZ;n zmrMzXU<~4q1RJ>?Y4#x*srM8(BCN+7DpXkolEAlbous_w7+;LFv$unza?yRU zhJ1>iIUV78USJa`s#eqXlAUmy&x^Y)8i{rE-k11?)6kD=wcuiGHkq2uEO2 z6Yk>rbLNo(i4+o(=8+9pi=@w*CcL{<+_ur4n>V-Hun5FIJNb!=p%hYn0^ZXy?B5AC z%8~6ACWZ}-){qY^?+nHnTGZ8aRGjstYs!y0xG;7zIx5vQuTr|6_j{iSo$?^jX9*&z zb0n#DJv;~z6IhZ{GN`QsAs1z{ehOtPt+5yteI{&a33gmPOJLhYF=LN*Lm};CFm1ux zyVaJldM65iIh7+80wcDtGW#bSI43w%Mge&)2TkdaH5Bq@#!B){p|-bq!aCpf=|4U1 zh}aAc0Ou4Vi&Gjzt=EMe#Vy&%aB2pzr(YZB8B_it;ChIrq)lQLJtH2{{xQbDS-(_H zDqh0J<@IKd8kYiESqa+>@m|PCj>al$s3LCc~d_3O&EB9=UgA$*#{IgdNp;%PvRY9(A(x~1t1Y6 zk&VH-gF-9$D^Zf9cC$B(P78Im6}RHwec?15b-T<0=(gCfEnbL$fW92hN4kxd_Z_i=TJR*PQUEzU37p3 z?vpbI2erSkbc*(${(G~jUKWWzWm!9WNcy>S7ecs6CH`RAoKColZTQ98hqMBj534K5 z%RBx}3l7E+OgDCJvF5Wxvfbi(@@v~F;*{D(`$T}sE?8C6gL_^-!A$LbXM%;^Q#0s) z`P+T~HVcAACF&o+ddr>>n3^Q%b@yjt`_G1DbF=8d~C3zX_em1nRk~`IUv*9P^SnBIR|&Vt<>->oN89 z_6akUWAaK1mCl12wt$Yt|8JG}%{~ks4_lOtE6ZV>n$-G-yQy*aD=J@Ftp1m1a8*Zf z$hmg?Ha0Uh?vo?J7w9yD>tsArs>(T<#r8BPK3f@J3Rk8%eZ7>hDQ_(c(A@&$kU%Ij zBck5ZOTPaT0~LY?3#zPn2m7g(P(Hr39j{N{*(tWKQ(Ta0gj}Ch6LG5>A!uI*P0>}u zgs3G|e_pbnhBOmvaRrci3=Ss+3<;7p{u!kh`~zuSFOFWkOY0gwL#vEG>)l~7MmPAJ z!wOvo^@>)Y9rTSK?_C(m@H3c38P0L;NPB?dq>7;YLec4g9Y!m)SN&k&@CuNZsc-hd zyhcXf?|Ga>^Ux6xJ?j44;I0a8TnqLVoj;@b=^}p8JOw*VKPABrlyDU!@O(75t8wrn z%axf(pjf$3X4Wd_403yUXT-o9daxpC5v$4VXCfP;AE_4$s+ksJ=t+-9{4+nZ<_K37 z(zog^NVffXL9bK?lUc6i?H`WMrY`iK+c1Ux8NF9&AO|lVzlvA~Sn`P%M(Ad^idJYZ zyJcYL-!8Yffu3!o`!apy#JRm32rsa7R9Y(Fr3iAw^!>=vfeD_eT772M_JJ=H!mxj#dtP-u>8kdcq~ zqhu{x?SjfExuu^6K92i8etDu2>TDERI3nxd|M@YRJ2XSv4#2@&Lm%!#2ygVk8@Cr@ z$A^uiGJnV?#OqNj+`XYG*!XAkWv#ZuMGOxtUcAp{%*DoBzB7AG(JGSpZrTL&Rn!YM zN11of9JYBR&wLg*XZ_u>)k@}Ai+hq0LGAQNcc984Eu7R=8}2;=oW>@aH1h*`cFLKj zmp@ge`5>BC_h5?SfY_{d+VLP=e0NYtfVJ))Ir~l47|eJVa_4AsClo|@Xz2Ak?hE6d za0P?R?JB>@u4pIcxyut+R%FzHKOn0F>o>7sc7<;)YRdk?Ja!t*K)#=K;)nzf4m+Gi zNQ9-C4vOZmX1)(3^2TN0pQzrqJ;J`peQF~`Ze-6^kG;cr${Fmzzrz^Au-yeH$q)p%Y*lz=U=3xj=_I0 z0vqcM=tff1{8Ca;dzOoGG8{YT{qmsjUPWWHceE{RW>Rn*KZUt7rRtz9RmrrNKAQc! zL~_<7!n7NVoJ4b{aC0E{;@f2gg=|&;U_E}SL>mKe+py6-QVz;|WH(|Plx9jNjB4<3 zRin{b&=MvS*A+7syO?xG#=g9=*JJ7IKiYp7Uk;NV(DU8^4C1}u4`QTElgT;5#jTcl z#VWVw@t>eyb^LK4`<;H7!iP6Te^L#|bUG-W^!#w3Q;E4VPK*^gh|pf^xBWG65)i&d zNhq%0A|3fGqc*^Cn-*`4mNS442$G{p=11i3Vch#T4TER)(6=r(bbB4$4PB3TV<-@H zT3$xJ`h}L?-j89jJAOq*CxVs$@xG_^pAUgvKQk)?xNxZLZ%1_l04ln;LBl5o{VoYg z3(VC>Qcpx}O-FYa>8zKh!KI(!KJjd@r?N6C5vOCZ%C1sK*KN{SwOx{D!z@5cAyG$) zsZjk#w>SON-qB$M;RH1lL8OR+*&9v{GyQ5X}bE+!%6u>?B?17tHdBRT6eHsW1WeJZE*LF}cAIR*s z0!urY$JBweSPmpaZQWGOWboF~D{?y|FWTj4@w~N7q1ep7UjR`w?W~B^&&^G!2uaTD z5jgLly3#v;sBwLUUh)4P!K4~@>O^^TSu z2n}{UxQjlT7P+DPh5@lkh}n+Cc!@J?9|p~63P}}h+>4GEXT_adALlqizU1N#Z$#QQ zGh%W((qh7(B6K6Ib!(lLp3*&cNDDh3kGXLU5a6-M%5os^sQvNJi)Fp+7?+I@zvh4=Qm9w$ zL6-D`1IGE#^A&(3AxQ<%uIg84$Yv)yR?Z%Fgj(I}ugVr;d7t&%^~7Vg^P!El8lqM3 zwV0Q__MDkze4b8Kc5FcuL77w(Y&gPae8G_FZ#MKx;k}&hEqqzogsTEuy=~;qzlN;- zI=SLa^-32ix0&T<0A~E-+=>sAwYL@iVua9EtZ}{cla&YMryAARCF+vMv|uT-Z6K)O zM!Uc2Mcf#}vkkgKg^h%;*U^44LbTME&{V7T)G$_C`)y$ORp_y5$7zPa$wWs$F4lBt zWn@8JBTA~>ymxM+O<<7&qjY7EdO@pv$>c~q3jT$i9wd-RG?nDA8W4R1e_Lwp;Ijkj z0dqu0!2p(D`t?0|YOA6=}F+U4lL6{GF_D8KAjCnhWJm zSGf~bvJb-wZl*#ed}wsE2Gqj?$hx7eSrk>%ajY808Se!VH%@ zYq4XzUjv$g5K4PIArg9bw@&@9Bq5vXtY!OckEu5E{OA}R3J(4#@VeEUS1gGw&(!AZ zo_h3h0wLW1b6tPk;pd*UALn;=H|0OUl)LP$CZq50Sf@Z@;=s}#VGgtt5O@AIIWhGN zmeV*Xq>`!PEN}<~sQI*2S~y{~5KZ|kFYqC<2(1dgfyhZK*7|>Iyj{2nL`W$;j(=*WTe@Uyj9;TST)UqOXzpav#^H>Le`OU@HF&)&fOzYPs+ zxsRM{P+_~Wl?AFALGrXDcg{^(oI;dTu!yNm;TgQ!lSStD9IcMXWAmssL)2T1f&?Gh zg})Zj+@w8fJo`l16+?|ECsl7c@moUiH7G{ULgD<>HJh#aG6d~;LiBDqm~ZR-CFT8c z)1KH5CszI={P$=Kv@TsHqMaf22cEZR>98#@ukYnBM34ye30{IAdVNT**ieu2135*6 z@IrLM-LN<5c(JOT;Mq%gP*_8h;|G4z5zJ9BVvTAJH4)2q14WKocjV?%MM*k;I(Zj# zFQ0cvw$#MQ#8dH|s7B5nKy6w%Bbv*VEzoe@{ehJnt~ETy>JA-|=U+oC3!O~rsTDlY zq-PAnWWFbIFnm!GhKD%C8UP|kBWRJ=;L;)GCwW|x!SQ}5mAvvOS9Ms5@Ce-OGHJN=FU2pM$ERu3b zYpUA5B^W&e24RG9zFgI}XJf^cz83Q9$mh&7xB(%v%NM^a7Q&kI%gmgv4b@<1 z6qQg2E)0H7dw-AlV!2t|xtU?LtS4Qs<-)C}u@7x;8xNGOMhU zIxr6>XsbA%$lz(l=U!F&Q|hyRQ1emRk*|omk(O)VI?QdYz?nKFx_sG!`UB-(&(l!_ zG}Wj(s$mct5gn7)4_2a5%kRqxY7kJwya6X*e4rgiD9wE`Spt)<#p(r>lwhe*MFt5J zq#mQrfmqfLuP6n{T#23w`RL&S4GQzn5zEpX2znJ9TO=Oz;_O+G9f_3Ajtea|)(17o z7DvfC<*lnRtNzvso=^^cC9`+1B*^`8wP*KUf>A@B;Efz#^B<4q)Kn0uhp4aX{borD zDFs_7+M2qtXSN4~^Eac&%)uhARocr+Zl)2d;Pe}fEAE+Pue=>L4ncnxTpuZ?VL=EN zK+~5JBSAOg&{|M+3Q4zEQ zt@57Y^P!3;=D}Lu%_dhx?$J0Vpkc<}g>CMfKh(w07t)34w8b}|OyRei12GY3zPrB~ zp+fE-KYKETR{7@MMq^ZyD;vox^#>{?(;-&irc8jjfLp9khD8p2z*jQ{AMz7 zyhI*T9tb{`jc&bC4WeuUX{PfK@eqFg{1QEtCWTbnDP~9|@c;rm-dgo#_*-L8L{vw3 z?t^}79!5m%CPZlnA_P_%P0`nD>m;Gh(p}hSn8i-Oa}0G1!EBWQB8LFWt|&@2Y+#2+ z{+Vp;t~NG-M_jSrgYE0+Mw`wt7azy2J$L6u2B1m}8=#0TfHnzJhhH}K5Qh=Gas-=$ zY41D%zwb>H-?!b`qnyZI4jlq+z8G7K2GzPNOxISe z+L8unf2kLqx#0?m8YHLu+Gq_1_X1+B=qW92gS(sb$X~cuSO3f%B|g@d5Do#Vv7dxD zrW-sx5Z9Kk1`!L4qHqs#hVgl$53NoAt;ZiQ$YBU=T);zt5!%Qi06H%1N=M~-Ibzb) zjhk>1TsS!fsWwW;2b8nXmCv#SkpSlkod;aQy~x5){Bs+3<&1c_!18o%;zE>z77kdp zbStX};yK9sA*?Zhg6H2*DqoB;;=D$Fq2a7frPl4Y+C)tyiC3%lTN zeeBptqqAp#oMl&L3=l{_6SR-)IR$YPo}QS(mkCZZk``S~HI8NORsuGn$b~N$aA?Bm zv{&BsiX9UHEuEAu5Q3Ogwp?f6Ey$7}XSAYTj+##Wf=uDKItZBnxA~OG;j^~8OooGS zX+YocglESXx*^E}*Lm;>XmVn&;=mEHewzBlkrTE`IyPHJSX~<2{VR3Bs$2#?A%etO zUPx~qtKp}Jy#Zkkf;@s0-a}wQN{esUtLv$&v~0{(1YdRGzP>&T*Pqcn8&`p~DuAk} zuo6mX243HHV5iWJnRsdi7?&H>L1BJY7`~H_Xa}Bqn-oozH1SX0`8g(w8Z*=vjrZpj z(qiS&XX^ZR!00#@b;Co@!jyW#HVz|EuQULA;r9SJ@Ia0qp_A$nqpNR(Yb6*$Br$|pv7T@PtuhatuF3lixB%)&5v*jlfz z2n)*C5S3;9+2Iq};AKThsRwkEf4n5Dsi#&2k3ey+SoPqt;yl{66gVFIkWkqI=%N4z1k@Tp6H10e_k3)Bm`g=1{c3ZZeU$;qh(2oarR77`&uJ0g{Ym(`kj zrUq^$vPRfiH9@)62Ux)ikPu(b%z)ghw+4hDe5!k6YT#3K^bs#J#wYdgO1KDF&Z}N_ULM0x}9I%5o}* zzxB}MHCoF-GdoY9^ZPlDSq7@m9ESi;!PIuhfgDe2R~=_R|FKg#2B~an1arSo z`^3o$+0+O~=+6<@l;p%NiT?~h8J+%~!#+@I*c0Osa`9w;2=3-InxFwbdP1*$t}uH` z;N$(wjRx88k>Frti*g`(>7EC!u?&KSz6IvS`@~Bo#7_9^$r`}&xzYEQq-n${TS|YF zl*M2neS68Ti6`w9HQyeneGEl)sm`!)gYSeNuV>B`n6^#l-VLf*3OOHeXKly94VX#; zxZh!hX(Jy_;_7#?8LeFgjcetPkVWJ9#s7(z`t+e!HQW<; z`W=z`F1gj0xYh47hw#M+_xI3*JJ}SWyMa!F`xB66QJ50PBwf95-^7LudGSCodA`KU z+e0|r6XAM_(W9vUZRZSI9sQUG%B*ny_=6X)!)z1FQp0S>64@bkaR*sDJXCc8HFA&3l{w985w03;EtRarD_DFJ3w$hb3LaTy})w4aFP6Q zvLv(f^2^SGqCM|VqP~P4UW)$jC*1o;00`f%&Ut~{4HcnSM`dc1$H0;dC%wBG)py3| z&YC|mYgq1fF2%CKZF19KB9z}rkbyi;UC+bZT18KQG}}`dCimWZwf-=>lmk@ZPjh^*!Lz=^B0c&-zst= z1rdZ9ny17*C%LiSWbsO_7RHnx#nfPuh62r0_alDE{~9~-;!C5*9V0``+BH{h8&%#* z`kWHb{PG%_?fJKj=Xl8aS!vq){>Yz5hoCzflTi3_icA(+Q?`dbeqpt@Z&se{0xd$N zCY5#3K4~6x15;ZL2TbQcZ68%c_$*C_XKIgxD;A>#2_&M7(v(vu*+q*t?&uXp6`|u= zQW*5&9$cZ-lQbGpARpiXb2EUW*1H1*D@N|~o3Y_xVR2~02C-1%?uF1uIwK3JG7fV( zKWsX(DKi`@HcdXisXDvBYx*`?+hCab)ioMPL{thn_2T6iS?HVaFw1HFnlg`4q-xlKPpqx}ysLp^kMcmPM>48AX=?U051;&XHRg9i8CAdWPT@;kafLXD^> zF~teOxY1viAm#Q`(e#MI0p`H)=lXRuN|oD^$#34~sVeAL!32yR69@7pZ@bJLn3C(- zqf#QB99}`|w(`POSlJEX=}?$;MVZl?J!jncyN_RadYJA3$8fFw9!dXIbR%~y z;BN`sFmbvngv_=pK>@l>N|WD=8PB9(XVx)Rk!zdf^@ip8)0&|nSq56Td`#7v#n2j56yyNPOK9fkQj2V zVw^DZcMXiKIaH`He3Iry&ew7o`4rE;Ei&ETv&WIW zj5x2LbZAf6=2qiUkZ!h*0Qp5e;z+DM z7nmr>E@oBrH&pOV)b1a$o=y|00oxBaxQ(6PtF&H-wA9=$vZ>uv^?Tvy<0k4^OGw|l zuyeo8lBS#Qm7!*5q?(?7)2*ItGp%8iZ#`Bt@}?tvX)u)Q&h^|Nx-YxWooB8~g03`X zXC+aNGj76UyTv*^rLC>0*1%&IF-=DGN8Fi8zc*z=#%};m%A0_kSKq^LBKT{ck_B>o zo4=N13XZs01X-j9b@hL#bhrMYNS=%%zRk;7%BpQhW!-wjpBG8Epxgh`ShwhAF0avU ziIvrFmF=A&5~M64nLz%}{yr)-|O)A;eRy zQ=0*=bHuOT3T_pCJNu>JHWI*}S+l?`Q+qG?e za{Q1)PmTTNADrbmYo)B9mx~vr7V#%;Tt~dCf?CX6JYIMww+^G}VS6&R@$P-H2)>m4 za~KVeUE)*GJhqeZz0RZ-9|;|XKO=hn15;}}%Jw&`X}VgM?CNOVo!jy`I$giwRYEjH zWGA<4$~}X3E06A6;YRf2@U-J?a6hpqxE#>~S4)|0w5G@Or-BPOCU-s}FlU?eBiMd>l5l+? za1y#6@NGne(mw=nXaB7UiVVzT;Lza;|EKL*ErDj+ow0$Rd<%25RUkR+(A4_4Ygq+Xqet z&O@$6k#LBHxzJ{pO`yion7sO)ChdUE^BbS@o_**#O^dvOTjyK89pOSOy3RxX60R7( zI(qde;3ZK|dZKFU8&o;vmPe|`hkcbU+z+hlQQmNc(*{Cz!-S3ze&i&}$yyP?1ohB<+H{0;`Y!~q(SM>=R1md@l zk?3m`$`>!TVvqZNgIf&zt-|{to(XBTyfm4{S)GFT&Kt6F{dp~MwJxhc)0~;P#0$Yg z(@D9@%_L`9S!KmkeXO0tSuDY}0$Ns}J0(k$#cb$Z>$mM)YxDdWkaD|Jy)~HivUyUe z?+ikKwE8SDJoi!zSvdr*)(qk3AWwNaIuH^>TzTR*<^Kf9guUG%6RdKVk&ucGj4TiT zHYE5*^GUR8u8J8JcU0jgv*0H$e1E9SwUg6)SdhBJbVPof%0K3W`N(H6^Lq~aR;SA*<4T;=Nq~nq>gToLxZc$0DIo@*3H40-gF2f)~G@2%qH_QDt zr>OR)=l zoW}Gto;1GA1C0{tHL0A;kbRa_;9jLCS@K%4j!>w>RhRL12Ur7u5>p-j{sw?iX9cyn ze@H4)N-7SrNFwO<#rdA=5u+K2Kfr)>)}@U0*vj&6T0PRBb&s!K->cH~GmnFQykseI za*!%7Ku$yQ?Aq=jwYliT*{e1`n~+j9|0XGjft3li*)s4s=!s5}l-f z05+}pH-3DADQI$hVAJzEYA^q;eQP#f=4eS{R~-19VgasD*+uBZ0t%oxIg#wF$yDbC zkws{wm=bij3B3En&ZPHrq_jFiLWG{DwR2gAT+q9yUb6z6uK{F59uxS2T}NZw2^wdXR$#!wler0KHGL=gU;bK*B&?s$Z`85YLF>#N)Hq54DA< zWx-hvFOmvR=)6&_8Gx4r%&NQ=FIUqtb_r*wecr>CdN3^V&{OK{QPHqhNFsrVo=k#^S2p9 zX+9nPr=51!(&0Tgl2HJHA^y&6r|x$u@q5rjhe?4Fr!?t&w80RGDjQ5pw3ym2tC=l z;(7Evn<=la+u*UvGPb^+Qx+GxS8TaCn}Y_i?$~5G%Y7N{Qt_45suyT>>*E#qP3*xq z_f=XTX8I2P^|Tk+xVi7ku`lNG76WqCcqJplF|3%S0UIdUxYdPF)D|{E8%?v=2aZr) zAl)8y*&g&r9-e+dE$VJ8Ae@Z!adMidp&p2qW+8=eK~ITT)fR+OBIIiIx}s@s zvmET1B!x9q%JB!v-W*;fa!%t77JnwFoCh(EQ@g$M*OUEXKDC9>Wg<}*YuaryV;6m6 zP{gjczg|026yMsbTF=(Tb;&lL|yO+G1sGy%>*Kc^_CD%mcXgbEpaf~twQ1zOo9wr zq4RBkg_(7S4aw1j6mb(C-}JSkA=})rZj-Za^j4Hg_B4=#|bLjzZ7O(3%=$raB;WN@TOd3t}naSqu}MCHQKUSQ^VgJ01q% zYOhyZmi@ac github.com/external-secrets/sprig/v3 v3.3.0 diff --git a/go.mod b/go.mod index 8b67bd27ff0..6f566c724af 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/external-secrets/external-secrets -go 1.23 +go 1.23.1 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 @@ -89,6 +89,7 @@ require ( github.com/lestrrat-go/jwx/v2 v2.1.1 github.com/maxbrunsfeld/counterfeiter/v6 v6.9.0 github.com/passbolt/go-passbolt v0.7.1 + github.com/previder/vault-cli v0.1.2 github.com/pulumi/esc-sdk/sdk v0.10.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 github.com/sethvargo/go-password v0.3.1 diff --git a/go.sum b/go.sum index ddafeb9c512..59ebc49a25f 100644 --- a/go.sum +++ b/go.sum @@ -587,6 +587,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/previder/vault-cli v0.1.2 h1:aui5v+L243JGbRaJ65z5XsuItjyCtoBND32v1XU3gd4= +github.com/previder/vault-cli v0.1.2/go.mod h1:u9JDPB5/Em/Czjb/yIwfTODr31kKmeSO3JGrheLMaP8= github.com/prometheus/client_golang v1.20.3 h1:oPksm4K8B+Vt35tUhw6GbSNSgVlVSBH0qELP/7u83l4= github.com/prometheus/client_golang v1.20.3/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index 0c5dd37f7af..3435e877b84 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -136,6 +136,7 @@ nav: - Password Depot: provider-passworddepot.md - Fortanix: provider/fortanix.md - Infisical: provider/infisical.md + - Previder: provider/previder.md - Examples: - FluxCD: examples/gitops-using-fluxcd.md - Anchore Engine: examples/anchore-engine-credentials.md diff --git a/pkg/provider/previder/client_test.go b/pkg/provider/previder/client_test.go new file mode 100644 index 00000000000..effee50e368 --- /dev/null +++ b/pkg/provider/previder/client_test.go @@ -0,0 +1,46 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package previder + +import ( + "errors" + + "github.com/previder/vault-cli/pkg" + "github.com/previder/vault-cli/pkg/model" +) + +type PreviderVaultFakeClient struct { + pkg.PreviderVaultClient +} + +var ( + secrets = map[string]string{"secret1": "secret1content", "secret2": "secret2content"} +) + +func (v *PreviderVaultFakeClient) DecryptSecret(id string) (*model.SecretDecrypt, error) { + for k, v := range secrets { + if k == id { + return &model.SecretDecrypt{Secret: v}, nil + } + } + return nil, errors.New("404 not found") +} + +func (v *PreviderVaultFakeClient) GetSecrets() ([]model.Secret, error) { + secretList := make([]model.Secret, 0) + for k := range secrets { + secretList = append(secretList, model.Secret{Description: k}) + } + return secretList, nil +} diff --git a/pkg/provider/previder/provider.go b/pkg/provider/previder/provider.go new file mode 100644 index 00000000000..c9648932048 --- /dev/null +++ b/pkg/provider/previder/provider.go @@ -0,0 +1,136 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package previder + +import ( + "context" + "errors" + "fmt" + + previderclient "github.com/previder/vault-cli/pkg" + corev1 "k8s.io/api/core/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/webhook/admission" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + "github.com/external-secrets/external-secrets/pkg/utils/resolvers" +) + +const ( + errNotImplemented = "not implemented" +) + +var _ esv1beta1.Provider = &SecretManager{} + +type SecretManager struct { + VaultClient previderclient.PreviderVaultClient +} + +func init() { + esv1beta1.Register(&SecretManager{}, &esv1beta1.SecretStoreProvider{ + Previder: &esv1beta1.PreviderProvider{}, + }) +} + +func (s *SecretManager) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Client, namespace string) (esv1beta1.SecretsClient, error) { + if store == nil { + return nil, fmt.Errorf("secret store not found: %v", "nil store") + } + storeSpec := store.GetSpec().Provider.Previder + + storeKind := store.GetObjectKind().GroupVersionKind().Kind + accessToken, err := resolvers.SecretKeyRef(ctx, kube, storeKind, namespace, &storeSpec.Auth.SecretRef.AccessToken) + if err != nil { + return nil, fmt.Errorf(accessToken, err) + } + + s.VaultClient, err = previderclient.NewVaultClient(storeSpec.BaseURI, accessToken) + + if err != nil { + return nil, err + } + return s, nil +} + +func (s *SecretManager) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error) { + storeSpec := store.GetSpec() + previderSpec := storeSpec.Provider.Previder + if previderSpec == nil { + return nil, errors.New("missing Previder spec") + } + if previderSpec.Auth.SecretRef == nil { + return nil, errors.New("missing Previder Auth SecretRef") + } + accessToken := previderSpec.Auth.SecretRef.AccessToken + + if accessToken.Name == "" { + return nil, errors.New("missing Previder accessToken name") + } + if accessToken.Key == "" { + return nil, errors.New("missing Previder accessToken key") + } + + return nil, nil +} + +func (s *SecretManager) Capabilities() esv1beta1.SecretStoreCapabilities { + return esv1beta1.SecretStoreReadOnly +} + +func (s *SecretManager) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { + secret, err := s.VaultClient.DecryptSecret(ref.Key) + if err != nil { + return nil, err + } + return []byte(secret.Secret), nil +} + +func (s *SecretManager) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { + return errors.New(errNotImplemented) +} + +func (s *SecretManager) DeleteSecret(ctx context.Context, remoteRef esv1beta1.PushSecretRemoteRef) error { + return errors.New(errNotImplemented) +} + +func (s *SecretManager) SecretExists(ctx context.Context, remoteRef esv1beta1.PushSecretRemoteRef) (bool, error) { + return false, errors.New(errNotImplemented) +} + +func (s *SecretManager) Validate() (esv1beta1.ValidationResult, error) { + _, err := s.VaultClient.GetSecrets() + if err != nil { + return esv1beta1.ValidationResultError, err + } + + return esv1beta1.ValidationResultReady, nil +} + +func (s *SecretManager) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { + secrets, err := s.GetSecret(ctx, ref) + if err != nil { + return nil, err + } + secretData := make(map[string][]byte) + secretData[ref.Key] = secrets + return secretData, nil +} + +func (s *SecretManager) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error) { + return nil, errors.New(errNotImplemented) +} + +func (s *SecretManager) Close(ctx context.Context) error { + return nil +} diff --git a/pkg/provider/previder/provider_test.go b/pkg/provider/previder/provider_test.go new file mode 100644 index 00000000000..be90049af5e --- /dev/null +++ b/pkg/provider/previder/provider_test.go @@ -0,0 +1,160 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package previder + +import ( + "context" + "testing" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + v1 "github.com/external-secrets/external-secrets/apis/meta/v1" +) + +func TestSecretManagerCapabilities(t *testing.T) { + previderProvider := &SecretManager{} + if previderProvider.Capabilities() != esv1beta1.SecretStoreReadOnly { + t.Errorf("Store does not return correct value for capabilities") + } +} + +func TestSecretManagerClose(t *testing.T) { + previderProvider := &SecretManager{} + ctx := context.Background() + if previderProvider.Close(ctx) != nil { + t.Errorf("Store close acts different than expected") + } +} + +func TestSecretManagerGetAllSecrets(t *testing.T) { + previderProvider := &SecretManager{} + ctx := context.Background() + ref := esv1beta1.ExternalSecretFind{} + result, err := previderProvider.GetAllSecrets(ctx, ref) + if result != nil || err == nil { + t.Errorf("Store close acts different than expected") + } +} + +func TestSecretManagerGetSecret(t *testing.T) { + previderProvider := &SecretManager{VaultClient: &PreviderVaultFakeClient{}} + ctx := context.Background() + ref := esv1beta1.ExternalSecretDataRemoteRef{Key: "secret1"} + returnedSecret, err := previderProvider.GetSecret(ctx, ref) + if err != nil { + t.Errorf("Secret not found") + } + if string(returnedSecret) != "secret1content" { + t.Errorf("Wrong secret returned") + } +} + +func TestSecretManagerGetSecretNotExisting(t *testing.T) { + previderProvider := &SecretManager{VaultClient: &PreviderVaultFakeClient{}} + ctx := context.Background() + ref := esv1beta1.ExternalSecretDataRemoteRef{Key: "secret3"} + _, err := previderProvider.GetSecret(ctx, ref) + if err == nil { + t.Errorf("Secret found while non were expected") + } +} + +func TestSecretManagerGetSecretMap(t *testing.T) { + previderProvider := &SecretManager{VaultClient: &PreviderVaultFakeClient{}} + ctx := context.Background() + key := "secret1" + + ref := esv1beta1.ExternalSecretDataRemoteRef{Key: key} + returnedSecret, err := previderProvider.GetSecretMap(ctx, ref) + if err != nil { + t.Errorf("Secret not found") + } + if value, ok := returnedSecret[key]; !ok || string(value) != "secret1content" { + t.Errorf("Key not found or wrong secret returned") + } +} + +func TestSecretManagerValidate(t *testing.T) { + previderProvider := &SecretManager{VaultClient: &PreviderVaultFakeClient{}} + validate, err := previderProvider.Validate() + if err != nil || validate != esv1beta1.ValidationResultReady { + t.Errorf("Could not validate") + } +} + +func TestSecretManagerValidateStore(t *testing.T) { + previderProvider := &SecretManager{} + store := &esv1beta1.SecretStore{ + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + Previder: &esv1beta1.PreviderProvider{ + Auth: esv1beta1.PreviderAuth{ + SecretRef: &esv1beta1.PreviderAuthSecretRef{ + AccessToken: v1.SecretKeySelector{ + Name: "token", + Key: "key", + }, + }, + }, + }, + }, + }, + } + + result, err := previderProvider.ValidateStore(store) + if result != nil || err != nil { + t.Errorf("Store Validation acts different than expected") + } + + store = &esv1beta1.SecretStore{ + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + Previder: &esv1beta1.PreviderProvider{ + Auth: esv1beta1.PreviderAuth{ + SecretRef: &esv1beta1.PreviderAuthSecretRef{ + AccessToken: v1.SecretKeySelector{ + Name: "token", + }, + }, + }, + }, + }, + }, + } + + result, err = previderProvider.ValidateStore(store) + if result != nil || err == nil { + t.Errorf("Store Validation key is not checked") + } + + store = &esv1beta1.SecretStore{ + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + Previder: &esv1beta1.PreviderProvider{ + Auth: esv1beta1.PreviderAuth{ + SecretRef: &esv1beta1.PreviderAuthSecretRef{ + AccessToken: v1.SecretKeySelector{ + Key: "token", + }, + }, + }, + }, + }, + }, + } + + result, err = previderProvider.ValidateStore(store) + if result != nil || err == nil { + t.Errorf("Store Validation name is not checked") + } +} diff --git a/pkg/provider/register/register.go b/pkg/provider/register/register.go index 9920381bfce..34a4eeb134d 100644 --- a/pkg/provider/register/register.go +++ b/pkg/provider/register/register.go @@ -41,6 +41,7 @@ import ( _ "github.com/external-secrets/external-secrets/pkg/provider/oracle" _ "github.com/external-secrets/external-secrets/pkg/provider/passbolt" _ "github.com/external-secrets/external-secrets/pkg/provider/passworddepot" + _ "github.com/external-secrets/external-secrets/pkg/provider/previder" _ "github.com/external-secrets/external-secrets/pkg/provider/pulumi" _ "github.com/external-secrets/external-secrets/pkg/provider/scaleway" _ "github.com/external-secrets/external-secrets/pkg/provider/secretserver" From f573711757d94cd34038ee06e05591e5b765d757 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 21:13:26 +0200 Subject: [PATCH 310/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3941) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.34 to 9.5.36. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.34...9.5.36) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index b63f51e2dba..332caeefa07 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 mkdocs-macros-plugin==1.0.5 -mkdocs-material==9.5.34 +mkdocs-material==9.5.36 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 From 1d2795e98d972e4591896d65628a9c8aaa9a8892 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 21:28:41 +0200 Subject: [PATCH 311/517] chore(deps): bump importlib-metadata in /hack/api-docs (#3943) Bumps [importlib-metadata](https://github.com/python/importlib_metadata) from 8.4.0 to 8.5.0. - [Release notes](https://github.com/python/importlib_metadata/releases) - [Changelog](https://github.com/python/importlib_metadata/blob/main/NEWS.rst) - [Commits](https://github.com/python/importlib_metadata/compare/v8.4.0...v8.5.0) --- updated-dependencies: - dependency-name: importlib-metadata dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 332caeefa07..c64bb8e0a84 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -7,7 +7,7 @@ csscompressor==0.9.5 ghp-import==2.1.0 htmlmin==0.1.12 idna==3.10 -importlib-metadata==8.4.0 +importlib-metadata==8.5.0 importlib-resources==6.4.4 Jinja2==3.1.4 jsmin==3.0.1 From d95e208891e5a9c9bf5ff8196457271233756335 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 21:46:26 +0200 Subject: [PATCH 312/517] chore(deps): bump importlib-resources in /hack/api-docs (#3945) Bumps [importlib-resources](https://github.com/python/importlib_resources) from 6.4.4 to 6.4.5. - [Release notes](https://github.com/python/importlib_resources/releases) - [Changelog](https://github.com/python/importlib_resources/blob/main/NEWS.rst) - [Commits](https://github.com/python/importlib_resources/compare/v6.4.4...v6.4.5) --- updated-dependencies: - dependency-name: importlib-resources dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index c64bb8e0a84..931f182f49f 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -8,7 +8,7 @@ ghp-import==2.1.0 htmlmin==0.1.12 idna==3.10 importlib-metadata==8.5.0 -importlib-resources==6.4.4 +importlib-resources==6.4.5 Jinja2==3.1.4 jsmin==3.0.1 livereload==2.7.0 From 7a8fccc64ea70a5b545f7c1d711ee082d42c47bc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 21:46:47 +0200 Subject: [PATCH 313/517] chore(deps): bump github/codeql-action from 3.26.7 to 3.26.8 (#3946) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.7 to 3.26.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/8214744c546c1e5c8f03dde8fab3a7353211988d...294a9d92911152fe08befb9ec03e240add280cb3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 489f5028d48..ddcfdd9502a 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: sarif_file: results.sarif From 261fd71e756c8f8b741f732f5360d5b70bc98b21 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 21:47:05 +0200 Subject: [PATCH 314/517] chore(deps): bump distroless/static from `95eb83a` to `b033683` (#3947) Bumps distroless/static from `95eb83a` to `b033683`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- Dockerfile | 2 +- Dockerfile.standalone | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0033d54497a..05551bbd06f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM gcr.io/distroless/static@sha256:95eb83a44a62c1c27e5f0b38d26085c486d71ece83dd64540b7209536bb13f6d +FROM gcr.io/distroless/static@sha256:b033683de7de51d8cce5aa4b47c1b9906786f6256017ca8b17b2551947fcf6d8 ARG TARGETOS ARG TARGETARCH COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 755124f90cb..33b4d5f2935 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -12,7 +12,7 @@ COPY . /app/ RUN go build -o external-secrets main.go -FROM gcr.io/distroless/static@sha256:95eb83a44a62c1c27e5f0b38d26085c486d71ece83dd64540b7209536bb13f6d AS app +FROM gcr.io/distroless/static@sha256:b033683de7de51d8cce5aa4b47c1b9906786f6256017ca8b17b2551947fcf6d8 AS app COPY --from=builder /app/external-secrets /bin/external-secrets # Run as UID for nobody From 18485b07db2216bf9d7c187fe045a4f7f6a7dc73 Mon Sep 17 00:00:00 2001 From: John Date: Tue, 24 Sep 2024 07:03:34 +0200 Subject: [PATCH 315/517] docs(beyondtrust): fix provider indentation, smaller fixes (#3924) * docs(beyondtrust): fix provider indentation, smaller fixes Signed-off-by: dmpe * add more documentation Signed-off-by: dmpe --------- Signed-off-by: dmpe Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/provider/beyondtrust.md | 76 +++++++++++++++++++----------------- 1 file changed, 40 insertions(+), 36 deletions(-) diff --git a/docs/provider/beyondtrust.md b/docs/provider/beyondtrust.md index a7deb763ee3..0143606c420 100644 --- a/docs/provider/beyondtrust.md +++ b/docs/provider/beyondtrust.md @@ -28,8 +28,10 @@ BeyondTrust [OAuth Authentication](https://www.beyondtrust.com/docs/beyondinsigh kubectl create secret generic bt-secret --from-literal ClientSecret="" kubectl create secret generic bt-id --from-literal ClientId="" ``` + ### Client Certificate -Download the pfx certificate from Secrets Safe extract the certificate and create two Kubernetes secret. + +If using `retrievalType: MANAGED_ACCOUNT`, you will also need to download the pfx certificate from Secrets Safe, extract that certificate and create two Kubernetes secrets. ```sh openssl pkcs12 -in client_certificate.pfx -nocerts -out ps_key.pem -nodes @@ -62,30 +64,32 @@ kubectl apply -f secret-store.yml apiVersion: external-secrets.io/v1beta1 kind: SecretStore metadata: - name: secretstore-beyondtrust + name: secretstore-beyondtrust spec: - provider: - beyondtrust: - apiurl: https://example.com:443/BeyondTrust/api/public/v3/ - certificate: - secretRef: - name: bt-certificate - key: ClientCertificate - certificatekey: - secretRef: - name: bt-certificatekey - key: ClientCertificateKey - clientsecret: - secretRef: - name: bt-secret - key: ClientSecret - clientid: - secretRef: - name: bt-id - key: ClientId - retrievaltype: MANAGED_ACCOUNT - verifyca: true - clienttimeoutseconds: 45 + provider: + beyondtrust: + server: + apiUrl: https://example.com:443/BeyondTrust/api/public/v3/ + retrievalType: MANAGED_ACCOUNT # or SECRET + verifyCA: true + clientTimeOutSeconds: 45 + auth: + certificate: # omit certificates if retrievalType is SECRET + secretRef: + name: bt-certificate + key: ClientCertificate + certificateKey: + secretRef: + name: bt-certificatekey + key: ClientCertificateKey + clientSecret: + secretRef: + name: bt-secret + key: ClientSecret + clientId: + secretRef: + name: bt-id + key: ClientId ``` ### Creating a ExternalSecret @@ -101,19 +105,19 @@ kubectl apply -f external-secret.yml apiVersion: external-secrets.io/v1beta1 kind: ExternalSecret metadata: - name: beyondtrust-external-secret + name: beyondtrust-external-secret spec: - refreshInterval: 300s - secretStoreRef: - kind: SecretStore - name: secretstore-beyondtrust - target: - name: my-beyondtrust-secret # name of secret to create in k8s secrets (etcd) - creationPolicy: Owner - data: - - secretKey: secretKey - remoteRef: - key: system01/managed_account01 + refreshInterval: 300s + secretStoreRef: + kind: SecretStore + name: secretstore-beyondtrust + target: + name: my-beyondtrust-secret # name of secret to create in k8s secrets (etcd) + creationPolicy: Owner + data: + - secretKey: secretKey + remoteRef: + key: system01/managed_account01 ``` ### Get the K8s secret From 737e8dfbf985d70982fcb4841a49cc6f77fd024d Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 08:58:32 +0200 Subject: [PATCH 316/517] update dependencies (#3948) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/go.mod | 10 +++---- e2e/go.sum | 20 +++++++------- go.mod | 24 ++++++++--------- go.sum | 76 +++++++++++++++++++----------------------------------- 4 files changed, 53 insertions(+), 77 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index eaa091dcc6b..ee99e1fc616 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -58,16 +58,16 @@ require ( github.com/hashicorp/vault/api v1.15.0 github.com/onsi/ginkgo/v2 v2.20.2 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.73.0 + github.com/oracle/oci-go-sdk/v65 v65.74.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 github.com/xanzy/go-gitlab v0.109.0 golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.197.0 + google.golang.org/api v0.198.0 k8s.io/api v0.31.1 k8s.io/apiextensions-apiserver v0.31.1 k8s.io/apimachinery v0.31.1 k8s.io/client-go v1.5.2 - k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 + k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 sigs.k8s.io/controller-runtime v0.19.0 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.5.0 @@ -169,7 +169,7 @@ require ( github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.20.3 // indirect + github.com/prometheus/client_golang v1.20.4 // indirect github.com/prometheus/client_model v0.6.1 // indirect github.com/prometheus/common v0.59.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect @@ -205,7 +205,7 @@ require ( google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/grpc v1.66.2 // indirect + google.golang.org/grpc v1.67.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index bd29c44ebde..69445eddff9 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -417,8 +417,8 @@ github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.73.0 h1:C7uel6CoKk4A1KPkdhFBAyvVyFRTHAmX8m0o64RmfPg= -github.com/oracle/oci-go-sdk/v65 v65.73.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.74.0 h1:oA2VXpecSTwc45QJGsKNoxCBwbUMuXLQ2W4pLZZarro= +github.com/oracle/oci-go-sdk/v65 v65.74.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -427,8 +427,8 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.20.3 h1:oPksm4K8B+Vt35tUhw6GbSNSgVlVSBH0qELP/7u83l4= -github.com/prometheus/client_golang v1.20.3/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= +github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= @@ -820,8 +820,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.197.0 h1:x6CwqQLsFiA5JKAiGyGBjc2bNtHtLddhJCE2IKuhhcQ= -google.golang.org/api v0.197.0/go.mod h1:AuOuo20GoQ331nq7DquGHlU6d+2wN2fZ8O0ta60nRNw= +google.golang.org/api v0.198.0 h1:OOH5fZatk57iN0A7tjJQzt6aPfYQ1JiWkt1yGseazks= +google.golang.org/api v0.198.0/go.mod h1:/Lblzl3/Xqqk9hw/yS97TImKTUwnf1bv89v7+OagJzc= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -894,8 +894,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo= -google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw= +google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -953,8 +953,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 h1:1dWzkmJrrprYvjGwh9kEUxmcUV/CtNU8QM7h1FLWQOo= k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= -k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 h1:b2FmK8YH+QEwq/Sy2uAEhmqL5nPfGYbJOcaqjeYYZoA= -k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 h1:MDF6h2H/h4tbzmtIKTuctcwZmY0tY9mD9fNT47QO6HI= +k8s.io/utils v0.0.0-20240921022957-49e7df575cb6/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/go.mod b/go.mod index 6f566c724af..3c7d7bac241 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 github.com/IBM/go-sdk-core/v5 v5.17.5 - github.com/IBM/secrets-manager-go-sdk/v2 v2.0.6 + github.com/IBM/secrets-manager-go-sdk/v2 v2.0.7 github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/sprig/v3 v3.3.0 github.com/PaesslerAG/jsonpath v0.1.1 @@ -32,29 +32,29 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.20.2 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.73.0 - github.com/prometheus/client_golang v1.20.3 + github.com/oracle/oci-go-sdk/v65 v65.74.0 + github.com/prometheus/client_golang v1.20.4 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.17.3 github.com/xanzy/go-gitlab v0.109.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240911120709-1fa0cb6f47c2 - github.com/yandex-cloud/go-sdk v0.0.0-20240911121212-e4e74d0d02f5 + github.com/yandex-cloud/go-genproto v0.0.0-20240919115538-c1956ccf891c + github.com/yandex-cloud/go-sdk v0.0.0-20240919120105-e63f9f4339a3 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.27.0 golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.197.0 + google.golang.org/api v0.198.0 google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 - google.golang.org/grpc v1.66.2 + google.golang.org/grpc v1.67.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 k8s.io/api v0.31.1 k8s.io/apiextensions-apiserver v0.31.1 k8s.io/apimachinery v0.31.1 k8s.io/client-go v0.31.1 - k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 + k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 sigs.k8s.io/controller-runtime v0.19.0 sigs.k8s.io/controller-tools v0.16.3 ) @@ -70,7 +70,7 @@ require ( github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d github.com/akeylesslabs/akeyless-go/v3 v3.6.3 - github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9 + github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 github.com/alibabacloud-go/kms-20160120/v3 v3.2.3 github.com/alibabacloud-go/openapi-util v0.1.1 github.com/alibabacloud-go/tea v1.2.2 @@ -85,7 +85,7 @@ require ( github.com/hashicorp/golang-lru v1.0.2 github.com/hashicorp/vault/api/auth/aws v0.8.0 github.com/hashicorp/vault/api/auth/userpass v0.8.0 - github.com/keeper-security/secrets-manager-go/core v1.6.3 + github.com/keeper-security/secrets-manager-go/core v1.6.4 github.com/lestrrat-go/jwx/v2 v2.1.1 github.com/maxbrunsfeld/counterfeiter/v6 v6.9.0 github.com/passbolt/go-passbolt v0.7.1 @@ -187,7 +187,7 @@ require ( github.com/go-openapi/swag v0.23.0 // indirect github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/gobuffalo/flect v1.0.2 // indirect + github.com/gobuffalo/flect v1.0.3 // indirect github.com/goccy/go-json v0.10.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.0 // indirect @@ -244,7 +244,7 @@ require ( github.com/tidwall/pretty v1.2.1 // indirect github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect github.com/uber/jaeger-lib v2.4.1+incompatible // indirect - go.mongodb.org/mongo-driver v1.16.1 // indirect + go.mongodb.org/mongo-driver v1.17.0 // indirect go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect diff --git a/go.sum b/go.sum index 59ebc49a25f..f90b2bd2d6b 100644 --- a/go.sum +++ b/go.sum @@ -108,8 +108,8 @@ github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/IBM/go-sdk-core/v5 v5.17.5 h1:AjGC7xNee5tgDIjndekBDW5AbypdERHSgib3EZ1KNsA= github.com/IBM/go-sdk-core/v5 v5.17.5/go.mod h1:KsAAI7eStAWwQa4F96MLy+whYSh39JzNjklZRbN/8ns= -github.com/IBM/secrets-manager-go-sdk/v2 v2.0.6 h1:bF6bAdI4wDZSje6+Yx1mJxvirboxO+uMuKhzgfRCNxE= -github.com/IBM/secrets-manager-go-sdk/v2 v2.0.6/go.mod h1:XWYnbcc5vN1RnKwk/fCzfD8aZd7At/Y1/b6c+oDyliU= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.7 h1:5lKt1rHuKaAaiZtbPfsF8dgiko/gGbVgreiut3zU128= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.7/go.mod h1:RglK3v6CPe3T1myRtQCD6z+nBygXvNJwufAon0qcZok= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= @@ -117,7 +117,6 @@ github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+ github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d h1:V7xPdg5XgCcUJgL57zfZSNOIvrDPWA4SpWuRJ0UVwKs= github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d/go.mod h1:WI6HYqD62DSW+C0gMS0zHe/vXhZVCUg2ecVosnglPNc= -github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU= github.com/PaesslerAG/gval v1.0.0/go.mod h1:y/nm5yEyTeX6av0OfKJNp9rBNj2XrGhAf5+v24IBN1I= github.com/PaesslerAG/gval v1.2.2 h1:Y7iBzhgE09IGTt5QgGQ2IdaYYYOU134YGHBThD+wm9E= github.com/PaesslerAG/gval v1.2.2/go.mod h1:XRFLwvmkTEdYziLdaCeCa5ImcGVrfQbeNUbVR+C6xac= @@ -150,8 +149,9 @@ github.com/alibabacloud-go/darabonba-encode-util v0.0.2 h1:1uJGrbsGEVqWcWxrS9MyC github.com/alibabacloud-go/darabonba-encode-util v0.0.2/go.mod h1:JiW9higWHYXm7F4PKuMgEUETNZasrDM6vqVr/Can7H8= github.com/alibabacloud-go/darabonba-map v0.0.2 h1:qvPnGB4+dJbJIxOOfawxzF3hzMnIpjmafa0qOTp6udc= github.com/alibabacloud-go/darabonba-map v0.0.2/go.mod h1:28AJaX8FOE/ym8OUFWga+MtEzBunJwQGceGQlvaPGPc= -github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9 h1:fxMCrZatZfXq5nLcgkmWBXmU3FLC1OR+m/SqVtMqflk= github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.9/go.mod h1:bb+Io8Sn2RuM3/Rpme6ll86jMyFSrD1bxeV/+v61KeU= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 h1:GEYkMApgpKEVDn6z12DcH1EGYpDYRB8JxsazM4Rywak= +github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10/go.mod h1:26a14FGhZVELuz2cc2AolvW4RHmIO3/HRwsdHhaIPDE= github.com/alibabacloud-go/darabonba-signature-util v0.0.7 h1:UzCnKvsjPFzApvODDNEYqBHMFt1w98wC7FOo0InLyxg= github.com/alibabacloud-go/darabonba-signature-util v0.0.7/go.mod h1:oUzCYV2fcCH797xKdL6BDH8ADIHlzrtKVjeRtunBNTQ= github.com/alibabacloud-go/darabonba-string v1.0.2 h1:E714wms5ibdzCqGeYJ9JCFywE5nDyvIXIIQbZVFkkqo= @@ -189,7 +189,6 @@ github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTs github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= github.com/aliyun/credentials-go v1.3.10 h1:45Xxrae/evfzQL9V10zL3xX31eqgLWEaIdCoPipOEQA= github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= -github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinRJA= @@ -203,12 +202,9 @@ github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6r github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= -github.com/c2h5oh/datasize v0.0.0-20200112174442-28bbd4740fee/go.mod h1:S/7n9copUssQ56c7aAgHqftWO4LTf4xY6CGWt8Bc+3M= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= -github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI= @@ -224,8 +220,6 @@ github.com/cloudflare/circl v1.4.0/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= -github.com/cncf/xds/go v0.0.0-20210805033703-aa0b78936158/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= @@ -252,8 +246,6 @@ github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1m github.com/envoyproxy/go-control-plane v0.9.7/go.mod h1:cwu0lG7PUMfa9snN8LXBig5ynNVH9qI8YYLbd1fK2po= github.com/envoyproxy/go-control-plane v0.9.9-0.20201210154907-fd9021fe5dad/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= github.com/envoyproxy/go-control-plane v0.9.9-0.20210217033140-668b12f5399d/go.mod h1:cXg6YxExXjJnVBQHBLXeUAgxn2UodCpnH306RInaBQk= -github.com/envoyproxy/go-control-plane v0.9.9-0.20210512163311-63b5d3c536b0/go.mod h1:hliV/p42l8fGbc6Y9bQ70uLwIvmJyVE5k4iMKlh8wCQ= -github.com/envoyproxy/go-control-plane v0.9.10-0.20210907150352-cf90f659a021/go.mod h1:AFq3mo9L8Lqqiid3OhADV3RfLJnjiw63cSpi+fDTRC0= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= github.com/evanphx/json-patch v5.6.0+incompatible h1:jBYDEEiFBPxA0v50tFdvOzQQTCvpL6mnFh5mB2/l16U= github.com/evanphx/json-patch v5.6.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= @@ -318,8 +310,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/gobuffalo/flect v1.0.2 h1:eqjPGSo2WmjgY2XlpGwo2NXgL3RucAKo4k4qQMNA5sA= -github.com/gobuffalo/flect v1.0.2/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= +github.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4= +github.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= @@ -330,7 +322,6 @@ github.com/gofrs/flock v0.12.1/go.mod h1:9zxTsyu5xtJ9DK+1tFZyibEV7y3uwDxPPfbxeeH github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.1.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= @@ -428,7 +419,6 @@ github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDP github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= -github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -437,7 +427,6 @@ github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/S github.com/hashicorp/go-hclog v1.5.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= github.com/hashicorp/go-hclog v1.6.3 h1:Qr2kF+eVWjTiYmU7Y31tYlP1h0q/X3Nl3tPGdaB11/k= github.com/hashicorp/go-hclog v1.6.3/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVHBcfoyhpF5M= -github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-retryablehttp v0.7.7 h1:C8hUCYzor8PIfXHa4UrZkU4VvK8o9ISHxT2Q8+VepXU= @@ -494,8 +483,8 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= -github.com/keeper-security/secrets-manager-go/core v1.6.3 h1:XEHZ8fQ2DFBISK80jWdHmzT56PFqEkXSkakqZxTD8zI= -github.com/keeper-security/secrets-manager-go/core v1.6.3/go.mod h1:dtlaeeds9+SZsbDAZnQRsDSqEAK9a62SYtqhNql+VgQ= +github.com/keeper-security/secrets-manager-go/core v1.6.4 h1:ly2XvAgDxHoHVvFXOIYlxzxBF0yoQir1KfNHUNG4eRA= +github.com/keeper-security/secrets-manager-go/core v1.6.4/go.mod h1:dtlaeeds9+SZsbDAZnQRsDSqEAK9a62SYtqhNql+VgQ= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= @@ -543,8 +532,8 @@ github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa1 github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y= github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0= -github.com/mitchellh/go-testing-interface v1.0.0 h1:fzU/JVNcaqHQEcVFAKeR41fkiLdIPrefOvVG1VZ96U0= -github.com/mitchellh/go-testing-interface v1.0.0/go.mod h1:kRemZodwjscx+RGhAo8eIhFbs2+BFgRtFPeD/KE+zxI= +github.com/mitchellh/go-testing-interface v1.14.1 h1:jrgshOhYAUVNMAJiKbEu7EqAwgJJ2JqpQmpLJOu07cU= +github.com/mitchellh/go-testing-interface v1.14.1/go.mod h1:gfgS7OtZj6MA4U1UrDRp04twqAjfvlZyCfX3sDjEym8= github.com/mitchellh/mapstructure v1.5.0 h1:jeMsZIYE/09sWLaz43PL7Gy6RuMjD2eJVyuac5Z2hdY= github.com/mitchellh/mapstructure v1.5.0/go.mod h1:bFUtVrKA4DC2yAKiSyO/QUcy7e+RRV2QTWOzhPopBRo= github.com/mitchellh/reflectwalk v1.0.0/go.mod h1:mSTlrgnPZtwu0c4WaC2kGObEpuNDbx0jmZXqmk4esnw= @@ -574,8 +563,8 @@ github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.73.0 h1:C7uel6CoKk4A1KPkdhFBAyvVyFRTHAmX8m0o64RmfPg= -github.com/oracle/oci-go-sdk/v65 v65.73.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.74.0 h1:oA2VXpecSTwc45QJGsKNoxCBwbUMuXLQ2W4pLZZarro= +github.com/oracle/oci-go-sdk/v65 v65.74.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.1 h1:boNYHZmSnWl/3bKbUiaWgF/mELCtHfliGHzggf884GE= github.com/passbolt/go-passbolt v0.7.1/go.mod h1:if/jzzYYUjRtq/5h+l+J5Dka0f5dED67QM1lhpTx4pY= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -589,8 +578,8 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/previder/vault-cli v0.1.2 h1:aui5v+L243JGbRaJ65z5XsuItjyCtoBND32v1XU3gd4= github.com/previder/vault-cli v0.1.2/go.mod h1:u9JDPB5/Em/Czjb/yIwfTODr31kKmeSO3JGrheLMaP8= -github.com/prometheus/client_golang v1.20.3 h1:oPksm4K8B+Vt35tUhw6GbSNSgVlVSBH0qELP/7u83l4= -github.com/prometheus/client_golang v1.20.3/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= +github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= @@ -602,7 +591,6 @@ github.com/pulumi/esc-sdk/sdk v0.10.0 h1:tVZGVSVgSf/3UkKI3iC9E287eXw9VERvmdI4vN2 github.com/pulumi/esc-sdk/sdk v0.10.0/go.mod h1:J6+8bCUJyLXvYOmTAc90/EhU1iUPr1Koo3NUnFzY78k= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= -github.com/rogpeppe/fastuuid v1.2.0/go.mod h1:jVj6XXZzXRy/MSR5jhDC/2q6DgLz+nrA6LYCDYWNEvQ= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= @@ -633,7 +621,6 @@ github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9 github.com/sony/gobreaker v0.5.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/sony/gobreaker v1.0.0 h1:feX5fGGXSl3dYd4aHZItw+FpHLvvoaqkawKjVNiFMNQ= github.com/sony/gobreaker v1.0.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= -github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= @@ -682,10 +669,10 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.109.0 h1:RcRme5w8VpLXTSTTMZdVoQWY37qTJWg+gwdQl4aAttE= github.com/xanzy/go-gitlab v0.109.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20240911120709-1fa0cb6f47c2 h1:WgeEP+8WizCQyccJNHOMLONq23qVAzYHtyg5qTdUWmg= -github.com/yandex-cloud/go-genproto v0.0.0-20240911120709-1fa0cb6f47c2/go.mod h1:HEUYX/p8966tMUHHT+TsS0hF/Ca/NYwqprC5WXSDMfE= -github.com/yandex-cloud/go-sdk v0.0.0-20240911121212-e4e74d0d02f5 h1:Q4LvUMF4kzaGtopoIdXReL9/qGtmzOewBhF3dQvuHMU= -github.com/yandex-cloud/go-sdk v0.0.0-20240911121212-e4e74d0d02f5/go.mod h1:9dt2V80cfJGRZA+5SKP3Ky+R/DxH02XfKObi2Uy2uPc= +github.com/yandex-cloud/go-genproto v0.0.0-20240919115538-c1956ccf891c h1:y6RpwhlBgWBJWHEgPXA2IyIHgWnrsjJV+LuGBN+WzP0= +github.com/yandex-cloud/go-genproto v0.0.0-20240919115538-c1956ccf891c/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= +github.com/yandex-cloud/go-sdk v0.0.0-20240919120105-e63f9f4339a3 h1:t4T2EYu9LCNGYYjJA8x/ZIn8PHzJIxghjEGa9+Cx4xg= +github.com/yandex-cloud/go-sdk v0.0.0-20240919120105-e63f9f4339a3/go.mod h1:RI42kDbwc4lOD8MtWmJDji5N/1P4AEToQQAprJby6XU= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -696,8 +683,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zalando/go-keyring v0.2.5 h1:Bc2HHpjALryKD62ppdEzaFG6VxL6Bc+5v0LYpN8Lba8= github.com/zalando/go-keyring v0.2.5/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= -go.mongodb.org/mongo-driver v1.16.1 h1:rIVLL3q0IHM39dvE+z2ulZLp9ENZKThVfuvN/IiN4l8= -go.mongodb.org/mongo-driver v1.16.1/go.mod h1:oB6AhJQvFQL4LEHyXi6aJzQJtBiTQHiAd83l0GdFaiw= +go.mongodb.org/mongo-driver v1.17.0 h1:Hp4q2MCjvY19ViwimTs00wHi7G4yzxh4/2+nTx8r40k= +go.mongodb.org/mongo-driver v1.17.0/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -719,7 +706,6 @@ go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHy go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8dQ9wmc= go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o= -go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -825,7 +811,6 @@ golang.org/x/net v0.0.0-20201209123823-ac852fbbde11/go.mod h1:m0MpNAwzfU5UDzcl9v golang.org/x/net v0.0.0-20210119194325-5f4716e94777/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20210316092652-d523dce5a7f4/go.mod h1:RBQZq4jEuRlivfhVLdyRGr576XBO4/greRjx4P4O3yc= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210614182718-04defd469f4e/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20211112202133-69e39bad7dc2/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= @@ -910,10 +895,8 @@ golang.org/x/sys v0.0.0-20210220050731-9a76102bfb43/go.mod h1:h1NjWce9XRLGQEsW7w golang.org/x/sys v0.0.0-20210305230114-8fe3ee5dd75b/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210315160823-c6e025ad8005/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210320140829-1e4c9ba3b0c4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210412220455-f1c623a9e750/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -1060,8 +1043,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.197.0 h1:x6CwqQLsFiA5JKAiGyGBjc2bNtHtLddhJCE2IKuhhcQ= -google.golang.org/api v0.197.0/go.mod h1:AuOuo20GoQ331nq7DquGHlU6d+2wN2fZ8O0ta60nRNw= +google.golang.org/api v0.198.0 h1:OOH5fZatk57iN0A7tjJQzt6aPfYQ1JiWkt1yGseazks= +google.golang.org/api v0.198.0/go.mod h1:/Lblzl3/Xqqk9hw/yS97TImKTUwnf1bv89v7+OagJzc= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1092,7 +1075,6 @@ google.golang.org/genproto v0.0.0-20200312145019-da6875a35672/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200331122359-1ee6d9798940/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200430143042-b979b6f78d84/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200511104702-f5ebc3bea380/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= -google.golang.org/genproto v0.0.0-20200513103714-09dca8ec2884/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200515170657-fc4c6c6a6587/go.mod h1:YsZOwe1myG/8QRHRsmBRE1LrgQY60beZKjly0O1fX9U= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20200618031413-b414f8b61790/go.mod h1:jDfRM7FcilCzHH/e9qn6dsT145K34l5v+OpcnNgKAAA= @@ -1110,7 +1092,6 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20211021150943-2b146023228c/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= @@ -1130,17 +1111,14 @@ google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3Iji google.golang.org/grpc v1.30.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.0/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= google.golang.org/grpc v1.31.1/go.mod h1:N36X2cJ7JwdamYAgDz+s+rVMFjt3numwzf/HckM8pak= -google.golang.org/grpc v1.33.1/go.mod h1:fr5YgcSWrqhRRxogOsw7RzIpsmvOZ6IcH4kBYTpR3n0= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= google.golang.org/grpc v1.34.0/go.mod h1:WotjhfgOW/POjDeRt8vscBtXq+2VjORFy659qA51WJ8= google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= -google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= -google.golang.org/grpc v1.66.2 h1:3QdXkuq3Bkh7w+ywLdLvM56cmGvQHUMZpiCzt6Rqaoo= -google.golang.org/grpc v1.66.2/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw= +google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1153,7 +1131,6 @@ google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGj google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlbajtzgsN7c= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= @@ -1177,7 +1154,6 @@ gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkep gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw= gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= -gopkg.in/yaml.v2 v2.2.3/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= @@ -1212,8 +1188,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 h1:1dWzkmJrrprYvjGwh9kEUxmcUV/CtNU8QM7h1FLWQOo= k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= -k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3 h1:b2FmK8YH+QEwq/Sy2uAEhmqL5nPfGYbJOcaqjeYYZoA= -k8s.io/utils v0.0.0-20240902221715-702e33fdd3c3/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 h1:MDF6h2H/h4tbzmtIKTuctcwZmY0tY9mD9fNT47QO6HI= +k8s.io/utils v0.0.0-20240921022957-49e7df575cb6/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= From af4c7c452ad15b78f63151a2b9b42a3e18b7813b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 10:07:22 +0200 Subject: [PATCH 317/517] chore(deps): bump platformdirs from 4.3.3 to 4.3.6 in /hack/api-docs (#3942) Bumps [platformdirs](https://github.com/tox-dev/platformdirs) from 4.3.3 to 4.3.6. - [Release notes](https://github.com/tox-dev/platformdirs/releases) - [Changelog](https://github.com/tox-dev/platformdirs/blob/main/CHANGES.rst) - [Commits](https://github.com/tox-dev/platformdirs/compare/4.3.3...4.3.6) --- updated-dependencies: - dependency-name: platformdirs dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 931f182f49f..204a22d4d66 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -25,7 +25,7 @@ packaging==24.1 paginate==0.5.7 pathspec==0.12.1 pep562==1.1 -platformdirs==4.3.3 +platformdirs==4.3.6 Pygments==2.18.0 pymdown-extensions==10.9 python-dateutil==2.9.0.post0 From cd1d5e085409ee89d7fdde6a20c4b0ae16a4d1e8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 10:10:09 +0200 Subject: [PATCH 318/517] chore(deps): bump mkdocs-macros-plugin in /hack/api-docs (#3944) Bumps [mkdocs-macros-plugin](https://github.com/fralau/mkdocs_macros_plugin) from 1.0.5 to 1.2.0. - [Release notes](https://github.com/fralau/mkdocs_macros_plugin/releases) - [Changelog](https://github.com/fralau/mkdocs-macros-plugin/blob/master/CHANGELOG.md) - [Commits](https://github.com/fralau/mkdocs_macros_plugin/compare/v1.0.5...v1.2.0) --- updated-dependencies: - dependency-name: mkdocs-macros-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 204a22d4d66..6109f6124aa 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -17,7 +17,7 @@ MarkupSafe==2.1.5 mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 -mkdocs-macros-plugin==1.0.5 +mkdocs-macros-plugin==1.2.0 mkdocs-material==9.5.36 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 From 2e7cd7be3ebe4d31d2fffa9d497e5af03c1a22e4 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Tue, 24 Sep 2024 14:31:24 +0200 Subject: [PATCH 319/517] fix: pin to the right version for azure keyvault (#3949) * fix: pin to the right version for azure keyvault Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * update the fake and the test Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/azure/keyvault/fake/fake.go | 2 +- pkg/provider/azure/keyvault/keyvault.go | 2 +- pkg/provider/azure/keyvault/keyvault_test.go | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/pkg/provider/azure/keyvault/fake/fake.go b/pkg/provider/azure/keyvault/fake/fake.go index c88bb323f6e..f588f449ae3 100644 --- a/pkg/provider/azure/keyvault/fake/fake.go +++ b/pkg/provider/azure/keyvault/fake/fake.go @@ -17,7 +17,7 @@ package fake import ( "context" - "github.com/Azure/azure-sdk-for-go/profiles/latest/keyvault/keyvault" + "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault" ) type AzureMockClient struct { diff --git a/pkg/provider/azure/keyvault/keyvault.go b/pkg/provider/azure/keyvault/keyvault.go index 6ce6ea14a06..854828cc23f 100644 --- a/pkg/provider/azure/keyvault/keyvault.go +++ b/pkg/provider/azure/keyvault/keyvault.go @@ -27,7 +27,7 @@ import ( "regexp" "strings" - "github.com/Azure/azure-sdk-for-go/profiles/latest/keyvault/keyvault" + "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault" "github.com/Azure/go-autorest/autorest" "github.com/Azure/go-autorest/autorest/adal" "github.com/Azure/go-autorest/autorest/azure" diff --git a/pkg/provider/azure/keyvault/keyvault_test.go b/pkg/provider/azure/keyvault/keyvault_test.go index 88e81f81fc5..13afc41b3ee 100644 --- a/pkg/provider/azure/keyvault/keyvault_test.go +++ b/pkg/provider/azure/keyvault/keyvault_test.go @@ -23,7 +23,7 @@ import ( "reflect" "testing" - "github.com/Azure/azure-sdk-for-go/services/keyvault/2016-10-01/keyvault" + "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault" "github.com/Azure/go-autorest/autorest" corev1 "k8s.io/api/core/v1" pointer "k8s.io/utils/ptr" From 5d83bd4d9336383581e406670f70cede17bea0e9 Mon Sep 17 00:00:00 2001 From: Michael Malov <14035243+malovme@users.noreply.github.com> Date: Tue, 24 Sep 2024 22:20:12 +0200 Subject: [PATCH 320/517] docs: pin CRDs version in FluxCD example, bump api versions (#3940) Signed-off-by: Michael Malov <14035243+malovme@users.noreply.github.com> --- docs/snippets/gitops/deployment-crds.yaml | 2 +- docs/snippets/gitops/deployment-crs.yaml | 2 +- docs/snippets/gitops/deployment.yaml | 8 ++++---- docs/snippets/gitops/repositories.yaml | 6 +++--- 4 files changed, 9 insertions(+), 9 deletions(-) diff --git a/docs/snippets/gitops/deployment-crds.yaml b/docs/snippets/gitops/deployment-crds.yaml index ace826d1acc..5377a2f3359 100644 --- a/docs/snippets/gitops/deployment-crds.yaml +++ b/docs/snippets/gitops/deployment-crds.yaml @@ -1,5 +1,5 @@ --- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: external-secrets-crds diff --git a/docs/snippets/gitops/deployment-crs.yaml b/docs/snippets/gitops/deployment-crs.yaml index 2e971b3ed36..7ba7f5dbd77 100644 --- a/docs/snippets/gitops/deployment-crs.yaml +++ b/docs/snippets/gitops/deployment-crs.yaml @@ -1,5 +1,5 @@ --- -apiVersion: kustomize.toolkit.fluxcd.io/v1beta2 +apiVersion: kustomize.toolkit.fluxcd.io/v1 kind: Kustomization metadata: name: external-secrets-crs diff --git a/docs/snippets/gitops/deployment.yaml b/docs/snippets/gitops/deployment.yaml index 6caeeb8970a..30aea415ea9 100644 --- a/docs/snippets/gitops/deployment.yaml +++ b/docs/snippets/gitops/deployment.yaml @@ -1,21 +1,21 @@ # How to manage values files. Ref: https://fluxcd.io/docs/guides/helmreleases/#refer-to-values-inside-the-chart # How to inject values: https://fluxcd.io/docs/guides/helmreleases/#cloud-storage --- -apiVersion: helm.toolkit.fluxcd.io/v2beta1 +apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: external-secrets namespace: flux-system spec: # Override Release name to avoid the pattern Namespace-Release - # Ref: https://fluxcd.io/docs/components/helm/api/#helm.toolkit.fluxcd.io/v2beta1.HelmRelease + # Ref: https://fluxcd.io/flux/components/helm/api/v2/#helm.toolkit.fluxcd.io/v2.HelmRelease releaseName: external-secrets targetNamespace: external-secrets interval: 10m chart: spec: chart: external-secrets - version: 0.9.4 + version: 0.10.3 sourceRef: kind: HelmRepository name: external-secrets @@ -23,6 +23,6 @@ spec: values: installCRDs: false - # Ref: https://fluxcd.io/docs/components/helm/api/#helm.toolkit.fluxcd.io/v2beta1.Install + # Ref: https://fluxcd.io/flux/components/helm/api/v2/#helm.toolkit.fluxcd.io/v2.Install install: createNamespace: true diff --git a/docs/snippets/gitops/repositories.yaml b/docs/snippets/gitops/repositories.yaml index 845ee5d3f0a..27d51c18eb1 100644 --- a/docs/snippets/gitops/repositories.yaml +++ b/docs/snippets/gitops/repositories.yaml @@ -1,5 +1,5 @@ # Reference to Helm repository -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1 kind: HelmRepository metadata: name: external-secrets @@ -8,7 +8,7 @@ spec: interval: 10m url: https://charts.external-secrets.io --- -apiVersion: source.toolkit.fluxcd.io/v1beta1 +apiVersion: source.toolkit.fluxcd.io/v1 kind: GitRepository metadata: name: external-secrets @@ -16,5 +16,5 @@ metadata: spec: interval: 10m ref: - branch: main + tag: v0.10.3 url: http://github.com/external-secrets/external-secrets From 7f5e8fa9ce014cd0d7d22ca6bd452df8cc03588e Mon Sep 17 00:00:00 2001 From: Gabi Davar Date: Wed, 25 Sep 2024 10:45:07 +0300 Subject: [PATCH 321/517] Make CRD categories useful (#3929) * Make CRD categories useful * one category for all ES objects. * one only for generators * add missing controller label on CRDs * fix UUID description (was referring to password) Signed-off-by: Gabi Davar * missing update Signed-off-by: Gabi Davar --------- Signed-off-by: Gabi Davar --- .../v1alpha1/externalsecret_types.go | 2 +- .../v1alpha1/pushsecret_types.go | 3 +- .../v1alpha1/secretstore_types.go | 4 +- .../v1beta1/clusterexternalsecret_types.go | 2 +- .../v1beta1/externalsecret_types.go | 2 +- .../v1beta1/secretstore_types.go | 4 +- apis/generators/v1alpha1/generator_acr.go | 2 +- apis/generators/v1alpha1/generator_ecr.go | 2 +- apis/generators/v1alpha1/generator_fake.go | 2 +- apis/generators/v1alpha1/generator_gcr.go | 2 +- apis/generators/v1alpha1/generator_github.go | 2 +- .../generators/v1alpha1/generator_password.go | 2 +- apis/generators/v1alpha1/generator_uuid.go | 7 ++- apis/generators/v1alpha1/generator_vault.go | 2 +- apis/generators/v1alpha1/generator_webhook.go | 2 +- ...nal-secrets.io_clusterexternalsecrets.yaml | 2 +- ...ternal-secrets.io_clustersecretstores.yaml | 2 +- .../external-secrets.io_externalsecrets.yaml | 2 +- .../external-secrets.io_pushsecrets.yaml | 4 +- .../external-secrets.io_secretstores.yaml | 2 +- ...s.external-secrets.io_acraccesstokens.yaml | 3 +- ...nal-secrets.io_ecrauthorizationtokens.yaml | 3 +- .../generators.external-secrets.io_fakes.yaml | 3 +- ...s.external-secrets.io_gcraccesstokens.yaml | 3 +- ...xternal-secrets.io_githubaccesstokens.yaml | 3 +- ...erators.external-secrets.io_passwords.yaml | 3 +- .../generators.external-secrets.io_uuids.yaml | 10 ++-- ...ternal-secrets.io_vaultdynamicsecrets.yaml | 3 +- ...nerators.external-secrets.io_webhooks.yaml | 3 +- .../tests/__snapshot__/crds_test.yaml.snap | 43 ++++++++++++++++- deploy/crds/bundle.yaml | 46 +++++++++++-------- 31 files changed, 117 insertions(+), 58 deletions(-) diff --git a/apis/externalsecrets/v1alpha1/externalsecret_types.go b/apis/externalsecrets/v1alpha1/externalsecret_types.go index b277741d1d8..b6979619f63 100644 --- a/apis/externalsecrets/v1alpha1/externalsecret_types.go +++ b/apis/externalsecrets/v1alpha1/externalsecret_types.go @@ -235,7 +235,7 @@ type ExternalSecretStatus struct { // ExternalSecret is the Schema for the external-secrets API. // +kubebuilder:subresource:status // +kubebuilder:deprecatedversion -// +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=es +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets},shortName=es // +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` // +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval` // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` diff --git a/apis/externalsecrets/v1alpha1/pushsecret_types.go b/apis/externalsecrets/v1alpha1/pushsecret_types.go index 3fc221620d5..3f85a311c86 100644 --- a/apis/externalsecrets/v1alpha1/pushsecret_types.go +++ b/apis/externalsecrets/v1alpha1/pushsecret_types.go @@ -198,7 +198,8 @@ type PushSecretStatus struct { // +kubebuilder:printcolumn:name="AGE",type="date",JSONPath=".metadata.creationTimestamp" // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` // +kubebuilder:subresource:status -// +kubebuilder:resource:scope=Namespaced,categories={pushsecrets} +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets} type PushSecret struct { metav1.TypeMeta `json:",inline"` diff --git a/apis/externalsecrets/v1alpha1/secretstore_types.go b/apis/externalsecrets/v1alpha1/secretstore_types.go index d539449445e..c04f2ea253e 100644 --- a/apis/externalsecrets/v1alpha1/secretstore_types.go +++ b/apis/externalsecrets/v1alpha1/secretstore_types.go @@ -136,7 +136,7 @@ type SecretStoreStatus struct { // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` // +kubebuilder:subresource:status // +kubebuilder:deprecatedversion -// +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=ss +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets},shortName=ss type SecretStore struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -161,7 +161,7 @@ type SecretStoreList struct { // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` // +kubebuilder:deprecatedversion // +kubebuilder:subresource:status -// +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=css +// +kubebuilder:resource:scope=Cluster,categories={external-secrets},shortName=css type ClusterSecretStore struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/externalsecrets/v1beta1/clusterexternalsecret_types.go b/apis/externalsecrets/v1beta1/clusterexternalsecret_types.go index 31a4207f1b8..81c962ff308 100644 --- a/apis/externalsecrets/v1beta1/clusterexternalsecret_types.go +++ b/apis/externalsecrets/v1beta1/clusterexternalsecret_types.go @@ -100,7 +100,7 @@ type ClusterExternalSecretStatus struct { // +kubebuilder:object:root=true // +kubebuilder:storageversion -// +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=ces +// +kubebuilder:resource:scope=Cluster,categories={external-secrets},shortName=ces // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" // +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.externalSecretSpec.secretStoreRef.name` diff --git a/apis/externalsecrets/v1beta1/externalsecret_types.go b/apis/externalsecrets/v1beta1/externalsecret_types.go index 50e43941f80..416c8a7dabf 100644 --- a/apis/externalsecrets/v1beta1/externalsecret_types.go +++ b/apis/externalsecrets/v1beta1/externalsecret_types.go @@ -454,7 +454,7 @@ type ExternalSecretStatus struct { // ExternalSecret is the Schema for the external-secrets API. // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=es +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets},shortName=es // +kubebuilder:printcolumn:name="Store",type=string,JSONPath=`.spec.secretStoreRef.name` // +kubebuilder:printcolumn:name="Refresh Interval",type=string,JSONPath=`.spec.refreshInterval` // +kubebuilder:printcolumn:name="Status",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].reason` diff --git a/apis/externalsecrets/v1beta1/secretstore_types.go b/apis/externalsecrets/v1beta1/secretstore_types.go index c9fd73be705..eacb9a65381 100644 --- a/apis/externalsecrets/v1beta1/secretstore_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_types.go @@ -280,7 +280,7 @@ type SecretStoreStatus struct { // +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={externalsecrets},shortName=ss +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets},shortName=ss type SecretStore struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -308,7 +308,7 @@ type SecretStoreList struct { // +kubebuilder:printcolumn:name="Ready",type=string,JSONPath=`.status.conditions[?(@.type=="Ready")].status` // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Cluster,categories={externalsecrets},shortName=css +// +kubebuilder:resource:scope=Cluster,categories={external-secrets},shortName=css type ClusterSecretStore struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_acr.go b/apis/generators/v1alpha1/generator_acr.go index 744992968fd..c1b19d368bd 100644 --- a/apis/generators/v1alpha1/generator_acr.go +++ b/apis/generators/v1alpha1/generator_acr.go @@ -105,7 +105,7 @@ type AzureACRServicePrincipalAuthSecretRef struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={acraccesstoken},shortName=acraccesstoken +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=acraccesstoken type ACRAccessToken struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_ecr.go b/apis/generators/v1alpha1/generator_ecr.go index 0d828594d57..30e2fbe7414 100644 --- a/apis/generators/v1alpha1/generator_ecr.go +++ b/apis/generators/v1alpha1/generator_ecr.go @@ -75,7 +75,7 @@ type AWSJWTAuth struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={ecrauthorizationtoken},shortName=ecrauthorizationtoken +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=ecrauthorizationtoken type ECRAuthorizationToken struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_fake.go b/apis/generators/v1alpha1/generator_fake.go index 0c0b060a821..d62bbd5f41f 100644 --- a/apis/generators/v1alpha1/generator_fake.go +++ b/apis/generators/v1alpha1/generator_fake.go @@ -36,7 +36,7 @@ type FakeSpec struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={fake},shortName=fake +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=fake type Fake struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_gcr.go b/apis/generators/v1alpha1/generator_gcr.go index af4050379ae..08c67571315 100644 --- a/apis/generators/v1alpha1/generator_gcr.go +++ b/apis/generators/v1alpha1/generator_gcr.go @@ -53,7 +53,7 @@ type GCPWorkloadIdentity struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={gcraccesstoken},shortName=gcraccesstoken +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=gcraccesstoken type GCRAccessToken struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_github.go b/apis/generators/v1alpha1/generator_github.go index 7737797e8fc..e8a35c3265e 100644 --- a/apis/generators/v1alpha1/generator_github.go +++ b/apis/generators/v1alpha1/generator_github.go @@ -42,7 +42,7 @@ type GithubSecretRef struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={githubaccesstoken},shortName=githubaccesstoken +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=githubaccesstoken type GithubAccessToken struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_password.go b/apis/generators/v1alpha1/generator_password.go index 717d0a11738..1eff0be8c51 100644 --- a/apis/generators/v1alpha1/generator_password.go +++ b/apis/generators/v1alpha1/generator_password.go @@ -53,7 +53,7 @@ type PasswordSpec struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={password},shortName=password +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=password type Password struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_uuid.go b/apis/generators/v1alpha1/generator_uuid.go index d9d5973cbf9..5059d84cb61 100644 --- a/apis/generators/v1alpha1/generator_uuid.go +++ b/apis/generators/v1alpha1/generator_uuid.go @@ -21,13 +21,12 @@ import ( // UUIDSpec controls the behavior of the uuid generator. type UUIDSpec struct{} -// Password generates a random password based on the -// configuration parameters in spec. -// You can specify the length, characterset and other attributes. +// UUID generates a version 1 UUID (e56657e3-764f-11ef-a397-65231a88c216). // +kubebuilder:object:root=true // +kubebuilder:storageversion // +kubebuilder:subresource:status -// +kubebuilder:resource:scope=Namespaced,categories={password},shortName=uuids +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=uuids type UUID struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_vault.go b/apis/generators/v1alpha1/generator_vault.go index 24bc599aed1..220e94d39cf 100644 --- a/apis/generators/v1alpha1/generator_vault.go +++ b/apis/generators/v1alpha1/generator_vault.go @@ -60,7 +60,7 @@ const ( // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={vaultdynamicsecret},shortName=vaultdynamicsecret +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=vaultdynamicsecret type VaultDynamicSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_webhook.go b/apis/generators/v1alpha1/generator_webhook.go index 723711d20f3..dc52e8195db 100644 --- a/apis/generators/v1alpha1/generator_webhook.go +++ b/apis/generators/v1alpha1/generator_webhook.go @@ -113,7 +113,7 @@ type SecretKeySelector struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={webhook},shortName=webhookl +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=webhookl type Webhook struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml index c38d5a747f1..8b94527f622 100644 --- a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml @@ -10,7 +10,7 @@ spec: group: external-secrets.io names: categories: - - externalsecrets + - external-secrets kind: ClusterExternalSecret listKind: ClusterExternalSecretList plural: clusterexternalsecrets diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 724a772f13f..a12ccbc161f 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -10,7 +10,7 @@ spec: group: external-secrets.io names: categories: - - externalsecrets + - external-secrets kind: ClusterSecretStore listKind: ClusterSecretStoreList plural: clustersecretstores diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index ddb24969b8c..5b2212fad64 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -10,7 +10,7 @@ spec: group: external-secrets.io names: categories: - - externalsecrets + - external-secrets kind: ExternalSecret listKind: ExternalSecretList plural: externalsecrets diff --git a/config/crds/bases/external-secrets.io_pushsecrets.yaml b/config/crds/bases/external-secrets.io_pushsecrets.yaml index 16494411cef..0322bfae5a1 100644 --- a/config/crds/bases/external-secrets.io_pushsecrets.yaml +++ b/config/crds/bases/external-secrets.io_pushsecrets.yaml @@ -3,12 +3,14 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.3 + labels: + external-secrets.io/component: controller name: pushsecrets.external-secrets.io spec: group: external-secrets.io names: categories: - - pushsecrets + - external-secrets kind: PushSecret listKind: PushSecretList plural: pushsecrets diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index 5e6c873f927..41e2e55d8b2 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -10,7 +10,7 @@ spec: group: external-secrets.io names: categories: - - externalsecrets + - external-secrets kind: SecretStore listKind: SecretStoreList plural: secretstores diff --git a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml index 9d6b4a98cf8..925aa163947 100644 --- a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml @@ -10,7 +10,8 @@ spec: group: generators.external-secrets.io names: categories: - - acraccesstoken + - external-secrets + - external-secrets-generators kind: ACRAccessToken listKind: ACRAccessTokenList plural: acraccesstokens diff --git a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml index 7953bdcacd3..367d2adf6a2 100644 --- a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml @@ -10,7 +10,8 @@ spec: group: generators.external-secrets.io names: categories: - - ecrauthorizationtoken + - external-secrets + - external-secrets-generators kind: ECRAuthorizationToken listKind: ECRAuthorizationTokenList plural: ecrauthorizationtokens diff --git a/config/crds/bases/generators.external-secrets.io_fakes.yaml b/config/crds/bases/generators.external-secrets.io_fakes.yaml index 6896c2576b5..407d277618d 100644 --- a/config/crds/bases/generators.external-secrets.io_fakes.yaml +++ b/config/crds/bases/generators.external-secrets.io_fakes.yaml @@ -10,7 +10,8 @@ spec: group: generators.external-secrets.io names: categories: - - fake + - external-secrets + - external-secrets-generators kind: Fake listKind: FakeList plural: fakes diff --git a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml index 828ffce07c1..6eb90d119d1 100644 --- a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml @@ -10,7 +10,8 @@ spec: group: generators.external-secrets.io names: categories: - - gcraccesstoken + - external-secrets + - external-secrets-generators kind: GCRAccessToken listKind: GCRAccessTokenList plural: gcraccesstokens diff --git a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml index 537cf323ebf..5045f809a9b 100644 --- a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml @@ -10,7 +10,8 @@ spec: group: generators.external-secrets.io names: categories: - - githubaccesstoken + - external-secrets + - external-secrets-generators kind: GithubAccessToken listKind: GithubAccessTokenList plural: githubaccesstokens diff --git a/config/crds/bases/generators.external-secrets.io_passwords.yaml b/config/crds/bases/generators.external-secrets.io_passwords.yaml index 23a1b10bcd5..8ffddf578ca 100644 --- a/config/crds/bases/generators.external-secrets.io_passwords.yaml +++ b/config/crds/bases/generators.external-secrets.io_passwords.yaml @@ -10,7 +10,8 @@ spec: group: generators.external-secrets.io names: categories: - - password + - external-secrets + - external-secrets-generators kind: Password listKind: PasswordList plural: passwords diff --git a/config/crds/bases/generators.external-secrets.io_uuids.yaml b/config/crds/bases/generators.external-secrets.io_uuids.yaml index fd37057316e..a101dbe6697 100644 --- a/config/crds/bases/generators.external-secrets.io_uuids.yaml +++ b/config/crds/bases/generators.external-secrets.io_uuids.yaml @@ -3,12 +3,15 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.3 + labels: + external-secrets.io/component: controller name: uuids.generators.external-secrets.io spec: group: generators.external-secrets.io names: categories: - - password + - external-secrets + - external-secrets-generators kind: UUID listKind: UUIDList plural: uuids @@ -20,10 +23,7 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - Password generates a random password based on the - configuration parameters in spec. - You can specify the length, characterset and other attributes. + description: UUID generates a version 1 UUID (e56657e3-764f-11ef-a397-65231a88c216). properties: apiVersion: description: |- diff --git a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml index ea9d1adcfc4..ff0c9c61d7e 100644 --- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml +++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml @@ -10,7 +10,8 @@ spec: group: generators.external-secrets.io names: categories: - - vaultdynamicsecret + - external-secrets + - external-secrets-generators kind: VaultDynamicSecret listKind: VaultDynamicSecretList plural: vaultdynamicsecrets diff --git a/config/crds/bases/generators.external-secrets.io_webhooks.yaml b/config/crds/bases/generators.external-secrets.io_webhooks.yaml index b9d60284733..c26d364b5f3 100644 --- a/config/crds/bases/generators.external-secrets.io_webhooks.yaml +++ b/config/crds/bases/generators.external-secrets.io_webhooks.yaml @@ -10,7 +10,8 @@ spec: group: generators.external-secrets.io names: categories: - - webhook + - external-secrets + - external-secrets-generators kind: Webhook listKind: WebhookList plural: webhooks diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index dffcf49e2bb..5a9c74784ac 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -22,7 +22,7 @@ should match snapshot of default values: group: external-secrets.io names: categories: - - externalsecrets + - external-secrets kind: SecretStore listKind: SecretStoreList plural: secretstores @@ -3518,6 +3518,41 @@ should match snapshot of default values: - database - host type: object + previder: + description: Previder configures this store to sync secrets using the Previder provider + properties: + auth: + description: PreviderAuth contains a secretRef for credentials. + properties: + secretRef: + description: PreviderAuthSecretRef holds secret references for Previder Vault credentials. + properties: + accessToken: + description: The AccessToken is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - accessToken + type: object + type: object + baseUri: + type: string + required: + - auth + type: object pulumi: description: Pulumi configures this store to sync secrets using the Pulumi provider properties: @@ -3543,7 +3578,7 @@ should match snapshot of default values: type: object type: object apiUrl: - default: https://api.pulumi.com/api/preview + default: https://api.pulumi.com/api/esc description: APIURL is the URL of the Pulumi API. type: string environment: @@ -3558,10 +3593,14 @@ should match snapshot of default values: Organization are a space to collaborate on shared projects and stacks. To create a new organization, visit https://app.pulumi.com/ and click "New Organization". type: string + project: + description: Project is the name of the Pulumi ESC project the environment belongs to. + type: string required: - accessToken - environment - organization + - project type: object scaleway: description: Scaleway diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index e72f9acc579..e4fb22963f2 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -10,7 +10,7 @@ spec: group: external-secrets.io names: categories: - - externalsecrets + - external-secrets kind: ClusterExternalSecret listKind: ClusterExternalSecretList plural: clusterexternalsecrets @@ -667,7 +667,7 @@ spec: group: external-secrets.io names: categories: - - externalsecrets + - external-secrets kind: ClusterSecretStore listKind: ClusterSecretStoreList plural: clustersecretstores @@ -5298,7 +5298,7 @@ spec: group: external-secrets.io names: categories: - - externalsecrets + - external-secrets kind: ExternalSecret listKind: ExternalSecretList plural: externalsecrets @@ -6102,12 +6102,14 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.3 + labels: + external-secrets.io/component: controller name: pushsecrets.external-secrets.io spec: group: external-secrets.io names: categories: - - pushsecrets + - external-secrets kind: PushSecret listKind: PushSecretList plural: pushsecrets @@ -6486,7 +6488,7 @@ spec: group: external-secrets.io names: categories: - - externalsecrets + - external-secrets kind: SecretStore listKind: SecretStoreList plural: secretstores @@ -11117,7 +11119,8 @@ spec: group: generators.external-secrets.io names: categories: - - acraccesstoken + - external-secrets + - external-secrets-generators kind: ACRAccessToken listKind: ACRAccessTokenList plural: acraccesstokens @@ -11311,7 +11314,8 @@ spec: group: generators.external-secrets.io names: categories: - - ecrauthorizationtoken + - external-secrets + - external-secrets-generators kind: ECRAuthorizationToken listKind: ECRAuthorizationTokenList plural: ecrauthorizationtokens @@ -11479,7 +11483,8 @@ spec: group: generators.external-secrets.io names: categories: - - fake + - external-secrets + - external-secrets-generators kind: Fake listKind: FakeList plural: fakes @@ -11556,7 +11561,8 @@ spec: group: generators.external-secrets.io names: categories: - - gcraccesstoken + - external-secrets + - external-secrets-generators kind: GCRAccessToken listKind: GCRAccessTokenList plural: gcraccesstokens @@ -11685,7 +11691,8 @@ spec: group: generators.external-secrets.io names: categories: - - githubaccesstoken + - external-secrets + - external-secrets-generators kind: GithubAccessToken listKind: GithubAccessTokenList plural: githubaccesstokens @@ -11788,7 +11795,8 @@ spec: group: generators.external-secrets.io names: categories: - - password + - external-secrets + - external-secrets-generators kind: Password listKind: PasswordList plural: passwords @@ -11880,12 +11888,15 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.3 + labels: + external-secrets.io/component: controller name: uuids.generators.external-secrets.io spec: group: generators.external-secrets.io names: categories: - - password + - external-secrets + - external-secrets-generators kind: UUID listKind: UUIDList plural: uuids @@ -11897,10 +11908,7 @@ spec: - name: v1alpha1 schema: openAPIV3Schema: - description: |- - Password generates a random password based on the - configuration parameters in spec. - You can specify the length, characterset and other attributes. + description: UUID generates a version 1 UUID (e56657e3-764f-11ef-a397-65231a88c216). properties: apiVersion: description: |- @@ -11950,7 +11958,8 @@ spec: group: generators.external-secrets.io names: categories: - - vaultdynamicsecret + - external-secrets + - external-secrets-generators kind: VaultDynamicSecret listKind: VaultDynamicSecretList plural: vaultdynamicsecrets @@ -12648,7 +12657,8 @@ spec: group: generators.external-secrets.io names: categories: - - webhook + - external-secrets + - external-secrets-generators kind: Webhook listKind: WebhookList plural: webhooks From a50dff013c8a6e0fc12f2e6ab78172b7b4ae46bd Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Wed, 25 Sep 2024 09:46:58 +0200 Subject: [PATCH 322/517] fix: uuid generator doc example links (#3955) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/api/generator/uuid.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/api/generator/uuid.md b/docs/api/generator/uuid.md index 0808b82c933..2426647fab5 100644 --- a/docs/api/generator/uuid.md +++ b/docs/api/generator/uuid.md @@ -13,13 +13,13 @@ The UUID generator does not require any additional parameters. ## Example Manifest ```yaml -{ % include 'generator-uuid.yaml' % } +{% include 'generator-uuid.yaml' %} ``` Example `ExternalSecret` that references the UUID generator: ```yaml -{ % include 'generator-uuid-example.yaml' % } +{% include 'generator-uuid-example.yaml' %} ``` Which will generate a `Kind=Secret` with a key called 'uuid' that may look like: From d02f60000969779e460d43e933f72792b651ab10 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Wed, 25 Sep 2024 13:07:24 +0200 Subject: [PATCH 323/517] release: update helm charts to version v0.10.4 (#3957) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- deploy/charts/external-secrets/Chart.yaml | 4 ++-- deploy/charts/external-secrets/README.md | 2 +- .../__snapshot__/cert_controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/webhook_test.yaml.snap | 14 +++++++------- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index c07ae03ce93..fff42607fb6 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.10.3" -appVersion: "v0.10.3" +version: "0.10.4" +appVersion: "v0.10.4" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index d52afe16bf6..89f7b57bc61 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.3](https://img.shields.io/badge/Version-0.10.3-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.4](https://img.shields.io/badge/Version-0.10.4-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 3c40f7d71f2..8286a0b6759 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.3 - helm.sh/chart: external-secrets-0.10.3 + app.kubernetes.io/version: v0.10.4 + helm.sh/chart: external-secrets-0.10.4 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.3 - helm.sh/chart: external-secrets-0.10.3 + app.kubernetes.io/version: v0.10.4 + helm.sh/chart: external-secrets-0.10.4 spec: automountServiceAccountToken: true containers: @@ -41,7 +41,7 @@ should match snapshot of default values: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.3 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.4 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 186a53420c4..258ab5ce8fc 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.3 - helm.sh/chart: external-secrets-0.10.3 + app.kubernetes.io/version: v0.10.4 + helm.sh/chart: external-secrets-0.10.4 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.3 - helm.sh/chart: external-secrets-0.10.3 + app.kubernetes.io/version: v0.10.4 + helm.sh/chart: external-secrets-0.10.4 spec: automountServiceAccountToken: true containers: @@ -34,7 +34,7 @@ should match snapshot of default values: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.3 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.4 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 962ca144989..c52be45a6df 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.3 - helm.sh/chart: external-secrets-0.10.3 + app.kubernetes.io/version: v0.10.4 + helm.sh/chart: external-secrets-0.10.4 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.3 - helm.sh/chart: external-secrets-0.10.3 + app.kubernetes.io/version: v0.10.4 + helm.sh/chart: external-secrets-0.10.4 spec: automountServiceAccountToken: true containers: @@ -39,7 +39,7 @@ should match snapshot of default values: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.3 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.4 imagePullPolicy: IfNotPresent name: webhook ports: @@ -83,8 +83,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.3 + app.kubernetes.io/version: v0.10.4 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.10.3 + helm.sh/chart: external-secrets-0.10.4 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From 858fe6b53ccceddafc41947903fe4c10b9a3ebc1 Mon Sep 17 00:00:00 2001 From: Samuel Wambach <7828075+samwambach@users.noreply.github.com> Date: Thu, 26 Sep 2024 22:44:09 -0700 Subject: [PATCH 324/517] Add StoreKind to Webhook. (#3960) Signed-off-by: Samuel Wambach <7828075+samwambach@users.noreply.github.com> --- pkg/provider/webhook/webhook.go | 1 + 1 file changed, 1 insertion(+) diff --git a/pkg/provider/webhook/webhook.go b/pkg/provider/webhook/webhook.go index bec04ef1b8c..5f7f5257255 100644 --- a/pkg/provider/webhook/webhook.go +++ b/pkg/provider/webhook/webhook.go @@ -65,6 +65,7 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, wh := webhook.Webhook{ Kube: kube, Namespace: namespace, + StoreKind: store.GetObjectKind().GroupVersionKind().Kind, } whClient := &WebHook{ store: store, From 108fa6848cf0ab6392e5662c33e01668aa812060 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 13:03:16 +0200 Subject: [PATCH 325/517] chore(deps): bump actions/checkout from 4.1.7 to 4.2.0 (#3966) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.7 to 4.2.0. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/692973e3d937129bcbf40652eb9f2f61becf3332...d632683dd7b4114ad314bca15554477dd762a938) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- .github/workflows/dlc.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/e2e-managed.yml | 2 +- .github/workflows/e2e.yml | 4 ++-- .github/workflows/helm.yml | 4 ++-- .github/workflows/publish.yml | 4 ++-- .github/workflows/rebuild-image.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- .github/workflows/update-deps.yml | 4 ++-- 11 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 98691952b75..23f16d2be72 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -100,7 +100,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Fetch History run: git fetch --prune --unshallow diff --git a/.github/workflows/dlc.yml b/.github/workflows/dlc.yml index ac7dae071f4..2ff8a7e87c1 100644 --- a/.github/workflows/dlc.yml +++ b/.github/workflows/dlc.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout Code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: "Run FOSSA Scan" uses: fossas/fossa-action@09bcf127dc0ccb4b5a023f6f906728878e8610ba # main diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index d675f59f9bc..c43a3b1848d 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -15,7 +15,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/e2e-managed.yml b/.github/workflows/e2e-managed.yml index 35356234008..d1e7a36bbc4 100644 --- a/.github/workflows/e2e-managed.yml +++ b/.github/workflows/e2e-managed.yml @@ -64,7 +64,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test-managed checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: 'refs/pull/${{ env.GITHUB_PR_NUMBER }}/merge' diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 2a280431ea7..6d9abc8241d 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -66,7 +66,7 @@ jobs: steps: - name: Branch based PR checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Fetch History run: git fetch --prune --unshallow @@ -85,7 +85,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: '${{ env.TARGET_SHA }}' diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 64ad3552f5e..1ee580bf323 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9e9ae09ce6e..f03cbb43624 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -50,7 +50,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: ${{ inputs.ref }} @@ -140,7 +140,7 @@ jobs: needs: build-publish steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Sign image if: env.IS_FORK == 'false' uses: ./.github/actions/sign diff --git a/.github/workflows/rebuild-image.yml b/.github/workflows/rebuild-image.yml index 746a3b4180a..2bbb6f2c35a 100644 --- a/.github/workflows/rebuild-image.yml +++ b/.github/workflows/rebuild-image.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 434f2460671..be1efa54e17 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 ref: ${{ github.event.inputs.source_ref }} @@ -71,7 +71,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ddcfdd9502a..3be93ef280f 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -20,7 +20,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index 154da7f2c0b..76fe90cc5d4 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} @@ -52,7 +52,7 @@ jobs: with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.PRIVATE_KEY }} - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: token: ${{ steps.generate_token.outputs.token }} ref: ${{ matrix.branch }} From 7443370c2e00109287a936cde1a93d07330b24ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 13:05:24 +0200 Subject: [PATCH 326/517] chore(deps): bump github/codeql-action from 3.26.8 to 3.26.9 (#3967) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.8 to 3.26.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/294a9d92911152fe08befb9ec03e240add280cb3...461ef6c76dfe95d5c364de2f431ddbd31a417628) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 3be93ef280f..380fd38ab80 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: results.sarif From d4208375ef854c9f19d9bc8bfc38e9af37197718 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 13:06:23 +0200 Subject: [PATCH 327/517] chore(deps): bump watchdog from 5.0.2 to 5.0.3 in /hack/api-docs (#3971) Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 5.0.2 to 5.0.3. - [Release notes](https://github.com/gorakhargosh/watchdog/releases) - [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst) - [Commits](https://github.com/gorakhargosh/watchdog/compare/v5.0.2...v5.0.3) --- updated-dependencies: - dependency-name: watchdog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 6109f6124aa..5575e8c28af 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -38,5 +38,5 @@ termcolor==2.4.0 tornado==6.4.1 urllib3==2.2.3 verspec==0.1.0 -watchdog==5.0.2 +watchdog==5.0.3 zipp==3.20.2 From 2cb55861a716ac01ad72d06f42da4a2cb5526e7a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 30 Sep 2024 20:01:04 +0200 Subject: [PATCH 328/517] chore(deps): bump pymdown-extensions in /hack/api-docs (#3972) Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.9 to 10.11.1. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.9...10.11.1) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 5575e8c28af..dcff02cc5ca 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -27,7 +27,7 @@ pathspec==0.12.1 pep562==1.1 platformdirs==4.3.6 Pygments==2.18.0 -pymdown-extensions==10.9 +pymdown-extensions==10.11.1 python-dateutil==2.9.0.post0 PyYAML==6.0.2 pyyaml_env_tag==0.1 From 032001650b322527949f39b959fc302dcde0d46f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 11:38:20 +0200 Subject: [PATCH 329/517] chore(deps): bump mkdocs-material in /hack/api-docs (#3973) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.36 to 9.5.39. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.36...9.5.39) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index dcff02cc5ca..559dcf122ee 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 mkdocs-macros-plugin==1.2.0 -mkdocs-material==9.5.36 +mkdocs-material==9.5.39 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 From 0d0c1435661e18318e87d9ae4f9c4eef65425982 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 20:57:10 +0200 Subject: [PATCH 330/517] chore(deps): bump golang from `1a5326b` to `dba79eb` in /e2e (#3968) Bumps golang from `1a5326b` to `dba79eb`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index d6e9a1823f2..123cb884749 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.1-bookworm@sha256:1a5326b07cbab12f4fd7800425f2cf25ff2bd62c404ef41b56cb99669a710a83 as builder +FROM golang:1.23.1-bookworm@sha256:dba79eb312528369dea87532a65dbe9d4efb26439a0feacc9e7ac9b0f1c7f607 as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From 62353be9adeb3ed8d914c2ab50ec91dd333433e8 Mon Sep 17 00:00:00 2001 From: cui fliter Date: Wed, 2 Oct 2024 02:58:23 +0800 Subject: [PATCH 331/517] fix: fix slice assignment issue (#3964) Signed-off-by: cuishuang Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/azure/keyvault/keyvault_test.go | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) diff --git a/pkg/provider/azure/keyvault/keyvault_test.go b/pkg/provider/azure/keyvault/keyvault_test.go index 13afc41b3ee..585cd3e25f0 100644 --- a/pkg/provider/azure/keyvault/keyvault_test.go +++ b/pkg/provider/azure/keyvault/keyvault_test.go @@ -1415,11 +1415,8 @@ func TestAzureKeyVaultSecretManagerGetAllSecrets(t *testing.T) { Attributes: &enabledAtt, } - secretList := make([]keyvault.SecretItem, 0) - secretList = append(secretList, secretItem) - list := keyvault.SecretListResult{ - Value: &secretList, + Value: &[]keyvault.SecretItem{secretItem}, } resultPage := keyvault.NewSecretListResultPage(list, getNextPage) @@ -1447,11 +1444,8 @@ func TestAzureKeyVaultSecretManagerGetAllSecrets(t *testing.T) { Attributes: &enabledAtt, } - secretList := make([]keyvault.SecretItem, 1) - secretList = append(secretList, secretItemOne, secretItemTwo) - list := keyvault.SecretListResult{ - Value: &secretList, + Value: &[]keyvault.SecretItem{secretItemOne, secretItemTwo}, } resultPage := keyvault.NewSecretListResultPage(list, getNextPage) @@ -1475,11 +1469,8 @@ func TestAzureKeyVaultSecretManagerGetAllSecrets(t *testing.T) { Tags: map[string]*string{"environment": &environment}, } - secretList := make([]keyvault.SecretItem, 0) - secretList = append(secretList, secretItem) - list := keyvault.SecretListResult{ - Value: &secretList, + Value: &[]keyvault.SecretItem{secretItem}, } resultPage := keyvault.NewSecretListResultPage(list, getNextPage) @@ -1505,11 +1496,8 @@ func TestAzureKeyVaultSecretManagerGetAllSecrets(t *testing.T) { Tags: map[string]*string{"environment": &environment, "author": &author}, } - secretList := make([]keyvault.SecretItem, 0) - secretList = append(secretList, secretItem) - list := keyvault.SecretListResult{ - Value: &secretList, + Value: &[]keyvault.SecretItem{secretItem}, } resultPage := keyvault.NewSecretListResultPage(list, getNextPage) From b4370ac3af4c943efc7244d90e69ced58951b9fe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 21:41:44 +0200 Subject: [PATCH 332/517] chore(deps): bump golang from `ac67716` to `ac67716` (#3969) Bumps golang from `ac67716` to `ac67716`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- tilt.debug.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index f548975fd49..57b9cb5ca4b 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.1@sha256:2fe82a3f3e006b4f2a316c6a21f62b66e1330ae211d039bb8d1128e12ed57bf1 +FROM golang:1.23.1@sha256:4f063a24d429510e512cc730c3330292ff49f3ade3ae79bda8f84a24fa25ecb0 WORKDIR / COPY ./bin/external-secrets /external-secrets From 5ec542b6542cbb1479dda3081ad75785d9d5b1f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 22:08:41 +0200 Subject: [PATCH 333/517] chore(deps): bump distroless/static from `b033683` to `69830f2` (#3970) Bumps distroless/static from `b033683` to `69830f2`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile | 2 +- Dockerfile.standalone | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 05551bbd06f..6543de2ee6a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM gcr.io/distroless/static@sha256:b033683de7de51d8cce5aa4b47c1b9906786f6256017ca8b17b2551947fcf6d8 +FROM gcr.io/distroless/static@sha256:69830f29ed7545c762777507426a412f97dad3d8d32bae3e74ad3fb6160917ea ARG TARGETOS ARG TARGETARCH COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 33b4d5f2935..1af9aba429f 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -12,7 +12,7 @@ COPY . /app/ RUN go build -o external-secrets main.go -FROM gcr.io/distroless/static@sha256:b033683de7de51d8cce5aa4b47c1b9906786f6256017ca8b17b2551947fcf6d8 AS app +FROM gcr.io/distroless/static@sha256:69830f29ed7545c762777507426a412f97dad3d8d32bae3e74ad3fb6160917ea AS app COPY --from=builder /app/external-secrets /bin/external-secrets # Run as UID for nobody From f67b935116920c360e44d1a1d5bbcc1c077b9a68 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Tue, 1 Oct 2024 20:20:32 +0000 Subject: [PATCH 334/517] update dependencies (#3974) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator --- e2e/go.mod | 20 ++++++++++---------- e2e/go.sum | 40 ++++++++++++++++++++-------------------- go.mod | 20 ++++++++++---------- go.sum | 40 ++++++++++++++++++++-------------------- 4 files changed, 60 insertions(+), 60 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index ee99e1fc616..77c4a995ce9 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -58,11 +58,11 @@ require ( github.com/hashicorp/vault/api v1.15.0 github.com/onsi/ginkgo/v2 v2.20.2 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.74.0 + github.com/oracle/oci-go-sdk/v65 v65.75.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 github.com/xanzy/go-gitlab v0.109.0 golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.198.0 + google.golang.org/api v0.199.0 k8s.io/api v0.31.1 k8s.io/apiextensions-apiserver v0.31.1 k8s.io/apimachinery v0.31.1 @@ -74,9 +74,9 @@ require ( ) require ( - cloud.google.com/go/auth v0.9.4 // indirect + cloud.google.com/go/auth v0.9.5 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect - cloud.google.com/go/compute/metadata v0.5.1 // indirect + cloud.google.com/go/compute/metadata v0.5.2 // indirect cloud.google.com/go/iam v1.2.1 // indirect dario.cat/mergo v1.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect @@ -128,7 +128,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134 // indirect + github.com/google/pprof v0.0.0-20240929191954-255acd752d31 // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect @@ -141,14 +141,14 @@ require ( github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect - github.com/hashicorp/go-sockaddr v1.0.6 // indirect + github.com/hashicorp/go-sockaddr v1.0.7 // indirect github.com/hashicorp/hcl v1.0.1-vault-5 // indirect github.com/huandu/xstrings v1.5.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.9 // indirect + github.com/klauspost/compress v1.17.10 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/lestrrat-go/blackmagic v1.0.2 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect @@ -202,9 +202,9 @@ require ( golang.org/x/time v0.6.0 // indirect golang.org/x/tools v0.25.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect + google.golang.org/genproto v0.0.0-20240924160255-9d4c2d233b61 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240924160255-9d4c2d233b61 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61 // indirect google.golang.org/grpc v1.67.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 69445eddff9..3c164454755 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.4 h1:DxF7imbEbiFu9+zdKC6cKBko1e8XeJnipNqIbWZ+kDI= -cloud.google.com/go/auth v0.9.4/go.mod h1:SHia8n6//Ya940F1rLimhJCjjx7KE17t0ctFEci3HkA= +cloud.google.com/go/auth v0.9.5 h1:4CTn43Eynw40aFVr3GpPqsQponx2jv0BQpjvajsbbzw= +cloud.google.com/go/auth v0.9.5/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -31,8 +31,8 @@ cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUM cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.5.1 h1:NM6oZeZNlYjiwYje+sYFjEpP0Q0zCan1bmQW/KmIrGs= -cloud.google.com/go/compute/metadata v0.5.1/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= +cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= +cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU= @@ -293,8 +293,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134 h1:c5FlPPgxOn7kJz3VoPLkQYQXGBS3EklQ4Zfi57uOuqQ= -github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20240929191954-255acd752d31 h1:LcRdQWywSgfi5jPsYZ1r2avbbs5IQ5wtyhMBCcokyo4= +github.com/google/pprof v0.0.0-20240929191954-255acd752d31/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -329,8 +329,8 @@ github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSY github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8/go.mod h1:aiJI+PIApBRQG7FZTEBx5GiiX+HbOHilUdNxUZi4eV0= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= -github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I= -github.com/hashicorp/go-sockaddr v1.0.6/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI= +github.com/hashicorp/go-sockaddr v1.0.7 h1:G+pTkSO01HpR5qCxg7lxfsFEZaG+C0VssTy/9dbT+Fw= +github.com/hashicorp/go-sockaddr v1.0.7/go.mod h1:FZQbEYa1pxkQ7WLpyXJ6cbjpT8q0YgQaK/JakXqGyWw= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= @@ -358,8 +358,8 @@ github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1 github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= -github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.10 h1:oXAz+Vh0PMUvJczoi+flxpnBEPxoER1IaAnU/NMPtT0= +github.com/klauspost/compress v1.17.10/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -417,8 +417,8 @@ github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.74.0 h1:oA2VXpecSTwc45QJGsKNoxCBwbUMuXLQ2W4pLZZarro= -github.com/oracle/oci-go-sdk/v65 v65.74.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.75.0 h1:tifYRSqCjxANJb0xnMSZ6N2bF2xGyqcCIMg7xihgk+s= +github.com/oracle/oci-go-sdk/v65 v65.75.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -820,8 +820,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.198.0 h1:OOH5fZatk57iN0A7tjJQzt6aPfYQ1JiWkt1yGseazks= -google.golang.org/api v0.198.0/go.mod h1:/Lblzl3/Xqqk9hw/yS97TImKTUwnf1bv89v7+OagJzc= +google.golang.org/api v0.199.0 h1:aWUXClp+VFJmqE0JPvpZOK3LDQMyFKYIow4etYd9qxs= +google.golang.org/api v0.199.0/go.mod h1:ohG4qSztDJmZdjK/Ar6MhbAmb/Rpi4JHOqagsh90K28= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -869,12 +869,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20240924160255-9d4c2d233b61 h1:KipVMxePgXPFBzXOvpKbny3RVdVmJOD64R/Ob7GPWEs= +google.golang.org/genproto v0.0.0-20240924160255-9d4c2d233b61/go.mod h1:HiAZQz/G7n0EywFjmncAwsfnmFm2bjm7qPjwl8hyzjM= +google.golang.org/genproto/googleapis/api v0.0.0-20240924160255-9d4c2d233b61 h1:pAjq8XSSzXoP9ya73v/w+9QEAAJNluLrpmMq5qFJQNY= +google.golang.org/genproto/googleapis/api v0.0.0-20240924160255-9d4c2d233b61/go.mod h1:O6rP0uBq4k0mdi/b4ZEMAZjkhYWhS815kCvaMha4VN8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61 h1:N9BgCIAUvn/M+p4NJccWPWb3BWh88+zyL0ll9HgbEeM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= diff --git a/go.mod b/go.mod index 3c7d7bac241..e1b14a6f316 100644 --- a/go.mod +++ b/go.mod @@ -32,7 +32,7 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.20.2 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.74.0 + github.com/oracle/oci-go-sdk/v65 v65.75.0 github.com/prometheus/client_golang v1.20.4 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 @@ -45,8 +45,8 @@ require ( go.uber.org/zap v1.27.0 golang.org/x/crypto v0.27.0 golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.198.0 - google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 + google.golang.org/api v0.199.0 + google.golang.org/genproto v0.0.0-20240924160255-9d4c2d233b61 google.golang.org/grpc v1.67.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -101,9 +101,9 @@ require ( ) require ( - cloud.google.com/go/auth v0.9.4 // indirect + cloud.google.com/go/auth v0.9.5 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect - cloud.google.com/go/compute/metadata v0.5.1 // indirect + cloud.google.com/go/compute/metadata v0.5.2 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/ProtonMail/gopenpgp/v2 v2.7.5 // indirect @@ -135,7 +135,7 @@ require ( github.com/google/s2a-go v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect - github.com/klauspost/compress v1.17.9 // indirect + github.com/klauspost/compress v1.17.10 // indirect github.com/lestrrat-go/httprc v1.0.6 // indirect github.com/nxadm/tail v1.4.11 // indirect github.com/segmentio/asm v1.2.0 // indirect @@ -149,8 +149,8 @@ require ( go.opentelemetry.io/otel/metric v1.30.0 // indirect go.opentelemetry.io/otel/trace v1.30.0 // indirect golang.org/x/sync v0.8.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240924160255-9d4c2d233b61 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect @@ -195,7 +195,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134 // indirect + github.com/google/pprof v0.0.0-20240929191954-255acd752d31 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -205,7 +205,7 @@ require ( github.com/hashicorp/go-rootcerts v1.0.2 // indirect github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect - github.com/hashicorp/go-sockaddr v1.0.6 // indirect + github.com/hashicorp/go-sockaddr v1.0.7 // indirect github.com/hashicorp/hcl v1.0.1-vault-5 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect diff --git a/go.sum b/go.sum index f90b2bd2d6b..0b29ff49d7c 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.4 h1:DxF7imbEbiFu9+zdKC6cKBko1e8XeJnipNqIbWZ+kDI= -cloud.google.com/go/auth v0.9.4/go.mod h1:SHia8n6//Ya940F1rLimhJCjjx7KE17t0ctFEci3HkA= +cloud.google.com/go/auth v0.9.5 h1:4CTn43Eynw40aFVr3GpPqsQponx2jv0BQpjvajsbbzw= +cloud.google.com/go/auth v0.9.5/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -31,8 +31,8 @@ cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUM cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.5.1 h1:NM6oZeZNlYjiwYje+sYFjEpP0Q0zCan1bmQW/KmIrGs= -cloud.google.com/go/compute/metadata v0.5.1/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= +cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= +cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU= @@ -400,8 +400,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134 h1:c5FlPPgxOn7kJz3VoPLkQYQXGBS3EklQ4Zfi57uOuqQ= -github.com/google/pprof v0.0.0-20240910150728-a0b0bb1d4134/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20240929191954-255acd752d31 h1:LcRdQWywSgfi5jPsYZ1r2avbbs5IQ5wtyhMBCcokyo4= +github.com/google/pprof v0.0.0-20240929191954-255acd752d31/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -439,8 +439,8 @@ github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 h1:iBt4Ew4XEGLfh6/bPk4rSY github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8/go.mod h1:aiJI+PIApBRQG7FZTEBx5GiiX+HbOHilUdNxUZi4eV0= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 h1:kes8mmyCpxJsI7FTwtzRqEy9CdjCtrXrXGuOpxEA7Ts= github.com/hashicorp/go-secure-stdlib/strutil v0.1.2/go.mod h1:Gou2R9+il93BqX25LAKCLuM+y9U2T4hlwvT1yprcna4= -github.com/hashicorp/go-sockaddr v1.0.6 h1:RSG8rKU28VTUTvEKghe5gIhIQpv8evvNpnDEyqO4u9I= -github.com/hashicorp/go-sockaddr v1.0.6/go.mod h1:uoUUmtwU7n9Dv3O4SNLeFvg0SxQ3lyjsj6+CCykpaxI= +github.com/hashicorp/go-sockaddr v1.0.7 h1:G+pTkSO01HpR5qCxg7lxfsFEZaG+C0VssTy/9dbT+Fw= +github.com/hashicorp/go-sockaddr v1.0.7/go.mod h1:FZQbEYa1pxkQ7WLpyXJ6cbjpT8q0YgQaK/JakXqGyWw= github.com/hashicorp/go-uuid v1.0.3 h1:2gKiV6YVmrJ1i2CKKa9obLvRieoRGviZFL26PcT/Co8= github.com/hashicorp/go-uuid v1.0.3/go.mod h1:6SBZvOh/SIDV7/2o3Jml5SYk/TvGqwFJ/bN7x4byOro= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= @@ -487,8 +487,8 @@ github.com/keeper-security/secrets-manager-go/core v1.6.4 h1:ly2XvAgDxHoHVvFXOIY github.com/keeper-security/secrets-manager-go/core v1.6.4/go.mod h1:dtlaeeds9+SZsbDAZnQRsDSqEAK9a62SYtqhNql+VgQ= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= -github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.10 h1:oXAz+Vh0PMUvJczoi+flxpnBEPxoER1IaAnU/NMPtT0= +github.com/klauspost/compress v1.17.10/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= @@ -563,8 +563,8 @@ github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.74.0 h1:oA2VXpecSTwc45QJGsKNoxCBwbUMuXLQ2W4pLZZarro= -github.com/oracle/oci-go-sdk/v65 v65.74.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.75.0 h1:tifYRSqCjxANJb0xnMSZ6N2bF2xGyqcCIMg7xihgk+s= +github.com/oracle/oci-go-sdk/v65 v65.75.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.1 h1:boNYHZmSnWl/3bKbUiaWgF/mELCtHfliGHzggf884GE= github.com/passbolt/go-passbolt v0.7.1/go.mod h1:if/jzzYYUjRtq/5h+l+J5Dka0f5dED67QM1lhpTx4pY= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -1043,8 +1043,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.198.0 h1:OOH5fZatk57iN0A7tjJQzt6aPfYQ1JiWkt1yGseazks= -google.golang.org/api v0.198.0/go.mod h1:/Lblzl3/Xqqk9hw/yS97TImKTUwnf1bv89v7+OagJzc= +google.golang.org/api v0.199.0 h1:aWUXClp+VFJmqE0JPvpZOK3LDQMyFKYIow4etYd9qxs= +google.golang.org/api v0.199.0/go.mod h1:ohG4qSztDJmZdjK/Ar6MhbAmb/Rpi4JHOqagsh90K28= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1092,12 +1092,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1 h1:BulPr26Jqjnd4eYDVe+YvyR7Yc2vJGkO5/0UxD0/jZU= -google.golang.org/genproto v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:hL97c3SYopEHblzpxRL4lSs523++l8DYxGM1FQiYmb4= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1 h1:hjSy6tcFQZ171igDaN5QHOw2n6vx40juYbC/x67CEhc= -google.golang.org/genproto/googleapis/api v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:qpvKtACPCQhAdu3PyQgV4l3LMXZEtft7y8QcarRsp9I= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1 h1:pPJltXNxVzT4pK9yD8vR9X75DaWYYmLGMsEvBfFQZzQ= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240903143218-8af14fe29dc1/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20240924160255-9d4c2d233b61 h1:KipVMxePgXPFBzXOvpKbny3RVdVmJOD64R/Ob7GPWEs= +google.golang.org/genproto v0.0.0-20240924160255-9d4c2d233b61/go.mod h1:HiAZQz/G7n0EywFjmncAwsfnmFm2bjm7qPjwl8hyzjM= +google.golang.org/genproto/googleapis/api v0.0.0-20240924160255-9d4c2d233b61 h1:pAjq8XSSzXoP9ya73v/w+9QEAAJNluLrpmMq5qFJQNY= +google.golang.org/genproto/googleapis/api v0.0.0-20240924160255-9d4c2d233b61/go.mod h1:O6rP0uBq4k0mdi/b4ZEMAZjkhYWhS815kCvaMha4VN8= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61 h1:N9BgCIAUvn/M+p4NJccWPWb3BWh88+zyL0ll9HgbEeM= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= From 76cf8ad26326f3d0b01d0d52484c2b492002f456 Mon Sep 17 00:00:00 2001 From: Moritz Johner Date: Wed, 2 Oct 2024 08:43:00 +0200 Subject: [PATCH 335/517] feat: allow generators to be referenced from a PushSecret (#3965) This removes the need for an intermediary Kind=ExternalSecret and Kind=Secret when using a generator. Signed-off-by: Moritz Johner --- .../v1alpha1/pushsecret_types.go | 9 +- .../v1alpha1/zz_generated.deepcopy.go | 13 ++- cmd/root.go | 1 + .../external-secrets.io_pushsecrets.yaml | 22 ++++- deploy/crds/bundle.yaml | 21 ++++- docs/guides/pushsecrets.md | 9 ++ docs/snippets/full-pushsecret.yaml | 5 ++ ...pushsecret-generator-rotation-example.yaml | 33 ++++++++ .../provider/cases/template/template.go | 2 +- .../externalsecret_controller.go | 5 +- .../externalsecret_controller_secret.go | 59 +------------ .../pushsecret/pushsecret_controller.go | 44 ++++++++-- .../pushsecret/pushsecret_controller_test.go | 57 +++++++++++-- pkg/controllers/pushsecret/suite_test.go | 6 +- pkg/utils/resolvers/generator.go | 84 +++++++++++++++++++ 15 files changed, 288 insertions(+), 82 deletions(-) create mode 100644 docs/snippets/pushsecret-generator-rotation-example.yaml create mode 100644 pkg/utils/resolvers/generator.go diff --git a/apis/externalsecrets/v1alpha1/pushsecret_types.go b/apis/externalsecrets/v1alpha1/pushsecret_types.go index 3f85a311c86..3888534a110 100644 --- a/apis/externalsecrets/v1alpha1/pushsecret_types.go +++ b/apis/externalsecrets/v1alpha1/pushsecret_types.go @@ -92,9 +92,16 @@ type PushSecretSecret struct { Name string `json:"name"` } +// +kubebuilder:validation:MinProperties=1 +// +kubebuilder:validation:MaxProperties=1 type PushSecretSelector struct { // Select a Secret to Push. - Secret PushSecretSecret `json:"secret"` + // +optional + Secret *PushSecretSecret `json:"secret,omitempty"` + + // Point to a generator to create a Secret. + // +optional + GeneratorRef *esv1beta1.GeneratorRef `json:"generatorRef,omitempty"` } type PushSecretRemoteRef struct { diff --git a/apis/externalsecrets/v1alpha1/zz_generated.deepcopy.go b/apis/externalsecrets/v1alpha1/zz_generated.deepcopy.go index d7f0e66d4b9..da4595be36e 100644 --- a/apis/externalsecrets/v1alpha1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1alpha1/zz_generated.deepcopy.go @@ -1208,7 +1208,16 @@ func (in *PushSecretSecret) DeepCopy() *PushSecretSecret { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PushSecretSelector) DeepCopyInto(out *PushSecretSelector) { *out = *in - out.Secret = in.Secret + if in.Secret != nil { + in, out := &in.Secret, &out.Secret + *out = new(PushSecretSecret) + **out = **in + } + if in.GeneratorRef != nil { + in, out := &in.GeneratorRef, &out.GeneratorRef + *out = new(v1beta1.GeneratorRef) + **out = **in + } } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PushSecretSelector. @@ -1236,7 +1245,7 @@ func (in *PushSecretSpec) DeepCopyInto(out *PushSecretSpec) { (*in)[i].DeepCopyInto(&(*out)[i]) } } - out.Selector = in.Selector + in.Selector.DeepCopyInto(&out.Selector) if in.Data != nil { in, out := &in.Data, &out.Data *out = make([]PushSecretData, len(*in)) diff --git a/cmd/root.go b/cmd/root.go index 6f77c7bbc9d..0472d665095 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -216,6 +216,7 @@ var rootCmd = &cobra.Command{ Log: ctrl.Log.WithName("controllers").WithName("PushSecret"), Scheme: mgr.GetScheme(), ControllerClass: controllerClass, + RestConfig: mgr.GetConfig(), RequeueInterval: time.Hour, }).SetupWithManager(mgr); err != nil { setupLog.Error(err, errCreateController, "controller", "PushSecret") diff --git a/config/crds/bases/external-secrets.io_pushsecrets.yaml b/config/crds/bases/external-secrets.io_pushsecrets.yaml index 0322bfae5a1..5e59a58bd5b 100644 --- a/config/crds/bases/external-secrets.io_pushsecrets.yaml +++ b/config/crds/bases/external-secrets.io_pushsecrets.yaml @@ -165,7 +165,27 @@ spec: type: array selector: description: The Secret Selector (k8s source) for the Push Secret + maxProperties: 1 + minProperties: 1 properties: + generatorRef: + description: Point to a generator to create a Secret. + properties: + apiVersion: + default: generators.external-secrets.io/v1alpha1 + description: Specify the apiVersion of the generator resource + type: string + kind: + description: Specify the Kind of the resource, e.g. Password, + ACRAccessToken etc. + type: string + name: + description: Specify the name of the generator resource + type: string + required: + - kind + - name + type: object secret: description: Select a Secret to Push. properties: @@ -176,8 +196,6 @@ spec: required: - name type: object - required: - - secret type: object template: description: Template defines a blueprint for the created Secret resource. diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index e4fb22963f2..65bea24d2c6 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -6258,7 +6258,26 @@ spec: type: array selector: description: The Secret Selector (k8s source) for the Push Secret + maxProperties: 1 + minProperties: 1 properties: + generatorRef: + description: Point to a generator to create a Secret. + properties: + apiVersion: + default: generators.external-secrets.io/v1alpha1 + description: Specify the apiVersion of the generator resource + type: string + kind: + description: Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. + type: string + name: + description: Specify the name of the generator resource + type: string + required: + - kind + - name + type: object secret: description: Select a Secret to Push. properties: @@ -6268,8 +6287,6 @@ spec: required: - name type: object - required: - - secret type: object template: description: Template defines a blueprint for the created Secret resource. diff --git a/docs/guides/pushsecrets.md b/docs/guides/pushsecrets.md index dfb34b61e18..dd6714f8f2f 100644 --- a/docs/guides/pushsecrets.md +++ b/docs/guides/pushsecrets.md @@ -43,3 +43,12 @@ This will _marshal_ the entire secret data and push it into this single property ### Key conversion strategy You can also set `data[*].conversionStrategy: ReverseUnicode` to reverse the invalid character replaced by the `conversionStrategy: Unicode` configuration in the `ExternalSecret` object as [documented here](../guides/getallsecrets.md#avoiding-name-conflicts). + +## Rotate Secrets + +You can use ESO to rotate secrets by using the PushSecret and Generator resources. ESO will consult the `Kind=Generator` to generate a new secret and then ESO will store it. +Every `spec.refreshInterval` the secret will be rotated and the value will be replaced in the store unless `spec.updatePolicy=IfNotExist` is set. Then ESO will generate the secret once and won't rotate it. + +```yaml +{% include 'pushsecret-generator-rotation-example.yaml' %} +``` diff --git a/docs/snippets/full-pushsecret.yaml b/docs/snippets/full-pushsecret.yaml index 7b5a3c87c11..f8ff45f5270 100644 --- a/docs/snippets/full-pushsecret.yaml +++ b/docs/snippets/full-pushsecret.yaml @@ -14,6 +14,11 @@ spec: selector: secret: name: pokedex-credentials # Source Kubernetes secret to be pushed + # Alternatively, you can point to a generator that produces values to be pushed + generatorRef: + apiVersion: external-secrets.io/v1alpha1 + kind: ECRAuthorizationToken + name: prod-registry-credentials template: metadata: annotations: { } diff --git a/docs/snippets/pushsecret-generator-rotation-example.yaml b/docs/snippets/pushsecret-generator-rotation-example.yaml new file mode 100644 index 00000000000..8bf62c75f5b --- /dev/null +++ b/docs/snippets/pushsecret-generator-rotation-example.yaml @@ -0,0 +1,33 @@ +{% raw %} +apiVersion: generators.external-secrets.io/v1alpha1 +kind: Password +metadata: + name: strong-password +spec: + length: 128 + digits: 5 + symbols: 5 + symbolCharacters: "-_$@" + noUpper: false + allowRepeat: true +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: pushsecret-example +spec: + refreshInterval: 6h + secretStoreRefs: + - name: aws-parameter-store + kind: SecretStore + selector: + generatorRef: + apiVersion: generators.external-secrets.io/v1alpha1 + kind: Password + name: strong-password + data: + - match: + secretKey: password # property in the generator output + remoteRef: + remoteKey: prod/myql/password +{% endraw %} diff --git a/e2e/suites/provider/cases/template/template.go b/e2e/suites/provider/cases/template/template.go index 3c60ec459c1..a2819b10ee7 100644 --- a/e2e/suites/provider/cases/template/template.go +++ b/e2e/suites/provider/cases/template/template.go @@ -133,7 +133,7 @@ func genericPushSecretTemplate(f *framework.Framework) (string, func(*framework. Type: v1.SecretTypeOpaque, } tc.PushSecret.Spec.Selector = esv1alpha1.PushSecretSelector{ - Secret: esv1alpha1.PushSecretSecret{ + Secret: &esv1alpha1.PushSecretSecret{ Name: secretKey1, }, } diff --git a/pkg/controllers/externalsecret/externalsecret_controller.go b/pkg/controllers/externalsecret/externalsecret_controller.go index 9be861a25e2..c800a9bd045 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller.go +++ b/pkg/controllers/externalsecret/externalsecret_controller.go @@ -48,6 +48,7 @@ import ( "github.com/external-secrets/external-secrets/pkg/controllers/externalsecret/esmetrics" ctrlmetrics "github.com/external-secrets/external-secrets/pkg/controllers/metrics" "github.com/external-secrets/external-secrets/pkg/utils" + "github.com/external-secrets/external-secrets/pkg/utils/resolvers" // Loading registered generators. _ "github.com/external-secrets/external-secrets/pkg/generator/register" @@ -549,11 +550,11 @@ func shouldSkipUnmanagedStore(ctx context.Context, namespace string, r *Reconcil // verify that generator's controllerClass matches if ref.SourceRef != nil && ref.SourceRef.GeneratorRef != nil { - genDef, err := r.getGeneratorDefinition(ctx, namespace, ref.SourceRef.GeneratorRef) + _, obj, err := resolvers.GeneratorRef(ctx, r.RestConfig, namespace, ref.SourceRef.GeneratorRef) if err != nil { return false, err } - skipGenerator, err := shouldSkipGenerator(r, genDef) + skipGenerator, err := shouldSkipGenerator(r, obj) if err != nil { return false, err } diff --git a/pkg/controllers/externalsecret/externalsecret_controller_secret.go b/pkg/controllers/externalsecret/externalsecret_controller_secret.go index 119e73162ee..fd231861396 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_secret.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_secret.go @@ -22,17 +22,13 @@ import ( v1 "k8s.io/api/core/v1" apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/client-go/discovery" - "k8s.io/client-go/dynamic" - "k8s.io/client-go/restmapper" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1" // Loading registered providers. "github.com/external-secrets/external-secrets/pkg/controllers/secretstore" "github.com/external-secrets/external-secrets/pkg/utils" + "github.com/external-secrets/external-secrets/pkg/utils/resolvers" // Loading registered generators. _ "github.com/external-secrets/external-secrets/pkg/generator/register" @@ -116,15 +112,11 @@ func toStoreGenSourceRef(ref *esv1beta1.StoreSourceRef) *esv1beta1.StoreGenerato } func (r *Reconciler) handleGenerateSecrets(ctx context.Context, namespace string, remoteRef esv1beta1.ExternalSecretDataFromRemoteRef, i int) (map[string][]byte, error) { - genDef, err := r.getGeneratorDefinition(ctx, namespace, remoteRef.SourceRef.GeneratorRef) + gen, obj, err := resolvers.GeneratorRef(ctx, r.RestConfig, namespace, remoteRef.SourceRef.GeneratorRef) if err != nil { - return nil, err - } - gen, err := genv1alpha1.GetGenerator(genDef) - if err != nil { - return nil, err + return nil, fmt.Errorf("unable to resolve generator: %w", err) } - secretMap, err := gen.Generate(ctx, genDef, r.Client, namespace) + secretMap, err := gen.Generate(ctx, obj, r.Client, namespace) if err != nil { return nil, fmt.Errorf(errGenerate, i, err) } @@ -138,49 +130,6 @@ func (r *Reconciler) handleGenerateSecrets(ctx context.Context, namespace string return secretMap, err } -// getGeneratorDefinition returns the generator JSON for a given sourceRef -// when it uses a generatorRef it fetches the resource and returns the JSON. -func (r *Reconciler) getGeneratorDefinition(ctx context.Context, namespace string, generatorRef *esv1beta1.GeneratorRef) (*apiextensions.JSON, error) { - // client-go dynamic client needs a GVR to fetch the resource - // But we only have the GVK in our generatorRef. - // - // TODO: there is no need to discover the GroupVersionResource - // this should be cached. - c := discovery.NewDiscoveryClientForConfigOrDie(r.RestConfig) - groupResources, err := restmapper.GetAPIGroupResources(c) - if err != nil { - return nil, err - } - - gv, err := schema.ParseGroupVersion(generatorRef.APIVersion) - if err != nil { - return nil, err - } - mapper := restmapper.NewDiscoveryRESTMapper(groupResources) - mapping, err := mapper.RESTMapping(schema.GroupKind{ - Group: gv.Group, - Kind: generatorRef.Kind, - }) - if err != nil { - return nil, err - } - d, err := dynamic.NewForConfig(r.RestConfig) - if err != nil { - return nil, err - } - res, err := d.Resource(mapping.Resource). - Namespace(namespace). - Get(ctx, generatorRef.Name, metav1.GetOptions{}) - if err != nil { - return nil, err - } - jsonRes, err := res.MarshalJSON() - if err != nil { - return nil, err - } - return &apiextensions.JSON{Raw: jsonRes}, nil -} - func (r *Reconciler) handleExtractSecrets(ctx context.Context, externalSecret *esv1beta1.ExternalSecret, remoteRef esv1beta1.ExternalSecretDataFromRemoteRef, cmgr *secretstore.Manager, i int) (map[string][]byte, error) { client, err := cmgr.Get(ctx, externalSecret.Spec.SecretStoreRef, externalSecret.Namespace, remoteRef.SourceRef) if err != nil { diff --git a/pkg/controllers/pushsecret/pushsecret_controller.go b/pkg/controllers/pushsecret/pushsecret_controller.go index 90db947264e..d30f49666f6 100644 --- a/pkg/controllers/pushsecret/pushsecret_controller.go +++ b/pkg/controllers/pushsecret/pushsecret_controller.go @@ -28,6 +28,7 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/types" + "k8s.io/client-go/rest" "k8s.io/client-go/tools/record" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" @@ -40,6 +41,10 @@ import ( "github.com/external-secrets/external-secrets/pkg/controllers/secretstore" "github.com/external-secrets/external-secrets/pkg/provider/util/locks" "github.com/external-secrets/external-secrets/pkg/utils" + "github.com/external-secrets/external-secrets/pkg/utils/resolvers" + + // load generators. + _ "github.com/external-secrets/external-secrets/pkg/generator/register" ) const ( @@ -59,6 +64,7 @@ type Reconciler struct { Log logr.Logger Scheme *runtime.Scheme recorder record.EventRecorder + RestConfig *rest.Config RequeueInterval time.Duration ControllerClass string } @@ -148,7 +154,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu default: } - secret, err := r.GetSecret(ctx, ps) + secret, err := r.resolveSecret(ctx, ps) if err != nil { r.markAsFailed(errFailedGetSecret, &ps, nil) @@ -347,14 +353,38 @@ func secretKeyExists(key string, secret *v1.Secret) bool { return key == "" || ok } -func (r *Reconciler) GetSecret(ctx context.Context, ps esapi.PushSecret) (*v1.Secret, error) { - secretName := types.NamespacedName{Name: ps.Spec.Selector.Secret.Name, Namespace: ps.Namespace} - secret := &v1.Secret{} - err := r.Client.Get(ctx, secretName, secret) +func (r *Reconciler) resolveSecret(ctx context.Context, ps esapi.PushSecret) (*v1.Secret, error) { + if ps.Spec.Selector.Secret != nil { + secretName := types.NamespacedName{Name: ps.Spec.Selector.Secret.Name, Namespace: ps.Namespace} + secret := &v1.Secret{} + err := r.Client.Get(ctx, secretName, secret) + if err != nil { + return nil, err + } + return secret, nil + } + if ps.Spec.Selector.GeneratorRef != nil { + return r.resolveSecretFromGenerator(ctx, ps.Namespace, ps.Spec.Selector.GeneratorRef) + } + return nil, errors.New("no secret selector provided") +} + +func (r *Reconciler) resolveSecretFromGenerator(ctx context.Context, namespace string, generatorRef *v1beta1.GeneratorRef) (*v1.Secret, error) { + gen, obj, err := resolvers.GeneratorRef(ctx, r.RestConfig, namespace, generatorRef) if err != nil { - return nil, err + return nil, fmt.Errorf("unable to resolve generator: %w", err) } - return secret, nil + secretMap, err := gen.Generate(ctx, obj, r.Client, namespace) + if err != nil { + return nil, fmt.Errorf("unable to generate: %w", err) + } + return &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "___generated-secret", + Namespace: namespace, + }, + Data: secretMap, + }, err } func (r *Reconciler) GetSecretStores(ctx context.Context, ps esapi.PushSecret) (map[esapi.PushSecretStoreRef]v1beta1.GenericStore, error) { diff --git a/pkg/controllers/pushsecret/pushsecret_controller_test.go b/pkg/controllers/pushsecret/pushsecret_controller_test.go index c7e59baa033..7c153cbc61d 100644 --- a/pkg/controllers/pushsecret/pushsecret_controller_test.go +++ b/pkg/controllers/pushsecret/pushsecret_controller_test.go @@ -30,6 +30,7 @@ import ( "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1" "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1" ctest "github.com/external-secrets/external-secrets/pkg/controllers/commontest" "github.com/external-secrets/external-secrets/pkg/controllers/pushsecret/psmetrics" "github.com/external-secrets/external-secrets/pkg/provider/testing/fake" @@ -99,6 +100,21 @@ var _ = Describe("PushSecret controller", func() { PushSecretNamespace, err = ctest.CreateNamespace("test-ns", k8sClient) Expect(err).ToNot(HaveOccurred()) fakeProvider.Reset() + + Expect(k8sClient.Create(context.Background(), &genv1alpha1.Fake{ + TypeMeta: metav1.TypeMeta{ + Kind: "Fake", + APIVersion: "generators.external-secrets.io/v1alpha1", + }, + ObjectMeta: metav1.ObjectMeta{ + Name: "test", + Namespace: PushSecretNamespace, + }, + Spec: genv1alpha1.FakeSpec{ + Data: map[string]string{ + "key": "foo-bar-from-generator", + }, + }})).ToNot(HaveOccurred()) }) AfterEach(func() { @@ -162,7 +178,7 @@ var _ = Describe("PushSecret controller", func() { }, }, Selector: v1alpha1.PushSecretSelector{ - Secret: v1alpha1.PushSecretSecret{ + Secret: &v1alpha1.PushSecretSecret{ Name: SecretName, }, }, @@ -395,7 +411,7 @@ var _ = Describe("PushSecret controller", func() { }, }, Selector: v1alpha1.PushSecretSelector{ - Secret: v1alpha1.PushSecretSecret{ + Secret: &v1alpha1.PushSecretSecret{ Name: SecretName, }, }, @@ -459,7 +475,7 @@ var _ = Describe("PushSecret controller", func() { }, }, Selector: v1alpha1.PushSecretSelector{ - Secret: v1alpha1.PushSecretSecret{ + Secret: &v1alpha1.PushSecretSecret{ Name: SecretName, }, }, @@ -515,7 +531,7 @@ var _ = Describe("PushSecret controller", func() { }, }, Selector: v1alpha1.PushSecretSelector{ - Secret: v1alpha1.PushSecretSecret{ + Secret: &v1alpha1.PushSecretSecret{ Name: SecretName, }, }, @@ -570,7 +586,7 @@ var _ = Describe("PushSecret controller", func() { }, }, Selector: v1alpha1.PushSecretSelector{ - Secret: v1alpha1.PushSecretSecret{ + Secret: &v1alpha1.PushSecretSecret{ Name: SecretName, }, }, @@ -716,7 +732,7 @@ var _ = Describe("PushSecret controller", func() { }, }, Selector: v1alpha1.PushSecretSelector{ - Secret: v1alpha1.PushSecretSecret{ + Secret: &v1alpha1.PushSecretSecret{ Name: SecretName, }, }, @@ -782,7 +798,7 @@ var _ = Describe("PushSecret controller", func() { }, }, Selector: v1alpha1.PushSecretSelector{ - Secret: v1alpha1.PushSecretSecret{ + Secret: &v1alpha1.PushSecretSecret{ Name: SecretName, }, }, @@ -861,6 +877,28 @@ var _ = Describe("PushSecret controller", func() { return bytes.Equal(secretValue, providerValue) && checkCondition(ps.Status, expected) } } + + syncWithGenerator := func(tc *testCase) { + fakeProvider.SetSecretFn = func() error { + return nil + } + tc.pushsecret.Spec.Selector.Secret = nil + tc.pushsecret.Spec.Selector.GeneratorRef = &v1beta1.GeneratorRef{ + APIVersion: "generators.external-secrets.io/v1alpha1", + Kind: "Fake", + Name: "test", + } + tc.assert = func(ps *v1alpha1.PushSecret, secret *v1.Secret) bool { + providerValue := fakeProvider.SetSecretArgs[ps.Spec.Data[0].Match.RemoteRef.RemoteKey].Value + expected := v1alpha1.PushSecretStatusCondition{ + Type: v1alpha1.PushSecretReady, + Status: v1.ConditionTrue, + Reason: v1alpha1.ReasonSynced, + Message: "PushSecret synced successfully", + } + return bytes.Equal([]byte("foo-bar-from-generator"), providerValue) && checkCondition(ps.Status, expected) + } + } // if target Secret name is not specified it should use the ExternalSecret name. syncWithClusterStoreMatchingLabels := func(tc *testCase) { fakeProvider.SetSecretFn = func() error { @@ -884,7 +922,7 @@ var _ = Describe("PushSecret controller", func() { }, }, Selector: v1alpha1.PushSecretSelector{ - Secret: v1alpha1.PushSecretSecret{ + Secret: &v1alpha1.PushSecretSecret{ Name: SecretName, }, }, @@ -1069,6 +1107,7 @@ var _ = Describe("PushSecret controller", func() { Entry("should sync to stores matching labels", syncMatchingLabels), Entry("should sync with ClusterStore", syncWithClusterStore), Entry("should sync with ClusterStore matching labels", syncWithClusterStoreMatchingLabels), + Entry("should sync with Generator", syncWithGenerator), Entry("should fail if Secret is not created", failNoSecret), Entry("should fail if Secret Key does not exist", failNoSecretKey), Entry("should fail if SetSecret fails", setSecretFail), @@ -1168,7 +1207,7 @@ var _ = Describe("PushSecret Controller Un/Managed Stores", func() { }, }, Selector: v1alpha1.PushSecretSelector{ - Secret: v1alpha1.PushSecretSecret{ + Secret: &v1alpha1.PushSecretSecret{ Name: SecretName, }, }, diff --git a/pkg/controllers/pushsecret/suite_test.go b/pkg/controllers/pushsecret/suite_test.go index 48ce7b03e67..2d49551a766 100644 --- a/pkg/controllers/pushsecret/suite_test.go +++ b/pkg/controllers/pushsecret/suite_test.go @@ -32,6 +32,7 @@ import ( esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -72,6 +73,8 @@ var _ = BeforeSuite(func() { Expect(err).NotTo(HaveOccurred()) err = esv1alpha1.AddToScheme(scheme.Scheme) Expect(err).NotTo(HaveOccurred()) + err = genv1alpha1.AddToScheme(scheme.Scheme) + Expect(err).NotTo(HaveOccurred()) k8sManager, err := ctrl.NewManager(cfg, ctrl.Options{ Scheme: scheme.Scheme, @@ -90,7 +93,8 @@ var _ = BeforeSuite(func() { err = (&Reconciler{ Client: k8sClient, Scheme: k8sManager.GetScheme(), - Log: ctrl.Log.WithName("controllers").WithName("ExternalSecrets"), + Log: ctrl.Log.WithName("controllers").WithName("PushSecret"), + RestConfig: cfg, RequeueInterval: time.Second, }).SetupWithManager(k8sManager) Expect(err).ToNot(HaveOccurred()) diff --git a/pkg/utils/resolvers/generator.go b/pkg/utils/resolvers/generator.go new file mode 100644 index 00000000000..b83d8bcd911 --- /dev/null +++ b/pkg/utils/resolvers/generator.go @@ -0,0 +1,84 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ +package resolvers + +import ( + "context" + "fmt" + + apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/client-go/discovery" + "k8s.io/client-go/dynamic" + "k8s.io/client-go/rest" + "k8s.io/client-go/restmapper" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1" +) + +// GeneratorRef resolves a generator reference to a generator implementation. +func GeneratorRef(ctx context.Context, restConfig *rest.Config, namespace string, generatorRef *esv1beta1.GeneratorRef) (genv1alpha1.Generator, *apiextensions.JSON, error) { + obj, err := getGeneratorDefinition(ctx, restConfig, namespace, generatorRef) + if err != nil { + return nil, nil, fmt.Errorf("unable to get generator definition: %w", err) + } + generator, err := genv1alpha1.GetGenerator(obj) + if err != nil { + return nil, nil, fmt.Errorf("unable to get generator: %w", err) + } + return generator, obj, nil +} + +func getGeneratorDefinition(ctx context.Context, restConfig *rest.Config, namespace string, generatorRef *esv1beta1.GeneratorRef) (*apiextensions.JSON, error) { + // client-go dynamic client needs a GVR to fetch the resource + // But we only have the GVK in our generatorRef. + // + // TODO: there is no need to discover the GroupVersionResource + // this should be cached. + c := discovery.NewDiscoveryClientForConfigOrDie(restConfig) + groupResources, err := restmapper.GetAPIGroupResources(c) + if err != nil { + return nil, err + } + + gv, err := schema.ParseGroupVersion(generatorRef.APIVersion) + if err != nil { + return nil, err + } + mapper := restmapper.NewDiscoveryRESTMapper(groupResources) + mapping, err := mapper.RESTMapping(schema.GroupKind{ + Group: gv.Group, + Kind: generatorRef.Kind, + }) + if err != nil { + return nil, err + } + d, err := dynamic.NewForConfig(restConfig) + if err != nil { + return nil, err + } + res, err := d.Resource(mapping.Resource). + Namespace(namespace). + Get(ctx, generatorRef.Name, metav1.GetOptions{}) + if err != nil { + return nil, err + } + jsonRes, err := res.MarshalJSON() + if err != nil { + return nil, err + } + return &apiextensions.JSON{Raw: jsonRes}, nil +} From f96274715754888450a361cfed49525eb25e8929 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Oct 2024 08:19:29 +0200 Subject: [PATCH 336/517] chore(deps): bump golang from 1.23.1 to 1.23.2 (#3984) Bumps golang from 1.23.1 to 1.23.2. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.standalone | 2 +- tilt.debug.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 1af9aba429f..0cb9b1589a6 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.23.1-alpine@sha256:ac67716dd016429be8d4c2c53a248d7bcdf06d34127d3dc451bda6aa5a87bc06 AS builder +FROM golang:1.23.2-alpine@sha256:9dd2625a1ff2859b8d8b01d8f7822c0f528942fe56cfe7a1e7c38d3b8d72d679 AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 57b9cb5ca4b..d212ef601ae 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.1@sha256:4f063a24d429510e512cc730c3330292ff49f3ade3ae79bda8f84a24fa25ecb0 +FROM golang:1.23.2@sha256:adee809c2d0009a4199a11a1b2618990b244c6515149fe609e2788ddf164bd10 WORKDIR / COPY ./bin/external-secrets /external-secrets From 77677b7f5a5de9b164517c8aceb01f8e2418fe56 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Oct 2024 08:57:01 +0200 Subject: [PATCH 337/517] chore(deps): bump docker/setup-buildx-action from 3.6.1 to 3.7.1 (#3985) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.6.1 to 3.7.1. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/988b5a0280414f521da01fcc63a27aeeb4b104db...c47758b77c9736f4b2ef4073d4d51994fabfe349) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index f03cbb43624..608e2e1ab14 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -60,7 +60,7 @@ jobs: platforms: all - name: Setup Docker Buildx - uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1 + uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 with: version: 'v0.4.2' install: true From 774d3dd4f6c8f388d12bf71d863823d9138b7891 Mon Sep 17 00:00:00 2001 From: Engin Diri Date: Tue, 8 Oct 2024 09:04:20 +0200 Subject: [PATCH 338/517] docs: add blog post about Pulumi ESC and ESO (#3996) Signed-off-by: Engin Diri --- docs/eso-blogs.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/eso-blogs.md b/docs/eso-blogs.md index e3f8ee60328..44ac14ad154 100644 --- a/docs/eso-blogs.md +++ b/docs/eso-blogs.md @@ -2,6 +2,9 @@ A list of blogs written by people all over the community. Feel free to let us know if you are writing about ESO at some place! We would be happy to mention you here! +## [Pulumi ESC and External Secrets Operator: The Perfect Solution for Today's Cloud-Native Secret Management](https://www.pulumi.com/blog/cloud-native-secret-management-with-pulumi-esc-and-external-secrets-operator/) + +[@Engin Diri](https://www.linkedin.com/in/engin-diri/) walks through the integration of ESO with Pulumi ESC, offering a practical guide for enhancing security from cloud-native application development to infrastructure provisioning. This blog provides a hands-on guide to setting up ESO and Pulumi ESC, and demonstrates how to use them together to manage secrets in a Kubernetes cluster. ## [From vulnerable to unhackable: secrets management in cloud-native environments](https://medium.com/@as_mallem/from-vulnerable-to-unhackable-secrets-management-in-cloud-native-environments-cb341bd97869/) @@ -76,4 +79,4 @@ Ali writes about integrating AWS Secrets Manager and Parameter Store secrets wit ## [Encoding & Decoding Kubernetes Secrets — ESO Advanced Templating](https://blog.devops.dev/encoding-decoding-kubernetes-secrets-externalsecrets-operator-826b9680df63) -Here, Ali briefly introduces templates within ESO and describes some use cases where templating can be crucial. Code snippets are included where needed too. \ No newline at end of file +Here, Ali briefly introduces templates within ESO and describes some use cases where templating can be crucial. Code snippets are included where needed too. From 6d67484298e481d6d97c12e35b29dbea37d4089c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Oct 2024 10:07:16 +0200 Subject: [PATCH 339/517] chore(deps): bump golangci/golangci-lint-action from 6.1.0 to 6.1.1 (#3986) Bumps [golangci/golangci-lint-action](https://github.com/golangci/golangci-lint-action) from 6.1.0 to 6.1.1. - [Release notes](https://github.com/golangci/golangci-lint-action/releases) - [Commits](https://github.com/golangci/golangci-lint-action/compare/aaa42aa0628b4ae2578232a66b541047968fac86...971e284b6050e8a5849b72094c50ab08da042db8) --- updated-dependencies: - dependency-name: golangci/golangci-lint-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 23f16d2be72..899fdae0b71 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -59,7 +59,7 @@ jobs: run: go mod download - name: Lint - uses: golangci/golangci-lint-action@aaa42aa0628b4ae2578232a66b541047968fac86 # v6.1.0 + uses: golangci/golangci-lint-action@971e284b6050e8a5849b72094c50ab08da042db8 # v6.1.1 with: version: ${{ env.GOLANGCI_VERSION }} skip-pkg-cache: true From 83754ed7089a53517ad481c9f23ba0bd1719cf38 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Oct 2024 14:43:17 +0200 Subject: [PATCH 340/517] chore(deps): bump actions/cache from 4.0.2 to 4.1.0 (#3987) Bumps [actions/cache](https://github.com/actions/cache) from 4.0.2 to 4.1.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/0c45773b623bea8c8e75f6c82b208c3cf94ea4f9...2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 899fdae0b71..a67bc0373e9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -116,7 +116,7 @@ jobs: run: go mod download - name: Cache envtest binaries - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 + uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0 with: path: bin/k8s key: ${{ runner.os }}-envtest-${{env.KUBERNETES_VERSION}} From 7c538ef9fe74c721f3f9fe02ac5a1d8bd7690820 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Oct 2024 16:12:19 +0200 Subject: [PATCH 341/517] chore(deps): bump codecov/codecov-action from 4.5.0 to 4.6.0 (#3989) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.5.0 to 4.6.0. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/e28ff129e5465c2c0dcc6f003fc735cb6ae0c673...b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a67bc0373e9..f3a863a97c5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -126,7 +126,7 @@ jobs: make test - name: Publish Unit Test Coverage - uses: codecov/codecov-action@e28ff129e5465c2c0dcc6f003fc735cb6ae0c673 # v4.5.0 + uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: From dd5221790a73356609d6aaf66d7ec3927cb55699 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Oct 2024 18:33:00 +0200 Subject: [PATCH 342/517] chore(deps): bump termcolor from 2.4.0 to 2.5.0 in /hack/api-docs (#3990) Bumps [termcolor](https://github.com/termcolor/termcolor) from 2.4.0 to 2.5.0. - [Release notes](https://github.com/termcolor/termcolor/releases) - [Changelog](https://github.com/termcolor/termcolor/blob/main/CHANGES.md) - [Commits](https://github.com/termcolor/termcolor/compare/2.4.0...2.5.0) --- updated-dependencies: - dependency-name: termcolor dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 559dcf122ee..12007136092 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -34,7 +34,7 @@ pyyaml_env_tag==0.1 regex==2024.9.11 requests==2.32.3 six==1.16.0 -termcolor==2.4.0 +termcolor==2.5.0 tornado==6.4.1 urllib3==2.2.3 verspec==0.1.0 From 9ecb4e45e34200792faa6a1e20b61f616f2be956 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Oct 2024 19:06:45 +0200 Subject: [PATCH 343/517] chore(deps): bump pymdown-extensions in /hack/api-docs (#3991) Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.11.1 to 10.11.2. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.11.1...10.11.2) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 12007136092..4f5a2e91f76 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -27,7 +27,7 @@ pathspec==0.12.1 pep562==1.1 platformdirs==4.3.6 Pygments==2.18.0 -pymdown-extensions==10.11.1 +pymdown-extensions==10.11.2 python-dateutil==2.9.0.post0 PyYAML==6.0.2 pyyaml_env_tag==0.1 From e9f291bd32f5065124167f443bdf3f1fa786a04d Mon Sep 17 00:00:00 2001 From: kaedwen Date: Tue, 8 Oct 2024 19:58:39 +0200 Subject: [PATCH 344/517] fix cert auth without token fixed #3926 (#3952) * fix cert auth without token fixed #3926 Signed-off-by: kaedwen * refactor auth preapre, fail when nothing is given Signed-off-by: kaedwen --------- Signed-off-by: kaedwen Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/kubernetes/auth.go | 52 +++++++++++++++------------- pkg/provider/kubernetes/auth_test.go | 18 +--------- 2 files changed, 29 insertions(+), 41 deletions(-) diff --git a/pkg/provider/kubernetes/auth.go b/pkg/provider/kubernetes/auth.go index d62b23cd182..8d7eeaf663b 100644 --- a/pkg/provider/kubernetes/auth.go +++ b/pkg/provider/kubernetes/auth.go @@ -44,6 +44,14 @@ func (c *Client) getAuth(ctx context.Context) (*rest.Config, error) { return clientcmd.RESTConfigFromKubeConfig(cfg) } + if c.store.Server.URL == "" { + return nil, errors.New("no server URL provided") + } + + cfg := &rest.Config{ + Host: c.store.Server.URL, + } + ca, err := utils.FetchCACertFromSource(ctx, utils.CreateCertOpts{ CABundle: c.store.Server.CABundle, CAProvider: c.store.Server.CAProvider, @@ -55,43 +63,39 @@ func (c *Client) getAuth(ctx context.Context) (*rest.Config, error) { return nil, err } - var token []byte - if c.store.Auth.Token != nil { - token, err = c.fetchSecretKey(ctx, c.store.Auth.Token.BearerToken) + cfg.TLSClientConfig = rest.TLSClientConfig{ + Insecure: false, + CAData: ca, + } + + switch { + case c.store.Auth.Token != nil: + token, err := c.fetchSecretKey(ctx, c.store.Auth.Token.BearerToken) if err != nil { return nil, fmt.Errorf("could not fetch Auth.Token.BearerToken: %w", err) } - } else if c.store.Auth.ServiceAccount != nil { - token, err = c.serviceAccountToken(ctx, c.store.Auth.ServiceAccount) + + cfg.BearerToken = string(token) + case c.store.Auth.ServiceAccount != nil: + token, err := c.serviceAccountToken(ctx, c.store.Auth.ServiceAccount) if err != nil { return nil, fmt.Errorf("could not fetch Auth.ServiceAccount: %w", err) } - } else { - return nil, errors.New("no auth provider given") - } - var key, cert []byte - if c.store.Auth.Cert != nil { - key, cert, err = c.getClientKeyAndCert(ctx) + cfg.BearerToken = string(token) + case c.store.Auth.Cert != nil: + key, cert, err := c.getClientKeyAndCert(ctx) if err != nil { return nil, fmt.Errorf("could not fetch client key and cert: %w", err) } - } - if c.store.Server.URL == "" { - return nil, errors.New("no server URL provided") + cfg.TLSClientConfig.KeyData = key + cfg.TLSClientConfig.CertData = cert + default: + return nil, errors.New("no auth provider given") } - return &rest.Config{ - Host: c.store.Server.URL, - BearerToken: string(token), - TLSClientConfig: rest.TLSClientConfig{ - Insecure: false, - CertData: cert, - KeyData: key, - CAData: ca, - }, - }, nil + return cfg, nil } func (c *Client) getClientKeyAndCert(ctx context.Context) ([]byte, []byte, error) { diff --git a/pkg/provider/kubernetes/auth_test.go b/pkg/provider/kubernetes/auth_test.go index 84e2a0d75da..7c3feb75cff 100644 --- a/pkg/provider/kubernetes/auth_test.go +++ b/pkg/provider/kubernetes/auth_test.go @@ -250,14 +250,6 @@ func TestSetAuth(t *testing.T) { "cert": []byte("my-cert"), "key": []byte("my-key"), }, - }, &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: "foobar", - Namespace: "default", - }, - Data: map[string][]byte{ - "token": []byte("mytoken"), - }, }).Build(), store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ @@ -265,13 +257,6 @@ func TestSetAuth(t *testing.T) { CABundle: []byte(caCert), }, Auth: esv1beta1.KubernetesAuth{ - Token: &esv1beta1.TokenAuth{ - BearerToken: v1.SecretKeySelector{ - Name: "foobar", - Namespace: pointer.To("shouldnotberelevant"), - Key: "token", - }, - }, Cert: &esv1beta1.CertAuth{ ClientCert: v1.SecretKeySelector{ Name: "mycert", @@ -286,8 +271,7 @@ func TestSetAuth(t *testing.T) { }, }, want: &want{ - Host: "https://my.test.tld", - BearerToken: "mytoken", + Host: "https://my.test.tld", TLSClientConfig: rest.TLSClientConfig{ CAData: []byte(caCert), CertData: []byte("my-cert"), From f80182e0482a9b8fd0f8c5408f139a57713b6af7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 8 Oct 2024 21:48:40 +0200 Subject: [PATCH 345/517] chore(deps): bump github/codeql-action from 3.26.9 to 3.26.12 (#3997) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.9 to 3.26.12. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/461ef6c76dfe95d5c364de2f431ddbd31a417628...c36620d31ac7c881962c3d9dd939c40ec9434f2b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 380fd38ab80..8316fde9209 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 + uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 with: sarif_file: results.sarif From 88f29629e3986eaa05e852feb70ad15069a7c3c3 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Wed, 9 Oct 2024 07:55:52 +0200 Subject: [PATCH 346/517] update dependencies (#3993) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/go.mod | 36 +++++++++++----------- e2e/go.sum | 72 ++++++++++++++++++++++---------------------- go.mod | 44 +++++++++++++-------------- go.sum | 88 +++++++++++++++++++++++++++--------------------------- 4 files changed, 120 insertions(+), 120 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 77c4a995ce9..d99992c0b16 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -58,9 +58,9 @@ require ( github.com/hashicorp/vault/api v1.15.0 github.com/onsi/ginkgo/v2 v2.20.2 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.75.0 + github.com/oracle/oci-go-sdk/v65 v65.75.1 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 - github.com/xanzy/go-gitlab v0.109.0 + github.com/xanzy/go-gitlab v0.110.0 golang.org/x/oauth2 v0.23.0 google.golang.org/api v0.199.0 k8s.io/api v0.31.1 @@ -74,7 +74,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.9.5 // indirect + cloud.google.com/go/auth v0.9.7 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect cloud.google.com/go/iam v1.2.1 // indirect @@ -128,7 +128,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240929191954-255acd752d31 // indirect + github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect @@ -171,7 +171,7 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_golang v1.20.4 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.59.1 // indirect + github.com/prometheus/common v0.60.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/segmentio/asm v1.2.0 // indirect @@ -180,7 +180,7 @@ require ( github.com/sony/gobreaker v1.0.0 // indirect github.com/spf13/cast v1.7.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/tidwall/gjson v1.17.3 // indirect + github.com/tidwall/gjson v1.18.0 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/tidwall/sjson v1.2.5 // indirect @@ -192,20 +192,20 @@ require ( go.opentelemetry.io/otel v1.30.0 // indirect go.opentelemetry.io/otel/metric v1.30.0 // indirect go.opentelemetry.io/otel/trace v1.30.0 // indirect - golang.org/x/crypto v0.27.0 // indirect - golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect - golang.org/x/net v0.29.0 // indirect + golang.org/x/crypto v0.28.0 // indirect + golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 // indirect + golang.org/x/net v0.30.0 // indirect golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.25.0 // indirect - golang.org/x/term v0.24.0 // indirect - golang.org/x/text v0.18.0 // indirect - golang.org/x/time v0.6.0 // indirect - golang.org/x/tools v0.25.0 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/text v0.19.0 // indirect + golang.org/x/time v0.7.0 // indirect + golang.org/x/tools v0.26.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240924160255-9d4c2d233b61 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240924160255-9d4c2d233b61 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61 // indirect - google.golang.org/grpc v1.67.0 // indirect + google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f // indirect + google.golang.org/grpc v1.67.1 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 3c164454755..62b75d31589 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.5 h1:4CTn43Eynw40aFVr3GpPqsQponx2jv0BQpjvajsbbzw= -cloud.google.com/go/auth v0.9.5/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM= +cloud.google.com/go/auth v0.9.7 h1:ha65jNwOfI48YmUzNfMaUDfqt5ykuYIUnSartpU1+BA= +cloud.google.com/go/auth v0.9.7/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -293,8 +293,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240929191954-255acd752d31 h1:LcRdQWywSgfi5jPsYZ1r2avbbs5IQ5wtyhMBCcokyo4= -github.com/google/pprof v0.0.0-20240929191954-255acd752d31/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d h1:Jaz2JzpQaQXyET0AjLBXShrthbpqMkhGiEfkcQAiAUs= +github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -417,8 +417,8 @@ github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.75.0 h1:tifYRSqCjxANJb0xnMSZ6N2bF2xGyqcCIMg7xihgk+s= -github.com/oracle/oci-go-sdk/v65 v65.75.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.75.1 h1:c7U7WQWeWZdPpzbsxf8dNRd4jXkyTNCNKaCAndvjTqw= +github.com/oracle/oci-go-sdk/v65 v65.75.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -432,8 +432,8 @@ github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/j github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJoX0= -github.com/prometheus/common v0.59.1/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0= +github.com/prometheus/common v0.60.0 h1:+V9PAREWNvJMAuJ1x1BaWl9dewMW4YrHZQbx0sJNllA= +github.com/prometheus/common v0.60.0/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= @@ -477,8 +477,8 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/gjson v1.17.3 h1:bwWLZU7icoKRG+C+0PNwIKC6FCJO/Q3p2pZvuP0jN94= -github.com/tidwall/gjson v1.17.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY= +github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= @@ -492,8 +492,8 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.109.0 h1:RcRme5w8VpLXTSTTMZdVoQWY37qTJWg+gwdQl4aAttE= -github.com/xanzy/go-gitlab v0.109.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/xanzy/go-gitlab v0.110.0 h1:hsFIFp01v/0D0sdUXoZfRk6CROzZbHQplk6NzKSFKhc= +github.com/xanzy/go-gitlab v0.110.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -544,8 +544,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= -golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= +golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= +golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -556,8 +556,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= -golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= +golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 h1:1wqE9dj9NpSm04INVsJhhEUzhuDVjbcyKH91sVyPATw= +golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -626,8 +626,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= -golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -707,8 +707,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -717,8 +717,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= -golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -733,13 +733,13 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= -golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -790,8 +790,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE= -golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -869,12 +869,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240924160255-9d4c2d233b61 h1:KipVMxePgXPFBzXOvpKbny3RVdVmJOD64R/Ob7GPWEs= -google.golang.org/genproto v0.0.0-20240924160255-9d4c2d233b61/go.mod h1:HiAZQz/G7n0EywFjmncAwsfnmFm2bjm7qPjwl8hyzjM= -google.golang.org/genproto/googleapis/api v0.0.0-20240924160255-9d4c2d233b61 h1:pAjq8XSSzXoP9ya73v/w+9QEAAJNluLrpmMq5qFJQNY= -google.golang.org/genproto/googleapis/api v0.0.0-20240924160255-9d4c2d233b61/go.mod h1:O6rP0uBq4k0mdi/b4ZEMAZjkhYWhS815kCvaMha4VN8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61 h1:N9BgCIAUvn/M+p4NJccWPWb3BWh88+zyL0ll9HgbEeM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f h1:mCJ6SGikSxVlt9scCayUl2dMq0msUgmBArqRY6umieI= +google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f/go.mod h1:xtVODtPkMQRUZ4kqOTgp6JrXQrPevvfCSdk4mJtHUbM= +google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f h1:jTm13A2itBi3La6yTGqn8bVSrc3ZZ1r8ENHlIXBfnRA= +google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f/go.mod h1:CLGoBuH1VHxAUXVPP8FfPwPEVJB6lz3URE5mY2SuayE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f h1:cUMEy+8oS78BWIH9OWazBkzbr090Od9tWBNtZHkOhf0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -894,8 +894,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw= -google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= +google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/go.mod b/go.mod index e1b14a6f316..142df231144 100644 --- a/go.mod +++ b/go.mod @@ -13,7 +13,7 @@ require ( github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 github.com/IBM/go-sdk-core/v5 v5.17.5 - github.com/IBM/secrets-manager-go-sdk/v2 v2.0.7 + github.com/IBM/secrets-manager-go-sdk/v2 v2.0.8 github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/sprig/v3 v3.3.0 github.com/PaesslerAG/jsonpath v0.1.1 @@ -32,22 +32,22 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.20.2 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.75.0 + github.com/oracle/oci-go-sdk/v65 v65.75.1 github.com/prometheus/client_golang v1.20.4 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 - github.com/tidwall/gjson v1.17.3 - github.com/xanzy/go-gitlab v0.109.0 - github.com/yandex-cloud/go-genproto v0.0.0-20240919115538-c1956ccf891c - github.com/yandex-cloud/go-sdk v0.0.0-20240919120105-e63f9f4339a3 + github.com/tidwall/gjson v1.18.0 + github.com/xanzy/go-gitlab v0.110.0 + github.com/yandex-cloud/go-genproto v0.0.0-20241004153110-80386e3567fa + github.com/yandex-cloud/go-sdk v0.0.0-20241004153607-909df9f16e4b github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.27.0 + golang.org/x/crypto v0.28.0 golang.org/x/oauth2 v0.23.0 google.golang.org/api v0.199.0 - google.golang.org/genproto v0.0.0-20240924160255-9d4c2d233b61 - google.golang.org/grpc v1.67.0 + google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f + google.golang.org/grpc v1.67.1 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 k8s.io/api v0.31.1 @@ -101,7 +101,7 @@ require ( ) require ( - cloud.google.com/go/auth v0.9.5 // indirect + cloud.google.com/go/auth v0.9.7 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect @@ -149,8 +149,8 @@ require ( go.opentelemetry.io/otel/metric v1.30.0 // indirect go.opentelemetry.io/otel/trace v1.30.0 // indirect golang.org/x/sync v0.8.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240924160255-9d4c2d233b61 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect @@ -195,7 +195,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20240929191954-255acd752d31 // indirect + github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -233,7 +233,7 @@ require ( github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/common v0.59.1 // indirect + github.com/prometheus/common v0.60.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect @@ -244,18 +244,18 @@ require ( github.com/tidwall/pretty v1.2.1 // indirect github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect github.com/uber/jaeger-lib v2.4.1+incompatible // indirect - go.mongodb.org/mongo-driver v1.17.0 // indirect + go.mongodb.org/mongo-driver v1.17.1 // indirect go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect + golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 // indirect golang.org/x/mod v0.21.0 // indirect - golang.org/x/net v0.29.0 // indirect - golang.org/x/sys v0.25.0 // indirect - golang.org/x/term v0.24.0 // indirect - golang.org/x/text v0.18.0 // indirect - golang.org/x/time v0.6.0 // indirect - golang.org/x/tools v0.25.0 // indirect + golang.org/x/net v0.30.0 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/text v0.19.0 // indirect + golang.org/x/time v0.7.0 // indirect + golang.org/x/tools v0.26.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index 0b29ff49d7c..cb47a49c511 100644 --- a/go.sum +++ b/go.sum @@ -20,8 +20,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.5 h1:4CTn43Eynw40aFVr3GpPqsQponx2jv0BQpjvajsbbzw= -cloud.google.com/go/auth v0.9.5/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM= +cloud.google.com/go/auth v0.9.7 h1:ha65jNwOfI48YmUzNfMaUDfqt5ykuYIUnSartpU1+BA= +cloud.google.com/go/auth v0.9.7/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -108,8 +108,8 @@ github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/IBM/go-sdk-core/v5 v5.17.5 h1:AjGC7xNee5tgDIjndekBDW5AbypdERHSgib3EZ1KNsA= github.com/IBM/go-sdk-core/v5 v5.17.5/go.mod h1:KsAAI7eStAWwQa4F96MLy+whYSh39JzNjklZRbN/8ns= -github.com/IBM/secrets-manager-go-sdk/v2 v2.0.7 h1:5lKt1rHuKaAaiZtbPfsF8dgiko/gGbVgreiut3zU128= -github.com/IBM/secrets-manager-go-sdk/v2 v2.0.7/go.mod h1:RglK3v6CPe3T1myRtQCD6z+nBygXvNJwufAon0qcZok= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.8 h1:gWB2E3B3lyQt7I8eX6ov0PZXS7gSo2cRhW0RCD+E1Ug= +github.com/IBM/secrets-manager-go-sdk/v2 v2.0.8/go.mod h1:RglK3v6CPe3T1myRtQCD6z+nBygXvNJwufAon0qcZok= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= @@ -400,8 +400,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20240929191954-255acd752d31 h1:LcRdQWywSgfi5jPsYZ1r2avbbs5IQ5wtyhMBCcokyo4= -github.com/google/pprof v0.0.0-20240929191954-255acd752d31/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d h1:Jaz2JzpQaQXyET0AjLBXShrthbpqMkhGiEfkcQAiAUs= +github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -563,8 +563,8 @@ github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.75.0 h1:tifYRSqCjxANJb0xnMSZ6N2bF2xGyqcCIMg7xihgk+s= -github.com/oracle/oci-go-sdk/v65 v65.75.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.75.1 h1:c7U7WQWeWZdPpzbsxf8dNRd4jXkyTNCNKaCAndvjTqw= +github.com/oracle/oci-go-sdk/v65 v65.75.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.1 h1:boNYHZmSnWl/3bKbUiaWgF/mELCtHfliGHzggf884GE= github.com/passbolt/go-passbolt v0.7.1/go.mod h1:if/jzzYYUjRtq/5h+l+J5Dka0f5dED67QM1lhpTx4pY= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -583,8 +583,8 @@ github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/j github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJoX0= -github.com/prometheus/common v0.59.1/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0= +github.com/prometheus/common v0.60.0 h1:+V9PAREWNvJMAuJ1x1BaWl9dewMW4YrHZQbx0sJNllA= +github.com/prometheus/common v0.60.0/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/pulumi/esc-sdk/sdk v0.10.0 h1:tVZGVSVgSf/3UkKI3iC9E287eXw9VERvmdI4vN2BD4o= @@ -649,8 +649,8 @@ github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXl github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= -github.com/tidwall/gjson v1.17.3 h1:bwWLZU7icoKRG+C+0PNwIKC6FCJO/Q3p2pZvuP0jN94= -github.com/tidwall/gjson v1.17.3/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= +github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY= +github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/match v1.1.1 h1:+Ho715JplO36QYgwN9PGYNhgZvoUSc9X2c80KVTi+GA= github.com/tidwall/match v1.1.1/go.mod h1:eRSPERbgtNPcGhD8UCthc6PmLEQXEWd3PRB5JTxsfmM= github.com/tidwall/pretty v1.2.0/go.mod h1:ITEVvHYasfjBbM0u2Pg8T2nJnzm8xPwvNhhsoaGGjNU= @@ -667,12 +667,12 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.109.0 h1:RcRme5w8VpLXTSTTMZdVoQWY37qTJWg+gwdQl4aAttE= -github.com/xanzy/go-gitlab v0.109.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20240919115538-c1956ccf891c h1:y6RpwhlBgWBJWHEgPXA2IyIHgWnrsjJV+LuGBN+WzP0= -github.com/yandex-cloud/go-genproto v0.0.0-20240919115538-c1956ccf891c/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= -github.com/yandex-cloud/go-sdk v0.0.0-20240919120105-e63f9f4339a3 h1:t4T2EYu9LCNGYYjJA8x/ZIn8PHzJIxghjEGa9+Cx4xg= -github.com/yandex-cloud/go-sdk v0.0.0-20240919120105-e63f9f4339a3/go.mod h1:RI42kDbwc4lOD8MtWmJDji5N/1P4AEToQQAprJby6XU= +github.com/xanzy/go-gitlab v0.110.0 h1:hsFIFp01v/0D0sdUXoZfRk6CROzZbHQplk6NzKSFKhc= +github.com/xanzy/go-gitlab v0.110.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/yandex-cloud/go-genproto v0.0.0-20241004153110-80386e3567fa h1:OEaAUuoBdU7Opsk/JP4KlNe8YCphmMr4ibyYIOAzAKE= +github.com/yandex-cloud/go-genproto v0.0.0-20241004153110-80386e3567fa/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= +github.com/yandex-cloud/go-sdk v0.0.0-20241004153607-909df9f16e4b h1:3g8XwGAfXDZBZOgAdaIR8G0xx2szOhnG2joxX3ZQ8NU= +github.com/yandex-cloud/go-sdk v0.0.0-20241004153607-909df9f16e4b/go.mod h1:48XQccjtlctCdsxW9mVjEK6DgqJp4FyL673YiF6UZvs= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -683,8 +683,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zalando/go-keyring v0.2.5 h1:Bc2HHpjALryKD62ppdEzaFG6VxL6Bc+5v0LYpN8Lba8= github.com/zalando/go-keyring v0.2.5/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= -go.mongodb.org/mongo-driver v1.17.0 h1:Hp4q2MCjvY19ViwimTs00wHi7G4yzxh4/2+nTx8r40k= -go.mongodb.org/mongo-driver v1.17.0/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4= +go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM= +go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -736,8 +736,8 @@ golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.27.0 h1:GXm2NjJrPaiv/h1tb2UH8QfgC/hOf/+z0p6PT8o1w7A= -golang.org/x/crypto v0.27.0/go.mod h1:1Xngt8kV6Dvbssa53Ziq6Eqn0HqbZi5Z6R0ZpwQzt70= +golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= +golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -748,8 +748,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= -golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= +golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 h1:1wqE9dj9NpSm04INVsJhhEUzhuDVjbcyKH91sVyPATw= +golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -826,8 +826,8 @@ golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= -golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= +golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= +golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -920,8 +920,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -935,8 +935,8 @@ golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= -golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -953,13 +953,13 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= -golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -1013,8 +1013,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE= -golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1092,12 +1092,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240924160255-9d4c2d233b61 h1:KipVMxePgXPFBzXOvpKbny3RVdVmJOD64R/Ob7GPWEs= -google.golang.org/genproto v0.0.0-20240924160255-9d4c2d233b61/go.mod h1:HiAZQz/G7n0EywFjmncAwsfnmFm2bjm7qPjwl8hyzjM= -google.golang.org/genproto/googleapis/api v0.0.0-20240924160255-9d4c2d233b61 h1:pAjq8XSSzXoP9ya73v/w+9QEAAJNluLrpmMq5qFJQNY= -google.golang.org/genproto/googleapis/api v0.0.0-20240924160255-9d4c2d233b61/go.mod h1:O6rP0uBq4k0mdi/b4ZEMAZjkhYWhS815kCvaMha4VN8= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61 h1:N9BgCIAUvn/M+p4NJccWPWb3BWh88+zyL0ll9HgbEeM= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240924160255-9d4c2d233b61/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f h1:mCJ6SGikSxVlt9scCayUl2dMq0msUgmBArqRY6umieI= +google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f/go.mod h1:xtVODtPkMQRUZ4kqOTgp6JrXQrPevvfCSdk4mJtHUbM= +google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f h1:jTm13A2itBi3La6yTGqn8bVSrc3ZZ1r8ENHlIXBfnRA= +google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f/go.mod h1:CLGoBuH1VHxAUXVPP8FfPwPEVJB6lz3URE5mY2SuayE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f h1:cUMEy+8oS78BWIH9OWazBkzbr090Od9tWBNtZHkOhf0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1117,8 +1117,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw= -google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= +google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 6f36a4ceb3f3d9ff19fab8607fe6e8724ba1a9a8 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 9 Oct 2024 08:00:23 +0200 Subject: [PATCH 347/517] chore(deps): bump golang from 1.23.1-bookworm to 1.23.2-bookworm in /e2e (#3992) Bumps golang from 1.23.1-bookworm to 1.23.2-bookworm. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 123cb884749..6cc1a882aff 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.1-bookworm@sha256:dba79eb312528369dea87532a65dbe9d4efb26439a0feacc9e7ac9b0f1c7f607 as builder +FROM golang:1.23.2-bookworm@sha256:18d2f940cc20497f85466fdbe6c3d7a52ed2db1d5a1a49a4508ffeee2dff1463 as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From 9f7533867da23c367ac2c172d03ecd7859b2e6bf Mon Sep 17 00:00:00 2001 From: Moritz Johner Date: Sat, 12 Oct 2024 20:41:10 +0200 Subject: [PATCH 348/517] feat: push secret metadata (#3600) Signed-off-by: Moritz Johner --- docs/provider/kubernetes.md | 68 +++++ pkg/provider/kubernetes/client.go | 180 +++++++------ pkg/provider/kubernetes/client_test.go | 334 ++++++++++++++++++++++++- pkg/provider/kubernetes/metadata.go | 148 +++++++++++ 4 files changed, 633 insertions(+), 97 deletions(-) create mode 100644 pkg/provider/kubernetes/metadata.go diff --git a/docs/provider/kubernetes.md b/docs/provider/kubernetes.md index 40d556659e2..9f5ebec0072 100644 --- a/docs/provider/kubernetes.md +++ b/docs/provider/kubernetes.md @@ -298,6 +298,74 @@ rules: - create ``` +#### PushSecret Metadata + +The Kubernetes provider is able to manage both `metadata.labels` and `metadata.annotations` of the secret on the target cluster. + +Users have different preferences on what metadata should be pushed. ESO by default pushes both labels and annotations to the target secret and merges them with the existing metadata. + +You can specify the metadata in the `spec.template.metadata` section if you want to decouple it from the existing secret. + +```yaml +{% raw %} +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: example +spec: + # ... + template: + metadata: + labels: + app.kubernetes.io/part-of: argocd + data: + mysql_connection_string: "mysql://{{ .hostname }}:3306/{{ .database }}" + data: + - match: + secretKey: mysql_connection_string + remoteRef: + remoteKey: backend_secrets + property: mysql_connection_string +{% endraw %} +``` + +Further, you can leverage the `.data[].metadata` section to fine-tine the behaviour of the metadata merge strategy. The metadata section is a versioned custom-resource _alike_ structure, the behaviour is detailed below. + +```yaml +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: example +spec: + # ... + data: + - match: + secretKey: example-1 + remoteRef: + remoteKey: example-remote-secret + property: url + + metadata: + apiVersion: kubernetes.external-secrets.io/v1alpha1 + kind: PushSecretMetadata + spec: + sourceMergePolicy: Merge # or Replace + targetMergePolicy: Merge # or Replace / Ignore + labels: + color: red + annotations: + yes: please + +``` + + +| Field | Type | Description | +| ----------------- | ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| sourceMergePolicy | string: `Merge`, `Replace` | The sourceMergePolicy defines how the metadata of the source secret is merged. `Merge` will merge the metadata of the source secret with the metadata defined in `.data[].metadata`. With `Replace`, the metadata in `.data[].metadata` replaces the source metadata. | +| targetMergePolicy | string: `Merge`, `Replace`, `Ignore` | The targetMergePolicy defines how ESO merges the metadata produced by the sourceMergePolicy with the target secret. With `Merge`, the source metadata is merged with the existing metadata from the target secret. `Replace` will replace the target metadata with the metadata defined in the source. `Ignore` leaves the target metadata as is. | +| labels | `map[string]string` | The labels. | +| annotations | `map[string]string` | The annotations. | + #### Implementation Considerations When utilizing the PushSecret feature and configuring the permissions for the SecretStore, consider the following: diff --git a/pkg/provider/kubernetes/client.go b/pkg/provider/kubernetes/client.go index 957a8671d0d..70aa5946592 100644 --- a/pkg/provider/kubernetes/client.go +++ b/pkg/provider/kubernetes/client.go @@ -15,17 +15,16 @@ limitations under the License. package kubernetes import ( - "bytes" "context" "encoding/base64" "encoding/json" "errors" "fmt" - "reflect" "strings" "github.com/tidwall/gjson" v1 "k8s.io/api/core/v1" + "k8s.io/apimachinery/pkg/api/equality" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" @@ -109,50 +108,107 @@ func (c *Client) PushSecret(ctx context.Context, secret *v1.Secret, data esv1bet if data.GetProperty() == "" && data.GetSecretKey() != "" { return errors.New("requires property in RemoteRef to push secret value if secret key is defined") } + remoteSecret := &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: c.store.RemoteNamespace, + Name: data.GetRemoteKey(), + }, + } - extSecret, getErr := c.userSecretClient.Get(ctx, data.GetRemoteKey(), metav1.GetOptions{}) - metrics.ObserveAPICall(constants.ProviderKubernetes, constants.CallKubernetesGetSecret, getErr) - if getErr != nil { - // create if it not exists - if apierrors.IsNotFound(getErr) { - typ := v1.SecretTypeOpaque - if secret.Type != "" { - typ = secret.Type - } + return c.createOrUpdate(ctx, remoteSecret, func() error { + return c.mergePushSecretData(data, remoteSecret, secret) + }) +} - return c.createSecret(ctx, secret, typ, data) - } - return getErr +func (c *Client) mergePushSecretData(remoteRef esv1beta1.PushSecretData, remoteSecret, localSecret *v1.Secret) error { + // apply secret type + secretType := v1.SecretTypeOpaque + if localSecret.Type != "" { + secretType = localSecret.Type } + remoteSecret.Type = secretType - // the whole secret was pushed to the provider - if data.GetSecretKey() == "" { - if data.GetProperty() != "" { - value, err := c.marshalData(secret) - if err != nil { - return err - } + // merge secret data with existing secret data + if remoteSecret.Data == nil { + remoteSecret.Data = make(map[string][]byte) + } - if v, ok := extSecret.Data[data.GetProperty()]; ok && bytes.Equal(v, value) { - return nil - } + pushMeta, err := parseMetadataParameters(remoteRef.GetMetadata()) + if err != nil { + return fmt.Errorf("unable to parse metadata parameters: %w", err) + } + + // merge metadata based on the policy + var targetLabels, targetAnnotations map[string]string + sourceLabels, sourceAnnotations, err := mergeSourceMetadata(localSecret, pushMeta) + if err != nil { + return fmt.Errorf("failed to merge source metadata: %w", err) + } + targetLabels, targetAnnotations, err = mergeTargetMetadata(remoteSecret, pushMeta, sourceLabels, sourceAnnotations) + if err != nil { + return fmt.Errorf("failed to merge target metadata: %w", err) + } + remoteSecret.ObjectMeta.Labels = targetLabels + remoteSecret.ObjectMeta.Annotations = targetAnnotations - return c.updateProperty(ctx, extSecret, data, value) + // case 1: push the whole secret + if remoteRef.GetProperty() == "" { + for k, v := range localSecret.Data { + remoteSecret.Data[k] = v } + return nil + } - if reflect.DeepEqual(extSecret.Data, secret.Data) { - return nil + // cases 2a + 2b: push into a property. + // if secret key is empty, we will marshal the whole secret and put it into + // the property defined in the remoteRef. + if remoteRef.GetSecretKey() == "" { + value, err := c.marshalData(localSecret) + if err != nil { + return err + } + remoteSecret.Data[remoteRef.GetProperty()] = value + } else { + // if secret key is defined, we will push that key from the local secret + remoteSecret.Data[remoteRef.GetProperty()] = localSecret.Data[remoteRef.GetSecretKey()] + } + return nil +} + +func (c *Client) createOrUpdate(ctx context.Context, targetSecret *v1.Secret, f func() error) error { + target, err := c.userSecretClient.Get(ctx, targetSecret.Name, metav1.GetOptions{}) + metrics.ObserveAPICall(constants.ProviderKubernetes, constants.CallKubernetesGetSecret, err) + if err != nil { + if !apierrors.IsNotFound(err) { + return err + } + if err := f(); err != nil { + return err + } + _, err := c.userSecretClient.Create(ctx, targetSecret, metav1.CreateOptions{}) + metrics.ObserveAPICall(constants.ProviderKubernetes, constants.CallKubernetesCreateSecret, err) + if err != nil { + return err } + return nil + } - return c.updateMap(ctx, extSecret, secret.Data) + *targetSecret = *target + existing := targetSecret.DeepCopyObject() + if err := f(); err != nil { + return err } - // only a single property was pushed - if v, ok := extSecret.Data[data.GetProperty()]; ok && bytes.Equal(v, secret.Data[data.GetSecretKey()]) { + if equality.Semantic.DeepEqual(existing, targetSecret) { return nil } - return c.updateProperty(ctx, extSecret, data, secret.Data[data.GetSecretKey()]) + _, err = c.userSecretClient.Update(ctx, targetSecret, metav1.UpdateOptions{}) + metrics.ObserveAPICall(constants.ProviderKubernetes, constants.CallKubernetesUpdateSecret, err) + if err != nil { + return err + } + return nil } func (c *Client) marshalData(secret *v1.Secret) ([]byte, error) { @@ -337,41 +393,6 @@ func convertMap(in map[string][]byte) map[string]string { return out } -func (c *Client) createSecret(ctx context.Context, secret *v1.Secret, typed v1.SecretType, remoteRef esv1beta1.PushSecretData) error { - data := make(map[string][]byte) - - if remoteRef.GetProperty() != "" { - // set a specific remote key - if remoteRef.GetSecretKey() == "" { - value, err := c.marshalData(secret) - if err != nil { - return err - } - - data[remoteRef.GetProperty()] = value - } else { - // push a specific secret key into a specific remote property - data[remoteRef.GetProperty()] = secret.Data[remoteRef.GetSecretKey()] - } - } else { - // push the whole secret as is using each key of the secret as a property in the created secret - data = secret.Data - } - - s := v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: remoteRef.GetRemoteKey(), - Namespace: c.store.RemoteNamespace, - }, - Data: data, - Type: typed, - } - - _, err := c.userSecretClient.Create(ctx, &s, metav1.CreateOptions{}) - metrics.ObserveAPICall(constants.ProviderKubernetes, constants.CallKubernetesCreateSecret, err) - return err -} - // fullDelete removes remote secret completely. func (c *Client) fullDelete(ctx context.Context, secretName string) error { err := c.userSecretClient.Delete(ctx, secretName, metav1.DeleteOptions{}) @@ -392,33 +413,6 @@ func (c *Client) removeProperty(ctx context.Context, extSecret *v1.Secret, remot return err } -func (c *Client) updateMap(ctx context.Context, extSecret *v1.Secret, values map[string][]byte) error { - // update the existing map with values from the pushed secret but keep existing values in tack. - for k, v := range values { - extSecret.Data[k] = v - } - - return c.updateSecret(ctx, extSecret) -} - -func (c *Client) updateProperty(ctx context.Context, extSecret *v1.Secret, remoteRef esv1beta1.PushSecretRemoteRef, value []byte) error { - if extSecret.Data == nil { - extSecret.Data = make(map[string][]byte) - } - - // otherwise update remote secret - extSecret.Data[remoteRef.GetProperty()] = value - - return c.updateSecret(ctx, extSecret) -} - -func (c *Client) updateSecret(ctx context.Context, extSecret *v1.Secret) error { - _, err := c.userSecretClient.Update(ctx, extSecret, metav1.UpdateOptions{}) - metrics.ObserveAPICall(constants.ProviderKubernetes, constants.CallKubernetesUpdateSecret, err) - - return err -} - func getSecret(secret *v1.Secret, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if ref.MetadataPolicy == esv1beta1.ExternalSecretMetadataPolicyFetch { s, found, err := getFromSecretMetadata(secret, ref) diff --git a/pkg/provider/kubernetes/client_test.go b/pkg/provider/kubernetes/client_test.go index 744ef968675..b55ee2d52e8 100644 --- a/pkg/provider/kubernetes/client_test.go +++ b/pkg/provider/kubernetes/client_test.go @@ -24,6 +24,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" @@ -86,8 +87,9 @@ func (fk *fakeClient) Delete(_ context.Context, name string, _ metav1.DeleteOpti func (fk *fakeClient) Create(_ context.Context, secret *v1.Secret, _ metav1.CreateOptions) (*v1.Secret, error) { s := &v1.Secret{ - Data: secret.Data, - Type: secret.Type, + Data: secret.Data, + ObjectMeta: secret.ObjectMeta, + Type: secret.Type, } fk.secretMap[secret.Name] = s return s, nil @@ -98,6 +100,7 @@ func (fk *fakeClient) Update(_ context.Context, secret *v1.Secret, _ metav1.Upda if !ok { return nil, errors.New("error while updating secret") } + s.ObjectMeta = secret.ObjectMeta s.Data = secret.Data return s, nil } @@ -705,6 +708,9 @@ func TestDeleteSecret(t *testing.T) { wantErr: false, wantSecretMap: map[string]*v1.Secret{ "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + }, Data: map[string][]byte{ "secret": []byte(`bar`), }, @@ -797,6 +803,11 @@ func TestPushSecret(t *testing.T) { }, wantSecretMap: map[string]*v1.Secret{ "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, Data: map[string][]byte{ "token": []byte(`foo`), "token2": []byte(`foo`), @@ -827,6 +838,11 @@ func TestPushSecret(t *testing.T) { }, wantSecretMap: map[string]*v1.Secret{ "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, Data: map[string][]byte{ "token": []byte(`{"foo":"bar"}`), }, @@ -856,6 +872,11 @@ func TestPushSecret(t *testing.T) { }, wantSecretMap: map[string]*v1.Secret{ "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, Data: map[string][]byte{ "token": []byte(`foo`), "token2": []byte(`{"foo":"bar"}`), @@ -883,6 +904,11 @@ func TestPushSecret(t *testing.T) { }, wantSecretMap: map[string]*v1.Secret{ "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, Data: map[string][]byte{ "marshaled": []byte(`{"token":"foo","token2":"2"}`), }, @@ -915,6 +941,11 @@ func TestPushSecret(t *testing.T) { wantErr: false, wantSecretMap: map[string]*v1.Secret{ "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, Data: map[string][]byte{ "token": []byte(`foo`), "secret": []byte(`bar`), @@ -947,6 +978,56 @@ func TestPushSecret(t *testing.T) { wantErr: false, wantSecretMap: map[string]*v1.Secret{ "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, + Data: map[string][]byte{ + "token": []byte(`bar`), + }, + }, + }, + }, + { + name: "replace existing property in existing secret with targetMergePolicy set to Ignore", + fields: fields{ + Client: &fakeClient{ + t: t, + secretMap: map[string]*v1.Secret{ + "mysec": { + Data: map[string][]byte{ + "token": []byte(`foo`), + }, + }, + }, + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + // these should be ignored as the targetMergePolicy is set to Ignore + Labels: map[string]string{"dev": "seb"}, + Annotations: map[string]string{"date": "today"}, + }, + Data: map[string][]byte{secretKey: []byte("bar")}, + }, + data: testingfake.PushSecretData{ + SecretKey: secretKey, + RemoteKey: "mysec", + Property: "token", + Metadata: &apiextensionsv1.JSON{ + Raw: []byte(`{"apiVersion":"kubernetes.external-secrets.io/v1alpha1", "kind": "PushSecretMetadata", spec: {"targetMergePolicy": "Ignore"}}`), + }, + }, + wantErr: false, + wantSecretMap: map[string]*v1.Secret{ + "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, Data: map[string][]byte{ "token": []byte(`bar`), }, @@ -954,7 +1035,65 @@ func TestPushSecret(t *testing.T) { }, }, { - name: "create new secret", + name: "replace existing property in existing secret with targetMergePolicy set to Replace", + fields: fields{ + Client: &fakeClient{ + t: t, + secretMap: map[string]*v1.Secret{ + "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + Labels: map[string]string{ + "already": "existing", + }, + Annotations: map[string]string{ + "already": "existing", + }, + }, + Data: map[string][]byte{ + "token": []byte(`foo`), + }, + }, + }, + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + // these should replace existing metadata as the targetMergePolicy is set to Replace + Labels: map[string]string{"dev": "seb"}, + Annotations: map[string]string{"date": "today"}, + }, + Data: map[string][]byte{secretKey: []byte("bar")}, + }, + data: testingfake.PushSecretData{ + SecretKey: secretKey, + RemoteKey: "mysec", + Property: "token", + Metadata: &apiextensionsv1.JSON{ + Raw: []byte(`{"apiVersion":"kubernetes.external-secrets.io/v1alpha1", "kind": "PushSecretMetadata", spec: {"targetMergePolicy": "Replace"}}`), + }, + }, + wantErr: false, + wantSecretMap: map[string]*v1.Secret{ + "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + Labels: map[string]string{ + "dev": "seb", + }, + Annotations: map[string]string{ + "date": "today", + }, + }, + Data: map[string][]byte{ + "token": []byte(`bar`), + }, + }, + }, + }, + { + name: "create new secret, merging existing metadata", fields: fields{ Client: &fakeClient{ t: t, @@ -968,12 +1107,20 @@ func TestPushSecret(t *testing.T) { }, }, secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{ + "this-annotation": "should be present on the targey secret", + }, + }, Data: map[string][]byte{secretKey: []byte("bar")}, }, data: testingfake.PushSecretData{ SecretKey: secretKey, RemoteKey: "mysec", Property: "secret", + Metadata: &apiextensionsv1.JSON{ + Raw: []byte(`{"apiVersion":"kubernetes.external-secrets.io/v1alpha1", "kind": "PushSecretMetadata", spec: {"annotations": {"date": "today"}, "labels": {"dev": "seb"}}}`), + }, }, wantErr: false, wantSecretMap: map[string]*v1.Secret{ @@ -983,6 +1130,14 @@ func TestPushSecret(t *testing.T) { }, }, "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + Annotations: map[string]string{ + "date": "today", + "this-annotation": "should be present on the targey secret", + }, + Labels: map[string]string{"dev": "seb"}, + }, Data: map[string][]byte{ "secret": []byte(`bar`), }, @@ -990,6 +1145,171 @@ func TestPushSecret(t *testing.T) { }, }, }, + { + name: "create new secret with metadata from secret metadata and remoteRef.metadata", + fields: fields{ + Client: &fakeClient{ + t: t, + secretMap: map[string]*v1.Secret{ + "yoursec": { + Data: map[string][]byte{ + "token": []byte(`foo`), + }, + }, + }, + }, + }, + secret: &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Annotations: map[string]string{"date": "today"}, + Labels: map[string]string{"dev": "seb"}, + }, + Data: map[string][]byte{secretKey: []byte("bar")}, + }, + data: testingfake.PushSecretData{ + SecretKey: secretKey, + RemoteKey: "mysec", + Property: "secret", + Metadata: &apiextensionsv1.JSON{ + Raw: []byte(`{"apiVersion":"kubernetes.external-secrets.io/v1alpha1", "kind": "PushSecretMetadata", spec: { "sourceMergePolicy": "Replace", "annotations": {"another-field": "from-remote-ref"}, "labels": {"other-label": "from-remote-ref"}}}`), + }, + }, + wantErr: false, + wantSecretMap: map[string]*v1.Secret{ + "yoursec": { + Data: map[string][]byte{ + "token": []byte(`foo`), + }, + }, + "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + Annotations: map[string]string{ + "another-field": "from-remote-ref", + }, + Labels: map[string]string{ + "other-label": "from-remote-ref", + }, + }, + Data: map[string][]byte{ + "secret": []byte(`bar`), + }, + Type: v1.SecretTypeOpaque, + }, + }, + }, + { + name: "invalid secret metadata structure results in error", + fields: fields{ + Client: &fakeClient{ + t: t, + secretMap: map[string]*v1.Secret{ + "yoursec": { + Data: map[string][]byte{ + "token": []byte(`foo`), + }, + }, + }, + }, + }, + secret: &v1.Secret{ + Data: map[string][]byte{secretKey: []byte("bar")}, + }, + data: testingfake.PushSecretData{ + SecretKey: secretKey, + RemoteKey: "mysec", + Property: "secret", + Metadata: &apiextensionsv1.JSON{ + Raw: []byte(`{}`), + }, + }, + wantErr: true, + wantSecretMap: map[string]*v1.Secret{ + "yoursec": { + Data: map[string][]byte{ + "token": []byte(`foo`), + }, + }, + }, + }, + { + name: "non-json secret metadata results in error", + fields: fields{ + Client: &fakeClient{ + t: t, + secretMap: map[string]*v1.Secret{ + "yoursec": { + Data: map[string][]byte{ + "token": []byte(`foo`), + }, + }, + }, + }, + }, + secret: &v1.Secret{ + Data: map[string][]byte{secretKey: []byte("bar")}, + }, + data: testingfake.PushSecretData{ + SecretKey: secretKey, + RemoteKey: "mysec", + Property: "secret", + Metadata: &apiextensionsv1.JSON{ + Raw: []byte(`--- not json ---`), + }, + }, + wantErr: true, + wantSecretMap: map[string]*v1.Secret{ + "yoursec": { + Data: map[string][]byte{ + "token": []byte(`foo`), + }, + }, + }, + }, + { + name: "create new secret with whole secret", + fields: fields{ + Client: &fakeClient{ + t: t, + secretMap: map[string]*v1.Secret{ + "yoursec": { + Data: map[string][]byte{ + "token": []byte(`foo`), + }, + }, + }, + }, + }, + secret: &v1.Secret{ + Data: map[string][]byte{ + "foo": []byte("bar"), + "baz": []byte("bang"), + }, + }, + data: testingfake.PushSecretData{ + RemoteKey: "mysec", + }, + wantErr: false, + wantSecretMap: map[string]*v1.Secret{ + "yoursec": { + Data: map[string][]byte{ + "token": []byte(`foo`), + }, + }, + "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, + Data: map[string][]byte{ + "foo": []byte("bar"), + "baz": []byte("bang"), + }, + Type: v1.SecretTypeOpaque, + }, + }, + }, { name: "create new dockerconfigjson secret", fields: fields{ @@ -1021,13 +1341,19 @@ func TestPushSecret(t *testing.T) { }, }, "mysec": { + ObjectMeta: metav1.ObjectMeta{ + Name: "mysec", + Labels: map[string]string{}, + Annotations: map[string]string{}, + }, Data: map[string][]byte{ "config.json": []byte(`{"auths": {"myregistry.localhost": {"username": "{{ .username }}", "password": "{{ .password }}"}}}`), }, Type: v1.SecretTypeDockerConfigJson, }, }, - }} + }, + } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { p := &Client{ diff --git a/pkg/provider/kubernetes/metadata.go b/pkg/provider/kubernetes/metadata.go new file mode 100644 index 00000000000..29d5abe4b82 --- /dev/null +++ b/pkg/provider/kubernetes/metadata.go @@ -0,0 +1,148 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package kubernetes + +import ( + "fmt" + + v1 "k8s.io/api/core/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/yaml" +) + +const ( + metadataAPIVersion = "kubernetes.external-secrets.io/v1alpha1" + metadataKind = "PushSecretMetadata" +) + +type PushSecretMetadata struct { + metav1.TypeMeta + Spec PushSecretMetadataSpec `json:"spec,omitempty"` +} +type PushSecretMetadataSpec struct { + TargetMergePolicy targetMergePolicy `json:"targetMergePolicy,omitempty"` + SourceMergePolicy sourceMergePolicy `json:"sourceMergePolicy,omitempty"` + + Labels map[string]string `json:"labels,omitempty"` + Annotations map[string]string `json:"annotations,omitempty"` +} + +type targetMergePolicy string + +const ( + targetMergePolicyMerge targetMergePolicy = "Merge" + targetMergePolicyReplace targetMergePolicy = "Replace" + targetMergePolicyIgnore targetMergePolicy = "Ignore" +) + +type sourceMergePolicy string + +const ( + sourceMergePolicyMerge sourceMergePolicy = "Merge" + sourceMergePolicyReplace sourceMergePolicy = "Replace" +) + +func parseMetadataParameters(data *apiextensionsv1.JSON) (*PushSecretMetadata, error) { + if data == nil { + return nil, nil + } + var metadata PushSecretMetadata + err := yaml.Unmarshal(data.Raw, &metadata, yaml.DisallowUnknownFields) + if err != nil { + return nil, fmt.Errorf("failed to parse %s %s: %w", metadataAPIVersion, metadataKind, err) + } + + if metadata.APIVersion != metadataAPIVersion { + return nil, fmt.Errorf("unexpected apiVersion %q, expected %q", metadata.APIVersion, metadataAPIVersion) + } + + if metadata.Kind != metadataKind { + return nil, fmt.Errorf("unexpected kind %q, expected %q", metadata.Kind, metadataKind) + } + + return &metadata, nil +} + +// Takes the local secret metadata and merges it with the push metadata. +// The push metadata takes precedence. +// Depending on the policy, we either merge or overwrite the metadata from the local secret. +func mergeSourceMetadata(localSecret *v1.Secret, pushMeta *PushSecretMetadata) (map[string]string, map[string]string, error) { + labels := localSecret.ObjectMeta.Labels + annotations := localSecret.ObjectMeta.Annotations + if pushMeta == nil { + return labels, annotations, nil + } + if labels == nil { + labels = make(map[string]string) + } + if annotations == nil { + annotations = make(map[string]string) + } + + switch pushMeta.Spec.SourceMergePolicy { + case "", sourceMergePolicyMerge: + for k, v := range pushMeta.Spec.Labels { + labels[k] = v + } + for k, v := range pushMeta.Spec.Annotations { + annotations[k] = v + } + case sourceMergePolicyReplace: + labels = pushMeta.Spec.Labels + annotations = pushMeta.Spec.Annotations + default: + return nil, nil, fmt.Errorf("unexpected source merge policy %q", pushMeta.Spec.SourceMergePolicy) + } + return labels, annotations, nil +} + +// Takes the remote secret metadata and merges it with the source metadata. +// The source metadata may replace the existing labels/annotations +// or merge into it depending on policy. +func mergeTargetMetadata(remoteSecret *v1.Secret, pushMeta *PushSecretMetadata, sourceLabels, sourceAnnotations map[string]string) (map[string]string, map[string]string, error) { + labels := remoteSecret.ObjectMeta.Labels + annotations := remoteSecret.ObjectMeta.Annotations + if labels == nil { + labels = make(map[string]string) + } + if annotations == nil { + annotations = make(map[string]string) + } + var targetMergePolicy targetMergePolicy + if pushMeta != nil { + targetMergePolicy = pushMeta.Spec.TargetMergePolicy + } + + switch targetMergePolicy { + case "", targetMergePolicyMerge: + for k, v := range sourceLabels { + labels[k] = v + } + for k, v := range sourceAnnotations { + annotations[k] = v + } + case targetMergePolicyReplace: + labels = sourceLabels + annotations = sourceAnnotations + case targetMergePolicyIgnore: + // leave the target metadata as is + // this is useful when we only want to push data + // and the user does not want to touch the metadata + default: + return nil, nil, fmt.Errorf("unexpected target merge policy %q", targetMergePolicy) + } + return labels, annotations, nil +} From 0dd419a7382b5c83b42719b129143a863410fe9a Mon Sep 17 00:00:00 2001 From: Tchoupinax Date: Mon, 14 Oct 2024 09:24:48 +0200 Subject: [PATCH 349/517] feat: edit all required changes for recursive option (#3939) * feat: edit all required changes for recursive option Signed-off-by: Tchoupinax * chore: make reviewable Signed-off-by: Tchoupinax * feat: add missing param Signed-off-by: Tchoupinax * feat: change property type to boolean Signed-off-by: Tchoupinax * docs: new doc version Signed-off-by: Tchoupinax --------- Signed-off-by: Tchoupinax --- .../v1beta1/secretsstore_infisical_types.go | 3 +++ .../external-secrets.io_clustersecretstores.yaml | 3 +++ .../crds/bases/external-secrets.io_secretstores.yaml | 3 +++ deploy/crds/bundle.yaml | 6 ++++++ docs/api/spec.md | 11 +++++++++++ docs/snippets/infisical-generic-secret-store.yaml | 2 ++ pkg/provider/infisical/api/api.go | 2 ++ pkg/provider/infisical/api/api_models.go | 1 + pkg/provider/infisical/client.go | 6 ++++-- pkg/provider/infisical/provider.go | 10 ++++++---- 10 files changed, 41 insertions(+), 6 deletions(-) diff --git a/apis/externalsecrets/v1beta1/secretsstore_infisical_types.go b/apis/externalsecrets/v1beta1/secretsstore_infisical_types.go index c1eea0a4dd8..8e4428f3460 100644 --- a/apis/externalsecrets/v1beta1/secretsstore_infisical_types.go +++ b/apis/externalsecrets/v1beta1/secretsstore_infisical_types.go @@ -34,6 +34,9 @@ type MachineIdentityScopeInWorkspace struct { // +kubebuilder:default="/" // +optional SecretsPath string `json:"secretsPath,omitempty"` + // +kubebuilder:default=false + // +optional + Recursive bool `json:"recursive,omitempty"` // +kubebuilder:validation:Required EnvironmentSlug string `json:"environmentSlug"` // +kubebuilder:validation:Required diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index a12ccbc161f..3ccc3bb453b 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -3234,6 +3234,9 @@ spec: type: string projectSlug: type: string + recursive: + default: false + type: boolean secretsPath: default: / type: string diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index 41e2e55d8b2..1102a07d4d6 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -3234,6 +3234,9 @@ spec: type: string projectSlug: type: string + recursive: + default: false + type: boolean secretsPath: default: / type: string diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 65bea24d2c6..33e153f0b57 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -3652,6 +3652,9 @@ spec: type: string projectSlug: type: string + recursive: + default: false + type: boolean secretsPath: default: / type: string @@ -9490,6 +9493,9 @@ spec: type: string projectSlug: type: string + recursive: + default: false + type: boolean secretsPath: default: / type: string diff --git a/docs/api/spec.md b/docs/api/spec.md index 24a1618fe70..28dce84622b 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -5252,6 +5252,17 @@ string +recursive
    + +bool + + + +(Optional) + + + + environmentSlug
    string diff --git a/docs/snippets/infisical-generic-secret-store.yaml b/docs/snippets/infisical-generic-secret-store.yaml index c3f1e7c3b2e..b728b87d6b4 100644 --- a/docs/snippets/infisical-generic-secret-store.yaml +++ b/docs/snippets/infisical-generic-secret-store.yaml @@ -21,5 +21,7 @@ spec: environmentSlug: dev # "dev", "staging", "prod", etc.. # optional secretsPath: / # Root is "/" + # optional + recursive: true # Default is false # optional hostAPI: https://app.infisical.com diff --git a/pkg/provider/infisical/api/api.go b/pkg/provider/infisical/api/api.go index 298463c6ddb..706fd9a1981 100644 --- a/pkg/provider/infisical/api/api.go +++ b/pkg/provider/infisical/api/api.go @@ -21,6 +21,7 @@ import ( "fmt" "net/http" "net/url" + "strconv" "time" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" @@ -170,6 +171,7 @@ func (a *InfisicalClient) GetSecretsV3(data GetSecretsV3Request) (map[string]str q.Add("secretPath", data.SecretPath) q.Add("include_imports", "true") q.Add("expandSecretReferences", "true") + q.Add("recursive", strconv.FormatBool(data.Recursive)) req.URL.RawQuery = q.Encode() rawRes, err := a.do(req) diff --git a/pkg/provider/infisical/api/api_models.go b/pkg/provider/infisical/api/api_models.go index f45ca88b366..b1f2be2c0cf 100644 --- a/pkg/provider/infisical/api/api_models.go +++ b/pkg/provider/infisical/api/api_models.go @@ -52,6 +52,7 @@ type GetSecretByKeyV3Response struct { type GetSecretsV3Request struct { EnvironmentSlug string `json:"environment"` ProjectSlug string `json:"workspaceSlug"` + Recursive bool `json:"recursive"` SecretPath string `json:"secretPath"` } diff --git a/pkg/provider/infisical/client.go b/pkg/provider/infisical/client.go index 1df25256044..a11891da76e 100644 --- a/pkg/provider/infisical/client.go +++ b/pkg/provider/infisical/client.go @@ -49,8 +49,8 @@ func (p *Provider) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDa secret, err := p.apiClient.GetSecretByKeyV3(api.GetSecretByKeyV3Request{ EnvironmentSlug: p.apiScope.EnvironmentSlug, ProjectSlug: p.apiScope.ProjectSlug, - SecretPath: p.apiScope.SecretPath, SecretKey: ref.Key, + SecretPath: p.apiScope.SecretPath, }) if err != nil { @@ -104,6 +104,7 @@ func (p *Provider) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecr EnvironmentSlug: p.apiScope.EnvironmentSlug, ProjectSlug: p.apiScope.ProjectSlug, SecretPath: p.apiScope.SecretPath, + Recursive: p.apiScope.Recursive, }) if err != nil { return nil, err @@ -144,11 +145,12 @@ func (p *Provider) Validate() (esv1beta1.ValidationResult, error) { _, err := p.apiClient.GetSecretsV3(api.GetSecretsV3Request{ EnvironmentSlug: p.apiScope.EnvironmentSlug, ProjectSlug: p.apiScope.ProjectSlug, + Recursive: p.apiScope.Recursive, SecretPath: p.apiScope.SecretPath, }) if err != nil { - return esv1beta1.ValidationResultError, fmt.Errorf("cannot read secrets with provided project scope project:%s environment:%s secret-path:%s, %w", p.apiScope.ProjectSlug, p.apiScope.EnvironmentSlug, p.apiScope.SecretPath, err) + return esv1beta1.ValidationResultError, fmt.Errorf("cannot read secrets with provided project scope project:%s environment:%s secret-path:%s recursive:%t, %w", p.apiScope.ProjectSlug, p.apiScope.EnvironmentSlug, p.apiScope.SecretPath, p.apiScope.Recursive, err) } return esv1beta1.ValidationResultReady, nil diff --git a/pkg/provider/infisical/provider.go b/pkg/provider/infisical/provider.go index 3fd7f90ec30..28490284ff6 100644 --- a/pkg/provider/infisical/provider.go +++ b/pkg/provider/infisical/provider.go @@ -41,9 +41,10 @@ type Provider struct { } type InfisicalClientScope struct { - SecretPath string - ProjectSlug string EnvironmentSlug string + ProjectSlug string + Recursive bool + SecretPath string } // https://github.com/external-secrets/external-secrets/issues/644 @@ -93,9 +94,10 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, return &Provider{ apiClient: apiClient, apiScope: &InfisicalClientScope{ - SecretPath: infisicalSpec.SecretsScope.SecretsPath, - ProjectSlug: infisicalSpec.SecretsScope.ProjectSlug, EnvironmentSlug: infisicalSpec.SecretsScope.EnvironmentSlug, + ProjectSlug: infisicalSpec.SecretsScope.ProjectSlug, + Recursive: infisicalSpec.SecretsScope.Recursive, + SecretPath: infisicalSpec.SecretsScope.SecretsPath, }, }, nil } From 67743c11a9c5372e4fc784aacaf2b3ba500f3d68 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 21:05:43 +0200 Subject: [PATCH 350/517] chore(deps): bump charset-normalizer in /hack/api-docs (#4003) Bumps [charset-normalizer](https://github.com/Ousret/charset_normalizer) from 3.3.2 to 3.4.0. - [Release notes](https://github.com/Ousret/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/Ousret/charset_normalizer/compare/3.3.2...3.4.0) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 4f5a2e91f76..d9404ca33ba 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -1,6 +1,6 @@ Babel==2.16.0 certifi==2024.8.30 -charset-normalizer==3.3.2 +charset-normalizer==3.4.0 click==8.1.7 colorama==0.4.6 csscompressor==0.9.5 From 2915e7ac07a411cf957605d5de405b3a5d79b502 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 21:20:18 +0200 Subject: [PATCH 351/517] chore(deps): bump mkdocs-macros-plugin in /hack/api-docs (#4004) Bumps [mkdocs-macros-plugin](https://github.com/fralau/mkdocs_macros_plugin) from 1.2.0 to 1.3.5. - [Release notes](https://github.com/fralau/mkdocs_macros_plugin/releases) - [Changelog](https://github.com/fralau/mkdocs-macros-plugin/blob/master/CHANGELOG.md) - [Commits](https://github.com/fralau/mkdocs_macros_plugin/compare/v1.2.0...v1.3.5) --- updated-dependencies: - dependency-name: mkdocs-macros-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index d9404ca33ba..b99aca901d1 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -17,7 +17,7 @@ MarkupSafe==2.1.5 mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 -mkdocs-macros-plugin==1.2.0 +mkdocs-macros-plugin==1.3.5 mkdocs-material==9.5.39 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 From b87d42fdd9ace576f49962557e6ed7ca6fb030dd Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 21:31:52 +0200 Subject: [PATCH 352/517] chore(deps): bump markupsafe from 2.1.5 to 3.0.1 in /hack/api-docs (#4005) Bumps [markupsafe](https://github.com/pallets/markupsafe) from 2.1.5 to 3.0.1. - [Release notes](https://github.com/pallets/markupsafe/releases) - [Changelog](https://github.com/pallets/markupsafe/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/markupsafe/compare/2.1.5...3.0.1) --- updated-dependencies: - dependency-name: markupsafe dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index b99aca901d1..b8eaf9e78a9 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -13,7 +13,7 @@ Jinja2==3.1.4 jsmin==3.0.1 livereload==2.7.0 Markdown==3.7 -MarkupSafe==2.1.5 +MarkupSafe==3.0.1 mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 From 3846f295f6083915270e0c2ecb7ffd1cb8936196 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 14 Oct 2024 22:58:58 +0200 Subject: [PATCH 353/517] chore(deps): bump mkdocs-material in /hack/api-docs (#4006) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.39 to 9.5.40. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.39...9.5.40) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index b8eaf9e78a9..7d20671b908 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 mkdocs-macros-plugin==1.3.5 -mkdocs-material==9.5.39 +mkdocs-material==9.5.40 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 From ce85d27ccbc7fa2dc8b91deeb2bfe3686f6dbb7a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 08:30:53 +0200 Subject: [PATCH 354/517] chore(deps): bump golang from `9dd2625` to `9dd2625` (#4007) Bumps golang from `9dd2625` to `9dd2625`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- tilt.debug.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index d212ef601ae..1a8cfc298ed 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.2@sha256:adee809c2d0009a4199a11a1b2618990b244c6515149fe609e2788ddf164bd10 +FROM golang:1.23.2@sha256:a7f2fc9834049c1f5df787690026a53738e55fc097cd8a4a93faa3e06c67ee32 WORKDIR / COPY ./bin/external-secrets /external-secrets From 1e963f3c137407dcfebddf2342c72c655505f578 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 09:25:26 +0200 Subject: [PATCH 355/517] chore(deps): bump aquasecurity/trivy-action from 0.24.0 to 0.27.0 (#4008) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.24.0 to 0.27.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8...5681af892cd0f4997658e2bacc62bd0a894cf564) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 608e2e1ab14..99e3e7c6354 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -126,7 +126,7 @@ jobs: run: make docker.build - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@6e7b7d1fd3e4fef0c5fa8cce1229c54b2c9bd0d8 # master + uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # master with: image-ref: ${{ inputs.image-name }}:${{ steps.container_info.outputs.image-tag }} format: 'table' From 47cca671be3cb5d39ffebb7574e66eed1ac8313f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 09:37:11 +0200 Subject: [PATCH 356/517] chore(deps): bump actions/checkout from 4.2.0 to 4.2.1 (#4009) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.0 to 4.2.1. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/d632683dd7b4114ad314bca15554477dd762a938...eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- .github/workflows/dlc.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/e2e-managed.yml | 2 +- .github/workflows/e2e.yml | 4 ++-- .github/workflows/helm.yml | 4 ++-- .github/workflows/publish.yml | 4 ++-- .github/workflows/rebuild-image.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- .github/workflows/update-deps.yml | 4 ++-- 11 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f3a863a97c5..15a7c7f4609 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Setup Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Setup Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -100,7 +100,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Fetch History run: git fetch --prune --unshallow diff --git a/.github/workflows/dlc.yml b/.github/workflows/dlc.yml index 2ff8a7e87c1..5153ceebede 100644 --- a/.github/workflows/dlc.yml +++ b/.github/workflows/dlc.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout Code" - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: "Run FOSSA Scan" uses: fossas/fossa-action@09bcf127dc0ccb4b5a023f6f906728878e8610ba # main diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index c43a3b1848d..297e23fc729 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -15,7 +15,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/e2e-managed.yml b/.github/workflows/e2e-managed.yml index d1e7a36bbc4..50181828ffb 100644 --- a/.github/workflows/e2e-managed.yml +++ b/.github/workflows/e2e-managed.yml @@ -64,7 +64,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test-managed checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: 'refs/pull/${{ env.GITHUB_PR_NUMBER }}/merge' diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 6d9abc8241d..40f0a5d2163 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -66,7 +66,7 @@ jobs: steps: - name: Branch based PR checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Fetch History run: git fetch --prune --unshallow @@ -85,7 +85,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: '${{ env.TARGET_SHA }}' diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 1ee580bf323..7caf07b14ee 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 99e3e7c6354..7db2f62a6f1 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -50,7 +50,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: ref: ${{ inputs.ref }} @@ -140,7 +140,7 @@ jobs: needs: build-publish steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 - name: Sign image if: env.IS_FORK == 'false' uses: ./.github/actions/sign diff --git a/.github/workflows/rebuild-image.yml b/.github/workflows/rebuild-image.yml index 2bbb6f2c35a..ac0616a2c62 100644 --- a/.github/workflows/rebuild-image.yml +++ b/.github/workflows/rebuild-image.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index be1efa54e17..51a27358da1 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 ref: ${{ github.event.inputs.source_ref }} @@ -71,7 +71,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 8316fde9209..99d7b202d7b 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -20,7 +20,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: persist-credentials: false diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index 76fe90cc5d4..8bb99d5603f 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} @@ -52,7 +52,7 @@ jobs: with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.PRIVATE_KEY }} - - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 with: token: ${{ steps.generate_token.outputs.token }} ref: ${{ matrix.branch }} From ad4e9bc508e92a54321d341d7649939fae38a8a2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 15 Oct 2024 09:48:18 +0200 Subject: [PATCH 357/517] chore(deps): bump actions/cache from 4.1.0 to 4.1.1 (#4010) Bumps [actions/cache](https://github.com/actions/cache) from 4.1.0 to 4.1.1. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2...3624ceb22c1c5a301c8db4169662070a689d9ea8) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 15a7c7f4609..058f861de43 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -116,7 +116,7 @@ jobs: run: go mod download - name: Cache envtest binaries - uses: actions/cache@2cdf405574d6ef1f33a1d12acccd3ae82f47b3f2 # v4.1.0 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 with: path: bin/k8s key: ${{ runner.os }}-envtest-${{env.KUBERNETES_VERSION}} From fd4bb72193b6c2bcf53defa51a49a9f88ff7f0d9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Oct 2024 08:13:07 +0200 Subject: [PATCH 358/517] chore(deps): bump aquasecurity/trivy-action from 0.27.0 to 0.28.0 (#4019) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.27.0 to 0.28.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/5681af892cd0f4997658e2bacc62bd0a894cf564...915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 7db2f62a6f1..39162bf8bd2 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -126,7 +126,7 @@ jobs: run: make docker.build - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@5681af892cd0f4997658e2bacc62bd0a894cf564 # master + uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # master with: image-ref: ${{ inputs.image-name }}:${{ steps.container_info.outputs.image-tag }} format: 'table' From 4433387165b15ba449a0d23af372e08ae14b42d7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Oct 2024 08:46:50 +0200 Subject: [PATCH 359/517] chore(deps): bump github/codeql-action from 3.26.12 to 3.26.13 (#4020) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.12 to 3.26.13. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/c36620d31ac7c881962c3d9dd939c40ec9434f2b...f779452ac5af1c261dce0346a8f964149f49322b) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 99d7b202d7b..efecdc3e727 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@c36620d31ac7c881962c3d9dd939c40ec9434f2b # v3.26.12 + uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 with: sarif_file: results.sarif From 7dd78fb29a8f4ffc671cae1a896da3854ec49d1d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Oct 2024 09:17:00 +0200 Subject: [PATCH 360/517] chore(deps): bump mkdocs-material in /hack/api-docs (#4021) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.40 to 9.5.42. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.40...9.5.42) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 7d20671b908..f0efc444fed 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 mkdocs-macros-plugin==1.3.5 -mkdocs-material==9.5.40 +mkdocs-material==9.5.42 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 From 60e469b22fe00cf3b4798eb8ec999e93500fae75 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Oct 2024 10:14:23 +0200 Subject: [PATCH 361/517] chore(deps): bump markupsafe from 3.0.1 to 3.0.2 in /hack/api-docs (#4022) Bumps [markupsafe](https://github.com/pallets/markupsafe) from 3.0.1 to 3.0.2. - [Release notes](https://github.com/pallets/markupsafe/releases) - [Changelog](https://github.com/pallets/markupsafe/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/markupsafe/compare/3.0.1...3.0.2) --- updated-dependencies: - dependency-name: markupsafe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index f0efc444fed..344fcea9b3c 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -13,7 +13,7 @@ Jinja2==3.1.4 jsmin==3.0.1 livereload==2.7.0 Markdown==3.7 -MarkupSafe==3.0.1 +MarkupSafe==3.0.2 mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 From e5fa7fdc62168d410fba204e90a4b2d016ce2fb6 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Oct 2024 11:12:03 +0200 Subject: [PATCH 362/517] chore(deps): bump mkdocs-macros-plugin in /hack/api-docs (#4023) Bumps [mkdocs-macros-plugin](https://github.com/fralau/mkdocs_macros_plugin) from 1.3.5 to 1.3.6. - [Release notes](https://github.com/fralau/mkdocs_macros_plugin/releases) - [Changelog](https://github.com/fralau/mkdocs-macros-plugin/blob/master/CHANGELOG.md) - [Commits](https://github.com/fralau/mkdocs_macros_plugin/compare/v1.3.5...v1.3.6) --- updated-dependencies: - dependency-name: mkdocs-macros-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 344fcea9b3c..8f7147075f6 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -17,7 +17,7 @@ MarkupSafe==3.0.2 mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 -mkdocs-macros-plugin==1.3.5 +mkdocs-macros-plugin==1.3.6 mkdocs-material==9.5.42 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 From 0a1c08e4a5900e861f30d1d441c43f2e37715113 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Oct 2024 11:28:33 +0200 Subject: [PATCH 363/517] chore(deps): bump golang from `18d2f94` to `2341ddf` in /e2e (#4024) Bumps golang from `18d2f94` to `2341ddf`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 6cc1a882aff..08f80718d1a 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.2-bookworm@sha256:18d2f940cc20497f85466fdbe6c3d7a52ed2db1d5a1a49a4508ffeee2dff1463 as builder +FROM golang:1.23.2-bookworm@sha256:2341ddffd3eddb72e0aebab476222fbc24d4a507c4d490a51892ec861bdb71fc as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From 0ad74583689980779828aadceb36ffaa6264428f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 22 Oct 2024 11:28:53 +0200 Subject: [PATCH 364/517] chore(deps): bump golang from `9dd2625` to `9dd2625` (#4025) Bumps golang from `9dd2625` to `9dd2625`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- tilt.debug.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 1a8cfc298ed..6734e90ac8d 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.2@sha256:a7f2fc9834049c1f5df787690026a53738e55fc097cd8a4a93faa3e06c67ee32 +FROM golang:1.23.2@sha256:ad5c126b5cf501a8caef751a243bb717ec204ab1aa56dc41dc11be089fafcb4f WORKDIR / COPY ./bin/external-secrets /external-secrets From a0be752c8aecf456a5393ea5fa18b5db41bc53b9 Mon Sep 17 00:00:00 2001 From: btfhernandez <133419363+btfhernandez@users.noreply.github.com> Date: Thu, 24 Oct 2024 23:57:57 -0500 Subject: [PATCH 365/517] chore: upgrade beyondtrust go client library (#4027) * chore: upgrade beyondtrust go client library Signed-off-by: Felipe Hernandez * fix: fix attribute name in secret store file and push go.sum file Signed-off-by: Felipe Hernandez * fix: run go mod tidy and push changes Signed-off-by: Felipe Hernandez --------- Signed-off-by: Felipe Hernandez --- docs/snippets/beyondtrust-secret-store.yaml | 2 +- go.mod | 2 +- go.sum | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/docs/snippets/beyondtrust-secret-store.yaml b/docs/snippets/beyondtrust-secret-store.yaml index 735e70822f9..9b4deccf4b3 100644 --- a/docs/snippets/beyondtrust-secret-store.yaml +++ b/docs/snippets/beyondtrust-secret-store.yaml @@ -26,4 +26,4 @@ spec: retrievalType: MANAGED_ACCOUNT verifyCA: true clientTimeOutSeconds: 45 - apiurl: https://example.ps-dev.beyondtrustcloud.com:443/BeyondTrust/api/public/v3/ \ No newline at end of file + apiUrl: https://example.ps-dev.beyondtrustcloud.com:443/BeyondTrust/api/public/v3/ \ No newline at end of file diff --git a/go.mod b/go.mod index 142df231144..2b925e109b6 100644 --- a/go.mod +++ b/go.mod @@ -65,7 +65,7 @@ require ( dario.cat/mergo v1.0.1 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 - github.com/BeyondTrust/go-client-library-passwordsafe v0.6.0 + github.com/BeyondTrust/go-client-library-passwordsafe v0.8.1 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d diff --git a/go.sum b/go.sum index cb47a49c511..f561cee8262 100644 --- a/go.sum +++ b/go.sum @@ -96,8 +96,8 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= -github.com/BeyondTrust/go-client-library-passwordsafe v0.6.0 h1:3zdjZl8h3/9DzTnpWqAzhiUqMwIzpU+EL0grJ7BODV8= -github.com/BeyondTrust/go-client-library-passwordsafe v0.6.0/go.mod h1:TnbBwWYg9rtfDxQGF7pmD0gCPcbWgCUQIqum3dFMRTk= +github.com/BeyondTrust/go-client-library-passwordsafe v0.8.1 h1:duuYLAx4xsdVgibSap1nHoLyYIj/IXdzmnUXjZw7Dmw= +github.com/BeyondTrust/go-client-library-passwordsafe v0.8.1/go.mod h1:TnbBwWYg9rtfDxQGF7pmD0gCPcbWgCUQIqum3dFMRTk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= From cc7e47072792c0159c3e7e579a99672a8e0ab9a2 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Fri, 25 Oct 2024 10:05:15 +0200 Subject: [PATCH 366/517] docs: release helm charts for v0.10.5 (#4038) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- deploy/charts/external-secrets/Chart.yaml | 4 ++-- deploy/charts/external-secrets/README.md | 2 +- .../__snapshot__/cert_controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/crds_test.yaml.snap | 3 +++ .../tests/__snapshot__/webhook_test.yaml.snap | 14 +++++++------- 6 files changed, 23 insertions(+), 20 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index fff42607fb6..ab906289844 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.10.4" -appVersion: "v0.10.4" +version: "0.10.5" +appVersion: "v0.10.5" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index 89f7b57bc61..5d25e7ea738 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.4](https://img.shields.io/badge/Version-0.10.4-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.5](https://img.shields.io/badge/Version-0.10.5-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 8286a0b6759..4d9dfbb1949 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.4 - helm.sh/chart: external-secrets-0.10.4 + app.kubernetes.io/version: v0.10.5 + helm.sh/chart: external-secrets-0.10.5 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.4 - helm.sh/chart: external-secrets-0.10.4 + app.kubernetes.io/version: v0.10.5 + helm.sh/chart: external-secrets-0.10.5 spec: automountServiceAccountToken: true containers: @@ -41,7 +41,7 @@ should match snapshot of default values: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.4 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.5 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 258ab5ce8fc..3f6a82cc7a7 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.4 - helm.sh/chart: external-secrets-0.10.4 + app.kubernetes.io/version: v0.10.5 + helm.sh/chart: external-secrets-0.10.5 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.4 - helm.sh/chart: external-secrets-0.10.4 + app.kubernetes.io/version: v0.10.5 + helm.sh/chart: external-secrets-0.10.5 spec: automountServiceAccountToken: true containers: @@ -34,7 +34,7 @@ should match snapshot of default values: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.4 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.5 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 5a9c74784ac..35439880e01 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -3007,6 +3007,9 @@ should match snapshot of default values: type: string projectSlug: type: string + recursive: + default: false + type: boolean secretsPath: default: / type: string diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index c52be45a6df..4980664d624 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.4 - helm.sh/chart: external-secrets-0.10.4 + app.kubernetes.io/version: v0.10.5 + helm.sh/chart: external-secrets-0.10.5 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.4 - helm.sh/chart: external-secrets-0.10.4 + app.kubernetes.io/version: v0.10.5 + helm.sh/chart: external-secrets-0.10.5 spec: automountServiceAccountToken: true containers: @@ -39,7 +39,7 @@ should match snapshot of default values: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.4 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.5 imagePullPolicy: IfNotPresent name: webhook ports: @@ -83,8 +83,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.4 + app.kubernetes.io/version: v0.10.5 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.10.4 + helm.sh/chart: external-secrets-0.10.5 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From c51ad8d98fda5659483cce8d706e1aa9b7700588 Mon Sep 17 00:00:00 2001 From: Konradas Bunikis Date: Mon, 28 Oct 2024 13:02:06 +0200 Subject: [PATCH 367/517] feat: Support repositories and permissions in GitHub generator (#4039) * feat: Support repositories and permissions in GitHub generator Signed-off-by: konradasb * fix: Correct typo ommited->omitted Signed-off-by: konradasb * fix: Optimize http req body Signed-off-by: konradasb * fix: Optimize body var usage Signed-off-by: konradasb * fix: Correct typo marshalling->marshaling Signed-off-by: konradasb --------- Signed-off-by: konradasb --- apis/generators/v1alpha1/generator_github.go | 5 +++ .../v1alpha1/zz_generated.deepcopy.go | 12 ++++++ ...xternal-secrets.io_githubaccesstokens.yaml | 13 ++++++ deploy/crds/bundle.yaml | 12 ++++++ docs/snippets/generator-github.yaml | 4 ++ pkg/generator/github/github.go | 43 ++++++++++++++++--- pkg/generator/github/github_test.go | 12 +++++- 7 files changed, 92 insertions(+), 9 deletions(-) diff --git a/apis/generators/v1alpha1/generator_github.go b/apis/generators/v1alpha1/generator_github.go index e8a35c3265e..d22608875ac 100644 --- a/apis/generators/v1alpha1/generator_github.go +++ b/apis/generators/v1alpha1/generator_github.go @@ -25,6 +25,11 @@ type GithubAccessTokenSpec struct { URL string `json:"url,omitempty"` AppID string `json:"appID"` InstallID string `json:"installID"` + // List of repositories the token will have access to. If omitted, defaults to all repositories the GitHub App + // is installed to. + Repositories []string `json:"repositories,omitempty"` + // Map of permissions the token will have. If omitted, defaults to all permissions the GitHub App has. + Permissions map[string]string `json:"permissions,omitempty"` // Auth configures how ESO authenticates with a Github instance. Auth GithubAuth `json:"auth"` } diff --git a/apis/generators/v1alpha1/zz_generated.deepcopy.go b/apis/generators/v1alpha1/zz_generated.deepcopy.go index 4d83badbe0f..69a3560f8d7 100644 --- a/apis/generators/v1alpha1/zz_generated.deepcopy.go +++ b/apis/generators/v1alpha1/zz_generated.deepcopy.go @@ -627,6 +627,18 @@ func (in *GithubAccessTokenList) DeepCopyObject() runtime.Object { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GithubAccessTokenSpec) DeepCopyInto(out *GithubAccessTokenSpec) { *out = *in + if in.Repositories != nil { + in, out := &in.Repositories, &out.Repositories + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Permissions != nil { + in, out := &in.Permissions, &out.Permissions + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } in.Auth.DeepCopyInto(&out.Auth) } diff --git a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml index 5045f809a9b..0253fed1d3d 100644 --- a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml @@ -79,6 +79,19 @@ spec: type: object installID: type: string + permissions: + additionalProperties: + type: string + description: Map of permissions the token will have. If omitted, defaults + to all permissions the GitHub App has. + type: object + repositories: + description: |- + List of repositories the token will have access to. If omitted, defaults to all repositories the GitHub App + is installed to. + items: + type: string + type: array url: description: URL configures the Github instance URL. Defaults to https://github.com/. type: string diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 33e153f0b57..422614a4016 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -11782,6 +11782,18 @@ spec: type: object installID: type: string + permissions: + additionalProperties: + type: string + description: Map of permissions the token will have. If omitted, defaults to all permissions the GitHub App has. + type: object + repositories: + description: |- + List of repositories the token will have access to. If omitted, defaults to all repositories the GitHub App + is installed to. + items: + type: string + type: array url: description: URL configures the Github instance URL. Defaults to https://github.com/. type: string diff --git a/docs/snippets/generator-github.yaml b/docs/snippets/generator-github.yaml index 9b77852a115..478d931bb7b 100644 --- a/docs/snippets/generator-github.yaml +++ b/docs/snippets/generator-github.yaml @@ -13,6 +13,10 @@ spec: appID: "0000000" # (1) installID: "00000000" # (5) url: "" # (Default https://api.github.com.) + repositories: # Optional + - "Hello-World" + permissions: # Optional + contents: read auth: privateKey: secretRef: diff --git a/pkg/generator/github/github.go b/pkg/generator/github/github.go index 5dfa6de8561..672aad3fed2 100644 --- a/pkg/generator/github/github.go +++ b/pkg/generator/github/github.go @@ -15,11 +15,13 @@ limitations under the License. package github import ( + "bytes" "context" "crypto/rsa" "encoding/json" "errors" "fmt" + "io" "net/http" "time" @@ -37,11 +39,13 @@ type Generator struct { } type Github struct { - HTTP *http.Client - Kube client.Client - Namespace string - URL string - InstallTkn string + HTTP *http.Client + Kube client.Client + Namespace string + URL string + InstallTkn string + Repositories []string + Permissions map[string]string } const ( @@ -80,8 +84,27 @@ func (g *Generator) generate( if err != nil { return nil, fmt.Errorf("error creating request: %w", err) } + + payload := make(map[string]interface{}) + if gh.Permissions != nil { + payload["permissions"] = gh.Permissions + } + if len(gh.Repositories) > 0 { + payload["repositories"] = gh.Repositories + } + + var body io.Reader = http.NoBody + if len(payload) > 0 { + bodyBytes, err := json.Marshal(payload) + if err != nil { + return nil, fmt.Errorf("error marshaling payload: %w", err) + } + + body = bytes.NewReader(bodyBytes) + } + // Github api expects POST request - req, err := http.NewRequestWithContext(ctx, http.MethodPost, gh.URL, http.NoBody) + req, err := http.NewRequestWithContext(ctx, http.MethodPost, gh.URL, body) if err != nil { return nil, fmt.Errorf("error creating request: %w", err) } @@ -120,7 +143,13 @@ func newGHClient(ctx context.Context, k client.Client, n string, hc *http.Client if err != nil { return nil, fmt.Errorf(errParseSpec, err) } - gh := &Github{Kube: k, Namespace: n, HTTP: hc} + gh := &Github{ + Kube: k, + Namespace: n, + HTTP: hc, + Repositories: res.Spec.Repositories, + Permissions: res.Spec.Permissions, + } ghPath := fmt.Sprintf("/app/installations/%s/access_tokens", res.Spec.InstallID) gh.URL = defaultGithubAPI + ghPath diff --git a/pkg/generator/github/github_test.go b/pkg/generator/github/github_test.go index 4395ad1bc35..5dc9f185f65 100644 --- a/pkg/generator/github/github_test.go +++ b/pkg/generator/github/github_test.go @@ -38,7 +38,7 @@ const ( func testHTTPSrv(t *testing.T, r []byte) *httptest.Server { return httptest.NewServer(http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { assert.Equal(t, "POST", req.Method, "Expected POST request") - assert.Empty(t, req.Body) + assert.NotEmpty(t, req.Body) assert.NotEmpty(t, req.Header.Get("Authorization")) assert.Equal(t, "application/vnd.github.v3+json", req.Header.Get("Accept")) @@ -60,9 +60,13 @@ func TestGenerate(t *testing.T) { "token": "ghs_16C7e42F292c6912E7710c838347Ae178B4a", "expires_at": "2016-07-11T22:14:10Z", "permissions": { - "issues": "write", "contents": "read" }, + "repositories": [ + { + "id": 10000 + } + ], "repository_selection": "selected" }`) @@ -103,6 +107,10 @@ spec: appID: "0000000" installID: "00000000" URL: %q + repositories: + - "Hello-World" + permissions: + contents: "read" auth: privateKey: secretRef: From e4dad782f2017a7980cb2890e43360718663de84 Mon Sep 17 00:00:00 2001 From: Konradas Bunikis Date: Tue, 29 Oct 2024 07:36:30 +0200 Subject: [PATCH 368/517] chore: Add Hostinger to ADOPTERS.md (#4053) --- ADOPTERS.md | 1 + 1 file changed, 1 insertion(+) diff --git a/ADOPTERS.md b/ADOPTERS.md index c2d3db78ef0..9ca077878f8 100644 --- a/ADOPTERS.md +++ b/ADOPTERS.md @@ -13,6 +13,7 @@ - [GoTo](https://www.goto.com/) - [Grafana Labs](https://grafana.com/) - [Heureka Group](https://heureka.group) +- [Hostinger](https://www.hostinger.com/) - [K8S Website Infra](https://k8s.io/) - [Mercedes-Benz Tech Innovation](https://www.mercedes-benz-techinnovation.com/) - [Mixpanel](https://mixpanel.com) From 7b5217ca5da18619fb908584fc82c12d7f3ef137 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 09:40:43 +0100 Subject: [PATCH 369/517] chore(deps): bump distroless/static from `69830f2` to `cc226ca` (#4043) Bumps distroless/static from `69830f2` to `cc226ca`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- Dockerfile | 2 +- Dockerfile.standalone | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6543de2ee6a..aa48a12c727 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM gcr.io/distroless/static@sha256:69830f29ed7545c762777507426a412f97dad3d8d32bae3e74ad3fb6160917ea +FROM gcr.io/distroless/static@sha256:cc226ca14d17d01d4b278d9489da930a0dd11150df10ae95829d13e6d00fbdbf ARG TARGETOS ARG TARGETARCH COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 0cb9b1589a6..d876f6c2db4 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -12,7 +12,7 @@ COPY . /app/ RUN go build -o external-secrets main.go -FROM gcr.io/distroless/static@sha256:69830f29ed7545c762777507426a412f97dad3d8d32bae3e74ad3fb6160917ea AS app +FROM gcr.io/distroless/static@sha256:cc226ca14d17d01d4b278d9489da930a0dd11150df10ae95829d13e6d00fbdbf AS app COPY --from=builder /app/external-secrets /bin/external-secrets # Run as UID for nobody From 79c058e115f7df63a7724715d56d9e9a31fa564f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 09:42:31 +0100 Subject: [PATCH 370/517] chore(deps): bump mkdocs-macros-plugin in /hack/api-docs (#4044) Bumps [mkdocs-macros-plugin](https://github.com/fralau/mkdocs_macros_plugin) from 1.3.6 to 1.3.7. - [Release notes](https://github.com/fralau/mkdocs_macros_plugin/releases) - [Changelog](https://github.com/fralau/mkdocs-macros-plugin/blob/master/CHANGELOG.md) - [Commits](https://github.com/fralau/mkdocs_macros_plugin/compare/v1.3.6...v1.3.7) --- updated-dependencies: - dependency-name: mkdocs-macros-plugin dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 8f7147075f6..7e6ebd68866 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -17,7 +17,7 @@ MarkupSafe==3.0.2 mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 -mkdocs-macros-plugin==1.3.6 +mkdocs-macros-plugin==1.3.7 mkdocs-material==9.5.42 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 From 03254a85e217d842e87845cb0bb33ce98dc68318 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 09:45:25 +0100 Subject: [PATCH 371/517] chore(deps): bump actions/checkout from 4.2.1 to 4.2.2 (#4045) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.2.1 to 4.2.2. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871...11bd71901bbe5b1630ceea73d27597364c9af683) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- .github/workflows/dlc.yml | 2 +- .github/workflows/docs.yml | 2 +- .github/workflows/e2e-managed.yml | 2 +- .github/workflows/e2e.yml | 4 ++-- .github/workflows/helm.yml | 4 ++-- .github/workflows/publish.yml | 4 ++-- .github/workflows/rebuild-image.yml | 2 +- .github/workflows/release.yml | 4 ++-- .github/workflows/scorecard.yml | 2 +- .github/workflows/update-deps.yml | 4 ++-- 11 files changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 058f861de43..87056c97765 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -46,7 +46,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -72,7 +72,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -100,7 +100,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Fetch History run: git fetch --prune --unshallow diff --git a/.github/workflows/dlc.yml b/.github/workflows/dlc.yml index 5153ceebede..6cef35dffca 100644 --- a/.github/workflows/dlc.yml +++ b/.github/workflows/dlc.yml @@ -14,7 +14,7 @@ jobs: runs-on: ubuntu-latest steps: - name: "Checkout Code" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: "Run FOSSA Scan" uses: fossas/fossa-action@09bcf127dc0ccb4b5a023f6f906728878e8610ba # main diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index 297e23fc729..d15716647ae 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -15,7 +15,7 @@ jobs: permissions: contents: write steps: - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 diff --git a/.github/workflows/e2e-managed.yml b/.github/workflows/e2e-managed.yml index 50181828ffb..279bf7a06a9 100644 --- a/.github/workflows/e2e-managed.yml +++ b/.github/workflows/e2e-managed.yml @@ -64,7 +64,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test-managed checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: 'refs/pull/${{ env.GITHUB_PR_NUMBER }}/merge' diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index 40f0a5d2163..b2436944f54 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -66,7 +66,7 @@ jobs: steps: - name: Branch based PR checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Fetch History run: git fetch --prune --unshallow @@ -85,7 +85,7 @@ jobs: # Check out merge commit - name: Fork based /ok-to-test checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: '${{ env.TARGET_SHA }}' diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 7caf07b14ee..f73a62daa3a 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -22,7 +22,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 @@ -74,7 +74,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 39162bf8bd2..d313fec3cb3 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -50,7 +50,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ inputs.ref }} @@ -140,7 +140,7 @@ jobs: needs: build-publish steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Sign image if: env.IS_FORK == 'false' uses: ./.github/actions/sign diff --git a/.github/workflows/rebuild-image.yml b/.github/workflows/rebuild-image.yml index ac0616a2c62..503952805d7 100644 --- a/.github/workflows/rebuild-image.yml +++ b/.github/workflows/rebuild-image.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 51a27358da1..e06964c556c 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ github.event.inputs.source_ref }} @@ -71,7 +71,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index efecdc3e727..ca677095e18 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -20,7 +20,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: persist-credentials: false diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index 8bb99d5603f..2efe52f77f1 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -20,7 +20,7 @@ jobs: steps: - name: Checkout - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: fetch-depth: 0 ref: ${{ github.event.inputs.ref }} @@ -52,7 +52,7 @@ jobs: with: app_id: ${{ secrets.APP_ID }} private_key: ${{ secrets.PRIVATE_KEY }} - - uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: token: ${{ steps.generate_token.outputs.token }} ref: ${{ matrix.branch }} From 12e771051c0ba83a5fef500b859f68f0211f2404 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 09:47:07 +0100 Subject: [PATCH 372/517] chore(deps): bump actions/cache from 4.1.1 to 4.1.2 (#4046) Bumps [actions/cache](https://github.com/actions/cache) from 4.1.1 to 4.1.2. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/3624ceb22c1c5a301c8db4169662070a689d9ea8...6849a6489940f00c2f30c0fb92c6274307ccb58a) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 87056c97765..74c9223f329 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -116,7 +116,7 @@ jobs: run: go mod download - name: Cache envtest binaries - uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4.1.1 + uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 with: path: bin/k8s key: ${{ runner.os }}-envtest-${{env.KUBERNETES_VERSION}} From ba79bb1c8dadd3bb183e66d2d87a7092b2023d34 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 09:48:09 +0100 Subject: [PATCH 373/517] chore(deps): bump actions/setup-python from 5.2.0 to 5.3.0 (#4047) Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5.2.0 to 5.3.0. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/f677139bbe7f9c59b41e40162b753c062f5d49a3...0b93645e9fea7318ecaed2b359559ac225c90a2b) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/helm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index f73a62daa3a..1625872d1a0 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -34,7 +34,7 @@ jobs: with: version: v3.14.2 # remember to also update for the second job (release) - - uses: actions/setup-python@f677139bbe7f9c59b41e40162b753c062f5d49a3 # v5.2.0 + - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: python-version: 3.7 From 5f265cabfd75f6e90c66bda2024d1abc5670a1a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 09:49:28 +0100 Subject: [PATCH 374/517] chore(deps): bump actions/setup-go from 5.0.2 to 5.1.0 (#4049) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.2 to 5.1.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32...41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- .github/workflows/docs.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/update-deps.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 74c9223f329..bffaa4ba428 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,7 +49,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 id: setup-go with: go-version-file: "go.mod" @@ -75,7 +75,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 id: setup-go with: go-version-file: "go.mod" @@ -106,7 +106,7 @@ jobs: run: git fetch --prune --unshallow - name: Setup Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 id: setup-go with: go-version-file: "go.mod" diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index d15716647ae..bad54ef3120 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -20,7 +20,7 @@ jobs: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version-file: "go.mod" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index d313fec3cb3..9f2b765e55b 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -66,7 +66,7 @@ jobs: install: true - name: Setup Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 id: setup-go with: go-version-file: "go.mod" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e06964c556c..86822ee2256 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -76,7 +76,7 @@ jobs: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 id: setup-go with: go-version-file: "go.mod" diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index 2efe52f77f1..de58f8b71e3 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -40,7 +40,7 @@ jobs: branch: ${{ fromJson(needs.branches.outputs.branches) }} steps: - name: Setup Go - uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 + uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 with: go-version: "1.21" From 360b9ae8c28a87374d1010cc85ba2e5a1fb3e2d2 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 09:58:47 +0100 Subject: [PATCH 375/517] chore(deps): bump github/codeql-action from 3.26.13 to 3.27.0 (#4048) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.26.13 to 3.27.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f779452ac5af1c261dce0346a8f964149f49322b...662472033e021d55d94146f66f6058822b0b39fd) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index ca677095e18..c1e9faa7f8e 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f779452ac5af1c261dce0346a8f964149f49322b # v3.26.13 + uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 with: sarif_file: results.sarif From db64df2f0ca2a34c8f2185a8bce3a810b7924c39 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 10:54:27 +0100 Subject: [PATCH 376/517] chore: update dependencies (#4050) * update dependencies Signed-off-by: External Secrets Operator * add check-diff output for controller-gen update Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: External Secrets Operator Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- ...nal-secrets.io_clusterexternalsecrets.yaml | 2 +- ...ternal-secrets.io_clustersecretstores.yaml | 2 +- .../external-secrets.io_externalsecrets.yaml | 2 +- .../external-secrets.io_pushsecrets.yaml | 2 +- .../external-secrets.io_secretstores.yaml | 2 +- ...s.external-secrets.io_acraccesstokens.yaml | 2 +- ...nal-secrets.io_ecrauthorizationtokens.yaml | 2 +- .../generators.external-secrets.io_fakes.yaml | 2 +- ...s.external-secrets.io_gcraccesstokens.yaml | 2 +- ...xternal-secrets.io_githubaccesstokens.yaml | 2 +- ...erators.external-secrets.io_passwords.yaml | 2 +- .../generators.external-secrets.io_uuids.yaml | 2 +- ...ternal-secrets.io_vaultdynamicsecrets.yaml | 2 +- ...nerators.external-secrets.io_webhooks.yaml | 2 +- deploy/crds/bundle.yaml | 28 +-- e2e/go.mod | 64 +++--- e2e/go.sum | 136 +++++++------ go.mod | 88 ++++---- go.sum | 191 ++++++++++-------- 19 files changed, 280 insertions(+), 255 deletions(-) diff --git a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml index 8b94527f622..326e2448e90 100644 --- a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 3ccc3bb453b..47d0e973185 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: clustersecretstores.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index 5b2212fad64..a0396a82023 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: externalsecrets.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_pushsecrets.yaml b/config/crds/bases/external-secrets.io_pushsecrets.yaml index 5e59a58bd5b..993acdf1e82 100644 --- a/config/crds/bases/external-secrets.io_pushsecrets.yaml +++ b/config/crds/bases/external-secrets.io_pushsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: pushsecrets.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index 1102a07d4d6..361ad5141ca 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml index 925aa163947..bd4bbd6377e 100644 --- a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml index 367d2adf6a2..47ccaf2e2b4 100644 --- a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_fakes.yaml b/config/crds/bases/generators.external-secrets.io_fakes.yaml index 407d277618d..c28d6f529c0 100644 --- a/config/crds/bases/generators.external-secrets.io_fakes.yaml +++ b/config/crds/bases/generators.external-secrets.io_fakes.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: fakes.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml index 6eb90d119d1..6b2e764199d 100644 --- a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml index 0253fed1d3d..691e171375f 100644 --- a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_passwords.yaml b/config/crds/bases/generators.external-secrets.io_passwords.yaml index 8ffddf578ca..985791e05bb 100644 --- a/config/crds/bases/generators.external-secrets.io_passwords.yaml +++ b/config/crds/bases/generators.external-secrets.io_passwords.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: passwords.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_uuids.yaml b/config/crds/bases/generators.external-secrets.io_uuids.yaml index a101dbe6697..736e1372d18 100644 --- a/config/crds/bases/generators.external-secrets.io_uuids.yaml +++ b/config/crds/bases/generators.external-secrets.io_uuids.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: uuids.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml index ff0c9c61d7e..7d1911053ab 100644 --- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml +++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_webhooks.yaml b/config/crds/bases/generators.external-secrets.io_webhooks.yaml index c26d364b5f3..59ef26adb63 100644 --- a/config/crds/bases/generators.external-secrets.io_webhooks.yaml +++ b/config/crds/bases/generators.external-secrets.io_webhooks.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: webhooks.generators.external-secrets.io diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 422614a4016..43b77c255b5 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io @@ -659,7 +659,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: clustersecretstores.external-secrets.io @@ -5293,7 +5293,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: externalsecrets.external-secrets.io @@ -6104,7 +6104,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: pushsecrets.external-secrets.io @@ -6500,7 +6500,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io @@ -11134,7 +11134,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io @@ -11329,7 +11329,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io @@ -11498,7 +11498,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: fakes.generators.external-secrets.io @@ -11576,7 +11576,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io @@ -11706,7 +11706,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io @@ -11822,7 +11822,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: passwords.generators.external-secrets.io @@ -11922,7 +11922,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: uuids.generators.external-secrets.io @@ -11985,7 +11985,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io @@ -12684,7 +12684,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: webhooks.generators.external-secrets.io diff --git a/e2e/go.mod b/e2e/go.mod index d99992c0b16..b1dd533b49f 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -39,7 +39,7 @@ replace ( ) require ( - cloud.google.com/go/secretmanager v1.14.1 + cloud.google.com/go/secretmanager v1.14.2 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 @@ -49,7 +49,7 @@ require ( github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 github.com/aws/aws-sdk-go v1.55.5 - github.com/cyberark/conjur-api-go v0.12.4 + github.com/cyberark/conjur-api-go v0.12.5 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 github.com/fluxcd/pkg/apis/meta v1.2.0 @@ -58,29 +58,30 @@ require ( github.com/hashicorp/vault/api v1.15.0 github.com/onsi/ginkgo/v2 v2.20.2 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.75.1 + github.com/oracle/oci-go-sdk/v65 v65.77.1 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 - github.com/xanzy/go-gitlab v0.110.0 + github.com/xanzy/go-gitlab v0.112.0 golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.199.0 - k8s.io/api v0.31.1 - k8s.io/apiextensions-apiserver v0.31.1 - k8s.io/apimachinery v0.31.1 + google.golang.org/api v0.203.0 + k8s.io/api v0.31.2 + k8s.io/apiextensions-apiserver v0.31.2 + k8s.io/apimachinery v0.31.2 k8s.io/client-go v1.5.2 k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 - sigs.k8s.io/controller-runtime v0.19.0 + sigs.k8s.io/controller-runtime v0.19.1 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.5.0 ) require ( - cloud.google.com/go/auth v0.9.7 // indirect + al.essio.dev/pkg/shellescape v1.5.1 // indirect + cloud.google.com/go/auth v0.9.9 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect - cloud.google.com/go/iam v1.2.1 // indirect + cloud.google.com/go/iam v1.2.2 // indirect dario.cat/mergo v1.0.1 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 // indirect - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/adal v0.9.24 // indirect @@ -94,7 +95,6 @@ require ( github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.3.0 // indirect github.com/Masterminds/sprig/v3 v3.3.0 // indirect - github.com/alessio/shellescape v1.4.2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/cenkalti/backoff/v4 v4.3.0 // indirect @@ -128,7 +128,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d // indirect + github.com/google/pprof v0.0.0-20241023014458-598669927662 // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect @@ -148,13 +148,13 @@ require ( github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.10 // indirect + github.com/klauspost/compress v1.17.11 // indirect github.com/kylelemons/godebug v1.1.0 // indirect github.com/lestrrat-go/blackmagic v1.0.2 // indirect github.com/lestrrat-go/httpcc v1.0.1 // indirect github.com/lestrrat-go/httprc v1.0.6 // indirect github.com/lestrrat-go/iter v1.0.2 // indirect - github.com/lestrrat-go/jwx/v2 v2.1.1 // indirect + github.com/lestrrat-go/jwx/v2 v2.1.2 // indirect github.com/lestrrat-go/option v1.0.1 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect @@ -169,9 +169,9 @@ require ( github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b // indirect github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect - github.com/prometheus/client_golang v1.20.4 // indirect + github.com/prometheus/client_golang v1.20.5 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.60.0 // indirect + github.com/prometheus/common v0.60.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/segmentio/asm v1.2.0 // indirect @@ -185,15 +185,15 @@ require ( github.com/tidwall/pretty v1.2.1 // indirect github.com/tidwall/sjson v1.2.5 // indirect github.com/x448/float16 v0.8.4 // indirect - github.com/zalando/go-keyring v0.2.5 // indirect + github.com/zalando/go-keyring v0.2.6 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 // indirect - go.opentelemetry.io/otel v1.30.0 // indirect - go.opentelemetry.io/otel/metric v1.30.0 // indirect - go.opentelemetry.io/otel/trace v1.30.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 // indirect + go.opentelemetry.io/otel v1.31.0 // indirect + go.opentelemetry.io/otel/metric v1.31.0 // indirect + go.opentelemetry.io/otel/trace v1.31.0 // indirect golang.org/x/crypto v0.28.0 // indirect - golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 // indirect + golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect golang.org/x/net v0.30.0 // indirect golang.org/x/sync v0.8.0 // indirect golang.org/x/sys v0.26.0 // indirect @@ -202,18 +202,18 @@ require ( golang.org/x/time v0.7.0 // indirect golang.org/x/tools v0.26.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f // indirect + google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect google.golang.org/grpc v1.67.1 // indirect - google.golang.org/protobuf v1.34.2 // indirect + google.golang.org/protobuf v1.35.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094 // indirect + sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index 62b75d31589..8559cbbc80f 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -1,3 +1,5 @@ +al.essio.dev/pkg/shellescape v1.5.1 h1:86HrALUujYS/h+GtqoB26SBEdkWfmMI6FubjXlsXyho= +al.essio.dev/pkg/shellescape v1.5.1/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= @@ -18,10 +20,10 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= -cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.7 h1:ha65jNwOfI48YmUzNfMaUDfqt5ykuYIUnSartpU1+BA= -cloud.google.com/go/auth v0.9.7/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM= +cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= +cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= +cloud.google.com/go/auth v0.9.9 h1:BmtbpNQozo8ZwW2t7QJjnrQtdganSdmqeIBxHxNkEZQ= +cloud.google.com/go/auth v0.9.9/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -35,14 +37,14 @@ cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixA cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU= -cloud.google.com/go/iam v1.2.1/go.mod h1:3VUIJDPpwT6p/amXRC5GY8fCCh70lxPygguVtI0Z4/g= +cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= +cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.14.1 h1:xlWSIg8rtBn5qCr2f3XtQP19+5COyf/ll49SEvi/0vM= -cloud.google.com/go/secretmanager v1.14.1/go.mod h1:L+gO+u2JA9CCyXpSR8gDH0o8EV7i/f0jdBOrUXcIV0U= +cloud.google.com/go/secretmanager v1.14.2 h1:2XscWCfy//l/qF96YE18/oUaNJynAx749Jg3u0CjQr8= +cloud.google.com/go/secretmanager v1.14.2/go.mod h1:Q18wAPMM6RXLC/zVpWTlqq2IBSbbm7pKBlM3lCKsmjw= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -56,11 +58,13 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= @@ -91,6 +95,8 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= @@ -109,8 +115,6 @@ github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 h1:ly0WKARATneFzwBlTZ2lUyjtL github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5/go.mod h1:W6DMNwPyIE3jpXDaJOvCKUT/kHPZrpl/BGiIVUILbMk= github.com/akeylesslabs/akeyless-go/v3 v3.6.3 h1:fMF8SMDiBL9CufVjLUyF1Z+Z04t5CC3KGOROSjaJ/eA= github.com/akeylesslabs/akeyless-go/v3 v3.6.3/go.mod h1:xcSXQWFRzKupIPCFRd9/mFYW0lHnDnWVvMD/pQ0x7sU= -github.com/alessio/shellescape v1.4.2 h1:MHPfaU+ddJ0/bYWpgIeUnQUqKrlJ1S7BfEYPM4uEoM0= -github.com/alessio/shellescape v1.4.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 h1:0QmSDMovuCyUbYp70MZHoTi/GYnHb/wYEIIBqoVsCjs= github.com/aliyun/alibaba-cloud-sdk-go v1.62.271/go.mod h1:Api2AkmMgGaSUAhmk76oaFObkoeCPc/bKAqcyplPODs= github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio= @@ -134,8 +138,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cyberark/conjur-api-go v0.12.4 h1:N1Ku6xveOHZa7NRuf//uNKxwcvwp7MTy59aB2VM0o9A= -github.com/cyberark/conjur-api-go v0.12.4/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0sYHXTMehaqIV/GxY= +github.com/cyberark/conjur-api-go v0.12.5 h1:n05CrzkVObjCk0rPMtmdN1c5117JP0bdZWuAERw8F2E= +github.com/cyberark/conjur-api-go v0.12.5/go.mod h1:NwX17s8cIbiM+gx7PzHGwBkFXbNIXRLHciKakVabq6Q= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -144,6 +148,8 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= @@ -163,8 +169,8 @@ github.com/evanphx/json-patch/v5 v5.9.0 h1:kcBlZQbplgElYIlo/n1hJbls2z/1awpXxpRi0 github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq14uClGH4abBuQ= github.com/external-secrets/sprig/v3 v3.3.0 h1:uO5rmIKSjjONthpCIU8xKbBpAJd0zL/6XFEdC+JsSqU= github.com/external-secrets/sprig/v3 v3.3.0/go.mod h1:tvPBN33djer3sQffmfEfcQdL5VYKYmetb4Zbe6wtAq8= -github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= -github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fluxcd/helm-controller/api v0.37.2 h1:tkLezpRdqPDz7HoKHFu92sV+ppOCVDxkjFTh8/lpff8= @@ -293,11 +299,13 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d h1:Jaz2JzpQaQXyET0AjLBXShrthbpqMkhGiEfkcQAiAUs= -github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241023014458-598669927662 h1:SKMkD83p7FwUqKmBsPdLHF5dNyxq3jOWwu9w9UyH5vA= +github.com/google/pprof v0.0.0-20241023014458-598669927662/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -356,10 +364,12 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU= github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.10 h1:oXAz+Vh0PMUvJczoi+flxpnBEPxoER1IaAnU/NMPtT0= -github.com/klauspost/compress v1.17.10/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= +github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= +github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -377,8 +387,8 @@ github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCG github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.1.1 h1:Y2ltVl8J6izLYFs54BVcpXLv5msSW4o8eXwnzZLI32E= -github.com/lestrrat-go/jwx/v2 v2.1.1/go.mod h1:4LvZg7oxu6Q5VJwn7Mk/UwooNRnTHUpXBj2C4j3HNx0= +github.com/lestrrat-go/jwx/v2 v2.1.2 h1:6poete4MPsO8+LAEVhpdrNI4Xp2xdiafgl2RD89moBc= +github.com/lestrrat-go/jwx/v2 v2.1.2/go.mod h1:pO+Gz9whn7MPdbsqSJzG8TlEpMZCwQDXnFJ+zsUVh8Y= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= @@ -417,8 +427,8 @@ github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.75.1 h1:c7U7WQWeWZdPpzbsxf8dNRd4jXkyTNCNKaCAndvjTqw= -github.com/oracle/oci-go-sdk/v65 v65.75.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.77.1 h1:gqjTXIUWvTihkn470AclxSAMcR1JecqjD2IUtp+sDIU= +github.com/oracle/oci-go-sdk/v65 v65.77.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -427,15 +437,17 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= -github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.60.0 h1:+V9PAREWNvJMAuJ1x1BaWl9dewMW4YrHZQbx0sJNllA= -github.com/prometheus/common v0.60.0/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= +github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc= +github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= +github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= +github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= @@ -492,15 +504,15 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.110.0 h1:hsFIFp01v/0D0sdUXoZfRk6CROzZbHQplk6NzKSFKhc= -github.com/xanzy/go-gitlab v0.110.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/xanzy/go-gitlab v0.112.0 h1:6Z0cqEooCvBMfBIHw+CgO4AKGRV8na/9781xOb0+DKw= +github.com/xanzy/go-gitlab v0.112.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zalando/go-keyring v0.2.5 h1:Bc2HHpjALryKD62ppdEzaFG6VxL6Bc+5v0LYpN8Lba8= -github.com/zalando/go-keyring v0.2.5/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= +github.com/zalando/go-keyring v0.2.6 h1:r7Yc3+H+Ux0+M72zacZoItR3UDxeWfKTcabvkI8ua9s= +github.com/zalando/go-keyring v0.2.6/go.mod h1:2TCrxYrbUNYfNS/Kgy/LSrkSQzZ5UPVH85RwfczwvcI= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -510,18 +522,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 h1:hCq2hNMwsegUvPzI7sPOvtO9cqyy5GbWt/Ybp2xrx8Q= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0/go.mod h1:LqaApwGx/oUmzsbqxkzuBvyoPpkxk3JQWnqfVrJ3wCA= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 h1:ZIg3ZT/aQ7AfKqdwp7ECpOK6vHqquXXuyTjIO8ZdmPs= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0/go.mod h1:DQAwmETtZV00skUwgD6+0U89g80NKsJE3DCKeLLPQMI= -go.opentelemetry.io/otel v1.30.0 h1:F2t8sK4qf1fAmY9ua4ohFS/K+FUuOPemHUIXHtktrts= -go.opentelemetry.io/otel v1.30.0/go.mod h1:tFw4Br9b7fOS+uEao81PJjVMjW/5fvNCbpsDIXqP0pc= -go.opentelemetry.io/otel/metric v1.30.0 h1:4xNulvn9gjzo4hjg+wzIKG7iNFEaBMX00Qd4QIZs7+w= -go.opentelemetry.io/otel/metric v1.30.0/go.mod h1:aXTfST94tswhWEb+5QjlSqG+cZlmyXy/u8jFpor3WqQ= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 h1:yMkBS9yViCc7U7yeLzJPM2XizlfdVvBRSmsQDWu6qc0= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0/go.mod h1:n8MR6/liuGB5EmTETUBeU5ZgqMOlqKRxUaqPQBOANZ8= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 h1:UP6IpuHFkUgOQL9FFQFrZ+5LiwhhYRbi7VZSIx6Nj5s= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0/go.mod h1:qxuZLtbq5QDtdeSHsS7bcf6EH6uO6jUAgk764zd3rhM= +go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY= +go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE= +go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE= +go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY= go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= -go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8dQ9wmc= -go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o= +go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys= +go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= @@ -556,8 +568,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 h1:1wqE9dj9NpSm04INVsJhhEUzhuDVjbcyKH91sVyPATw= -golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= +golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY= +golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -820,8 +832,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.199.0 h1:aWUXClp+VFJmqE0JPvpZOK3LDQMyFKYIow4etYd9qxs= -google.golang.org/api v0.199.0/go.mod h1:ohG4qSztDJmZdjK/Ar6MhbAmb/Rpi4JHOqagsh90K28= +google.golang.org/api v0.203.0 h1:SrEeuwU3S11Wlscsn+LA1kb/Y5xT8uggJSkIhD08NAU= +google.golang.org/api v0.203.0/go.mod h1:BuOVyCSYEPwJb3npWvDnNmFI92f3GeRnHNkETneT3SI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -869,12 +881,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f h1:mCJ6SGikSxVlt9scCayUl2dMq0msUgmBArqRY6umieI= -google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f/go.mod h1:xtVODtPkMQRUZ4kqOTgp6JrXQrPevvfCSdk4mJtHUbM= -google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f h1:jTm13A2itBi3La6yTGqn8bVSrc3ZZ1r8ENHlIXBfnRA= -google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f/go.mod h1:CLGoBuH1VHxAUXVPP8FfPwPEVJB6lz3URE5mY2SuayE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f h1:cUMEy+8oS78BWIH9OWazBkzbr090Od9tWBNtZHkOhf0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 h1:Q3nlH8iSQSRUwOskjbcSMcF2jiYMNiQYZ0c2KEJLKKU= +google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38/go.mod h1:xBI+tzfqGGN2JBeSebfKXFSdBpWVQ7sLW40PTupVRm4= +google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 h1:2oV8dfuIkM1Ti7DwXc0BJfnwr9csz4TDXI9EmiI+Rbw= +google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38/go.mod h1:vuAjtvlwkDKF6L1GQ0SokiRLCGFfeBUXWr/aFFkHACc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -909,8 +921,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= +google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -951,17 +963,17 @@ k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 h1:1dWzkmJrrprYvjGwh9kEUxmcUV/CtNU8QM7h1FLWQOo= -k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= +k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094 h1:MErs8YA0abvOqJ8gIupA1Tz6PKXYUw34XsGlA7uSL1k= +k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094/go.mod h1:7ioBJr1A6igWjsR2fxq2EZ0mlMwYLejazSIc2bzMp2U= k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 h1:MDF6h2H/h4tbzmtIKTuctcwZmY0tY9mD9fNT47QO6HI= k8s.io/utils v0.0.0-20240921022957-49e7df575cb6/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= -sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn/cxOk= +sigs.k8s.io/controller-runtime v0.19.1/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= diff --git a/go.mod b/go.mod index 2b925e109b6..33226a712f9 100644 --- a/go.mod +++ b/go.mod @@ -5,14 +5,14 @@ go 1.23.1 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 require ( - cloud.google.com/go/iam v1.2.1 - cloud.google.com/go/secretmanager v1.14.1 + cloud.google.com/go/iam v1.2.2 + cloud.google.com/go/secretmanager v1.14.2 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 - github.com/IBM/go-sdk-core/v5 v5.17.5 + github.com/IBM/go-sdk-core/v5 v5.18.1 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.8 github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/sprig/v3 v3.3.0 @@ -32,39 +32,39 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.20.2 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.75.1 - github.com/prometheus/client_golang v1.20.4 + github.com/oracle/oci-go-sdk/v65 v65.77.1 + github.com/prometheus/client_golang v1.20.5 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.18.0 - github.com/xanzy/go-gitlab v0.110.0 - github.com/yandex-cloud/go-genproto v0.0.0-20241004153110-80386e3567fa - github.com/yandex-cloud/go-sdk v0.0.0-20241004153607-909df9f16e4b + github.com/xanzy/go-gitlab v0.112.0 + github.com/yandex-cloud/go-genproto v0.0.0-20241021132621-28bb61d00c2f + github.com/yandex-cloud/go-sdk v0.0.0-20241021153520-213d4c625eca github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.28.0 golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.199.0 - google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f + google.golang.org/api v0.203.0 + google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 google.golang.org/grpc v1.67.1 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 - k8s.io/api v0.31.1 - k8s.io/apiextensions-apiserver v0.31.1 - k8s.io/apimachinery v0.31.1 - k8s.io/client-go v0.31.1 + k8s.io/api v0.31.2 + k8s.io/apiextensions-apiserver v0.31.2 + k8s.io/apimachinery v0.31.2 + k8s.io/client-go v0.31.2 k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 - sigs.k8s.io/controller-runtime v0.19.0 - sigs.k8s.io/controller-tools v0.16.3 + sigs.k8s.io/controller-runtime v0.19.1 + sigs.k8s.io/controller-tools v0.16.5 ) require github.com/1Password/connect-sdk-go v1.5.3 require ( dario.cat/mergo v1.0.1 - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 github.com/BeyondTrust/go-client-library-passwordsafe v0.8.1 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 @@ -75,10 +75,10 @@ require ( github.com/alibabacloud-go/openapi-util v0.1.1 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.7 - github.com/aliyun/credentials-go v1.3.10 + github.com/aliyun/credentials-go v1.3.11 github.com/avast/retry-go/v4 v4.6.0 github.com/cenkalti/backoff/v4 v4.3.0 - github.com/cyberark/conjur-api-go v0.12.4 + github.com/cyberark/conjur-api-go v0.12.5 github.com/fortanix/sdkms-client-go v0.4.0 github.com/go-openapi/strfmt v0.23.0 github.com/golang-jwt/jwt/v5 v5.2.1 @@ -86,28 +86,28 @@ require ( github.com/hashicorp/vault/api/auth/aws v0.8.0 github.com/hashicorp/vault/api/auth/userpass v0.8.0 github.com/keeper-security/secrets-manager-go/core v1.6.4 - github.com/lestrrat-go/jwx/v2 v2.1.1 - github.com/maxbrunsfeld/counterfeiter/v6 v6.9.0 + github.com/lestrrat-go/jwx/v2 v2.1.2 + github.com/maxbrunsfeld/counterfeiter/v6 v6.10.0 github.com/passbolt/go-passbolt v0.7.1 github.com/previder/vault-cli v0.1.2 - github.com/pulumi/esc-sdk/sdk v0.10.0 + github.com/pulumi/esc-sdk/sdk v0.10.2 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 + k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.5.0 ) require ( - cloud.google.com/go/auth v0.9.7 // indirect + al.essio.dev/pkg/shellescape v1.5.1 // indirect + cloud.google.com/go/auth v0.9.9 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/ProtonMail/gopenpgp/v2 v2.7.5 // indirect - github.com/alessio/shellescape v1.4.2 // indirect github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 // indirect github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect github.com/alibabacloud-go/darabonba-array v0.1.0 // indirect @@ -120,11 +120,11 @@ require ( github.com/alibabacloud-go/tea-xml v1.1.3 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect github.com/clbanning/mxj/v2 v2.7.0 // indirect - github.com/cloudflare/circl v1.4.0 // indirect + github.com/cloudflare/circl v1.5.0 // indirect github.com/danieljoos/wincred v1.2.2 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.5 // indirect + github.com/gabriel-vasile/mimetype v1.4.6 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-playground/validator/v10 v10.22.1 // indirect @@ -135,22 +135,22 @@ require ( github.com/google/s2a-go v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect - github.com/klauspost/compress v1.17.10 // indirect + github.com/klauspost/compress v1.17.11 // indirect github.com/lestrrat-go/httprc v1.0.6 // indirect github.com/nxadm/tail v1.4.11 // indirect github.com/segmentio/asm v1.2.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/tjfoc/gmsm v1.4.1 // indirect github.com/x448/float16 v0.8.4 // indirect - github.com/zalando/go-keyring v0.2.5 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 // indirect - go.opentelemetry.io/otel v1.30.0 // indirect - go.opentelemetry.io/otel/metric v1.30.0 // indirect - go.opentelemetry.io/otel/trace v1.30.0 // indirect + github.com/zalando/go-keyring v0.2.6 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 // indirect + go.opentelemetry.io/otel v1.31.0 // indirect + go.opentelemetry.io/otel/metric v1.31.0 // indirect + go.opentelemetry.io/otel/trace v1.31.0 // indirect golang.org/x/sync v0.8.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect @@ -166,7 +166,7 @@ require ( github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/Masterminds/semver/v3 v3.3.0 // indirect - github.com/PaesslerAG/gval v1.2.2 // indirect + github.com/PaesslerAG/gval v1.2.3 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect @@ -176,7 +176,7 @@ require ( github.com/emicklei/go-restful/v3 v3.12.1 // indirect github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect - github.com/fatih/color v1.17.0 // indirect + github.com/fatih/color v1.18.0 // indirect github.com/fsnotify/fsnotify v1.7.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-chef/chef v0.30.1 @@ -195,7 +195,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d // indirect + github.com/google/pprof v0.0.0-20241023014458-598669927662 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -233,7 +233,7 @@ require ( github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/common v0.60.0 // indirect + github.com/prometheus/common v0.60.1 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect @@ -248,7 +248,7 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 // indirect + golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect golang.org/x/mod v0.21.0 // indirect golang.org/x/net v0.30.0 // indirect golang.org/x/sys v0.26.0 // indirect @@ -257,12 +257,12 @@ require ( golang.org/x/time v0.7.0 // indirect golang.org/x/tools v0.26.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/protobuf v1.34.2 // indirect + google.golang.org/protobuf v1.35.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect k8s.io/gengo v0.0.0-20240911193312-2b36238f13e9 // indirect k8s.io/klog v1.0.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect - sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect + sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect ) diff --git a/go.sum b/go.sum index f561cee8262..208f1f5e9a6 100644 --- a/go.sum +++ b/go.sum @@ -1,3 +1,5 @@ +al.essio.dev/pkg/shellescape v1.5.1 h1:86HrALUujYS/h+GtqoB26SBEdkWfmMI6FubjXlsXyho= +al.essio.dev/pkg/shellescape v1.5.1/go.mod h1:6sIqp7X2P6mThCQ7twERpZTuigpr6KbZWtls1U8I890= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= cloud.google.com/go v0.38.0/go.mod h1:990N+gfupTy94rShfmMCWGDn0LpTmnzTp2qbd1dvSRU= @@ -18,10 +20,10 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.115.1 h1:Jo0SM9cQnSkYfp44+v+NQXHpcHqlnRJk2qxh6yvxxxQ= -cloud.google.com/go v0.115.1/go.mod h1:DuujITeaufu3gL68/lOFIirVNJwQeyf5UXyi+Wbgknc= -cloud.google.com/go/auth v0.9.7 h1:ha65jNwOfI48YmUzNfMaUDfqt5ykuYIUnSartpU1+BA= -cloud.google.com/go/auth v0.9.7/go.mod h1:Xo0n7n66eHyOWWCnitop6870Ilwo3PiZyodVkkH1xWM= +cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= +cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= +cloud.google.com/go/auth v0.9.9 h1:BmtbpNQozo8ZwW2t7QJjnrQtdganSdmqeIBxHxNkEZQ= +cloud.google.com/go/auth v0.9.9/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -35,14 +37,14 @@ cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixA cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.2.1 h1:QFct02HRb7H12J/3utj0qf5tobFh9V4vR6h9eX5EBRU= -cloud.google.com/go/iam v1.2.1/go.mod h1:3VUIJDPpwT6p/amXRC5GY8fCCh70lxPygguVtI0Z4/g= +cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= +cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.14.1 h1:xlWSIg8rtBn5qCr2f3XtQP19+5COyf/ll49SEvi/0vM= -cloud.google.com/go/secretmanager v1.14.1/go.mod h1:L+gO+u2JA9CCyXpSR8gDH0o8EV7i/f0jdBOrUXcIV0U= +cloud.google.com/go/secretmanager v1.14.2 h1:2XscWCfy//l/qF96YE18/oUaNJynAx749Jg3u0CjQr8= +cloud.google.com/go/secretmanager v1.14.2/go.mod h1:Q18wAPMM6RXLC/zVpWTlqq2IBSbbm7pKBlM3lCKsmjw= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -58,11 +60,13 @@ github.com/Azure/azure-sdk-for-go v68.0.0+incompatible h1:fcYLmCpyNYRnvJbPerq7U0 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible/go.mod h1:9XXNKU+eRnpl9moKnB4QOLf1HestfXbmab5FXxiDBjc= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.8.0/go.mod h1:3Ug6Qzto9anB6mGlEdgYMDF5zHQ+wwhEaYR4s17PHMw= github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0 h1:nyQWyZvwGTvunIMxi1Y9uXkcyr+I7TeNrr/foo4Kpk8= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.14.0/go.mod h1:l38EPgmsp71HHLq9j7De57JcKOWPyhrsW1Awm1JS6K0= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 h1:JZg6HRh6W6U4OLl6lk7BZ7BLisIzM9dG1R50zUk9C/M= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0/go.mod h1:YL1xnZ6QejvQHWJrX/AvhFl4WW4rqHVoKspWNVwFk0M= github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0 h1:tfLQ34V6F7tVSwoTf/4lH5sE0o6eCJuNDTmH09nDpbc= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.7.0/go.mod h1:9kIvujWAA58nmPmWB1m23fyWic1kYZMxD9CxaWn4Qpg= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 h1:B/dfvscEQtew9dVuoxqxrUKKv8Ih2f55PydknDamU+g= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0/go.mod h1:fiPSssYvltE08HJchL04dOy+RD4hgrjph0cwGGMntdI= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0 h1:+m0M/LFxN43KvULkDNfdXOgrjtg6UYJPFBJyuEcRCAw= +github.com/Azure/azure-sdk-for-go/sdk/azidentity/cache v0.3.0/go.mod h1:PwOyop78lveYMRs6oCxjiVyBdyCgIYH6XHIVZO9/SFQ= github.com/Azure/azure-sdk-for-go/sdk/internal v1.3.0/go.mod h1:okt5dMMTOFjX/aovMlrjvvXoPMBVSPzk9185BT0+eZM= github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 h1:ywEEhmNahHBihViHepv3xPBn1663uRv2t2q/ESv9seY= @@ -93,6 +97,8 @@ github.com/Azure/go-autorest/logger v0.2.1 h1:IG7i4p/mDa2Ce4TRyAO8IHnVhAVF3RFU+Z github.com/Azure/go-autorest/logger v0.2.1/go.mod h1:T9E3cAhj2VqvPOtCYAvby9aBXkZmbF5NWuPV8+WeEW8= github.com/Azure/go-autorest/tracing v0.6.0 h1:TYi4+3m5t6K48TGI9AUdb+IzbnSxvnvUMfuitfgcfuo= github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBpUA79WCAKPPZVC2DeU= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= +github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= @@ -106,8 +112,8 @@ github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 h1:/rzzzaBuj/FYTcbt8sYZ9IzlnENqcgh5zK github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1/go.mod h1:xz6FXP2Do88Vc5Hx7OamZgZC1W45yfmLy4+iDKxlGXo= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= -github.com/IBM/go-sdk-core/v5 v5.17.5 h1:AjGC7xNee5tgDIjndekBDW5AbypdERHSgib3EZ1KNsA= -github.com/IBM/go-sdk-core/v5 v5.17.5/go.mod h1:KsAAI7eStAWwQa4F96MLy+whYSh39JzNjklZRbN/8ns= +github.com/IBM/go-sdk-core/v5 v5.18.1 h1:wdftQO8xejECTWTKF3FGXyW0McKxxDAopH7MKwA187c= +github.com/IBM/go-sdk-core/v5 v5.18.1/go.mod h1:3ywpylZ41WhWPusqtpJZWopYlt2brebcphV7mA2JncU= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.8 h1:gWB2E3B3lyQt7I8eX6ov0PZXS7gSo2cRhW0RCD+E1Ug= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.8/go.mod h1:RglK3v6CPe3T1myRtQCD6z+nBygXvNJwufAon0qcZok= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -118,8 +124,8 @@ github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lpr github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d h1:V7xPdg5XgCcUJgL57zfZSNOIvrDPWA4SpWuRJ0UVwKs= github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d/go.mod h1:WI6HYqD62DSW+C0gMS0zHe/vXhZVCUg2ecVosnglPNc= github.com/PaesslerAG/gval v1.0.0/go.mod h1:y/nm5yEyTeX6av0OfKJNp9rBNj2XrGhAf5+v24IBN1I= -github.com/PaesslerAG/gval v1.2.2 h1:Y7iBzhgE09IGTt5QgGQ2IdaYYYOU134YGHBThD+wm9E= -github.com/PaesslerAG/gval v1.2.2/go.mod h1:XRFLwvmkTEdYziLdaCeCa5ImcGVrfQbeNUbVR+C6xac= +github.com/PaesslerAG/gval v1.2.3 h1:Z3B/zLyWvqxjUtkIOEkFauqLnQn8Q37F1Q+uAjLXgMw= +github.com/PaesslerAG/gval v1.2.3/go.mod h1:XRFLwvmkTEdYziLdaCeCa5ImcGVrfQbeNUbVR+C6xac= github.com/PaesslerAG/jsonpath v0.1.0/go.mod h1:4BzmtoM/PI8fPO4aQGIusjGxGir2BzcV0grWtFzq1Y8= github.com/PaesslerAG/jsonpath v0.1.1 h1:c1/AToHQMVsduPAa4Vh6xp2U0evy4t8SWp8imEsylIk= github.com/PaesslerAG/jsonpath v0.1.1/go.mod h1:lVboNxFGal/VwW6d9JzIy56bUsYAP6tH/x80vjnCseY= @@ -136,8 +142,6 @@ github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 h1:ly0WKARATneFzwBlTZ2lUyjtL github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5/go.mod h1:W6DMNwPyIE3jpXDaJOvCKUT/kHPZrpl/BGiIVUILbMk= github.com/akeylesslabs/akeyless-go/v3 v3.6.3 h1:fMF8SMDiBL9CufVjLUyF1Z+Z04t5CC3KGOROSjaJ/eA= github.com/akeylesslabs/akeyless-go/v3 v3.6.3/go.mod h1:xcSXQWFRzKupIPCFRd9/mFYW0lHnDnWVvMD/pQ0x7sU= -github.com/alessio/shellescape v1.4.2 h1:MHPfaU+ddJ0/bYWpgIeUnQUqKrlJ1S7BfEYPM4uEoM0= -github.com/alessio/shellescape v1.4.2/go.mod h1:PZAiSCk0LJaZkiCSkPv8qIobYglO3FPpyFjDCtHLS30= github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 h1:eIf+iGJxdU4U9ypaUfbtOWCsZSbTb8AUHvyPrxu6mAA= github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6/go.mod h1:4EUIoxs/do24zMOGGqYVWgw0s9NtiylnJglOeEB5UJo= github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.4/go.mod h1:sCavSAvdzOjul4cEqeVtvlSaSScfNsTQ+46HwlTL1hc= @@ -187,8 +191,9 @@ github.com/alibabacloud-go/tea-xml v1.1.3/go.mod h1:Rq08vgCcCAjHyRi/M7xlHKUykZCE github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6qTJya2bDq4X1Tw= github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= -github.com/aliyun/credentials-go v1.3.10 h1:45Xxrae/evfzQL9V10zL3xX31eqgLWEaIdCoPipOEQA= github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= +github.com/aliyun/credentials-go v1.3.11 h1:8CjGRa0wAoNC0zGMar+PRushZkd1n4xdijpdV4vlCho= +github.com/aliyun/credentials-go v1.3.11/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinRJA= @@ -215,8 +220,8 @@ github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyM github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= -github.com/cloudflare/circl v1.4.0 h1:BV7h5MgrktNzytKmWjpOtdYrf0lkkbF8YMlBGPhJQrY= -github.com/cloudflare/circl v1.4.0/go.mod h1:PDRU+oXvdD7KCtgKxW95M5Z8BpSCJXQORiZFnBQS5QU= +github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys= +github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= @@ -224,8 +229,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= github.com/ctdk/goiardi v0.11.10/go.mod h1:Pr6Cj6Wsahw45myttaOEZeZ0LE7p1qzWmzgsBISkrNI= -github.com/cyberark/conjur-api-go v0.12.4 h1:N1Ku6xveOHZa7NRuf//uNKxwcvwp7MTy59aB2VM0o9A= -github.com/cyberark/conjur-api-go v0.12.4/go.mod h1:FnzNn6mPwTOyBueSDnu1J4K47J0sYHXTMehaqIV/GxY= +github.com/cyberark/conjur-api-go v0.12.5 h1:n05CrzkVObjCk0rPMtmdN1c5117JP0bdZWuAERw8F2E= +github.com/cyberark/conjur-api-go v0.12.5/go.mod h1:NwX17s8cIbiM+gx7PzHGwBkFXbNIXRLHciKakVabq6Q= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -234,6 +239,8 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0 h1:rpfIENRNNilwHwZeG5+P150SMrnNEcHYvcCuK6dPZSg= github.com/decred/dcrd/dcrec/secp256k1/v4 v4.3.0/go.mod h1:v57UDF4pDQJcEfFUCRop3lJL149eHGSe9Jvczhzjo/0= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U= github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE= github.com/dnaeon/go-vcr v1.1.0/go.mod h1:M7tiix8f0r6mKKJ3Yq/kqU1OYf3MnfmBWVbPx/yU9ko= @@ -254,8 +261,8 @@ github.com/evanphx/json-patch/v5 v5.9.0/go.mod h1:VNkHZ/282BpEyt/tObQO8s5CMPmYYq github.com/external-secrets/sprig/v3 v3.3.0 h1:uO5rmIKSjjONthpCIU8xKbBpAJd0zL/6XFEdC+JsSqU= github.com/external-secrets/sprig/v3 v3.3.0/go.mod h1:tvPBN33djer3sQffmfEfcQdL5VYKYmetb4Zbe6wtAq8= github.com/fatih/color v1.13.0/go.mod h1:kLAiJbzzSOZDVNGyDpeOxJ47H46qBXwg5ILebYFFOfk= -github.com/fatih/color v1.17.0 h1:GlRw1BRJxkpqUCBKzKOw098ed57fEsKeNjpTe3cSjK4= -github.com/fatih/color v1.17.0/go.mod h1:YZ7TlrGPkiz6ku9fK3TLD/pl3CpsiFyu8N92HLgmosI= +github.com/fatih/color v1.18.0 h1:S8gINlzdQ840/4pfAwic/ZE0djQEH3wM94VfqLTZcOM= +github.com/fatih/color v1.18.0/go.mod h1:4FelSpRwEGDpQ12mAdzqdOukCy4u8WUtOY6lkT/6HfU= github.com/felixge/httpsnoop v1.0.4 h1:NFTV2Zj1bL4mc9sqWACXbQFVBBg2W3GPvqp8/ESS2Wg= github.com/felixge/httpsnoop v1.0.4/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U= github.com/fortanix/sdkms-client-go v0.4.0 h1:5cKiFJ4rzc69mhsVVI5Ma5ynr/k5vhvws0yfzfIro/k= @@ -267,8 +274,8 @@ github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nos github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= -github.com/gabriel-vasile/mimetype v1.4.5 h1:J7wGKdGu33ocBOhGy0z653k/lFKLFDPJMG8Gql0kxn4= -github.com/gabriel-vasile/mimetype v1.4.5/go.mod h1:ibHel+/kbxn9x2407k1izTA1S81ku1z/DlgOW2QE0M4= +github.com/gabriel-vasile/mimetype v1.4.6 h1:3+PzJTKLkvgjeTbts6msPJt4DixhT4YtFNf1gtGe3zc= +github.com/gabriel-vasile/mimetype v1.4.6/go.mod h1:JX1qVKqZd40hUPpAfiNTe0Sne7hdfKSbOqqmkq8GCXc= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-chef/chef v0.30.1 h1:yvOSijEBWAQtRbBPj9hz1atEJUU6HckPc7AaEyZXnLg= @@ -400,11 +407,13 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d h1:Jaz2JzpQaQXyET0AjLBXShrthbpqMkhGiEfkcQAiAUs= -github.com/google/pprof v0.0.0-20241001023024-f4c0cfd0cf1d/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241023014458-598669927662 h1:SKMkD83p7FwUqKmBsPdLHF5dNyxq3jOWwu9w9UyH5vA= +github.com/google/pprof v0.0.0-20241023014458-598669927662/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 h1:El6M4kTTCOh6aBiKaUGG7oYTSPP8MxqL4YI3kZKwcP4= +github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510/go.mod h1:pupxD2MaaD3pAXIBCelhxNneeOaAeabZDe5s4K6zSpQ= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -485,10 +494,12 @@ github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/X github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU= github.com/keeper-security/secrets-manager-go/core v1.6.4 h1:ly2XvAgDxHoHVvFXOIYlxzxBF0yoQir1KfNHUNG4eRA= github.com/keeper-security/secrets-manager-go/core v1.6.4/go.mod h1:dtlaeeds9+SZsbDAZnQRsDSqEAK9a62SYtqhNql+VgQ= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6 h1:IsMZxCuZqKuao2vNdfD82fjjgPLfyHLpR41Z88viRWs= +github.com/keybase/go-keychain v0.0.0-20231219164618-57a3676c3af6/go.mod h1:3VeWNIJaW+O5xpRQbPp0Ybqu1vJd/pm7s2F473HRrkw= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.10 h1:oXAz+Vh0PMUvJczoi+flxpnBEPxoER1IaAnU/NMPtT0= -github.com/klauspost/compress v1.17.10/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= +github.com/klauspost/compress v1.17.11 h1:In6xLpyWOi1+C7tXUUWv2ot1QvBjxevKAaI6IXrJmUc= +github.com/klauspost/compress v1.17.11/go.mod h1:pMDklpSncoRMuLFrf1W9Ss9KT+0rH90U12bZKk7uwG0= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= @@ -510,8 +521,8 @@ github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCG github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.1.1 h1:Y2ltVl8J6izLYFs54BVcpXLv5msSW4o8eXwnzZLI32E= -github.com/lestrrat-go/jwx/v2 v2.1.1/go.mod h1:4LvZg7oxu6Q5VJwn7Mk/UwooNRnTHUpXBj2C4j3HNx0= +github.com/lestrrat-go/jwx/v2 v2.1.2 h1:6poete4MPsO8+LAEVhpdrNI4Xp2xdiafgl2RD89moBc= +github.com/lestrrat-go/jwx/v2 v2.1.2/go.mod h1:pO+Gz9whn7MPdbsqSJzG8TlEpMZCwQDXnFJ+zsUVh8Y= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= @@ -525,8 +536,8 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/maxbrunsfeld/counterfeiter/v6 v6.9.0 h1:ERhc+PJKEyqWQnKu7/K0frSVGFihYYImqNdqP5r0cN0= -github.com/maxbrunsfeld/counterfeiter/v6 v6.9.0/go.mod h1:tU2wQdIyJ7fib/YXxFR0dgLlFz3yl4p275UfUKmDFjk= +github.com/maxbrunsfeld/counterfeiter/v6 v6.10.0 h1:9WsegDYiSKtZXru+NcOB4z7iqb00n4atjmQlyy5TRXI= +github.com/maxbrunsfeld/counterfeiter/v6 v6.10.0/go.mod h1:TeVdzh+5QB5IpWDJAU/uviXA6kOg9yXzLrrjeLKJXqY= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= @@ -563,8 +574,8 @@ github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.75.1 h1:c7U7WQWeWZdPpzbsxf8dNRd4jXkyTNCNKaCAndvjTqw= -github.com/oracle/oci-go-sdk/v65 v65.75.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.77.1 h1:gqjTXIUWvTihkn470AclxSAMcR1JecqjD2IUtp+sDIU= +github.com/oracle/oci-go-sdk/v65 v65.77.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.1 h1:boNYHZmSnWl/3bKbUiaWgF/mELCtHfliGHzggf884GE= github.com/passbolt/go-passbolt v0.7.1/go.mod h1:if/jzzYYUjRtq/5h+l+J5Dka0f5dED67QM1lhpTx4pY= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -578,19 +589,21 @@ github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRI github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/previder/vault-cli v0.1.2 h1:aui5v+L243JGbRaJ65z5XsuItjyCtoBND32v1XU3gd4= github.com/previder/vault-cli v0.1.2/go.mod h1:u9JDPB5/Em/Czjb/yIwfTODr31kKmeSO3JGrheLMaP8= -github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= -github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y= +github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.60.0 h1:+V9PAREWNvJMAuJ1x1BaWl9dewMW4YrHZQbx0sJNllA= -github.com/prometheus/common v0.60.0/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= +github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc= +github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/pulumi/esc-sdk/sdk v0.10.0 h1:tVZGVSVgSf/3UkKI3iC9E287eXw9VERvmdI4vN2BD4o= -github.com/pulumi/esc-sdk/sdk v0.10.0/go.mod h1:J6+8bCUJyLXvYOmTAc90/EhU1iUPr1Koo3NUnFzY78k= +github.com/pulumi/esc-sdk/sdk v0.10.2 h1:83aNfe62QrMQUf5BnUcRC+XRFERWZv2BtWpiqRUbTwU= +github.com/pulumi/esc-sdk/sdk v0.10.2/go.mod h1:J6+8bCUJyLXvYOmTAc90/EhU1iUPr1Koo3NUnFzY78k= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= +github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= +github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= @@ -667,12 +680,12 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.110.0 h1:hsFIFp01v/0D0sdUXoZfRk6CROzZbHQplk6NzKSFKhc= -github.com/xanzy/go-gitlab v0.110.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20241004153110-80386e3567fa h1:OEaAUuoBdU7Opsk/JP4KlNe8YCphmMr4ibyYIOAzAKE= -github.com/yandex-cloud/go-genproto v0.0.0-20241004153110-80386e3567fa/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= -github.com/yandex-cloud/go-sdk v0.0.0-20241004153607-909df9f16e4b h1:3g8XwGAfXDZBZOgAdaIR8G0xx2szOhnG2joxX3ZQ8NU= -github.com/yandex-cloud/go-sdk v0.0.0-20241004153607-909df9f16e4b/go.mod h1:48XQccjtlctCdsxW9mVjEK6DgqJp4FyL673YiF6UZvs= +github.com/xanzy/go-gitlab v0.112.0 h1:6Z0cqEooCvBMfBIHw+CgO4AKGRV8na/9781xOb0+DKw= +github.com/xanzy/go-gitlab v0.112.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/yandex-cloud/go-genproto v0.0.0-20241021132621-28bb61d00c2f h1:u7ETK40lM4ygnDzYtGFLk36fWARftvU+I0zwTYrOVwE= +github.com/yandex-cloud/go-genproto v0.0.0-20241021132621-28bb61d00c2f/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= +github.com/yandex-cloud/go-sdk v0.0.0-20241021153520-213d4c625eca h1:m3Hne9w8jnfiPPDw9KqSLtRa7Et+gzCIub2ky5uUGGM= +github.com/yandex-cloud/go-sdk v0.0.0-20241021153520-213d4c625eca/go.mod h1:id1/mPjMDlqamdsay74AJLVVLGCRTnjMIKuXpNzVN08= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -681,8 +694,8 @@ github.com/yuin/goldmark v1.1.30/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9de github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= -github.com/zalando/go-keyring v0.2.5 h1:Bc2HHpjALryKD62ppdEzaFG6VxL6Bc+5v0LYpN8Lba8= -github.com/zalando/go-keyring v0.2.5/go.mod h1:HL4k+OXQfJUWaMnqyuSOc0drfGPX2b51Du6K+MRgZMk= +github.com/zalando/go-keyring v0.2.6 h1:r7Yc3+H+Ux0+M72zacZoItR3UDxeWfKTcabvkI8ua9s= +github.com/zalando/go-keyring v0.2.6/go.mod h1:2TCrxYrbUNYfNS/Kgy/LSrkSQzZ5UPVH85RwfczwvcI= go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM= go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -694,18 +707,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0 h1:hCq2hNMwsegUvPzI7sPOvtO9cqyy5GbWt/Ybp2xrx8Q= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.55.0/go.mod h1:LqaApwGx/oUmzsbqxkzuBvyoPpkxk3JQWnqfVrJ3wCA= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0 h1:ZIg3ZT/aQ7AfKqdwp7ECpOK6vHqquXXuyTjIO8ZdmPs= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.55.0/go.mod h1:DQAwmETtZV00skUwgD6+0U89g80NKsJE3DCKeLLPQMI= -go.opentelemetry.io/otel v1.30.0 h1:F2t8sK4qf1fAmY9ua4ohFS/K+FUuOPemHUIXHtktrts= -go.opentelemetry.io/otel v1.30.0/go.mod h1:tFw4Br9b7fOS+uEao81PJjVMjW/5fvNCbpsDIXqP0pc= -go.opentelemetry.io/otel/metric v1.30.0 h1:4xNulvn9gjzo4hjg+wzIKG7iNFEaBMX00Qd4QIZs7+w= -go.opentelemetry.io/otel/metric v1.30.0/go.mod h1:aXTfST94tswhWEb+5QjlSqG+cZlmyXy/u8jFpor3WqQ= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 h1:yMkBS9yViCc7U7yeLzJPM2XizlfdVvBRSmsQDWu6qc0= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0/go.mod h1:n8MR6/liuGB5EmTETUBeU5ZgqMOlqKRxUaqPQBOANZ8= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 h1:UP6IpuHFkUgOQL9FFQFrZ+5LiwhhYRbi7VZSIx6Nj5s= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0/go.mod h1:qxuZLtbq5QDtdeSHsS7bcf6EH6uO6jUAgk764zd3rhM= +go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY= +go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE= +go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE= +go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY= go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= -go.opentelemetry.io/otel/trace v1.30.0 h1:7UBkkYzeg3C7kQX8VAidWh2biiQbtAKjyIML8dQ9wmc= -go.opentelemetry.io/otel/trace v1.30.0/go.mod h1:5EyKqTzzmyqB9bwtCCq6pDLktPK6fmGf/Dph+8VI02o= +go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys= +go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -748,8 +761,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 h1:1wqE9dj9NpSm04INVsJhhEUzhuDVjbcyKH91sVyPATw= -golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= +golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY= +golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1043,8 +1056,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.199.0 h1:aWUXClp+VFJmqE0JPvpZOK3LDQMyFKYIow4etYd9qxs= -google.golang.org/api v0.199.0/go.mod h1:ohG4qSztDJmZdjK/Ar6MhbAmb/Rpi4JHOqagsh90K28= +google.golang.org/api v0.203.0 h1:SrEeuwU3S11Wlscsn+LA1kb/Y5xT8uggJSkIhD08NAU= +google.golang.org/api v0.203.0/go.mod h1:BuOVyCSYEPwJb3npWvDnNmFI92f3GeRnHNkETneT3SI= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1092,12 +1105,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f h1:mCJ6SGikSxVlt9scCayUl2dMq0msUgmBArqRY6umieI= -google.golang.org/genproto v0.0.0-20240930140551-af27646dc61f/go.mod h1:xtVODtPkMQRUZ4kqOTgp6JrXQrPevvfCSdk4mJtHUbM= -google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f h1:jTm13A2itBi3La6yTGqn8bVSrc3ZZ1r8ENHlIXBfnRA= -google.golang.org/genproto/googleapis/api v0.0.0-20240930140551-af27646dc61f/go.mod h1:CLGoBuH1VHxAUXVPP8FfPwPEVJB6lz3URE5mY2SuayE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f h1:cUMEy+8oS78BWIH9OWazBkzbr090Od9tWBNtZHkOhf0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240930140551-af27646dc61f/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 h1:Q3nlH8iSQSRUwOskjbcSMcF2jiYMNiQYZ0c2KEJLKKU= +google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38/go.mod h1:xBI+tzfqGGN2JBeSebfKXFSdBpWVQ7sLW40PTupVRm4= +google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 h1:2oV8dfuIkM1Ti7DwXc0BJfnwr9csz4TDXI9EmiI+Rbw= +google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38/go.mod h1:vuAjtvlwkDKF6L1GQ0SokiRLCGFfeBUXWr/aFFkHACc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1132,8 +1145,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= -google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= +google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= +google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1169,14 +1182,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.31.1 h1:Xe1hX/fPW3PXYYv8BlozYqw63ytA92snr96zMW9gWTU= -k8s.io/api v0.31.1/go.mod h1:sbN1g6eY6XVLeqNsZGLnI5FwVseTrZX7Fv3O26rhAaI= -k8s.io/apiextensions-apiserver v0.31.1 h1:L+hwULvXx+nvTYX/MKM3kKMZyei+UiSXQWciX/N6E40= -k8s.io/apiextensions-apiserver v0.31.1/go.mod h1:tWMPR3sgW+jsl2xm9v7lAyRF1rYEK71i9G5dRtkknoQ= -k8s.io/apimachinery v0.31.1 h1:mhcUBbj7KUjaVhyXILglcVjuS4nYXiwC+KKFBgIVy7U= -k8s.io/apimachinery v0.31.1/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/client-go v0.31.1 h1:f0ugtWSbWpxHR7sjVpQwuvw9a3ZKLXX0u0itkFXufb0= -k8s.io/client-go v0.31.1/go.mod h1:sKI8871MJN2OyeqRlmA4W4KM9KBdBUpDLu/43eGemCg= +k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0= +k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= +k8s.io/apiextensions-apiserver v0.31.2 h1:W8EwUb8+WXBLu56ser5IudT2cOho0gAKeTOnywBLxd0= +k8s.io/apiextensions-apiserver v0.31.2/go.mod h1:i+Geh+nGCJEGiCGR3MlBDkS7koHIIKWVfWeRFiOsUcM= +k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw= +k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc= +k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20240911193312-2b36238f13e9 h1:B0l8GxRsVc/tP/uCLBQdAjf2nBARx6u/r2OGuL/CyXQ= k8s.io/gengo v0.0.0-20240911193312-2b36238f13e9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= @@ -1186,19 +1199,19 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38 h1:1dWzkmJrrprYvjGwh9kEUxmcUV/CtNU8QM7h1FLWQOo= -k8s.io/kube-openapi v0.0.0-20240903163716-9e1beecbcb38/go.mod h1:coRQXBK9NxO98XUv3ZD6AK3xzHCxV6+b7lrquKwaKzA= +k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094 h1:MErs8YA0abvOqJ8gIupA1Tz6PKXYUw34XsGlA7uSL1k= +k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094/go.mod h1:7ioBJr1A6igWjsR2fxq2EZ0mlMwYLejazSIc2bzMp2U= k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 h1:MDF6h2H/h4tbzmtIKTuctcwZmY0tY9mD9fNT47QO6HI= k8s.io/utils v0.0.0-20240921022957-49e7df575cb6/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.19.0 h1:nWVM7aq+Il2ABxwiCizrVDSlmDcshi9llbaFbC0ji/Q= -sigs.k8s.io/controller-runtime v0.19.0/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= -sigs.k8s.io/controller-tools v0.16.3 h1:z48C5/d4jCVQQvtiSBL5MYyZ3EO2eFIOXrIKMgHVhFY= -sigs.k8s.io/controller-tools v0.16.3/go.mod h1:AEj6k+w1kYpLZv2einOH3mj52ips4W/6FUjnB5tkJGs= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= -sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= +sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn/cxOk= +sigs.k8s.io/controller-runtime v0.19.1/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/controller-tools v0.16.5 h1:5k9FNRqziBPwqr17AMEPPV/En39ZBplLAdOwwQHruP4= +sigs.k8s.io/controller-tools v0.16.5/go.mod h1:8vztuRVzs8IuuJqKqbXCSlXcw+lkAv/M2sTpg55qjMY= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= +sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= From 5088026566adbaf2d3ce60ca5f1c0ac450854de4 Mon Sep 17 00:00:00 2001 From: Anders Olsson Date: Tue, 29 Oct 2024 14:29:27 +0100 Subject: [PATCH 377/517] fix: improve SecretExists in Bitwarden provider (#4058) * Make findSecretByRef not return an error when it cant find a matching secret. Added error checks for missing secret in SecretExists and DeleteSecret. Signed-off-by: Anders Olsson * Added check for missing secret in `GetSecret` Signed-off-by: Anders Olsson --------- Signed-off-by: Anders Olsson Co-authored-by: Anders Olsson --- pkg/provider/bitwarden/client.go | 19 ++++++++++++++----- pkg/provider/bitwarden/client_test.go | 3 +-- 2 files changed, 15 insertions(+), 7 deletions(-) diff --git a/pkg/provider/bitwarden/client.go b/pkg/provider/bitwarden/client.go index 0c3f94207b6..85271239010 100644 --- a/pkg/provider/bitwarden/client.go +++ b/pkg/provider/bitwarden/client.go @@ -141,6 +141,10 @@ func (p *Provider) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDa return nil, fmt.Errorf("error getting secret: %w", err) } + if secret == nil { + return nil, fmt.Errorf("no secret found for project id %s and name %s", spec.Provider.BitwardenSecretsManager.ProjectID, ref.Key) + } + // we found our secret, return the value for it return []byte(secret.Value), nil } @@ -160,6 +164,10 @@ func (p *Provider) DeleteSecret(ctx context.Context, ref esv1beta1.PushSecretRem return fmt.Errorf("error getting secret: %w", err) } + if secret == nil { + return fmt.Errorf("no secret found for project id %s and name %s", spec.Provider.BitwardenSecretsManager.ProjectID, ref.GetRemoteKey()) + } + return p.deleteSecret(ctx, secret.ID) } @@ -197,10 +205,15 @@ func (p *Provider) SecretExists(ctx context.Context, ref esv1beta1.PushSecretRem return false, errors.New("store does not have a provider") } - if _, err := p.findSecretByRef(ctx, ref.GetRemoteKey(), spec.Provider.BitwardenSecretsManager.ProjectID); err != nil { + secret, err := p.findSecretByRef(ctx, ref.GetRemoteKey(), spec.Provider.BitwardenSecretsManager.ProjectID) + if err != nil { return false, fmt.Errorf("error getting secret: %w", err) } + if secret == nil { + return false, nil + } + return true, nil } @@ -302,9 +315,5 @@ func (p *Provider) findSecretByRef(ctx context.Context, key, projectID string) ( } } - if remoteSecret == nil { - return nil, fmt.Errorf("no secret found for project id %s and name %s", projectID, key) - } - return remoteSecret, nil } diff --git a/pkg/provider/bitwarden/client_test.go b/pkg/provider/bitwarden/client_test.go index 470f92b66f2..73b66762792 100644 --- a/pkg/provider/bitwarden/client_test.go +++ b/pkg/provider/bitwarden/client_test.go @@ -765,8 +765,7 @@ func TestProviderSecretExists(t *testing.T) { }, }, }, - want: false, - wantErr: true, // secret not found + want: false, }, { name: "invalid name format should error", From 841074738d594129f87f0f9d6a68e61d4787729d Mon Sep 17 00:00:00 2001 From: aaronkao Date: Wed, 30 Oct 2024 11:30:33 -1000 Subject: [PATCH 378/517] Adding Pulumi ESC (#4062) Signed-off-by: Aaron Kao --- docs/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/index.md b/docs/index.md index 79296b393cb..e1809dfd5c9 100644 --- a/docs/index.md +++ b/docs/index.md @@ -14,7 +14,7 @@ secret management systems like [AWS Secrets Manager](https://aws.amazon.com/secrets-manager/), [HashiCorp Vault](https://www.vaultproject.io/), [Google Secrets Manager](https://cloud.google.com/secret-manager), [Azure Key -Vault](https://azure.microsoft.com/en-us/services/key-vault/), [IBM Cloud Secrets Manager](https://www.ibm.com/cloud/secrets-manager), [CyberArk Conjur](https://www.conjur.org) and many more. The +Vault](https://azure.microsoft.com/en-us/services/key-vault/), [IBM Cloud Secrets Manager](https://www.ibm.com/cloud/secrets-manager), [CyberArk Conjur](https://www.conjur.org), [Pulumi ESC](https://www.pulumi.com/product/esc/) and many more. The operator reads information from external APIs and automatically injects the values into a [Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/). From 8d55db86e6ba896c682dbb16ee7749d5faaed6ae Mon Sep 17 00:00:00 2001 From: eitan-kr <128284299+eitan-kr@users.noreply.github.com> Date: Wed, 30 Oct 2024 23:34:40 +0200 Subject: [PATCH 379/517] Updated stability and supported features for Akeyless (#4061) Signed-off-by: eitan-kr Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/introduction/stability-support.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/introduction/stability-support.md b/docs/introduction/stability-support.md index fae64348d6f..12cc361352b 100644 --- a/docs/introduction/stability-support.md +++ b/docs/introduction/stability-support.md @@ -45,7 +45,7 @@ The following table describes the stability level of each provider and who's res | [GitLab Variables](https://external-secrets.io/latest/provider/gitlab-variables/) | alpha | [@Jabray5](https://github.com/Jabray5) | | Alibaba Cloud KMS | alpha | [@ElsaChelala](https://github.com/ElsaChelala) | | [Oracle Vault](https://external-secrets.io/latest/provider/oracle-vault) | alpha | [@KianTigger](https://github.com/KianTigger) [@EladGabay](https://github.com/EladGabay) | -| [Akeyless](https://external-secrets.io/latest/provider/akeyless) | alpha | [@renanaAkeyless](https://github.com/renanaAkeyless) | +| [Akeyless](https://external-secrets.io/latest/provider/akeyless) | stable | [external-secrets](https://github.com/external-secrets) | | [1Password](https://external-secrets.io/latest/provider/1password-automation) | alpha | [@SimSpaceCorp](https://github.com/Simspace) [@snarlysodboxer](https://github.com/snarlysodboxer) | | [Generic Webhook](https://external-secrets.io/latest/provider/webhook) | alpha | [@willemm](https://github.com/willemm) | | [senhasegura DevOps Secrets Management (DSM)](https://external-secrets.io/latest/provider/senhasegura-dsm) | alpha | [@lfraga](https://github.com/lfraga) | @@ -80,7 +80,7 @@ The following table show the support for features across different providers. | GitLab Variables | x | x | | | x | | | | Alibaba Cloud KMS | | | | | x | | | | Oracle Vault | | | | | x | | | -| Akeyless | x | x | | | x | | | +| Akeyless | x | x | | x | x | x | x | | 1Password | x | | | | x | x | x | | Generic Webhook | | | | | | | x | | senhasegura DSM | | | | | x | | | From 8abd21caa127cd1966825576b99da818d57407a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 10:04:32 +0100 Subject: [PATCH 380/517] chore(deps): bump watchdog from 5.0.3 to 6.0.0 in /hack/api-docs (#4067) Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 5.0.3 to 6.0.0. - [Release notes](https://github.com/gorakhargosh/watchdog/releases) - [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst) - [Commits](https://github.com/gorakhargosh/watchdog/compare/v5.0.3...v6.0.0) --- updated-dependencies: - dependency-name: watchdog dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 7e6ebd68866..147e3bf3022 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -38,5 +38,5 @@ termcolor==2.5.0 tornado==6.4.1 urllib3==2.2.3 verspec==0.1.0 -watchdog==5.0.3 +watchdog==6.0.0 zipp==3.20.2 From 32860e0e6486ff016266fac75a8c07bc7acb4850 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 10:05:57 +0100 Subject: [PATCH 381/517] chore(deps): bump pymdown-extensions in /hack/api-docs (#4068) Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.11.2 to 10.12. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.11.2...10.12) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 147e3bf3022..4d0d0ef4dba 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -27,7 +27,7 @@ pathspec==0.12.1 pep562==1.1 platformdirs==4.3.6 Pygments==2.18.0 -pymdown-extensions==10.11.2 +pymdown-extensions==10.12 python-dateutil==2.9.0.post0 PyYAML==6.0.2 pyyaml_env_tag==0.1 From 67bf3c2b9249d847309b416f2f9983a164a03efe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 10:07:37 +0100 Subject: [PATCH 382/517] chore(deps): bump mkdocs-material in /hack/api-docs (#4069) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.42 to 9.5.43. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.42...9.5.43) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 4d0d0ef4dba..75ae2869baa 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 mkdocs-macros-plugin==1.3.7 -mkdocs-material==9.5.42 +mkdocs-material==9.5.43 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.1 From cc88bebe1b508344edbb927649c15c672f078cf1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 Nov 2024 10:36:50 +0100 Subject: [PATCH 383/517] chore(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9 (#4070) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.8 to 2.0.9. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/c062e08bd532815e2082a85e87e3ef29c3e6d191...e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 86822ee2256..e39d9521b7f 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: ref: ${{ github.event.inputs.source_ref }} - name: Create Release - uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 + uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 with: tag_name: ${{ github.event.inputs.version }} target_commitish: ${{ github.event.inputs.source_ref }} @@ -113,7 +113,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Update Release - uses: softprops/action-gh-release@c062e08bd532815e2082a85e87e3ef29c3e6d191 # v2.0.8 + uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 with: tag_name: ${{ github.event.inputs.version }} files: | From 412b954e1e8cbd2367601a0accb4f964cadd41c6 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 4 Nov 2024 16:13:14 +0100 Subject: [PATCH 384/517] chore: move inactive maintainers to emeritus (#4073) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- MAINTAINERS.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/MAINTAINERS.md b/MAINTAINERS.md index c0ac8c9e768..c4c579e572c 100644 --- a/MAINTAINERS.md +++ b/MAINTAINERS.md @@ -10,8 +10,6 @@ describes governance guidelines and maintainer responsibilities. | RealName Here | [knelasevero](https://github.com/knelasevero) | [Company](https://www.github.com/Company/) | | RealName Here | [gusfcarvalho](https://github.com/gusfcarvalho) | [Company](https://www.github.com/Company/) | | RealName Here | [moolen](https://github.com/moolen) | [Company](https://www.github.com/Company/) | -| RealName Here | [sebagomez](https://github.com/sebagomez) | [Company](https://www.github.com/Company/) | -| RealName Here | [rodrmartinez](https://github.com/rodrmartinez) | [Company](https://www.github.com/Company/) | | RealName Here | [IdanAdar](https://github.com/IdanAdar) | [Company](https://www.github.com/Company/) | | RealName Here | [Skarlso](https://github.com/Skarlso) | [Company](https://www.github.com/Company/) | @@ -42,3 +40,5 @@ describes governance guidelines and maintainer responsibilities. * RealName Here, [mcavoyk](https://github.com/mcavoyk) * RealName Here, [riccardomc](https://github.com/riccardomc) * RealName Here, [jonatasbaldin](https://github.com/jonatasbaldin) +* RealName Here, [sebagomez](https://github.com/sebagomez) +* RealName Here, [rodrmartinez](https://github.com/rodrmartinez) From abd7b776118dcd8006e170c7676b6741c7e8b114 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Tue, 5 Nov 2024 08:49:29 +0100 Subject: [PATCH 385/517] chore: update dependencies (#4071) * update dependencies Signed-off-by: External Secrets Operator * removed updating sigs.k8s.io/structured-merge-diff/v4 because that broke compilation and fixed two lint issues Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: External Secrets Operator Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- Makefile | 2 +- e2e/go.mod | 20 +++++------ e2e/go.sum | 39 +++++++++++----------- go.mod | 30 ++++++++--------- go.sum | 59 +++++++++++++++++---------------- pkg/provider/oracle/oracle.go | 11 +++++- pkg/provider/scaleway/client.go | 10 +++++- 8 files changed, 96 insertions(+), 77 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index bffaa4ba428..b3910c899d2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,7 +9,7 @@ on: env: # Common versions - GOLANGCI_VERSION: 'v1.60.1' + GOLANGCI_VERSION: 'v1.61.0' KUBERNETES_VERSION: '1.31.x' # Sonar diff --git a/Makefile b/Makefile index 48f787ddfcc..22b34874aa0 100644 --- a/Makefile +++ b/Makefile @@ -332,7 +332,7 @@ ENVTEST ?= $(LOCALBIN)/setup-envtest GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint ## Tool Versions -GOLANGCI_VERSION := 1.60.1 +GOLANGCI_VERSION := 1.61.0 KUBERNETES_VERSION := 1.30.x TILT_VERSION := 0.33.10 diff --git a/e2e/go.mod b/e2e/go.mod index b1dd533b49f..c993b6c42c8 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -49,20 +49,20 @@ require ( github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 github.com/aws/aws-sdk-go v1.55.5 - github.com/cyberark/conjur-api-go v0.12.5 + github.com/cyberark/conjur-api-go v0.12.6 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 github.com/fluxcd/pkg/apis/meta v1.2.0 github.com/fluxcd/source-controller/api v1.2.3 - github.com/golang-jwt/jwt/v4 v4.5.0 + github.com/golang-jwt/jwt/v4 v4.5.1 github.com/hashicorp/vault/api v1.15.0 - github.com/onsi/ginkgo/v2 v2.20.2 + github.com/onsi/ginkgo/v2 v2.21.0 github.com/onsi/gomega v1.34.2 github.com/oracle/oci-go-sdk/v65 v65.77.1 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 github.com/xanzy/go-gitlab v0.112.0 golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.203.0 + google.golang.org/api v0.204.0 k8s.io/api v0.31.2 k8s.io/apiextensions-apiserver v0.31.2 k8s.io/apimachinery v0.31.2 @@ -75,8 +75,8 @@ require ( require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.9.9 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect + cloud.google.com/go/auth v0.10.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect cloud.google.com/go/iam v1.2.2 // indirect dario.cat/mergo v1.0.1 // indirect @@ -91,7 +91,7 @@ require ( github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.3.0 // indirect github.com/Masterminds/sprig/v3 v3.3.0 // indirect @@ -108,7 +108,7 @@ require ( github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fluxcd/pkg/apis/acl v0.1.0 // indirect github.com/fluxcd/pkg/apis/kustomize v1.2.0 // indirect - github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/logr v1.4.2 // indirect @@ -128,7 +128,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241023014458-598669927662 // indirect + github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect @@ -142,7 +142,7 @@ require ( github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-sockaddr v1.0.7 // indirect - github.com/hashicorp/hcl v1.0.1-vault-5 // indirect + github.com/hashicorp/hcl v1.0.1-vault-6 // indirect github.com/huandu/xstrings v1.5.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 8559cbbc80f..e572660c52f 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -22,10 +22,10 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.9.9 h1:BmtbpNQozo8ZwW2t7QJjnrQtdganSdmqeIBxHxNkEZQ= -cloud.google.com/go/auth v0.9.9/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= -cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= -cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= +cloud.google.com/go/auth v0.10.0 h1:tWlkvFAh+wwTOzXIjrwM64karR1iTBZ/GRr0S/DULYo= +cloud.google.com/go/auth v0.10.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk= +cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -98,8 +98,8 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3 h1:6LyjnnaLpcOKK0fbYisI+mb8CE7iNe7i89nMNQxFxs8= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= @@ -138,8 +138,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cyberark/conjur-api-go v0.12.5 h1:n05CrzkVObjCk0rPMtmdN1c5117JP0bdZWuAERw8F2E= -github.com/cyberark/conjur-api-go v0.12.5/go.mod h1:NwX17s8cIbiM+gx7PzHGwBkFXbNIXRLHciKakVabq6Q= +github.com/cyberark/conjur-api-go v0.12.6 h1:AmJbsyBfgdQ0TbH3D9MduqX88Mnb0O8ST9MKqDJpMHw= +github.com/cyberark/conjur-api-go v0.12.6/go.mod h1:NwX17s8cIbiM+gx7PzHGwBkFXbNIXRLHciKakVabq6Q= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -185,8 +185,8 @@ github.com/fluxcd/source-controller/api v1.2.3 h1:71mXv3Qg9HEhcpqOq1ObmoE+P/HuZN github.com/fluxcd/source-controller/api v1.2.3/go.mod h1:5gaIVVH7hgb8p3HKFp8P6hGmZEC8fKSt4EcrG3g5vZI= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= +github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= @@ -223,8 +223,9 @@ github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69 github.com/goji/httpauth v0.0.0-20160601135302-2da839ab0f4d/go.mod h1:nnjvkQ9ptGaCkuDUx6wNykzzlUixGxvkme+H/lnzb+A= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= +github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= @@ -299,8 +300,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20241023014458-598669927662 h1:SKMkD83p7FwUqKmBsPdLHF5dNyxq3jOWwu9w9UyH5vA= -github.com/google/pprof v0.0.0-20241023014458-598669927662/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 h1:sAGdeJj0bnMgUNVeUpp6AYlVdCt3/GdI3pGRqsNSQLs= +github.com/google/pprof v0.0.0-20241101162523-b92577c0c142/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -341,8 +342,8 @@ github.com/hashicorp/go-sockaddr v1.0.7 h1:G+pTkSO01HpR5qCxg7lxfsFEZaG+C0VssTy/9 github.com/hashicorp/go-sockaddr v1.0.7/go.mod h1:FZQbEYa1pxkQ7WLpyXJ6cbjpT8q0YgQaK/JakXqGyWw= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= -github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= +github.com/hashicorp/hcl v1.0.1-vault-6 h1:qThxNRouu5cv9LCLZ7pY43TroykqN+Uc7fT3f7tyYh4= +github.com/hashicorp/hcl v1.0.1-vault-6/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA= github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= @@ -421,8 +422,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= -github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= +github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= +github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= @@ -832,8 +833,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.203.0 h1:SrEeuwU3S11Wlscsn+LA1kb/Y5xT8uggJSkIhD08NAU= -google.golang.org/api v0.203.0/go.mod h1:BuOVyCSYEPwJb3npWvDnNmFI92f3GeRnHNkETneT3SI= +google.golang.org/api v0.204.0 h1:3PjmQQEDkR/ENVZZwIYB4W/KzYtN8OrqnNcHWpeR8E4= +google.golang.org/api v0.204.0/go.mod h1:69y8QSoKIbL9F94bWgWAq6wGqGwyjBgi2y8rAK8zLag= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= diff --git a/go.mod b/go.mod index 33226a712f9..eb19003e0f5 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 - github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 + github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3 github.com/IBM/go-sdk-core/v5 v5.18.1 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.8 github.com/Masterminds/goutils v1.1.1 // indirect @@ -30,7 +30,7 @@ require ( github.com/hashicorp/vault/api/auth/kubernetes v0.8.0 github.com/hashicorp/vault/api/auth/ldap v0.8.0 github.com/huandu/xstrings v1.5.0 // indirect - github.com/onsi/ginkgo/v2 v2.20.2 + github.com/onsi/ginkgo/v2 v2.21.0 github.com/onsi/gomega v1.34.2 github.com/oracle/oci-go-sdk/v65 v65.77.1 github.com/prometheus/client_golang v1.20.5 @@ -39,13 +39,13 @@ require ( github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.18.0 github.com/xanzy/go-gitlab v0.112.0 - github.com/yandex-cloud/go-genproto v0.0.0-20241021132621-28bb61d00c2f - github.com/yandex-cloud/go-sdk v0.0.0-20241021153520-213d4c625eca + github.com/yandex-cloud/go-genproto v0.0.0-20241101135610-76a0cfc1a773 + github.com/yandex-cloud/go-sdk v0.0.0-20241101143304-947cf519f6bd github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.28.0 golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.203.0 + google.golang.org/api v0.204.0 google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 google.golang.org/grpc v1.67.1 gopkg.in/yaml.v3 v3.0.1 @@ -65,7 +65,7 @@ require ( dario.cat/mergo v1.0.1 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 - github.com/BeyondTrust/go-client-library-passwordsafe v0.8.1 + github.com/BeyondTrust/go-client-library-passwordsafe v0.8.3 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d @@ -75,10 +75,10 @@ require ( github.com/alibabacloud-go/openapi-util v0.1.1 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.7 - github.com/aliyun/credentials-go v1.3.11 + github.com/aliyun/credentials-go v1.4.0 github.com/avast/retry-go/v4 v4.6.0 github.com/cenkalti/backoff/v4 v4.3.0 - github.com/cyberark/conjur-api-go v0.12.5 + github.com/cyberark/conjur-api-go v0.12.6 github.com/fortanix/sdkms-client-go v0.4.0 github.com/go-openapi/strfmt v0.23.0 github.com/golang-jwt/jwt/v5 v5.2.1 @@ -90,7 +90,7 @@ require ( github.com/maxbrunsfeld/counterfeiter/v6 v6.10.0 github.com/passbolt/go-passbolt v0.7.1 github.com/previder/vault-cli v0.1.2 - github.com/pulumi/esc-sdk/sdk v0.10.2 + github.com/pulumi/esc-sdk/sdk v0.10.3 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 @@ -102,8 +102,8 @@ require ( require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.9.9 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.4 // indirect + cloud.google.com/go/auth v0.10.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect github.com/ProtonMail/go-crypto v1.0.0 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect @@ -177,7 +177,7 @@ require ( github.com/evanphx/json-patch v5.6.0+incompatible // indirect github.com/evanphx/json-patch/v5 v5.9.0 // indirect github.com/fatih/color v1.18.0 // indirect - github.com/fsnotify/fsnotify v1.7.0 // indirect + github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/ghodss/yaml v1.0.0 // indirect github.com/go-chef/chef v0.30.1 github.com/go-logr/zapr v1.3.0 // indirect @@ -190,12 +190,12 @@ require ( github.com/gobuffalo/flect v1.0.3 // indirect github.com/goccy/go-json v0.10.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect - github.com/golang-jwt/jwt/v4 v4.5.0 // indirect + github.com/golang-jwt/jwt/v4 v4.5.1 // indirect github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241023014458-598669927662 // indirect + github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -206,7 +206,7 @@ require ( github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-sockaddr v1.0.7 // indirect - github.com/hashicorp/hcl v1.0.1-vault-5 // indirect + github.com/hashicorp/hcl v1.0.1-vault-6 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect diff --git a/go.sum b/go.sum index 208f1f5e9a6..a0baa0f6900 100644 --- a/go.sum +++ b/go.sum @@ -22,10 +22,10 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.9.9 h1:BmtbpNQozo8ZwW2t7QJjnrQtdganSdmqeIBxHxNkEZQ= -cloud.google.com/go/auth v0.9.9/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= -cloud.google.com/go/auth/oauth2adapt v0.2.4 h1:0GWE/FUsXhf6C+jAkWgYm7X9tK8cuEIfy19DBn6B6bY= -cloud.google.com/go/auth/oauth2adapt v0.2.4/go.mod h1:jC/jOpwFP6JBxhB3P5Rr0a9HLMC/Pe3eaL4NmdvqPtc= +cloud.google.com/go/auth v0.10.0 h1:tWlkvFAh+wwTOzXIjrwM64karR1iTBZ/GRr0S/DULYo= +cloud.google.com/go/auth v0.10.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk= +cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -100,10 +100,10 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2 h1:XHOnouVk1mxXfQidrMEnLlPk9UMeRtyBTnEFtxkV0kU= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= -github.com/BeyondTrust/go-client-library-passwordsafe v0.8.1 h1:duuYLAx4xsdVgibSap1nHoLyYIj/IXdzmnUXjZw7Dmw= -github.com/BeyondTrust/go-client-library-passwordsafe v0.8.1/go.mod h1:TnbBwWYg9rtfDxQGF7pmD0gCPcbWgCUQIqum3dFMRTk= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3 h1:6LyjnnaLpcOKK0fbYisI+mb8CE7iNe7i89nMNQxFxs8= +github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/BeyondTrust/go-client-library-passwordsafe v0.8.3 h1:BChgUpNauEnc70oOVUxexKUeh9Y/GlUpyQxWGkYA3I4= +github.com/BeyondTrust/go-client-library-passwordsafe v0.8.3/go.mod h1:TnbBwWYg9rtfDxQGF7pmD0gCPcbWgCUQIqum3dFMRTk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= @@ -192,8 +192,8 @@ github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6q github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= -github.com/aliyun/credentials-go v1.3.11 h1:8CjGRa0wAoNC0zGMar+PRushZkd1n4xdijpdV4vlCho= -github.com/aliyun/credentials-go v1.3.11/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= +github.com/aliyun/credentials-go v1.4.0 h1:DcVUQjqH8glhZEyCIBsH1LoKhpyHV4Ux2AEidTBjxEQ= +github.com/aliyun/credentials-go v1.4.0/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinRJA= @@ -229,8 +229,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= github.com/ctdk/goiardi v0.11.10/go.mod h1:Pr6Cj6Wsahw45myttaOEZeZ0LE7p1qzWmzgsBISkrNI= -github.com/cyberark/conjur-api-go v0.12.5 h1:n05CrzkVObjCk0rPMtmdN1c5117JP0bdZWuAERw8F2E= -github.com/cyberark/conjur-api-go v0.12.5/go.mod h1:NwX17s8cIbiM+gx7PzHGwBkFXbNIXRLHciKakVabq6Q= +github.com/cyberark/conjur-api-go v0.12.6 h1:AmJbsyBfgdQ0TbH3D9MduqX88Mnb0O8ST9MKqDJpMHw= +github.com/cyberark/conjur-api-go v0.12.6/go.mod h1:NwX17s8cIbiM+gx7PzHGwBkFXbNIXRLHciKakVabq6Q= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -270,8 +270,8 @@ github.com/fortanix/sdkms-client-go v0.4.0/go.mod h1:gjylIGX+6poVSe+JkbNsLTvseLd github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= github.com/fsnotify/fsnotify v1.6.0/go.mod h1:sl3t1tCWJFWoRz9R8WJCbQihKKwmorjAbSClcnxKAGw= -github.com/fsnotify/fsnotify v1.7.0 h1:8JEhPFa5W2WU7YfeZzPNqzMP6Lwt7L2715Ggo0nosvA= -github.com/fsnotify/fsnotify v1.7.0/go.mod h1:40Bi/Hjc2AVfZrqy+aj+yEI+/bRxZnMJyTJwOpGvigM= +github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= +github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/gabriel-vasile/mimetype v1.4.6 h1:3+PzJTKLkvgjeTbts6msPJt4DixhT4YtFNf1gtGe3zc= @@ -330,8 +330,9 @@ github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang-jwt/jwt/v4 v4.0.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= github.com/golang-jwt/jwt/v4 v4.2.0/go.mod h1:/xlHOz8bRuivTWchD4jCa+NbatV+wEUSzwAxVc6locg= -github.com/golang-jwt/jwt/v4 v4.5.0 h1:7cYmW1XlMY7h7ii7UhUyChSgS5wUJEnm9uZVTGqOWzg= github.com/golang-jwt/jwt/v4 v4.5.0/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= +github.com/golang-jwt/jwt/v4 v4.5.1 h1:JdqV9zKUdtaa9gdPlywC3aeoEsR681PlKC+4F5gQgeo= +github.com/golang-jwt/jwt/v4 v4.5.1/go.mod h1:m21LjoU+eqJr34lmDMbreY2eSTRJ1cv77w39/MY0Ch0= github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= github.com/golang-jwt/jwt/v5 v5.2.1 h1:OuVbFODueb089Lh128TAcimifWaLhJwVflnrgM17wHk= github.com/golang-jwt/jwt/v5 v5.2.1/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= @@ -407,8 +408,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20241023014458-598669927662 h1:SKMkD83p7FwUqKmBsPdLHF5dNyxq3jOWwu9w9UyH5vA= -github.com/google/pprof v0.0.0-20241023014458-598669927662/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 h1:sAGdeJj0bnMgUNVeUpp6AYlVdCt3/GdI3pGRqsNSQLs= +github.com/google/pprof v0.0.0-20241101162523-b92577c0c142/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -456,8 +457,8 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/hashicorp/hcl v1.0.1-vault-5 h1:kI3hhbbyzr4dldA8UdTb7ZlVVlI2DACdCfz31RPDgJM= -github.com/hashicorp/hcl v1.0.1-vault-5/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= +github.com/hashicorp/hcl v1.0.1-vault-6 h1:qThxNRouu5cv9LCLZ7pY43TroykqN+Uc7fT3f7tyYh4= +github.com/hashicorp/hcl v1.0.1-vault-6/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA= github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8= github.com/hashicorp/vault/api/auth/approle v0.8.0 h1:FuVtWZ0xD6+wz1x0l5s0b4852RmVXQNEiKhVXt6lfQY= @@ -568,8 +569,8 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.20.2 h1:7NVCeyIWROIAheY21RLS+3j2bb52W0W82tkberYytp4= -github.com/onsi/ginkgo/v2 v2.20.2/go.mod h1:K9gyxPIlb+aIvnZ8bd9Ak+YP18w3APlR+5coaZoE2ag= +github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= +github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= @@ -598,8 +599,8 @@ github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPA github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/pulumi/esc-sdk/sdk v0.10.2 h1:83aNfe62QrMQUf5BnUcRC+XRFERWZv2BtWpiqRUbTwU= -github.com/pulumi/esc-sdk/sdk v0.10.2/go.mod h1:J6+8bCUJyLXvYOmTAc90/EhU1iUPr1Koo3NUnFzY78k= +github.com/pulumi/esc-sdk/sdk v0.10.3 h1:4B8lw5GUqL/XQJJysrh1ViHmAuhTyKC8VBRMdRc1chk= +github.com/pulumi/esc-sdk/sdk v0.10.3/go.mod h1:J6+8bCUJyLXvYOmTAc90/EhU1iUPr1Koo3NUnFzY78k= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= @@ -682,10 +683,10 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.112.0 h1:6Z0cqEooCvBMfBIHw+CgO4AKGRV8na/9781xOb0+DKw= github.com/xanzy/go-gitlab v0.112.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20241021132621-28bb61d00c2f h1:u7ETK40lM4ygnDzYtGFLk36fWARftvU+I0zwTYrOVwE= -github.com/yandex-cloud/go-genproto v0.0.0-20241021132621-28bb61d00c2f/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= -github.com/yandex-cloud/go-sdk v0.0.0-20241021153520-213d4c625eca h1:m3Hne9w8jnfiPPDw9KqSLtRa7Et+gzCIub2ky5uUGGM= -github.com/yandex-cloud/go-sdk v0.0.0-20241021153520-213d4c625eca/go.mod h1:id1/mPjMDlqamdsay74AJLVVLGCRTnjMIKuXpNzVN08= +github.com/yandex-cloud/go-genproto v0.0.0-20241101135610-76a0cfc1a773 h1:xkWrnYFWxiwCKVbmuOEMR030UCFklpglmOcPv9yJz2c= +github.com/yandex-cloud/go-genproto v0.0.0-20241101135610-76a0cfc1a773/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= +github.com/yandex-cloud/go-sdk v0.0.0-20241101143304-947cf519f6bd h1:LcA5pQoWjS2hhG6bV2ZL9eBEV2wLSVbM2KcpDphYP/w= +github.com/yandex-cloud/go-sdk v0.0.0-20241101143304-947cf519f6bd/go.mod h1:oku4OkbdLLOOpZEz2XxYGXI7rFhxBI5W0cLPmpStdqA= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -1056,8 +1057,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.203.0 h1:SrEeuwU3S11Wlscsn+LA1kb/Y5xT8uggJSkIhD08NAU= -google.golang.org/api v0.203.0/go.mod h1:BuOVyCSYEPwJb3npWvDnNmFI92f3GeRnHNkETneT3SI= +google.golang.org/api v0.204.0 h1:3PjmQQEDkR/ENVZZwIYB4W/KzYtN8OrqnNcHWpeR8E4= +google.golang.org/api v0.204.0/go.mod h1:69y8QSoKIbL9F94bWgWAq6wGqGwyjBgi2y8rAK8zLag= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= diff --git a/pkg/provider/oracle/oracle.go b/pkg/provider/oracle/oracle.go index c2c455e0e73..070c3ec58bb 100644 --- a/pkg/provider/oracle/oracle.go +++ b/pkg/provider/oracle/oracle.go @@ -311,7 +311,8 @@ func (vms *VaultManagementService) NewClient(ctx context.Context, store esv1beta opts := []common.RetryPolicyOption{common.WithShouldRetryOperation(common.DefaultShouldRetryOperation)} if mr := storeSpec.RetrySettings.MaxRetries; mr != nil { - opts = append(opts, common.WithMaximumNumberAttempts(uint(*mr))) + attempts := safeConvert(*mr) + opts = append(opts, common.WithMaximumNumberAttempts(attempts)) } if ri := storeSpec.RetrySettings.RetryInterval; ri != nil { @@ -347,6 +348,14 @@ func (vms *VaultManagementService) NewClient(ctx context.Context, store esv1beta }, nil } +func safeConvert(i int32) uint { + if i < 0 { + return 0 + } + + return uint(i) +} + func (vms *VaultManagementService) getSecretBundleWithCode(ctx context.Context, secretName string) (secrets.GetSecretBundleByNameResponse, int, error) { // Try to look up the secret, which will determine if we should create or update the secret. resp, err := vms.Client.GetSecretBundleByName(ctx, secrets.GetSecretBundleByNameRequest{ diff --git a/pkg/provider/scaleway/client.go b/pkg/provider/scaleway/client.go index c3eb8a3a1c9..312949bb726 100644 --- a/pkg/provider/scaleway/client.go +++ b/pkg/provider/scaleway/client.go @@ -339,7 +339,7 @@ func (c *client) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecret return nil, err } - totalFetched := uint64(*request.Page-1)*uint64(*request.PageSize) + uint64(len(response.Secrets)) + totalFetched := c.safeConvertInt32(request.Page)*uint64(*request.PageSize) + uint64(len(response.Secrets)) done = totalFetched == response.TotalCount *request.Page++ @@ -368,6 +368,14 @@ func (c *client) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecret return results, nil } +func (c *client) safeConvertInt32(page *int32) uint64 { + if *page-1 < 0 { + return 0 + } + + return uint64(*page - 1) //nolint:gosec // already checked above +} + func (c *client) Close(context.Context) error { return nil } From 9113bced5b5e26c6f9da8a5e54e1d37b5f228e5d Mon Sep 17 00:00:00 2001 From: Mike Tougeron Date: Tue, 5 Nov 2024 01:08:01 -0800 Subject: [PATCH 386/517] Update VaultAppRole documentation to show/use roleRef in its examples (#4035) Signed-off-by: Mike Tougeron Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> --- docs/snippets/full-cluster-secret-store.yaml | 9 +++++++-- docs/snippets/full-secret-store.yaml | 8 ++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/docs/snippets/full-cluster-secret-store.yaml b/docs/snippets/full-cluster-secret-store.yaml index 6e46a3e44f0..81a416aabe0 100644 --- a/docs/snippets/full-cluster-secret-store.yaml +++ b/docs/snippets/full-cluster-secret-store.yaml @@ -68,11 +68,16 @@ spec: # AppRole auth: https://www.vaultproject.io/docs/auth/approle appRole: path: "approle" - roleId: "db02de05-fa39-4855-059b-67221c5c2f63" + # Instead of referencing the AppRole's ID from the secret, you can also specify it directly + # roleId: "db02de05-fa39-4855-059b-67221c5c2f63" + roleRef: + name: "my-secret" + namespace: "secret-admin" + key: "vault-role-id" secretRef: name: "my-secret" namespace: "secret-admin" - key: "vault-token" + key: "vault-role-secret" # Kubernetes auth: https://www.vaultproject.io/docs/auth/kubernetes kubernetes: diff --git a/docs/snippets/full-secret-store.yaml b/docs/snippets/full-secret-store.yaml index f6bd9db2995..afec84f574f 100644 --- a/docs/snippets/full-secret-store.yaml +++ b/docs/snippets/full-secret-store.yaml @@ -82,10 +82,14 @@ spec: # AppRole auth: https://www.vaultproject.io/docs/auth/approle appRole: path: "approle" - roleId: "db02de05-fa39-4855-059b-67221c5c2f63" + # Instead of referencing the AppRole's ID from the secret, you can also specify it directly + # roleId: "db02de05-fa39-4855-059b-67221c5c2f63" + roleRef: + name: "my-secret" + key: "vault-role-id" secretRef: name: "my-secret" - key: "vault-token" + key: "vault-role-secret" # Kubernetes auth: https://www.vaultproject.io/docs/auth/kubernetes kubernetes: From 6b70c9002fc5b54e71d76b1acc611b73bd08306c Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Tue, 5 Nov 2024 13:06:29 +0100 Subject: [PATCH 387/517] feat: add option to configure topic information for GCM (#4055) * feat: add option to configure topic information for GCM Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix the comparison logic for updates to include topics Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/gcp/secretmanager/client.go | 44 ++++++++++--- pkg/provider/gcp/secretmanager/client_test.go | 64 +++++++++++++++++-- pkg/provider/gcp/secretmanager/fake/fake.go | 2 + pkg/provider/gcp/secretmanager/push_secret.go | 22 +++++-- pkg/utils/utils_test.go | 19 +++++- 5 files changed, 126 insertions(+), 25 deletions(-) diff --git a/pkg/provider/gcp/secretmanager/client.go b/pkg/provider/gcp/secretmanager/client.go index d3e7c59cab1..4892cc26029 100644 --- a/pkg/provider/gcp/secretmanager/client.go +++ b/pkg/provider/gcp/secretmanager/client.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" "maps" + "slices" "strconv" "strings" @@ -68,6 +69,7 @@ const ( managedByValue = "external-secrets" providerName = "GCPSecretManager" + topicsKey = "topics" ) type Client struct { @@ -182,15 +184,33 @@ func (c *Client) PushSecret(ctx context.Context, secret *corev1.Secret, pushSecr } } + scrt := &secretmanagerpb.Secret{ + Labels: map[string]string{ + managedByKey: managedByValue, + }, + Replication: replication, + } + + topics, err := utils.FetchValueFromMetadata(topicsKey, pushSecretData.GetMetadata(), []any{}) + if err != nil { + return fmt.Errorf("failed to fetch topics from metadata: %w", err) + } + + for _, t := range topics { + name, ok := t.(string) + if !ok { + return fmt.Errorf("invalid topic type") + } + + scrt.Topics = append(scrt.Topics, &secretmanagerpb.Topic{ + Name: name, + }) + } + gcpSecret, err = c.smClient.CreateSecret(ctx, &secretmanagerpb.CreateSecretRequest{ Parent: fmt.Sprintf("projects/%s", c.store.ProjectID), SecretId: pushSecretData.GetRemoteKey(), - Secret: &secretmanagerpb.Secret{ - Labels: map[string]string{ - managedByKey: managedByValue, - }, - Replication: replication, - }, + Secret: scrt, }) metrics.ObserveAPICall(constants.ProviderGCPSM, constants.CallGCPSMCreateSecret, err) if err != nil { @@ -203,17 +223,25 @@ func (c *Client) PushSecret(ctx context.Context, secret *corev1.Secret, pushSecr return err } - annotations, labels, err := builder.buildMetadata(gcpSecret.Annotations, gcpSecret.Labels) + annotations, labels, topics, err := builder.buildMetadata(gcpSecret.Annotations, gcpSecret.Labels, gcpSecret.Topics) if err != nil { return err } - if !maps.Equal(gcpSecret.Annotations, annotations) || !maps.Equal(gcpSecret.Labels, labels) { + // Comparing with a pointer based slice doesn't work so we are converting + // it to a string slice. + existingTopics := make([]string, 0, len(gcpSecret.Topics)) + for _, t := range gcpSecret.Topics { + existingTopics = append(existingTopics, t.Name) + } + + if !maps.Equal(gcpSecret.Annotations, annotations) || !maps.Equal(gcpSecret.Labels, labels) || !slices.Equal(existingTopics, topics) { scrt := &secretmanagerpb.Secret{ Name: gcpSecret.Name, Etag: gcpSecret.Etag, Labels: labels, Annotations: annotations, + Topics: gcpSecret.Topics, } if c.store.Location != "" { diff --git a/pkg/provider/gcp/secretmanager/client_test.go b/pkg/provider/gcp/secretmanager/client_test.go index f3f742735a8..fd1774f3e86 100644 --- a/pkg/provider/gcp/secretmanager/client_test.go +++ b/pkg/provider/gcp/secretmanager/client_test.go @@ -531,6 +531,25 @@ func TestPushSecret(t *testing.T) { "managed-by": "external-secrets", }, } + secretWithTopics := secretmanagerpb.Secret{ + Name: "projects/default/secrets/baz", + Replication: &secretmanagerpb.Replication{ + Replication: &secretmanagerpb.Replication_Automatic_{ + Automatic: &secretmanagerpb.Replication_Automatic{}, + }, + }, + Labels: map[string]string{ + "managed-by": "external-secrets", + }, + Topics: []*secretmanagerpb.Topic{ + { + Name: "topic1", + }, + { + Name: "topic2", + }, + }, + } wrongLabelSecret := secretmanagerpb.Secret{ Name: "projects/default/secrets/foo-bar", Replication: &secretmanagerpb.Replication{ @@ -677,7 +696,7 @@ func TestPushSecret(t *testing.T) { user, ok := req.Secret.Replication.Replication.(*secretmanagerpb.Replication_UserManaged_) if !ok { - return errors.New("req.Secret.Replication.Replication was not of type *secretmanagerpb.Replication_UserManaged_") + return fmt.Errorf("req.Secret.Replication.Replication was not of type *secretmanagerpb.Replication_UserManaged_ but: %T", req.Secret.Replication.Replication) } if len(user.UserManaged.Replicas) < 1 { @@ -693,16 +712,47 @@ func TestPushSecret(t *testing.T) { }, }, { - desc: "failed to push a secret with invalid metadata type", + desc: "SetSecret successfully pushes a secret with topics", args: args{ - store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, - mock: smtc.mockClient, Metadata: &apiextensionsv1.JSON{ - Raw: []byte(`{"tags":{"tag-key1":"tag-value1"}}`), + Raw: []byte(`{"topics":["topic1", "topic2"]}`), }, - GetSecretMockReturn: fakesm.SecretMockReturn{Secret: &secret, Err: nil}}, + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, + mock: &fakesm.MockSMClient{}, // the mock should NOT be shared between test cases + CreateSecretMockReturn: fakesm.SecretMockReturn{Secret: &secretWithTopics, Err: nil}, + GetSecretMockReturn: fakesm.SecretMockReturn{Secret: nil, Err: notFoundError}, + AccessSecretVersionMockReturn: fakesm.AccessSecretVersionMockReturn{Res: &res, Err: nil}, + AddSecretVersionMockReturn: fakesm.AddSecretVersionMockReturn{SecretVersion: &secretVersion, Err: nil}}, want: want{ - err: errors.New("failed to decode PushSecret metadata"), + err: nil, + req: func(m *fakesm.MockSMClient) error { + scrt, ok := m.CreateSecretCalledWithN[0] + if !ok { + return errors.New("index 0 for call not found in the list of calls") + } + + if scrt.Secret == nil { + return errors.New("index 0 for call was nil") + } + + if len(scrt.Secret.Topics) != 2 { + return fmt.Errorf("secret topics count was not 2 but: %d", len(scrt.Secret.Topics)) + } + + if scrt.Secret.Topics[0].Name != "topic1" { + return fmt.Errorf("secret topic name for 1 was not topic1 but: %s", scrt.Secret.Topics[0].Name) + } + + if scrt.Secret.Topics[1].Name != "topic2" { + return fmt.Errorf("secret topic name for 2 was not topic2 but: %s", scrt.Secret.Topics[1].Name) + } + + if m.UpdateSecretCallN != 0 { + return fmt.Errorf("updateSecret called with %d", m.UpdateSecretCallN) + } + + return nil + }, }, }, { diff --git a/pkg/provider/gcp/secretmanager/fake/fake.go b/pkg/provider/gcp/secretmanager/fake/fake.go index 92c0fb39aa9..5d3e3ebd524 100644 --- a/pkg/provider/gcp/secretmanager/fake/fake.go +++ b/pkg/provider/gcp/secretmanager/fake/fake.go @@ -34,6 +34,7 @@ type MockSMClient struct { CreateSecretCalledWithN map[int]*secretmanagerpb.CreateSecretRequest createSecretCallN int updateSecretFn func(ctx context.Context, req *secretmanagerpb.UpdateSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error) + UpdateSecretCallN int closeFn func() error GetSecretFn func(ctx context.Context, req *secretmanagerpb.GetSecretRequest, opts ...gax.CallOption) (*secretmanagerpb.Secret, error) DeleteSecretFn func(ctx context.Context, req *secretmanagerpb.DeleteSecretRequest, opts ...gax.CallOption) error @@ -183,6 +184,7 @@ func (mc *MockSMClient) AccessSecretVersionWithError(err error) { } func (mc *MockSMClient) UpdateSecret(ctx context.Context, req *secretmanagerpb.UpdateSecretRequest, _ ...gax.CallOption) (*secretmanagerpb.Secret, error) { + mc.UpdateSecretCallN++ return mc.updateSecretFn(ctx, req) } diff --git a/pkg/provider/gcp/secretmanager/push_secret.go b/pkg/provider/gcp/secretmanager/push_secret.go index 6c116e9cbdf..e68020ef701 100644 --- a/pkg/provider/gcp/secretmanager/push_secret.go +++ b/pkg/provider/gcp/secretmanager/push_secret.go @@ -20,6 +20,7 @@ import ( "errors" "fmt" + "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb" "github.com/tidwall/sjson" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" @@ -28,6 +29,7 @@ import ( type Metadata struct { Annotations map[string]string `json:"annotations"` Labels map[string]string `json:"labels"` + Topics []string `json:"topics,omitempty"` } func newPushSecretBuilder(payload []byte, data esv1beta1.PushSecretData) (pushSecretBuilder, error) { @@ -49,7 +51,7 @@ func newPushSecretBuilder(payload []byte, data esv1beta1.PushSecretData) (pushSe } type pushSecretBuilder interface { - buildMetadata(annotations, labels map[string]string) (map[string]string, map[string]string, error) + buildMetadata(annotations, labels map[string]string, topics []*secretmanagerpb.Topic) (map[string]string, map[string]string, []string, error) needUpdate(original []byte) bool buildData(original []byte) ([]byte, error) } @@ -59,9 +61,9 @@ type psBuilder struct { pushSecretData esv1beta1.PushSecretData } -func (b *psBuilder) buildMetadata(_, labels map[string]string) (map[string]string, map[string]string, error) { +func (b *psBuilder) buildMetadata(_, labels map[string]string, _ []*secretmanagerpb.Topic) (map[string]string, map[string]string, []string, error) { if manager, ok := labels[managedByKey]; !ok || manager != managedByValue { - return nil, nil, fmt.Errorf("secret %v is not managed by external secrets", b.pushSecretData.GetRemoteKey()) + return nil, nil, nil, fmt.Errorf("secret %v is not managed by external secrets", b.pushSecretData.GetRemoteKey()) } var metadata Metadata @@ -71,7 +73,7 @@ func (b *psBuilder) buildMetadata(_, labels map[string]string) (map[string]strin decoder.DisallowUnknownFields() if err := decoder.Decode(&metadata); err != nil { - return nil, nil, fmt.Errorf("failed to decode PushSecret metadata: %w", err) + return nil, nil, nil, fmt.Errorf("failed to decode PushSecret metadata: %w", err) } } @@ -81,7 +83,7 @@ func (b *psBuilder) buildMetadata(_, labels map[string]string) (map[string]strin } newLabels[managedByKey] = managedByValue - return metadata.Annotations, newLabels, nil + return metadata.Annotations, newLabels, metadata.Topics, nil } func (b *psBuilder) needUpdate(original []byte) bool { @@ -101,7 +103,7 @@ type propertyPSBuilder struct { pushSecretData esv1beta1.PushSecretData } -func (b *propertyPSBuilder) buildMetadata(annotations, labels map[string]string) (map[string]string, map[string]string, error) { +func (b *propertyPSBuilder) buildMetadata(annotations, labels map[string]string, topics []*secretmanagerpb.Topic) (map[string]string, map[string]string, []string, error) { newAnnotations := map[string]string{} newLabels := map[string]string{} if annotations != nil { @@ -112,7 +114,13 @@ func (b *propertyPSBuilder) buildMetadata(annotations, labels map[string]string) } newLabels[managedByKey] = managedByValue - return newAnnotations, newLabels, nil + + result := make([]string, 0, len(topics)) + for _, t := range topics { + result = append(result, t.Name) + } + + return newAnnotations, newLabels, result, nil } func (b *propertyPSBuilder) needUpdate(original []byte) bool { diff --git a/pkg/utils/utils_test.go b/pkg/utils/utils_test.go index 9fae1fde5f3..cd9d6868c49 100644 --- a/pkg/utils/utils_test.go +++ b/pkg/utils/utils_test.go @@ -23,6 +23,7 @@ import ( "github.com/aws/aws-sdk-go/aws" "github.com/oracle/oci-go-sdk/v65/vault" + "github.com/stretchr/testify/assert" v1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -734,6 +735,20 @@ func TestFetchValueFromMetadata(t *testing.T) { wantT: "value", wantErr: false, }, + { + name: "digging for a slice", + args: args{ + key: "topics", + data: &apiextensionsv1.JSON{ + Raw: []byte( + `{"topics": ["topic1", "topic2"]}`, + ), + }, + def: []string{}, + }, + wantT: []any{"topic1", "topic2"}, // we don't have deep type matching so it's not an []string{} but []any. + wantErr: false, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -742,9 +757,7 @@ func TestFetchValueFromMetadata(t *testing.T) { t.Errorf("FetchValueFromMetadata() error = %v, wantErr %v", err, tt.wantErr) return } - if !reflect.DeepEqual(gotT, tt.wantT) { - t.Errorf("FetchValueFromMetadata() gotT = %v, want %v", gotT, tt.wantT) - } + assert.Equal(t, tt.wantT, gotT) }) } } From d4d4f4bc4baef67d7c691bf2cea6bd42c5d55823 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Tue, 5 Nov 2024 13:22:00 +0100 Subject: [PATCH 388/517] feat: add AWS STS Session token generator (#4041) * feat: add AWS STS Session token generator Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * version update for the generated CRD Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- apis/generators/v1alpha1/generator_sts.go | 80 ++++++++ apis/generators/v1alpha1/register.go | 8 + .../v1alpha1/zz_generated.deepcopy.go | 109 ++++++++++ ....external-secrets.io_stssessiontokens.yaml | 183 +++++++++++++++++ config/crds/bases/kustomization.yaml | 1 + deploy/crds/bundle.yaml | 188 ++++++++++++++++++ docs/api/generator/sts.md | 37 ++++ docs/snippets/generator-sts-example.yaml | 14 ++ docs/snippets/generator-sts.yaml | 40 ++++ hack/api-docs/mkdocs.yml | 3 +- pkg/generator/sts/sts.go | 114 +++++++++++ pkg/generator/sts/sts_test.go | 151 ++++++++++++++ pkg/provider/aws/auth/auth.go | 2 +- 13 files changed, 928 insertions(+), 2 deletions(-) create mode 100644 apis/generators/v1alpha1/generator_sts.go create mode 100644 config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml create mode 100644 docs/api/generator/sts.md create mode 100644 docs/snippets/generator-sts-example.yaml create mode 100644 docs/snippets/generator-sts.yaml create mode 100644 pkg/generator/sts/sts.go create mode 100644 pkg/generator/sts/sts_test.go diff --git a/apis/generators/v1alpha1/generator_sts.go b/apis/generators/v1alpha1/generator_sts.go new file mode 100644 index 00000000000..61aeba4df33 --- /dev/null +++ b/apis/generators/v1alpha1/generator_sts.go @@ -0,0 +1,80 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// RequestParameters contains parameters that can be passed to the STS service. +type RequestParameters struct { + // SessionDuration The duration, in seconds, that the credentials should remain valid. Acceptable durations for + // IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds + // (12 hours) as the default. + // +optional + SessionDuration *int64 `json:"sessionDuration,omitempty"` + // SerialNumber is the identification number of the MFA device that is associated with the IAM user who is making + // the GetSessionToken call. + // Possible values: hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device + // (such as arn:aws:iam::123456789012:mfa/user) + // +optional + SerialNumber *string `json:"serialNumber,omitempty"` + // TokenCode is the value provided by the MFA device, if MFA is required. + // +optional + TokenCode *string `json:"tokenCode,omitempty"` +} + +type STSSessionTokenSpec struct { + // Region specifies the region to operate in. + Region string `json:"region"` + + // Auth defines how to authenticate with AWS + // +optional + Auth AWSAuth `json:"auth,omitempty"` + + // You can assume a role before making calls to the + // desired AWS service. + // +optional + Role string `json:"role,omitempty"` + + // RequestParameters contains parameters that can be passed to the STS service. + // +optional + RequestParameters *RequestParameters `json:"requestParameters,omitempty"` +} + +// STSSessionToken uses the GetSessionToken API to retrieve an authorization token. +// The authorization token is valid for 12 hours. +// The authorizationToken returned is a base64 encoded string that can be decoded. +// For more information, see GetSessionToken (https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html). +// +kubebuilder:object:root=true +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=stssessiontoken +type STSSessionToken struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec STSSessionTokenSpec `json:"spec,omitempty"` +} + +// +kubebuilder:object:root=true + +// STSSessionTokenList contains a list of STSSessionToken resources. +type STSSessionTokenList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []STSSessionToken `json:"items"` +} diff --git a/apis/generators/v1alpha1/register.go b/apis/generators/v1alpha1/register.go index 0290c6d710c..689b50ee263 100644 --- a/apis/generators/v1alpha1/register.go +++ b/apis/generators/v1alpha1/register.go @@ -44,6 +44,14 @@ var ( ECRAuthorizationTokenGroupVersionKind = SchemeGroupVersion.WithKind(ECRAuthorizationTokenKind) ) +// STSSessionToken type metadata. +var ( + STSSessionTokenKind = reflect.TypeOf(STSSessionToken{}).Name() + STSSessionTokenGroupKind = schema.GroupKind{Group: Group, Kind: STSSessionTokenKind}.String() + STSSessionTokenKindAPIVersion = STSSessionTokenKind + "." + SchemeGroupVersion.String() + STSSessionTokenGroupVersionKind = SchemeGroupVersion.WithKind(STSSessionTokenKind) +) + // GCRAccessToken type metadata. var ( GCRAccessTokenKind = reflect.TypeOf(GCRAccessToken{}).Name() diff --git a/apis/generators/v1alpha1/zz_generated.deepcopy.go b/apis/generators/v1alpha1/zz_generated.deepcopy.go index 69a3560f8d7..bd03e6d6f27 100644 --- a/apis/generators/v1alpha1/zz_generated.deepcopy.go +++ b/apis/generators/v1alpha1/zz_generated.deepcopy.go @@ -772,6 +772,115 @@ func (in *PasswordSpec) DeepCopy() *PasswordSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *RequestParameters) DeepCopyInto(out *RequestParameters) { + *out = *in + if in.SessionDuration != nil { + in, out := &in.SessionDuration, &out.SessionDuration + *out = new(int64) + **out = **in + } + if in.SerialNumber != nil { + in, out := &in.SerialNumber, &out.SerialNumber + *out = new(string) + **out = **in + } + if in.TokenCode != nil { + in, out := &in.TokenCode, &out.TokenCode + *out = new(string) + **out = **in + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new RequestParameters. +func (in *RequestParameters) DeepCopy() *RequestParameters { + if in == nil { + return nil + } + out := new(RequestParameters) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *STSSessionToken) DeepCopyInto(out *STSSessionToken) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new STSSessionToken. +func (in *STSSessionToken) DeepCopy() *STSSessionToken { + if in == nil { + return nil + } + out := new(STSSessionToken) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *STSSessionToken) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *STSSessionTokenList) DeepCopyInto(out *STSSessionTokenList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]STSSessionToken, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new STSSessionTokenList. +func (in *STSSessionTokenList) DeepCopy() *STSSessionTokenList { + if in == nil { + return nil + } + out := new(STSSessionTokenList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *STSSessionTokenList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *STSSessionTokenSpec) DeepCopyInto(out *STSSessionTokenSpec) { + *out = *in + in.Auth.DeepCopyInto(&out.Auth) + if in.RequestParameters != nil { + in, out := &in.RequestParameters, &out.RequestParameters + *out = new(RequestParameters) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new STSSessionTokenSpec. +func (in *STSSessionTokenSpec) DeepCopy() *STSSessionTokenSpec { + if in == nil { + return nil + } + out := new(STSSessionTokenSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *SecretKeySelector) DeepCopyInto(out *SecretKeySelector) { *out = *in diff --git a/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml b/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml new file mode 100644 index 00000000000..41d31666985 --- /dev/null +++ b/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml @@ -0,0 +1,183 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + external-secrets.io/component: controller + name: stssessiontokens.generators.external-secrets.io +spec: + group: generators.external-secrets.io + names: + categories: + - external-secrets + - external-secrets-generators + kind: STSSessionToken + listKind: STSSessionTokenList + plural: stssessiontokens + shortNames: + - stssessiontoken + singular: stssessiontoken + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + STSSessionToken uses the GetSessionToken API to retrieve an authorization token. + The authorization token is valid for 12 hours. + The authorizationToken returned is a base64 encoded string that can be decoded. + For more information, see GetSessionToken (https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + auth: + description: Auth defines how to authenticate with AWS + properties: + jwt: + description: Authenticate against AWS using service account tokens. + properties: + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + type: object + secretRef: + description: |- + AWSAuthSecretRef holds secret references for AWS credentials + both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred + to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred + to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + sessionTokenSecretRef: + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred + to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + type: object + region: + description: Region specifies the region to operate in. + type: string + requestParameters: + description: RequestParameters contains parameters that can be passed + to the STS service. + properties: + serialNumber: + description: |- + SerialNumber is the identification number of the MFA device that is associated with the IAM user who is making + the GetSessionToken call. + Possible values: hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device + (such as arn:aws:iam::123456789012:mfa/user) + type: string + sessionDuration: + description: |- + SessionDuration The duration, in seconds, that the credentials should remain valid. Acceptable durations for + IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds + (12 hours) as the default. + format: int64 + type: integer + tokenCode: + description: TokenCode is the value provided by the MFA device, + if MFA is required. + type: string + type: object + role: + description: |- + You can assume a role before making calls to the + desired AWS service. + type: string + required: + - region + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crds/bases/kustomization.yaml b/config/crds/bases/kustomization.yaml index b626ca6cc6a..d532f45f1b2 100644 --- a/config/crds/bases/kustomization.yaml +++ b/config/crds/bases/kustomization.yaml @@ -13,6 +13,7 @@ resources: - generators.external-secrets.io_gcraccesstokens.yaml - generators.external-secrets.io_githubaccesstokens.yaml - generators.external-secrets.io_passwords.yaml + - generators.external-secrets.io_stssessiontokens.yaml - generators.external-secrets.io_uuids.yaml - generators.external-secrets.io_vaultdynamicsecrets.yaml - generators.external-secrets.io_webhooks.yaml diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 43b77c255b5..ab4058de657 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -11920,6 +11920,194 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + external-secrets.io/component: controller + name: stssessiontokens.generators.external-secrets.io +spec: + group: generators.external-secrets.io + names: + categories: + - external-secrets + - external-secrets-generators + kind: STSSessionToken + listKind: STSSessionTokenList + plural: stssessiontokens + shortNames: + - stssessiontoken + singular: stssessiontoken + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: |- + STSSessionToken uses the GetSessionToken API to retrieve an authorization token. + The authorization token is valid for 12 hours. + The authorizationToken returned is a base64 encoded string that can be decoded. + For more information, see GetSessionToken (https://docs.aws.amazon.com/STS/latest/APIReference/API_GetSessionToken.html). + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + auth: + description: Auth defines how to authenticate with AWS + properties: + jwt: + description: Authenticate against AWS using service account tokens. + properties: + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + type: object + secretRef: + description: |- + AWSAuthSecretRef holds secret references for AWS credentials + both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + sessionTokenSecretRef: + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + type: object + region: + description: Region specifies the region to operate in. + type: string + requestParameters: + description: RequestParameters contains parameters that can be passed to the STS service. + properties: + serialNumber: + description: |- + SerialNumber is the identification number of the MFA device that is associated with the IAM user who is making + the GetSessionToken call. + Possible values: hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device + (such as arn:aws:iam::123456789012:mfa/user) + type: string + sessionDuration: + description: |- + SessionDuration The duration, in seconds, that the credentials should remain valid. Acceptable durations for + IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds + (12 hours) as the default. + format: int64 + type: integer + tokenCode: + description: TokenCode is the value provided by the MFA device, if MFA is required. + type: string + type: object + role: + description: |- + You can assume a role before making calls to the + desired AWS service. + type: string + required: + - region + type: object + type: object + served: true + storage: true + subresources: + status: {} + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: + - v1 + clientConfig: + service: + name: kubernetes + namespace: default + path: /convert +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.5 diff --git a/docs/api/generator/sts.md b/docs/api/generator/sts.md new file mode 100644 index 00000000000..bf1a3ef253e --- /dev/null +++ b/docs/api/generator/sts.md @@ -0,0 +1,37 @@ +STSSessionToken uses the GetSessionToken API to retrieve a temporary session token. + +## Output Keys and Values + +| Key | Description | +|-------------------|-------------------------------------------------------------------------------------| +| access_key_id | The access key ID that identifies the temporary security credentials. | +| secret_access_key | The secret access key that can be used to sign requests. | +| session_token | The token that users must pass to the service API to use the temporary credentials. | +| expiration | The date on which the current credentials expire. | + +## Authentication + +You can choose from three authentication mechanisms: + +* static credentials using `spec.auth.secretRef` +* point to a IRSA Service Account with `spec.auth.jwt` +* use credentials from the [SDK default credentials chain](https://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html#credentials-default) from the controller environment + +## Request Parameters + +Following request parameters can be provided: + +- duration seconds -> can specify the TTL of the generated token +- serial number -> define the serial number of the MFA device used by the user +- token code -> possible code generated by the above referenced MFA device + +## Example Manifest + +```yaml +{% include 'generator-sts.yaml' %} +``` + +Example `ExternalSecret` that references the STS Session Token generator: +```yaml +{% include 'generator-sts-example.yaml' %} +``` diff --git a/docs/snippets/generator-sts-example.yaml b/docs/snippets/generator-sts-example.yaml new file mode 100644 index 00000000000..36069adff2f --- /dev/null +++ b/docs/snippets/generator-sts-example.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: "sts-secret" +spec: + refreshInterval: "1h" + target: + name: sts-secret + dataFrom: + - sourceRef: + generatorRef: + apiVersion: generators.external-secrets.io/v1alpha1 + kind: STSSessionToken + name: "sts-gen" diff --git a/docs/snippets/generator-sts.yaml b/docs/snippets/generator-sts.yaml new file mode 100644 index 00000000000..7a0813774a6 --- /dev/null +++ b/docs/snippets/generator-sts.yaml @@ -0,0 +1,40 @@ +apiVersion: generators.external-secrets.io/v1alpha1 +kind: STSSessionToken +metadata: + name: sts-gen +spec: + + # specify aws region (mandatory) + region: eu-west-1 + + # assume role with the given authentication credentials + role: "my-role" + + # choose an authentication strategy + # if no auth strategy is defined it falls back to using + # credentials from the environment of the controller. + auth: + + # 1: static credentials + # point to a secret that contains static credentials + # like AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY + secretRef: + accessKeyIDSecretRef: + name: "my-aws-creds" + key: "key-id" + secretAccessKeySecretRef: + name: "my-aws-creds" + key: "access-secret" + + # option 2: IAM Roles for Service Accounts + # point to a service account that should be used + # that is configured for IAM Roles for Service Accounts (IRSA) + jwt: + serviceAccountRef: + name: "oci-token-sync" + + # optional request parameters for further fine-tuning the Token generation. + requestParameters: + serialNumber: arn:aws:iam::123456789012:mfa/user + sessionDuration: 900 + tokenCode: "123456" diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index 3435e877b84..75da116f15d 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -17,7 +17,7 @@ theme: media: "(prefers-color-scheme: dark)" toggle: icon: material/brightness-4 - name: Switch to light mode + name: Switch to light mode features: - navigation.tabs - navigation.indexes @@ -68,6 +68,7 @@ nav: - "api/generator/index.md" - Azure Container Registry: api/generator/acr.md - AWS Elastic Container Registry: api/generator/ecr.md + - AWS STS Session Token: api/generator/sts.md - Google Container Registry: api/generator/gcr.md - Vault Dynamic Secret: api/generator/vault.md - Password: api/generator/password.md diff --git a/pkg/generator/sts/sts.go b/pkg/generator/sts/sts.go new file mode 100644 index 00000000000..d79e2efc3c6 --- /dev/null +++ b/pkg/generator/sts/sts.go @@ -0,0 +1,114 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package sts + +import ( + "context" + "errors" + "fmt" + "strconv" + + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/sts" + "github.com/aws/aws-sdk-go/service/sts/stsiface" + apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/yaml" + + esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1" + awsauth "github.com/external-secrets/external-secrets/pkg/provider/aws/auth" +) + +type Generator struct{} + +const ( + errNoSpec = "no config spec provided" + errParseSpec = "unable to parse spec: %w" + errCreateSess = "unable to create aws session: %w" + errGetToken = "unable to get authorization token: %w" +) + +func (g *Generator) Generate(ctx context.Context, jsonSpec *apiextensions.JSON, kube client.Client, namespace string) (map[string][]byte, error) { + return g.generate(ctx, jsonSpec, kube, namespace, stsFactory) +} + +func (g *Generator) generate( + ctx context.Context, + jsonSpec *apiextensions.JSON, + kube client.Client, + namespace string, + stsFunc stsFactoryFunc, +) (map[string][]byte, error) { + if jsonSpec == nil { + return nil, errors.New(errNoSpec) + } + res, err := parseSpec(jsonSpec.Raw) + if err != nil { + return nil, fmt.Errorf(errParseSpec, err) + } + sess, err := awsauth.NewGeneratorSession( + ctx, + esv1beta1.AWSAuth{ + SecretRef: (*esv1beta1.AWSAuthSecretRef)(res.Spec.Auth.SecretRef), + JWTAuth: (*esv1beta1.AWSJWTAuth)(res.Spec.Auth.JWTAuth), + }, + res.Spec.Role, + res.Spec.Region, + kube, + namespace, + awsauth.DefaultSTSProvider, + awsauth.DefaultJWTProvider) + if err != nil { + return nil, fmt.Errorf(errCreateSess, err) + } + client := stsFunc(sess) + input := &sts.GetSessionTokenInput{} + if res.Spec.RequestParameters != nil { + input.DurationSeconds = res.Spec.RequestParameters.SessionDuration + input.TokenCode = res.Spec.RequestParameters.TokenCode + input.SerialNumber = res.Spec.RequestParameters.SerialNumber + } + out, err := client.GetSessionToken(input) + if err != nil { + return nil, fmt.Errorf(errGetToken, err) + } + if out.Credentials == nil { + return nil, errors.New("no credentials found") + } + + return map[string][]byte{ + "access_key_id": []byte(*out.Credentials.AccessKeyId), + "expiration": []byte(strconv.FormatInt(out.Credentials.Expiration.Unix(), 10)), + "secret_access_key": []byte(*out.Credentials.SecretAccessKey), + "session_token": []byte(*out.Credentials.SessionToken), + }, nil +} + +type stsFactoryFunc func(aws *session.Session) stsiface.STSAPI + +func stsFactory(aws *session.Session) stsiface.STSAPI { + return sts.New(aws) +} + +func parseSpec(data []byte) (*genv1alpha1.STSSessionToken, error) { + var spec genv1alpha1.STSSessionToken + err := yaml.Unmarshal(data, &spec) + return &spec, err +} + +func init() { + genv1alpha1.Register(genv1alpha1.STSSessionTokenGroupKind, &Generator{}) +} diff --git a/pkg/generator/sts/sts_test.go b/pkg/generator/sts/sts_test.go new file mode 100644 index 00000000000..f732fecb369 --- /dev/null +++ b/pkg/generator/sts/sts_test.go @@ -0,0 +1,151 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package sts + +import ( + "context" + "errors" + "reflect" + "testing" + "time" + + "github.com/aws/aws-sdk-go/aws/session" + "github.com/aws/aws-sdk-go/service/sts" + "github.com/aws/aws-sdk-go/service/sts/stsiface" + v1 "k8s.io/api/core/v1" + apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "sigs.k8s.io/controller-runtime/pkg/client" + clientfake "sigs.k8s.io/controller-runtime/pkg/client/fake" + + "github.com/external-secrets/external-secrets/pkg/utils" +) + +func TestGenerate(t *testing.T) { + type args struct { + ctx context.Context + jsonSpec *apiextensions.JSON + kube client.Client + namespace string + tokenFunc func(*sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error) + } + tests := []struct { + name string + g *Generator + args args + want map[string][]byte + wantErr bool + }{ + { + name: "nil spec", + args: args{ + jsonSpec: nil, + }, + wantErr: true, + }, + { + name: "invalid json", + args: args{ + tokenFunc: func(*sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error) { + return nil, errors.New("boom") + }, + jsonSpec: &apiextensions.JSON{ + Raw: []byte(``), + }, + }, + wantErr: true, + }, + { + name: "full spec", + args: args{ + namespace: "foobar", + kube: clientfake.NewClientBuilder().WithObjects(&v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: "my-aws-creds", + Namespace: "foobar", + }, + Data: map[string][]byte{ + "key-id": []byte("foo"), + "access-secret": []byte("bar"), + }, + }).Build(), + tokenFunc: func(*sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error) { + t := time.Unix(1234, 0) + return &sts.GetSessionTokenOutput{ + Credentials: &sts.Credentials{ + AccessKeyId: utils.Ptr("access-key-id"), + Expiration: utils.Ptr(t), + SecretAccessKey: utils.Ptr("secret-access-key"), + SessionToken: utils.Ptr("session-token"), + }, + }, nil + }, + jsonSpec: &apiextensions.JSON{ + Raw: []byte(`apiVersion: generators.external-secrets.io/v1alpha1 +kind: STSSessionToken +spec: + region: eu-west-1 + role: "my-role" + auth: + secretRef: + accessKeyIDSecretRef: + name: "my-aws-creds" + key: "key-id" + secretAccessKeySecretRef: + name: "my-aws-creds" + key: "access-secret"`), + }, + }, + want: map[string][]byte{ + "access_key_id": []byte("access-key-id"), + "expiration": []byte("1234"), + "secret_access_key": []byte("secret-access-key"), + "session_token": []byte("session-token"), + }, + }, + } + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + g := &Generator{} + got, err := g.generate( + tt.args.ctx, + tt.args.jsonSpec, + tt.args.kube, + tt.args.namespace, + func(aws *session.Session) stsiface.STSAPI { + return &FakeSTS{ + getSessionToken: tt.args.tokenFunc, + } + }, + ) + if (err != nil) != tt.wantErr { + t.Errorf("Generator.Generate() error = %v, wantErr %v", err, tt.wantErr) + return + } + if !reflect.DeepEqual(got, tt.want) { + t.Errorf("Generator.Generate() = %v, want %v", got, tt.want) + } + }) + } +} + +type FakeSTS struct { + stsiface.STSAPI + getSessionToken func(*sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error) +} + +func (e *FakeSTS) GetSessionToken(in *sts.GetSessionTokenInput) (*sts.GetSessionTokenOutput, error) { + return e.getSessionToken(in) +} diff --git a/pkg/provider/aws/auth/auth.go b/pkg/provider/aws/auth/auth.go index 83e66770d0d..b20551ed4d2 100644 --- a/pkg/provider/aws/auth/auth.go +++ b/pkg/provider/aws/auth/auth.go @@ -155,7 +155,7 @@ func New(ctx context.Context, store esv1beta1.GenericStore, kube client.Client, return sess, nil } -// NewSession creates a new aws session based on the provided store +// NewGeneratorSession creates a new aws session based on the provided store // it uses the following authentication mechanisms in order: // * service-account token authentication via AssumeRoleWithWebIdentity // * static credentials from a Kind=Secret, optionally with doing a AssumeRole. From a9ba8b2bc82e2caa9095c469be02e1bc32754983 Mon Sep 17 00:00:00 2001 From: Tete17 Date: Tue, 5 Nov 2024 23:00:06 +0100 Subject: [PATCH 389/517] chore(helm): Add extra labels to the validating webhooks (#4074) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit It should add a bunch of app.kubernetes.io labels Signed-off-by: Miguel Sacristán Izcue Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .../templates/validatingwebhook.yaml | 8 ++------ .../tests/__snapshot__/crds_test.yaml.snap | 2 +- .../charts/external-secrets/tests/webhook_test.yaml | 12 ++++++++++++ 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/deploy/charts/external-secrets/templates/validatingwebhook.yaml b/deploy/charts/external-secrets/templates/validatingwebhook.yaml index 63b39763f97..0c3183ee185 100644 --- a/deploy/charts/external-secrets/templates/validatingwebhook.yaml +++ b/deploy/charts/external-secrets/templates/validatingwebhook.yaml @@ -4,10 +4,8 @@ kind: ValidatingWebhookConfiguration metadata: name: secretstore-validate labels: + {{- include "external-secrets-webhook.labels" . | nindent 4 }} external-secrets.io/component: webhook - {{- with .Values.commonLabels }} - {{ toYaml . | nindent 4 }} - {{- end }} {{- if and .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} annotations: cert-manager.io/inject-ca-from: {{ template "external-secrets.namespace" . }}/{{ include "external-secrets.fullname" . }}-webhook @@ -50,10 +48,8 @@ kind: ValidatingWebhookConfiguration metadata: name: externalsecret-validate labels: + {{- include "external-secrets-webhook.labels" . | nindent 4 }} external-secrets.io/component: webhook - {{- with .Values.commonLabels }} - {{ toYaml . | nindent 4 }} - {{- end }} {{- if and .Values.webhook.certManager.enabled .Values.webhook.certManager.addInjectorAnnotations }} annotations: cert-manager.io/inject-ca-from: {{ template "external-secrets.namespace" . }}/{{ include "external-secrets.fullname" . }}-webhook diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 35439880e01..76ab27f3567 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -4,7 +4,7 @@ should match snapshot of default values: kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.3 + controller-gen.kubebuilder.io/version: v0.16.5 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io diff --git a/deploy/charts/external-secrets/tests/webhook_test.yaml b/deploy/charts/external-secrets/tests/webhook_test.yaml index 8c6f761b084..e6a8a9a39be 100644 --- a/deploy/charts/external-secrets/tests/webhook_test.yaml +++ b/deploy/charts/external-secrets/tests/webhook_test.yaml @@ -161,6 +161,18 @@ tests: templates: - validatingwebhook.yaml - crds/externalsecret.yaml + - it: should have the correct labels + set: + webhook.create: true + templates: + - validatingwebhook.yaml + asserts: + - equal: + path: metadata.labels["app.kubernetes.io/name"] + value: "external-secrets-webhook" + - equal: + path: metadata.labels["app.kubernetes.io/instance"] + value: "RELEASE-NAME" - it: should override metrics port set: webhook.metrics.listen.port: 8888 From 51fabd49a54f311e35df4de0a50d48ba2f8449ff Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Lindh=C3=A9?= <7773090+lindhe@users.noreply.github.com> Date: Wed, 6 Nov 2024 15:23:57 +0100 Subject: [PATCH 390/517] Reduce refreshInterval example for ACR (#4078) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The old example used a `refreshInterval` value of 12h for the ACR access token. This change reduces that to 3h instead, since that is the expiration time for Service Principal authentication tokens: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#service-principal Service principals are not the only way to authenticate towards ACR. In fact, two other ways (`managedIdentity` and `workloadIdentity`) are also outlined in the docs. I was unable to find any documentation in Azure for the default expiration time for those tokens, so as far as I know it is always 3 hours. Thus I think we should reflect this in our examples. Signed-off-by: Andreas Lindhé <7773090+lindhe@users.noreply.github.com> --- docs/snippets/generator-acr-example.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/snippets/generator-acr-example.yaml b/docs/snippets/generator-acr-example.yaml index 8e653c01ce4..06ad89fbaaa 100644 --- a/docs/snippets/generator-acr-example.yaml +++ b/docs/snippets/generator-acr-example.yaml @@ -11,7 +11,7 @@ spec: apiVersion: generators.external-secrets.io/v1alpha1 kind: ACRAccessToken name: my-azurecr - refreshInterval: 12h + refreshInterval: 3h target: name: azurecr-credentials template: From b3c3e1924d0da28eab54697da5abffd3e5ab3718 Mon Sep 17 00:00:00 2001 From: idimov-keeper <78815270+idimov-keeper@users.noreply.github.com> Date: Wed, 6 Nov 2024 14:58:04 -0600 Subject: [PATCH 391/517] Fix PushSecret lookup in keepersecurity provider (#4077) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fixed Keeper Security custom record type name in docs Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> * Fixed Keeper records lookup in PushSecret Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> * Improved Keeper record lookup to search only for records of the expected type Improved PushSecret and DeleteSecret Fixed "nil pointer dereference" errors Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> * Fixed tests Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> * chore(helm): Add extra labels to the validating webhooks (#4074) It should add a bunch of app.kubernetes.io labels Signed-off-by: Miguel Sacristán Izcue Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> * Added tests for secrets with multiple matches Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> --------- Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> Signed-off-by: Miguel Sacristán Izcue Co-authored-by: Tete17 Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/provider/keeper-security.md | 2 +- pkg/provider/keepersecurity/client.go | 56 +++++++++++++------- pkg/provider/keepersecurity/client_test.go | 59 +++++++++++++++------- pkg/provider/keepersecurity/fake/fake.go | 5 ++ 4 files changed, 84 insertions(+), 38 deletions(-) diff --git a/docs/provider/keeper-security.md b/docs/provider/keeper-security.md index 0d6e8f26add..9fd112be483 100644 --- a/docs/provider/keeper-security.md +++ b/docs/provider/keeper-security.md @@ -80,7 +80,7 @@ There are some limitations using this provider. ## Push Secrets -Push Secret will only work with a custom KeeperSecurity Record type `ExternalSecret` +Push Secret will only work with a custom KeeperSecurity Record type `externalSecrets` ### Behavior * `selector`: diff --git a/pkg/provider/keepersecurity/client.go b/pkg/provider/keepersecurity/client.go index ebb82119429..12ae9e80b85 100644 --- a/pkg/provider/keepersecurity/client.go +++ b/pkg/provider/keepersecurity/client.go @@ -46,7 +46,7 @@ const ( errInvalidJSONSecret = "invalid Secret. Secret %s can not be converted to JSON. %w" errInvalidRegex = "find.name.regex. Invalid Regular expresion %s. %w" errInvalidRemoteRefKey = "match.remoteRef.remoteKey. Invalid format. Format should match secretName/key got %s" - errInvalidSecretType = "ESO can only push/delete %s record types. Secret %s is type %s" + errInvalidSecretType = "ESO can only push/delete records of type %s. Secret %s is type %s" errFieldNotFound = "secret %s does not contain any custom field with label %s" externalSecretType = "externalSecrets" @@ -66,6 +66,7 @@ type Client struct { type SecurityClient interface { GetSecrets(filter []string) ([]*ksm.Record, error) GetSecretByTitle(recordTitle string) (*ksm.Record, error) + GetSecretsByTitle(recordTitle string) (records []*ksm.Record, err error) CreateSecretWithRecordData(recUID, folderUID string, recordData *ksm.RecordCreate) (string, error) DeleteSecrets(recrecordUids []string) (map[string]string, error) Save(record *ksm.Record) error @@ -172,24 +173,22 @@ func (c *Client) PushSecret(_ context.Context, secret *corev1.Secret, data esv1b if err != nil { return err } + record, err := c.findSecretByName(parts[0]) if err != nil { - _, err = c.createSecret(parts[0], parts[1], value) - if err != nil { - return err - } + return err } + if record != nil { - if record.Type() != externalSecretType { + if record.Type() == externalSecretType { + return c.updateSecret(record, parts[1], value) + } else { return fmt.Errorf(errInvalidSecretType, externalSecretType, record.Title(), record.Type()) } - err = c.updateSecret(record, parts[1], value) - if err != nil { - return err - } + } else { + _, err = c.createSecret(parts[0], parts[1], value) + return err } - - return nil } func (c *Client) DeleteSecret(_ context.Context, remoteRef esv1beta1.PushSecretRemoteRef) error { @@ -200,16 +199,15 @@ func (c *Client) DeleteSecret(_ context.Context, remoteRef esv1beta1.PushSecretR secret, err := c.findSecretByName(parts[0]) if err != nil { return err + } else if secret == nil { + return nil // not found == already deleted (success) } + if secret.Type() != externalSecretType { return fmt.Errorf(errInvalidSecretType, externalSecretType, secret.Title(), secret.Type()) } _, err = c.ksmClient.DeleteSecrets([]string{secret.Uid}) - if err != nil { - return nil - } - - return nil + return err } func (c *Client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { @@ -325,12 +323,32 @@ func (c *Client) findSecretByID(id string) (*ksm.Record, error) { } func (c *Client) findSecretByName(name string) (*ksm.Record, error) { - record, err := c.ksmClient.GetSecretByTitle(name) + records, err := c.ksmClient.GetSecretsByTitle(name) if err != nil { return nil, err } - return record, nil + // filter in-place, preserve only records of type externalSecretType + n := 0 + for _, record := range records { + if record.Type() == externalSecretType { + records[n] = record + n++ + } + } + records = records[:n] + + // record not found is not an error - handled differently: + // PushSecret will create new record instead + // DeleteSecret will consider record already deleted (no error) + if len(records) == 0 { + return nil, nil + } else if len(records) == 1 { + return records[0], nil + } + + // len(records) > 1 + return nil, fmt.Errorf(errKeeperSecuritySecretNotUnique, name) } func (s *Secret) validate() error { diff --git a/pkg/provider/keepersecurity/client_test.go b/pkg/provider/keepersecurity/client_test.go index b58c5c8127e..3784213df42 100644 --- a/pkg/provider/keepersecurity/client_test.go +++ b/pkg/provider/keepersecurity/client_test.go @@ -70,8 +70,8 @@ func TestClientDeleteSecret(t *testing.T) { record0: record0, }, nil }, - GetSecretByTitleFn: func(recordTitle string) (*ksm.Record, error) { - return generateRecords()[0], nil + GetSecretsByTitleFn: func(recordTitle string) (records []*ksm.Record, err error) { + return generateRecords()[:1], nil }, }, folderID: folderID, @@ -85,11 +85,16 @@ func TestClientDeleteSecret(t *testing.T) { wantErr: false, }, { - name: "Delete invalid secret type", + name: "Delete secret with multiple matches by Name", fields: fields{ ksmClient: &fake.MockKeeperClient{ - GetSecretByTitleFn: func(recordTitle string) (*ksm.Record, error) { - return generateRecords()[1], nil + DeleteSecretsFn: func(recrecordUids []string) (map[string]string, error) { + return map[string]string{ + record0: record0, + }, nil + }, + GetSecretsByTitleFn: func(recordTitle string) (records []*ksm.Record, err error) { + return []*ksm.Record{generateRecords()[0], generateRecords()[0]}, nil }, }, folderID: folderID, @@ -106,7 +111,7 @@ func TestClientDeleteSecret(t *testing.T) { name: "Delete non existing secret", fields: fields{ ksmClient: &fake.MockKeeperClient{ - GetSecretByTitleFn: func(recordTitle string) (*ksm.Record, error) { + GetSecretsByTitleFn: func(recordTitle string) (records []*ksm.Record, err error) { return nil, errors.New("failed") }, }, @@ -303,6 +308,24 @@ func TestClientGetSecret(t *testing.T) { want: []byte(outputRecord0), wantErr: false, }, + { + name: "Get secret with multiple matches by ID", + fields: fields{ + ksmClient: &fake.MockKeeperClient{ + GetSecretsFn: func(filter []string) ([]*ksm.Record, error) { + return []*ksm.Record{generateRecords()[0], generateRecords()[0]}, nil + }, + }, + folderID: folderID, + }, + args: args{ + ctx: context.Background(), + ref: v1beta1.ExternalSecretDataRemoteRef{ + Key: record0, + }, + }, + wantErr: true, + }, { name: "Get non existing secret", fields: fields{ @@ -511,8 +534,8 @@ func TestClientPushSecret(t *testing.T) { name: "Push new valid secret", fields: fields{ ksmClient: &fake.MockKeeperClient{ - GetSecretByTitleFn: func(recordTitle string) (*ksm.Record, error) { - return nil, errors.New("NotFound") + GetSecretsByTitleFn: func(recordTitle string) (records []*ksm.Record, err error) { + return generateRecords()[0:0], nil }, CreateSecretWithRecordDataFn: func(recUID, folderUid string, recordData *ksm.RecordCreate) (string, error) { return "record5", nil @@ -533,8 +556,8 @@ func TestClientPushSecret(t *testing.T) { name: "Push existing valid secret", fields: fields{ ksmClient: &fake.MockKeeperClient{ - GetSecretByTitleFn: func(recordTitle string) (*ksm.Record, error) { - return generateRecords()[0], nil + GetSecretsByTitleFn: func(recordTitle string) (records []*ksm.Record, err error) { + return generateRecords()[0:1], nil }, SaveFn: func(record *ksm.Record) error { return nil @@ -552,14 +575,11 @@ func TestClientPushSecret(t *testing.T) { wantErr: false, }, { - name: "Push existing invalid secret", + name: "Unable to push new valid secret with multiple matches by Name", fields: fields{ ksmClient: &fake.MockKeeperClient{ - GetSecretByTitleFn: func(recordTitle string) (*ksm.Record, error) { - return generateRecords()[1], nil - }, - SaveFn: func(record *ksm.Record) error { - return nil + GetSecretsByTitleFn: func(recordTitle string) (records []*ksm.Record, err error) { + return []*ksm.Record{generateRecords()[0], generateRecords()[0]}, nil }, }, folderID: folderID, @@ -569,7 +589,7 @@ func TestClientPushSecret(t *testing.T) { SecretKey: secretKey, RemoteKey: validExistingRecord, }, - value: []byte("foo2"), + value: []byte("foo"), }, wantErr: true, }, @@ -577,7 +597,7 @@ func TestClientPushSecret(t *testing.T) { name: "Unable to push new valid secret", fields: fields{ ksmClient: &fake.MockKeeperClient{ - GetSecretByTitleFn: func(recordTitle string) (*ksm.Record, error) { + GetSecretsByTitleFn: func(recordTitle string) (records []*ksm.Record, err error) { return nil, errors.New("NotFound") }, CreateSecretWithRecordDataFn: func(recUID, folderUID string, recordData *ksm.RecordCreate) (string, error) { @@ -602,6 +622,9 @@ func TestClientPushSecret(t *testing.T) { GetSecretByTitleFn: func(recordTitle string) (*ksm.Record, error) { return generateRecords()[0], nil }, + GetSecretsByTitleFn: func(recordTitle string) (records []*ksm.Record, err error) { + return generateRecords()[0:1], nil + }, SaveFn: func(record *ksm.Record) error { return errors.New("Unable to save") }, diff --git a/pkg/provider/keepersecurity/fake/fake.go b/pkg/provider/keepersecurity/fake/fake.go index 76654005b67..551b989533c 100644 --- a/pkg/provider/keepersecurity/fake/fake.go +++ b/pkg/provider/keepersecurity/fake/fake.go @@ -19,6 +19,7 @@ import ksm "github.com/keeper-security/secrets-manager-go/core" type MockKeeperClient struct { GetSecretsFn func([]string) ([]*ksm.Record, error) GetSecretByTitleFn func(recordTitle string) (*ksm.Record, error) + GetSecretsByTitleFn func(recordTitle string) (records []*ksm.Record, err error) CreateSecretWithRecordDataFn func(recUID, folderUID string, recordData *ksm.RecordCreate) (string, error) DeleteSecretsFn func(recrecordUids []string) (map[string]string, error) SaveFn func(record *ksm.Record) error @@ -47,6 +48,10 @@ func (mc *MockKeeperClient) GetSecretByTitle(recordTitle string) (*ksm.Record, e return mc.GetSecretByTitleFn(recordTitle) } +func (mc *MockKeeperClient) GetSecretsByTitle(recordTitle string) (records []*ksm.Record, err error) { + return mc.GetSecretsByTitleFn(recordTitle) +} + func (mc *MockKeeperClient) CreateSecretWithRecordData(recUID, folderUID string, recordData *ksm.RecordCreate) (string, error) { return mc.CreateSecretWithRecordDataFn(recUID, folderUID, recordData) } From ebbc3a0e27bde8f5af7146bf359d59b7bcb1bf67 Mon Sep 17 00:00:00 2001 From: Alex Samorukov Date: Thu, 7 Nov 2024 07:58:23 +0100 Subject: [PATCH 392/517] Add ability to use RetrySettings in the VaultDynamicSecret generator (#4076) Signed-off-by: Oleksij Samorukov --- apis/generators/v1alpha1/generator_vault.go | 4 ++++ apis/generators/v1alpha1/zz_generated.deepcopy.go | 5 +++++ ...nerators.external-secrets.io_vaultdynamicsecrets.yaml | 9 +++++++++ deploy/crds/bundle.yaml | 9 +++++++++ pkg/generator/vault/vault.go | 2 +- pkg/provider/vault/provider.go | 4 ++-- 6 files changed, 30 insertions(+), 3 deletions(-) diff --git a/apis/generators/v1alpha1/generator_vault.go b/apis/generators/v1alpha1/generator_vault.go index 220e94d39cf..9c4634d18a5 100644 --- a/apis/generators/v1alpha1/generator_vault.go +++ b/apis/generators/v1alpha1/generator_vault.go @@ -41,6 +41,10 @@ type VaultDynamicSecretSpec struct { // +kubebuilder:default=Data ResultType VaultDynamicSecretResultType `json:"resultType,omitempty"` + // Used to configure http retries if failed + // +optional + RetrySettings *esv1beta1.SecretStoreRetrySettings `json:"retrySettings,omitempty"` + // Vault provider common spec Provider *esv1beta1.VaultProvider `json:"provider"` diff --git a/apis/generators/v1alpha1/zz_generated.deepcopy.go b/apis/generators/v1alpha1/zz_generated.deepcopy.go index bd03e6d6f27..7a2662e3658 100644 --- a/apis/generators/v1alpha1/zz_generated.deepcopy.go +++ b/apis/generators/v1alpha1/zz_generated.deepcopy.go @@ -1035,6 +1035,11 @@ func (in *VaultDynamicSecretSpec) DeepCopyInto(out *VaultDynamicSecretSpec) { *out = new(apiextensionsv1.JSON) (*in).DeepCopyInto(*out) } + if in.RetrySettings != nil { + in, out := &in.RetrySettings, &out.RetrySettings + *out = new(v1beta1.SecretStoreRetrySettings) + (*in).DeepCopyInto(*out) + } if in.Provider != nil { in, out := &in.Provider, &out.Provider *out = new(v1beta1.VaultProvider) diff --git a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml index 7d1911053ab..23a27620f49 100644 --- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml +++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml @@ -710,6 +710,15 @@ spec: - Data - Auth type: string + retrySettings: + description: Used to configure http retries if failed + properties: + maxRetries: + format: int32 + type: integer + retryInterval: + type: string + type: object required: - path - provider diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index ab4058de657..d73ea44a70b 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -12848,6 +12848,15 @@ spec: - Data - Auth type: string + retrySettings: + description: Used to configure http retries if failed + properties: + maxRetries: + format: int32 + type: integer + retryInterval: + type: string + type: object required: - path - provider diff --git a/pkg/generator/vault/vault.go b/pkg/generator/vault/vault.go index e32912356a6..f729e064142 100644 --- a/pkg/generator/vault/vault.go +++ b/pkg/generator/vault/vault.go @@ -71,7 +71,7 @@ func (g *Generator) generate(ctx context.Context, c *provider.Provider, jsonSpec if res == nil || res.Spec.Provider == nil { return nil, errors.New("no Vault provider config in spec") } - cl, err := c.NewGeneratorClient(ctx, kube, corev1, res.Spec.Provider, namespace) + cl, err := c.NewGeneratorClient(ctx, kube, corev1, res.Spec.Provider, namespace, res.Spec.RetrySettings) if err != nil { return nil, fmt.Errorf(errVaultClient, err) } diff --git a/pkg/provider/vault/provider.go b/pkg/provider/vault/provider.go index 7a5b6752703..169199344a1 100644 --- a/pkg/provider/vault/provider.go +++ b/pkg/provider/vault/provider.go @@ -96,8 +96,8 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, return p.newClient(ctx, store, kube, clientset.CoreV1(), namespace) } -func (p *Provider) NewGeneratorClient(ctx context.Context, kube kclient.Client, corev1 typedcorev1.CoreV1Interface, vaultSpec *esv1beta1.VaultProvider, namespace string) (util.Client, error) { - vStore, cfg, err := p.prepareConfig(ctx, kube, corev1, vaultSpec, nil, namespace, resolvers.EmptyStoreKind) +func (p *Provider) NewGeneratorClient(ctx context.Context, kube kclient.Client, corev1 typedcorev1.CoreV1Interface, vaultSpec *esv1beta1.VaultProvider, namespace string, retrySettings *esv1beta1.SecretStoreRetrySettings) (util.Client, error) { + vStore, cfg, err := p.prepareConfig(ctx, kube, corev1, vaultSpec, retrySettings, namespace, resolvers.EmptyStoreKind) if err != nil { return nil, err } From 45df833a130b3dd3aadb2cb9f8c08f7e88de75f9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 22:00:52 +0100 Subject: [PATCH 393/517] chore(deps): bump golang from 1.23.2 to 1.23.3 (#4089) Bumps golang from 1.23.2 to 1.23.3. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.standalone | 2 +- tilt.debug.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index d876f6c2db4..4ca898ff7e2 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.23.2-alpine@sha256:9dd2625a1ff2859b8d8b01d8f7822c0f528942fe56cfe7a1e7c38d3b8d72d679 AS builder +FROM golang:1.23.3-alpine@sha256:09742590377387b931261cbeb72ce56da1b0d750a27379f7385245b2b058b63a AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 6734e90ac8d..2a0b2bfea6c 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.2@sha256:ad5c126b5cf501a8caef751a243bb717ec204ab1aa56dc41dc11be089fafcb4f +FROM golang:1.23.3@sha256:d56c3e08fe5b27729ee3834854ae8f7015af48fd651cd25d1e3bcf3c19830174 WORKDIR / COPY ./bin/external-secrets /external-secrets From ff659c4a35502f3abfe1594824dacdebf30aef09 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 21:01:27 +0000 Subject: [PATCH 394/517] chore(deps): bump packaging from 24.1 to 24.2 in /hack/api-docs (#4090) Bumps [packaging](https://github.com/pypa/packaging) from 24.1 to 24.2. - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pypa/packaging/compare/24.1...24.2) --- updated-dependencies: - dependency-name: packaging dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 75ae2869baa..443f6b5e3da 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -21,7 +21,7 @@ mkdocs-macros-plugin==1.3.7 mkdocs-material==9.5.43 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 -packaging==24.1 +packaging==24.2 paginate==0.5.7 pathspec==0.12.1 pep562==1.1 From e25edd70920554d65b9bac1b60492f991b906638 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 21:02:09 +0000 Subject: [PATCH 395/517] chore(deps): bump mkdocs-material in /hack/api-docs (#4091) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.43 to 9.5.44. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.43...9.5.44) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 443f6b5e3da..568ac1b8fb5 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 mkdocs-macros-plugin==1.3.7 -mkdocs-material==9.5.43 +mkdocs-material==9.5.44 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.2 From bf4a1a1ad90d8af229d9d4ba6a08578e8b6f6a4a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andreas=20Lindh=C3=A9?= <7773090+lindhe@users.noreply.github.com> Date: Tue, 12 Nov 2024 22:36:58 +0100 Subject: [PATCH 396/517] Update docs for ExternalSecrets's refreshInterval (#4097) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Fixes #4079 Signed-off-by: Andreas Lindhé <7773090+lindhe@users.noreply.github.com> --- apis/externalsecrets/v1beta1/externalsecret_types.go | 4 +++- .../bases/external-secrets.io_clusterexternalsecrets.yaml | 4 +++- .../crds/bases/external-secrets.io_externalsecrets.yaml | 4 +++- deploy/crds/bundle.yaml | 8 ++++++-- docs/api/spec.md | 8 ++++++-- 5 files changed, 21 insertions(+), 7 deletions(-) diff --git a/apis/externalsecrets/v1beta1/externalsecret_types.go b/apis/externalsecrets/v1beta1/externalsecret_types.go index 416c8a7dabf..6df9d538d54 100644 --- a/apis/externalsecrets/v1beta1/externalsecret_types.go +++ b/apis/externalsecrets/v1beta1/externalsecret_types.go @@ -342,8 +342,10 @@ type ExternalSecretSpec struct { // +optional Target ExternalSecretTarget `json:"target,omitempty"` - // RefreshInterval is the amount of time before the values are read again from the SecretStore provider + // RefreshInterval is the amount of time before the values are read again from the SecretStore provider, + // specified as Golang Duration strings. // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" + // Example values: "1h", "2h30m", "5d", "10s" // May be set to zero to fetch and create it once. Defaults to 1h. // +kubebuilder:default="1h" RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"` diff --git a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml index 326e2448e90..0df4036c39c 100644 --- a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml @@ -357,8 +357,10 @@ spec: refreshInterval: default: 1h description: |- - RefreshInterval is the amount of time before the values are read again from the SecretStore provider + RefreshInterval is the amount of time before the values are read again from the SecretStore provider, + specified as Golang Duration strings. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" + Example values: "1h", "2h30m", "5d", "10s" May be set to zero to fetch and create it once. Defaults to 1h. type: string secretStoreRef: diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index a0396a82023..f5928409300 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -621,8 +621,10 @@ spec: refreshInterval: default: 1h description: |- - RefreshInterval is the amount of time before the values are read again from the SecretStore provider + RefreshInterval is the amount of time before the values are read again from the SecretStore provider, + specified as Golang Duration strings. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" + Example values: "1h", "2h30m", "5d", "10s" May be set to zero to fetch and create it once. Defaults to 1h. type: string secretStoreRef: diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index d73ea44a70b..1898611eb45 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -335,8 +335,10 @@ spec: refreshInterval: default: 1h description: |- - RefreshInterval is the amount of time before the values are read again from the SecretStore provider + RefreshInterval is the amount of time before the values are read again from the SecretStore provider, + specified as Golang Duration strings. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" + Example values: "1h", "2h30m", "5d", "10s" May be set to zero to fetch and create it once. Defaults to 1h. type: string secretStoreRef: @@ -5882,8 +5884,10 @@ spec: refreshInterval: default: 1h description: |- - RefreshInterval is the amount of time before the values are read again from the SecretStore provider + RefreshInterval is the amount of time before the values are read again from the SecretStore provider, + specified as Golang Duration strings. Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h" + Example values: "1h", "2h30m", "5d", "10s" May be set to zero to fetch and create it once. Defaults to 1h. type: string secretStoreRef: diff --git a/docs/api/spec.md b/docs/api/spec.md index 28dce84622b..ceecadcf9ba 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -2989,8 +2989,10 @@ Kubernetes meta/v1.Duration -

    RefreshInterval is the amount of time before the values are read again from the SecretStore provider +

    RefreshInterval is the amount of time before the values are read again from the SecretStore provider, +specified as Golang Duration strings. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” +Example values: “1h”, “2h30m”, “5d”, “10s” May be set to zero to fetch and create it once. Defaults to 1h.

    @@ -3730,8 +3732,10 @@ Kubernetes meta/v1.Duration     -

    RefreshInterval is the amount of time before the values are read again from the SecretStore provider +

    RefreshInterval is the amount of time before the values are read again from the SecretStore provider, +specified as Golang Duration strings. Valid time units are “ns”, “us” (or “µs”), “ms”, “s”, “m”, “h” +Example values: “1h”, “2h30m”, “5d”, “10s” May be set to zero to fetch and create it once. Defaults to 1h.

    From b262773d41474a4cc45f80cb8bef61648760299c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 21:38:21 +0000 Subject: [PATCH 397/517] chore(deps): bump zipp from 3.20.2 to 3.21.0 in /hack/api-docs (#4092) Bumps [zipp](https://github.com/jaraco/zipp) from 3.20.2 to 3.21.0. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.20.2...v3.21.0) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 568ac1b8fb5..c5ee8b48106 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -39,4 +39,4 @@ tornado==6.4.1 urllib3==2.2.3 verspec==0.1.0 watchdog==6.0.0 -zipp==3.20.2 +zipp==3.21.0 From 81c49ba25f017c50a9622e95f6d7092d457c9a0b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 21:38:37 +0000 Subject: [PATCH 398/517] chore(deps): bump regex from 2024.9.11 to 2024.11.6 in /hack/api-docs (#4093) Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2024.9.11 to 2024.11.6. - [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt) - [Commits](https://github.com/mrabarnett/mrab-regex/compare/2024.9.11...2024.11.6) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index c5ee8b48106..50b969cdd75 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -31,7 +31,7 @@ pymdown-extensions==10.12 python-dateutil==2.9.0.post0 PyYAML==6.0.2 pyyaml_env_tag==0.1 -regex==2024.9.11 +regex==2024.11.6 requests==2.32.3 six==1.16.0 termcolor==2.5.0 From 0c0fe54d6fd3c187a9791a3512a2b17e3ff534ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 22:27:54 +0000 Subject: [PATCH 399/517] chore(deps): bump golang from 1.23.2-bookworm to 1.23.3-bookworm in /e2e (#4094) Bumps golang from 1.23.2-bookworm to 1.23.3-bookworm. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 08f80718d1a..4118c007eac 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.2-bookworm@sha256:2341ddffd3eddb72e0aebab476222fbc24d4a507c4d490a51892ec861bdb71fc as builder +FROM golang:1.23.3-bookworm@sha256:0e3377d7a71c1fcb31cdc3215292712e83baec44e4792aeaa75e503cfcae16ec as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From 77f2b3489cfb8db03b5ab1a569232a9b7800b164 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Tue, 12 Nov 2024 22:50:43 +0000 Subject: [PATCH 400/517] update dependencies (#4096) Signed-off-by: External Secrets Operator Signed-off-by: Moritz Johner Co-authored-by: External Secrets Operator --- .golangci.yaml | 2 +- e2e/go.mod | 52 +++++++++---------- e2e/go.sum | 104 +++++++++++++++++++------------------- go.mod | 62 +++++++++++------------ go.sum | 132 +++++++++++++++++++++++-------------------------- 5 files changed, 172 insertions(+), 180 deletions(-) diff --git a/.golangci.yaml b/.golangci.yaml index c1af2d9175a..ab37d7b863e 100644 --- a/.golangci.yaml +++ b/.golangci.yaml @@ -56,7 +56,7 @@ linters: - errcheck - errorlint - exhaustive - - exportloopref + - copyloopvar - gci - goheader - goconst diff --git a/e2e/go.mod b/e2e/go.mod index c993b6c42c8..51c8b06fb67 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -58,16 +58,16 @@ require ( github.com/hashicorp/vault/api v1.15.0 github.com/onsi/ginkgo/v2 v2.21.0 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.77.1 + github.com/oracle/oci-go-sdk/v65 v65.78.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 - github.com/xanzy/go-gitlab v0.112.0 - golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.204.0 + github.com/xanzy/go-gitlab v0.113.0 + golang.org/x/oauth2 v0.24.0 + google.golang.org/api v0.205.0 k8s.io/api v0.31.2 k8s.io/apiextensions-apiserver v0.31.2 k8s.io/apimachinery v0.31.2 k8s.io/client-go v1.5.2 - k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 + k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 sigs.k8s.io/controller-runtime v0.19.1 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.5.0 @@ -75,7 +75,7 @@ require ( require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.10.0 // indirect + cloud.google.com/go/auth v0.10.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect cloud.google.com/go/iam v1.2.2 // indirect @@ -91,7 +91,7 @@ require ( github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 // indirect github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/semver/v3 v3.3.0 // indirect github.com/Masterminds/sprig/v3 v3.3.0 // indirect @@ -142,7 +142,7 @@ require ( github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-sockaddr v1.0.7 // indirect - github.com/hashicorp/hcl v1.0.1-vault-6 // indirect + github.com/hashicorp/hcl v1.0.1-vault-7 // indirect github.com/huandu/xstrings v1.5.0 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect @@ -187,25 +187,25 @@ require ( github.com/x448/float16 v0.8.4 // indirect github.com/zalando/go-keyring v0.2.6 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 // indirect - go.opentelemetry.io/otel v1.31.0 // indirect - go.opentelemetry.io/otel/metric v1.31.0 // indirect - go.opentelemetry.io/otel/trace v1.31.0 // indirect - golang.org/x/crypto v0.28.0 // indirect - golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect - golang.org/x/net v0.30.0 // indirect - golang.org/x/sync v0.8.0 // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/term v0.25.0 // indirect - golang.org/x/text v0.19.0 // indirect - golang.org/x/time v0.7.0 // indirect - golang.org/x/tools v0.26.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect + go.opentelemetry.io/otel v1.32.0 // indirect + go.opentelemetry.io/otel/metric v1.32.0 // indirect + go.opentelemetry.io/otel/trace v1.32.0 // indirect + golang.org/x/crypto v0.29.0 // indirect + golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect + golang.org/x/net v0.31.0 // indirect + golang.org/x/sync v0.9.0 // indirect + golang.org/x/sys v0.27.0 // indirect + golang.org/x/term v0.26.0 // indirect + golang.org/x/text v0.20.0 // indirect + golang.org/x/time v0.8.0 // indirect + golang.org/x/tools v0.27.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect - google.golang.org/grpc v1.67.1 // indirect + google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/grpc v1.68.0 // indirect google.golang.org/protobuf v1.35.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index e572660c52f..d641cbd4a2b 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -22,8 +22,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.10.0 h1:tWlkvFAh+wwTOzXIjrwM64karR1iTBZ/GRr0S/DULYo= -cloud.google.com/go/auth v0.10.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth v0.10.1 h1:TnK46qldSfHWt2a0b/hciaiVJsmDXWy9FqyUan0uYiI= +cloud.google.com/go/auth v0.10.1/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk= cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -98,8 +98,8 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3 h1:6LyjnnaLpcOKK0fbYisI+mb8CE7iNe7i89nMNQxFxs8= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 h1:gUDtaZk8heteyfdmv+pcfHvhR9llnh7c7GMwZ8RVG04= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= @@ -342,8 +342,8 @@ github.com/hashicorp/go-sockaddr v1.0.7 h1:G+pTkSO01HpR5qCxg7lxfsFEZaG+C0VssTy/9 github.com/hashicorp/go-sockaddr v1.0.7/go.mod h1:FZQbEYa1pxkQ7WLpyXJ6cbjpT8q0YgQaK/JakXqGyWw= github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= -github.com/hashicorp/hcl v1.0.1-vault-6 h1:qThxNRouu5cv9LCLZ7pY43TroykqN+Uc7fT3f7tyYh4= -github.com/hashicorp/hcl v1.0.1-vault-6/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= +github.com/hashicorp/hcl v1.0.1-vault-7 h1:ag5OxFVy3QYTFTJODRzTKVZ6xvdfLLCA1cy/Y6xGI0I= +github.com/hashicorp/hcl v1.0.1-vault-7/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA= github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8= github.com/huandu/xstrings v1.3.3/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= @@ -428,8 +428,8 @@ github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.77.1 h1:gqjTXIUWvTihkn470AclxSAMcR1JecqjD2IUtp+sDIU= -github.com/oracle/oci-go-sdk/v65 v65.77.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.78.0 h1:iM7lFFA7cJkUD4tmrlsAHWgL3HuTuF9mdvTAliMkcFA= +github.com/oracle/oci-go-sdk/v65 v65.78.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -505,8 +505,8 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.112.0 h1:6Z0cqEooCvBMfBIHw+CgO4AKGRV8na/9781xOb0+DKw= -github.com/xanzy/go-gitlab v0.112.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/xanzy/go-gitlab v0.113.0 h1:v5O4R+YZbJGxKqa9iIZxjMyeKkMKBN8P6sZsNl+YckM= +github.com/xanzy/go-gitlab v0.113.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -523,18 +523,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 h1:yMkBS9yViCc7U7yeLzJPM2XizlfdVvBRSmsQDWu6qc0= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0/go.mod h1:n8MR6/liuGB5EmTETUBeU5ZgqMOlqKRxUaqPQBOANZ8= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 h1:UP6IpuHFkUgOQL9FFQFrZ+5LiwhhYRbi7VZSIx6Nj5s= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0/go.mod h1:qxuZLtbq5QDtdeSHsS7bcf6EH6uO6jUAgk764zd3rhM= -go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY= -go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE= -go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE= -go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 h1:qtFISDHKolvIxzSs0gIaiPUPR0Cucb0F2coHC7ZLdps= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0/go.mod h1:Y+Pop1Q6hCOnETWTW4NROK/q1hv50hM7yDaUTjG8lp8= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 h1:DheMAlT6POBP+gh8RUH19EOTnQIor5QE0uSRPtzCpSw= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0/go.mod h1:wZcGmeVO9nzP67aYSLDqXNWK87EZWhi7JWj1v7ZXf94= +go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= +go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= +go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= +go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= -go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys= -go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A= +go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= +go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= @@ -557,8 +557,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= -golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= +golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= +golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -569,8 +569,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY= -golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -639,8 +639,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -654,8 +654,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= -golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -669,8 +669,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= +golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -720,8 +720,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -730,8 +730,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= -golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= +golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -746,13 +746,13 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= +golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= -golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= +golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -803,8 +803,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= -golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= +golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= +golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -833,8 +833,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.204.0 h1:3PjmQQEDkR/ENVZZwIYB4W/KzYtN8OrqnNcHWpeR8E4= -google.golang.org/api v0.204.0/go.mod h1:69y8QSoKIbL9F94bWgWAq6wGqGwyjBgi2y8rAK8zLag= +google.golang.org/api v0.205.0 h1:LFaxkAIpDb/GsrWV20dMMo5MR0h8UARTbn24LmD+0Pg= +google.golang.org/api v0.205.0/go.mod h1:NrK1EMqO8Xk6l6QwRAmrXXg2v6dzukhlOyvkYtnvUuc= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -882,12 +882,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 h1:Q3nlH8iSQSRUwOskjbcSMcF2jiYMNiQYZ0c2KEJLKKU= -google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38/go.mod h1:xBI+tzfqGGN2JBeSebfKXFSdBpWVQ7sLW40PTupVRm4= -google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 h1:2oV8dfuIkM1Ti7DwXc0BJfnwr9csz4TDXI9EmiI+Rbw= -google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38/go.mod h1:vuAjtvlwkDKF6L1GQ0SokiRLCGFfeBUXWr/aFFkHACc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28 h1:KJjNNclfpIkVqrZlTWcgOOaVQ00LdBnoEaRfkUx760s= +google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:mt9/MofW7AWQ+Gy179ChOnvmJatV8YHUmrcedo9CIFI= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -907,8 +907,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= -google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= +google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -966,8 +966,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094 h1:MErs8YA0abvOqJ8gIupA1Tz6PKXYUw34XsGlA7uSL1k= k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094/go.mod h1:7ioBJr1A6igWjsR2fxq2EZ0mlMwYLejazSIc2bzMp2U= -k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 h1:MDF6h2H/h4tbzmtIKTuctcwZmY0tY9mD9fNT47QO6HI= -k8s.io/utils v0.0.0-20240921022957-49e7df575cb6/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno= +k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= diff --git a/go.mod b/go.mod index eb19003e0f5..e401dec2333 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 - github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3 + github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 github.com/IBM/go-sdk-core/v5 v5.18.1 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.8 github.com/Masterminds/goutils v1.1.1 // indirect @@ -32,29 +32,29 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.21.0 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.77.1 + github.com/oracle/oci-go-sdk/v65 v65.78.0 github.com/prometheus/client_golang v1.20.5 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.18.0 - github.com/xanzy/go-gitlab v0.112.0 + github.com/xanzy/go-gitlab v0.113.0 github.com/yandex-cloud/go-genproto v0.0.0-20241101135610-76a0cfc1a773 github.com/yandex-cloud/go-sdk v0.0.0-20241101143304-947cf519f6bd github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.28.0 - golang.org/x/oauth2 v0.23.0 - google.golang.org/api v0.204.0 - google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 - google.golang.org/grpc v1.67.1 + golang.org/x/crypto v0.29.0 + golang.org/x/oauth2 v0.24.0 + google.golang.org/api v0.205.0 + google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28 + google.golang.org/grpc v1.68.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 k8s.io/api v0.31.2 k8s.io/apiextensions-apiserver v0.31.2 k8s.io/apimachinery v0.31.2 k8s.io/client-go v0.31.2 - k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 + k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 sigs.k8s.io/controller-runtime v0.19.1 sigs.k8s.io/controller-tools v0.16.5 ) @@ -65,7 +65,7 @@ require ( dario.cat/mergo v1.0.1 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 - github.com/BeyondTrust/go-client-library-passwordsafe v0.8.3 + github.com/BeyondTrust/go-client-library-passwordsafe v0.9.1 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d @@ -75,7 +75,7 @@ require ( github.com/alibabacloud-go/openapi-util v0.1.1 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.7 - github.com/aliyun/credentials-go v1.4.0 + github.com/aliyun/credentials-go v1.4.1 github.com/avast/retry-go/v4 v4.6.0 github.com/cenkalti/backoff/v4 v4.3.0 github.com/cyberark/conjur-api-go v0.12.6 @@ -102,12 +102,12 @@ require ( require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.10.0 // indirect + cloud.google.com/go/auth v0.10.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect - github.com/ProtonMail/go-crypto v1.0.0 // indirect + github.com/ProtonMail/go-crypto v1.1.2 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect - github.com/ProtonMail/gopenpgp/v2 v2.7.5 // indirect + github.com/ProtonMail/gopenpgp/v2 v2.8.0 // indirect github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 // indirect github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect github.com/alibabacloud-go/darabonba-array v0.1.0 // indirect @@ -143,14 +143,14 @@ require ( github.com/tjfoc/gmsm v1.4.1 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/zalando/go-keyring v0.2.6 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 // indirect - go.opentelemetry.io/otel v1.31.0 // indirect - go.opentelemetry.io/otel/metric v1.31.0 // indirect - go.opentelemetry.io/otel/trace v1.31.0 // indirect - golang.org/x/sync v0.8.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect + go.opentelemetry.io/otel v1.32.0 // indirect + go.opentelemetry.io/otel/metric v1.32.0 // indirect + go.opentelemetry.io/otel/trace v1.32.0 // indirect + golang.org/x/sync v0.9.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect @@ -206,7 +206,7 @@ require ( github.com/hashicorp/go-secure-stdlib/parseutil v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-sockaddr v1.0.7 // indirect - github.com/hashicorp/hcl v1.0.1-vault-6 // indirect + github.com/hashicorp/hcl v1.0.1-vault-7 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect @@ -248,14 +248,14 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c // indirect - golang.org/x/mod v0.21.0 // indirect - golang.org/x/net v0.30.0 // indirect - golang.org/x/sys v0.26.0 // indirect - golang.org/x/term v0.25.0 // indirect - golang.org/x/text v0.19.0 // indirect - golang.org/x/time v0.7.0 // indirect - golang.org/x/tools v0.26.0 // indirect + golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect + golang.org/x/mod v0.22.0 // indirect + golang.org/x/net v0.31.0 // indirect + golang.org/x/sys v0.27.0 // indirect + golang.org/x/term v0.26.0 // indirect + golang.org/x/text v0.20.0 // indirect + golang.org/x/time v0.8.0 // indirect + golang.org/x/tools v0.27.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.35.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index a0baa0f6900..3d75c05081d 100644 --- a/go.sum +++ b/go.sum @@ -22,8 +22,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.10.0 h1:tWlkvFAh+wwTOzXIjrwM64karR1iTBZ/GRr0S/DULYo= -cloud.google.com/go/auth v0.10.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth v0.10.1 h1:TnK46qldSfHWt2a0b/hciaiVJsmDXWy9FqyUan0uYiI= +cloud.google.com/go/auth v0.10.1/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk= cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -100,10 +100,10 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3 h1:6LyjnnaLpcOKK0fbYisI+mb8CE7iNe7i89nMNQxFxs8= -github.com/AzureAD/microsoft-authentication-library-for-go v1.2.3/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= -github.com/BeyondTrust/go-client-library-passwordsafe v0.8.3 h1:BChgUpNauEnc70oOVUxexKUeh9Y/GlUpyQxWGkYA3I4= -github.com/BeyondTrust/go-client-library-passwordsafe v0.8.3/go.mod h1:TnbBwWYg9rtfDxQGF7pmD0gCPcbWgCUQIqum3dFMRTk= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 h1:gUDtaZk8heteyfdmv+pcfHvhR9llnh7c7GMwZ8RVG04= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/BeyondTrust/go-client-library-passwordsafe v0.9.1 h1:4mDFg59G33h74UrvXln2oAz2ojXsKVoEI6XUMtOkBXw= +github.com/BeyondTrust/go-client-library-passwordsafe v0.9.1/go.mod h1:TnbBwWYg9rtfDxQGF7pmD0gCPcbWgCUQIqum3dFMRTk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= @@ -129,13 +129,12 @@ github.com/PaesslerAG/gval v1.2.3/go.mod h1:XRFLwvmkTEdYziLdaCeCa5ImcGVrfQbeNUbV github.com/PaesslerAG/jsonpath v0.1.0/go.mod h1:4BzmtoM/PI8fPO4aQGIusjGxGir2BzcV0grWtFzq1Y8= github.com/PaesslerAG/jsonpath v0.1.1 h1:c1/AToHQMVsduPAa4Vh6xp2U0evy4t8SWp8imEsylIk= github.com/PaesslerAG/jsonpath v0.1.1/go.mod h1:lVboNxFGal/VwW6d9JzIy56bUsYAP6tH/x80vjnCseY= -github.com/ProtonMail/go-crypto v0.0.0-20230717121422-5aa5874ade95/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= -github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= -github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= +github.com/ProtonMail/go-crypto v1.1.2 h1:A7JbD57ThNqh7XjmHE+PXpQ3Dqt3BrSAC0AL0Go3KS0= +github.com/ProtonMail/go-crypto v1.1.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw= -github.com/ProtonMail/gopenpgp/v2 v2.7.5 h1:STOY3vgES59gNgoOt2w0nyHBjKViB/qSg7NjbQWPJkA= -github.com/ProtonMail/gopenpgp/v2 v2.7.5/go.mod h1:IhkNEDaxec6NyzSI0PlxapinnwPVIESk8/76da3Ct3g= +github.com/ProtonMail/gopenpgp/v2 v2.8.0 h1:WvMv3CMcFsqKSM4/Qf8sf3tgyQkzDqQmoSE49bnBuP4= +github.com/ProtonMail/gopenpgp/v2 v2.8.0/go.mod h1:qb2GUSnmA9ipBW5GVtCtEhkummSlqs2A8Ar3S0HBgSY= github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 h1:+XfOU14S4bGuwyvCijJwhhBIjYN+YXS18jrCY2EzJaY= github.com/ahmetb/gen-crd-api-reference-docs v0.3.0/go.mod h1:TdjdkYhlOifCQWPs1UdTma97kQQMozf5h26hTuG70u8= github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 h1:ly0WKARATneFzwBlTZ2lUyjtLqoOEYqt1vOlf89za/4= @@ -192,8 +191,8 @@ github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6q github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= -github.com/aliyun/credentials-go v1.4.0 h1:DcVUQjqH8glhZEyCIBsH1LoKhpyHV4Ux2AEidTBjxEQ= -github.com/aliyun/credentials-go v1.4.0/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= +github.com/aliyun/credentials-go v1.4.1 h1:kjcAN/h6QoqxMNphFvElsJLgCBo76ayWDj07h5cwfjg= +github.com/aliyun/credentials-go v1.4.1/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinRJA= @@ -206,7 +205,6 @@ github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM= github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= -github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= github.com/cenkalti/backoff/v4 v4.3.0 h1:MyRJ/UdXutAwSAT+s3wNd7MfTIcy71VQueUuFK343L8= github.com/cenkalti/backoff/v4 v4.3.0/go.mod h1:Y3VNntkOUPxTVeUxJ/G5vcM//AlwfmyYozVcomhLiZE= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= @@ -219,7 +217,6 @@ github.com/clbanning/mxj/v2 v2.5.5/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn github.com/clbanning/mxj/v2 v2.7.0 h1:WA/La7UGCanFe5NpHF0Q3DNtnCsVoxbPKuyBNHWRyME= github.com/clbanning/mxj/v2 v2.7.0/go.mod h1:hNiWqW14h+kc+MdF9C6/YoRfjEJoR3ou6tn/Qo+ve2s= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= -github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= github.com/cloudflare/circl v1.5.0 h1:hxIWksrX6XN5a1L2TI/h53AGPhNHoUBo+TD1ms9+pys= github.com/cloudflare/circl v1.5.0/go.mod h1:uddAzsPgqdMAYatqJ0lsjX1oECcQLIlRpzZh3pJrofs= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= @@ -457,8 +454,8 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/golang-lru v1.0.2 h1:dV3g9Z/unq5DpblPpw+Oqcv4dU/1omnb4Ok8iPY6p1c= github.com/hashicorp/golang-lru v1.0.2/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4= -github.com/hashicorp/hcl v1.0.1-vault-6 h1:qThxNRouu5cv9LCLZ7pY43TroykqN+Uc7fT3f7tyYh4= -github.com/hashicorp/hcl v1.0.1-vault-6/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= +github.com/hashicorp/hcl v1.0.1-vault-7 h1:ag5OxFVy3QYTFTJODRzTKVZ6xvdfLLCA1cy/Y6xGI0I= +github.com/hashicorp/hcl v1.0.1-vault-7/go.mod h1:XYhtn6ijBSAj6n4YqAaf7RBPS4I06AItNorpy+MoQNM= github.com/hashicorp/vault/api v1.15.0 h1:O24FYQCWwhwKnF7CuSqP30S51rTV7vz1iACXE/pj5DA= github.com/hashicorp/vault/api v1.15.0/go.mod h1:+5YTO09JGn0u+b6ySD/LLVf8WkJCPLAL2Vkmrn2+CM8= github.com/hashicorp/vault/api/auth/approle v0.8.0 h1:FuVtWZ0xD6+wz1x0l5s0b4852RmVXQNEiKhVXt6lfQY= @@ -575,8 +572,8 @@ github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.77.1 h1:gqjTXIUWvTihkn470AclxSAMcR1JecqjD2IUtp+sDIU= -github.com/oracle/oci-go-sdk/v65 v65.77.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.78.0 h1:iM7lFFA7cJkUD4tmrlsAHWgL3HuTuF9mdvTAliMkcFA= +github.com/oracle/oci-go-sdk/v65 v65.78.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.1 h1:boNYHZmSnWl/3bKbUiaWgF/mELCtHfliGHzggf884GE= github.com/passbolt/go-passbolt v0.7.1/go.mod h1:if/jzzYYUjRtq/5h+l+J5Dka0f5dED67QM1lhpTx4pY= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -681,8 +678,8 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.112.0 h1:6Z0cqEooCvBMfBIHw+CgO4AKGRV8na/9781xOb0+DKw= -github.com/xanzy/go-gitlab v0.112.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/xanzy/go-gitlab v0.113.0 h1:v5O4R+YZbJGxKqa9iIZxjMyeKkMKBN8P6sZsNl+YckM= +github.com/xanzy/go-gitlab v0.113.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/yandex-cloud/go-genproto v0.0.0-20241101135610-76a0cfc1a773 h1:xkWrnYFWxiwCKVbmuOEMR030UCFklpglmOcPv9yJz2c= github.com/yandex-cloud/go-genproto v0.0.0-20241101135610-76a0cfc1a773/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= github.com/yandex-cloud/go-sdk v0.0.0-20241101143304-947cf519f6bd h1:LcA5pQoWjS2hhG6bV2ZL9eBEV2wLSVbM2KcpDphYP/w= @@ -708,18 +705,18 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0 h1:yMkBS9yViCc7U7yeLzJPM2XizlfdVvBRSmsQDWu6qc0= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.56.0/go.mod h1:n8MR6/liuGB5EmTETUBeU5ZgqMOlqKRxUaqPQBOANZ8= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0 h1:UP6IpuHFkUgOQL9FFQFrZ+5LiwhhYRbi7VZSIx6Nj5s= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.56.0/go.mod h1:qxuZLtbq5QDtdeSHsS7bcf6EH6uO6jUAgk764zd3rhM= -go.opentelemetry.io/otel v1.31.0 h1:NsJcKPIW0D0H3NgzPDHmo0WW6SptzPdqg/L1zsIm2hY= -go.opentelemetry.io/otel v1.31.0/go.mod h1:O0C14Yl9FgkjqcCZAsE053C13OaddMYr/hz6clDkEJE= -go.opentelemetry.io/otel/metric v1.31.0 h1:FSErL0ATQAmYHUIzSezZibnyVlft1ybhy4ozRPcF2fE= -go.opentelemetry.io/otel/metric v1.31.0/go.mod h1:C3dEloVbLuYoX41KpmAhOqNriGbA+qqH6PQ5E5mUfnY= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 h1:qtFISDHKolvIxzSs0gIaiPUPR0Cucb0F2coHC7ZLdps= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0/go.mod h1:Y+Pop1Q6hCOnETWTW4NROK/q1hv50hM7yDaUTjG8lp8= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 h1:DheMAlT6POBP+gh8RUH19EOTnQIor5QE0uSRPtzCpSw= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0/go.mod h1:wZcGmeVO9nzP67aYSLDqXNWK87EZWhi7JWj1v7ZXf94= +go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= +go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= +go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= +go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= -go.opentelemetry.io/otel/trace v1.31.0 h1:ffjsj1aRouKewfr85U2aGagJ46+MvodynlQ1HYdmJys= -go.opentelemetry.io/otel/trace v1.31.0/go.mod h1:TXZkRk7SM2ZQLtR6eoAWQFIHPvzQ06FJAsO1tJg480A= +go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= +go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -739,9 +736,7 @@ golang.org/x/crypto v0.0.0-20201012173705-84dcc777aaee/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.3.1-0.20221117191849-2c476679df9a/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= -golang.org/x/crypto v0.7.0/go.mod h1:pYwdfH91IfpZVANVyUOhSIPZaFoJGxTFbZhFTx+dXZU= golang.org/x/crypto v0.10.0/go.mod h1:o4eNf7Ede1fv+hwOwZsTHl9EsPFO6q6ZvYR8vYfY45I= golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc= golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= @@ -750,8 +745,8 @@ golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw= -golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U= +golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= +golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -762,8 +757,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c h1:7dEasQXItcW1xKJ2+gg5VOiBnqWrJc+rq0DPKyvvdbY= -golang.org/x/exp v0.0.0-20241009180824-f66d83c29e7c/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo= +golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -789,8 +784,8 @@ golang.org/x/mod v0.4.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.4.1/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs= -golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= -golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= +golang.org/x/mod v0.22.0 h1:D4nJWe9zXqHOmWqj4VMOJhvzj7bEZg4wEYa759z1pH4= +golang.org/x/mod v0.22.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -831,7 +826,6 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= -golang.org/x/net v0.8.0/go.mod h1:QVkue5JL9kW//ek3r6jTKnTFis1tRmNAW2P1shuFdJc= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.11.0/go.mod h1:2L/ixqYpgIVXmeoSA/4Lu7BzTG4KIyPIryS4IsOd1oQ= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= @@ -840,8 +834,8 @@ golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4= -golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU= +golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= +golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -855,8 +849,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= -golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= +golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -870,8 +864,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= -golang.org/x/sync v0.8.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= +golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -923,7 +917,6 @@ golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220908164124-27713097b956/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= @@ -934,13 +927,12 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= -golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= +golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= -golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.9.0/go.mod h1:M6DEAAIenWoTxdKrOltXcmDY3rSplQUkrvaDU5FcQyo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= @@ -949,8 +941,8 @@ golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= -golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= +golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= +golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -967,13 +959,13 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= -golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= +golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= -golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= +golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -1027,8 +1019,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= -golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= +golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= +golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1057,8 +1049,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.204.0 h1:3PjmQQEDkR/ENVZZwIYB4W/KzYtN8OrqnNcHWpeR8E4= -google.golang.org/api v0.204.0/go.mod h1:69y8QSoKIbL9F94bWgWAq6wGqGwyjBgi2y8rAK8zLag= +google.golang.org/api v0.205.0 h1:LFaxkAIpDb/GsrWV20dMMo5MR0h8UARTbn24LmD+0Pg= +google.golang.org/api v0.205.0/go.mod h1:NrK1EMqO8Xk6l6QwRAmrXXg2v6dzukhlOyvkYtnvUuc= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1106,12 +1098,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38 h1:Q3nlH8iSQSRUwOskjbcSMcF2jiYMNiQYZ0c2KEJLKKU= -google.golang.org/genproto v0.0.0-20241021214115-324edc3d5d38/go.mod h1:xBI+tzfqGGN2JBeSebfKXFSdBpWVQ7sLW40PTupVRm4= -google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38 h1:2oV8dfuIkM1Ti7DwXc0BJfnwr9csz4TDXI9EmiI+Rbw= -google.golang.org/genproto/googleapis/api v0.0.0-20241021214115-324edc3d5d38/go.mod h1:vuAjtvlwkDKF6L1GQ0SokiRLCGFfeBUXWr/aFFkHACc= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38 h1:zciRKQ4kBpFgpfC5QQCVtnnNAcLIqweL7plyZRQHVpI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241021214115-324edc3d5d38/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28 h1:KJjNNclfpIkVqrZlTWcgOOaVQ00LdBnoEaRfkUx760s= +google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:mt9/MofW7AWQ+Gy179ChOnvmJatV8YHUmrcedo9CIFI= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= +google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1131,8 +1123,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.67.1 h1:zWnc1Vrcno+lHZCOofnIMvycFcc0QRGIzm9dhnDX68E= -google.golang.org/grpc v1.67.1/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= +google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= +google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1202,8 +1194,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094 h1:MErs8YA0abvOqJ8gIupA1Tz6PKXYUw34XsGlA7uSL1k= k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094/go.mod h1:7ioBJr1A6igWjsR2fxq2EZ0mlMwYLejazSIc2bzMp2U= -k8s.io/utils v0.0.0-20240921022957-49e7df575cb6 h1:MDF6h2H/h4tbzmtIKTuctcwZmY0tY9mD9fNT47QO6HI= -k8s.io/utils v0.0.0-20240921022957-49e7df575cb6/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno= +k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= From 0304b44742302e7411221321266fa4b81874243a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 13 Nov 2024 17:23:01 +0000 Subject: [PATCH 401/517] chore(deps): bump github/codeql-action from 3.27.0 to 3.27.1 (#4088) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.0 to 3.27.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/662472033e021d55d94146f66f6058822b0b39fd...4f3212b61783c3c68e8309a0f18a699764811cda) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c1e9faa7f8e..52b975bc888 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@662472033e021d55d94146f66f6058822b0b39fd # v3.27.0 + uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 with: sarif_file: results.sarif From 6fdfb6208aa25d60b3e842b958369c510383bd64 Mon Sep 17 00:00:00 2001 From: Stas Alekseev <100800+salekseev@users.noreply.github.com> Date: Wed, 13 Nov 2024 12:36:33 -0500 Subject: [PATCH 402/517] Fix typo in webhook.md (#4100) Signed-off-by: Stas Alekseev <100800+salekseev@users.noreply.github.com> --- docs/provider/webhook.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/provider/webhook.md b/docs/provider/webhook.md index 6c0d9b71162..fa7aec82f43 100644 --- a/docs/provider/webhook.md +++ b/docs/provider/webhook.md @@ -4,7 +4,7 @@ External Secrets Operator can integrate with simple web apis by specifying the e ### Example -First, create a SecretStore with a webhook backend. We'll use a static user/password `root`: +First, create a SecretStore with a webhook backend. We'll use a static user/password `test`: ```yaml {% raw %} @@ -124,4 +124,4 @@ spec: ``` ### Webhook as generators -You can also leverage webhooks as generators, following the same syntax. The only difference is that the webhook generator needs its source secrets to be labeled, as opposed to webhook secretstores. Please see the [generator-webhook](../api/generator/webhook.md) documentation for more information. +You can also leverage webhooks as generators, following the same syntax. The only difference is that the webhook generator needs its source secrets to be labeled, as opposed to webhook secretstores. Please see the [generator-webhook](../api/generator/webhook.md) documentation for more information. From c2388d2b9dd086ed9459292edb76d1850c0ab480 Mon Sep 17 00:00:00 2001 From: Tobi <22715034+twobiers@users.noreply.github.com> Date: Fri, 15 Nov 2024 23:34:01 +0100 Subject: [PATCH 403/517] docs: reformat pushsecrets documentation to be a list (#4102) * reformat pushsecrets documentation to be a list Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> * Use sections instead of a list Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> --------- Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/guides/pushsecrets.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/docs/guides/pushsecrets.md b/docs/guides/pushsecrets.md index dd6714f8f2f..56f05238973 100644 --- a/docs/guides/pushsecrets.md +++ b/docs/guides/pushsecrets.md @@ -22,15 +22,14 @@ Imagine you have your secrets in GCP and you want to back them up in Azure Key V There are two ways to push an entire secret without defining all keys individually. -By leaving off the secret key and remote property options. +### 1. By leaving off the secret key and remote property options. ```yaml {% include 'full-pushsecret-no-key-no-property.yaml' %} ``` - This will result in all keys being pushed as they are into the remote location. -By leaving off the secret key but setting the remote property option. +### 2. By leaving off the secret key but setting the remote property option. ```yaml {% include 'full-pushsecret-no-key-with-property.yaml' %} @@ -38,10 +37,12 @@ By leaving off the secret key but setting the remote property option. This will _marshal_ the entire secret data and push it into this single property as a JSON object. -!!! warning inline +!!! warning + This should _ONLY_ be done if the secret data is marshal-able. Values like, binary data cannot be marshaled and will result in error or invalid secret data. -### Key conversion strategy + +#### Key conversion strategy You can also set `data[*].conversionStrategy: ReverseUnicode` to reverse the invalid character replaced by the `conversionStrategy: Unicode` configuration in the `ExternalSecret` object as [documented here](../guides/getallsecrets.md#avoiding-name-conflicts). ## Rotate Secrets From 27c5f1f1f2e7ba2b359d502ea10b595b851357d6 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Sun, 17 Nov 2024 23:50:16 -0700 Subject: [PATCH 404/517] fix: refresh interval values (#4111) Signed-off-by: Gustavo --- design/004-datafrom-key-rewrite.md | 2 +- docs/provider/beyondtrust.md | 2 +- docs/provider/bitwarden-secrets-manager.md | 6 +++--- docs/provider/chef.md | 2 +- docs/provider/delinea.md | 2 +- docs/provider/device42.md | 2 +- docs/provider/kubernetes.md | 2 +- docs/provider/pulumi.md | 4 ++-- docs/provider/scaleway.md | 2 +- docs/provider/secretserver.md | 2 +- docs/snippets/akeyless-push-secret.yaml | 2 +- ...s-anchore-engine-access-credentials-external-secret.yaml | 2 +- .../aws-jenkins-credential-github-ssh-external-secret.yaml | 2 +- ...kins-credential-sonarqube-api-token-external-secret.yaml | 2 +- ...kins-credentials-harbor-chart-robot-external-secret.yaml | 2 +- docs/snippets/aws-pm-push-secret-with-metadata.yaml | 2 +- docs/snippets/aws-sm-external-secret.yaml | 2 +- docs/snippets/aws-sm-push-secret-with-metadata.yaml | 2 +- docs/snippets/azkv-pushsecret-certificate.yaml | 2 +- docs/snippets/azkv-pushsecret-key.yaml | 2 +- docs/snippets/azkv-pushsecret-secret.yaml | 2 +- docs/snippets/beyondtrust-external-secret.yaml | 2 +- docs/snippets/chef-external-secret.yaml | 2 +- docs/snippets/conjur-external-secret-find.yaml | 2 +- docs/snippets/conjur-external-secret.yaml | 2 +- docs/snippets/device42-external-secret.yaml | 2 +- docs/snippets/full-pushsecret-no-key-no-property.yaml | 2 +- docs/snippets/full-pushsecret-no-key-with-property.yaml | 2 +- docs/snippets/full-pushsecret.yaml | 2 +- docs/snippets/ibm-external-secret-by-name.yaml | 2 +- docs/snippets/ibm-external-secret.yaml | 2 +- docs/snippets/keepersecurity-external-secret.yaml | 4 ++-- docs/snippets/onboardbase-fetch-all-secrets.yaml | 2 +- docs/snippets/onboardbase-fetch-secret.yaml | 2 +- docs/snippets/onboardbase-filtered-secrets.yaml | 2 +- ...t-anchore-engine-access-credentials-external-secret.yaml | 2 +- ...enkins-credential-github-ssh-access-external-secret.yaml | 2 +- ...nkins-credential-harbor-chart-robot-external-secret.yaml | 2 +- ...kins-credential-sonarqube-api-token-external-secret.yaml | 2 +- docs/snippets/vault-pushsecret.yaml | 2 +- 40 files changed, 44 insertions(+), 44 deletions(-) diff --git a/design/004-datafrom-key-rewrite.md b/design/004-datafrom-key-rewrite.md index c130f79c531..fa9967a1882 100644 --- a/design/004-datafrom-key-rewrite.md +++ b/design/004-datafrom-key-rewrite.md @@ -51,7 +51,7 @@ metadata: name: sample namespace: default spec: - refreshInterval: 1m + refreshInterval: 1h target: name: foobar secretStoreRef: diff --git a/docs/provider/beyondtrust.md b/docs/provider/beyondtrust.md index 0143606c420..104c4bde87d 100644 --- a/docs/provider/beyondtrust.md +++ b/docs/provider/beyondtrust.md @@ -107,7 +107,7 @@ kind: ExternalSecret metadata: name: beyondtrust-external-secret spec: - refreshInterval: 300s + refreshInterval: 1h secretStoreRef: kind: SecretStore name: secretstore-beyondtrust diff --git a/docs/provider/bitwarden-secrets-manager.md b/docs/provider/bitwarden-secrets-manager.md index b65cd051995..dfd97727af2 100644 --- a/docs/provider/bitwarden-secrets-manager.md +++ b/docs/provider/bitwarden-secrets-manager.md @@ -65,7 +65,7 @@ kind: ExternalSecret metadata: name: bitwarden spec: - refreshInterval: 10s + refreshInterval: 1h secretStoreRef: # This name must match the metadata.name in the `SecretStore` name: bitwarden-secretsmanager @@ -91,7 +91,7 @@ kind: ExternalSecret metadata: name: bitwarden spec: - refreshInterval: 10s + refreshInterval: 1h secretStoreRef: # This name must match the metadata.name in the `SecretStore` name: bitwarden-secretsmanager @@ -118,7 +118,7 @@ kind: PushSecret metadata: name: pushsecret-bitwarden # Customisable spec: - refreshInterval: 10s # Refresh interval for which push secret will reconcile + refreshInterval: 1h # Refresh interval for which push secret will reconcile secretStoreRefs: # A list of secret stores to push secrets to - name: bitwarden-secretsmanager kind: SecretStore diff --git a/docs/provider/chef.md b/docs/provider/chef.md index 51622bbed8a..93df9b33b04 100644 --- a/docs/provider/chef.md +++ b/docs/provider/chef.md @@ -97,7 +97,7 @@ metadata: labels: app.kubernetes.io/name: external-secrets spec: - refreshInterval: 15m + refreshInterval: 1h secretStoreRef: name: vivid-clustersecretstore # name of ClusterSecretStore kind: ClusterSecretStore diff --git a/docs/provider/delinea.md b/docs/provider/delinea.md index 94fcdff4977..bf0eabca58e 100644 --- a/docs/provider/delinea.md +++ b/docs/provider/delinea.md @@ -47,7 +47,7 @@ kind: ExternalSecret metadata: name: secret spec: - refreshInterval: 20s + refreshInterval: 1h secretStoreRef: kind: SecretStore name: secret-store diff --git a/docs/provider/device42.md b/docs/provider/device42.md index 94c35c8e3a6..b27a635dce5 100644 --- a/docs/provider/device42.md +++ b/docs/provider/device42.md @@ -45,7 +45,7 @@ kind: ExternalSecret metadata: name: device42-external-secret spec: - refreshInterval: 5m + refreshInterval: 1h secretStoreRef: kind: SecretStore name: device42-secret-store diff --git a/docs/provider/kubernetes.md b/docs/provider/kubernetes.md index 9f5ebec0072..b407ba73929 100644 --- a/docs/provider/kubernetes.md +++ b/docs/provider/kubernetes.md @@ -255,7 +255,7 @@ kind: PushSecret metadata: name: example spec: - refreshInterval: 10s + refreshInterval: 1h secretStoreRefs: - name: k8s-store-remote-ns kind: SecretStore diff --git a/docs/provider/pulumi.md b/docs/provider/pulumi.md index d8ee9f46cab..7470d8fb5e8 100644 --- a/docs/provider/pulumi.md +++ b/docs/provider/pulumi.md @@ -65,7 +65,7 @@ kind: ExternalSecret metadata: name: secret spec: - refreshInterval: 5m + refreshInterval: 1h secretStoreRef: kind: SecretStore name: secret-store @@ -111,7 +111,7 @@ kind: PushSecret metadata: name: push-secret-example spec: - refreshInterval: 10s + refreshInterval: 1h selector: secret: name: diff --git a/docs/provider/scaleway.md b/docs/provider/scaleway.md index d1cb00baf29..cef0e9e2f74 100644 --- a/docs/provider/scaleway.md +++ b/docs/provider/scaleway.md @@ -38,7 +38,7 @@ kind: ExternalSecret metadata: name: secret spec: - refreshInterval: 20s + refreshInterval: 1h secretStoreRef: kind: SecretStore name: secret-store diff --git a/docs/provider/secretserver.md b/docs/provider/secretserver.md index e7eeafcf9be..e1ed50c7c51 100644 --- a/docs/provider/secretserver.md +++ b/docs/provider/secretserver.md @@ -53,7 +53,7 @@ kind: ExternalSecret metadata: name: secret-server-external-secret spec: - refreshInterval: 15s + refreshInterval: 1h secretStoreRef: kind: SecretStore name: secret-server-store diff --git a/docs/snippets/akeyless-push-secret.yaml b/docs/snippets/akeyless-push-secret.yaml index 673b25a71b0..f76467234c7 100644 --- a/docs/snippets/akeyless-push-secret.yaml +++ b/docs/snippets/akeyless-push-secret.yaml @@ -3,7 +3,7 @@ kind: PushSecret metadata: name: push-secret spec: - refreshInterval: 5s + refreshInterval: 1h updatePolicy: Replace deletionPolicy: Delete secretStoreRefs: diff --git a/docs/snippets/aws-anchore-engine-access-credentials-external-secret.yaml b/docs/snippets/aws-anchore-engine-access-credentials-external-secret.yaml index a2a0a95f67f..7f9e18d823f 100644 --- a/docs/snippets/aws-anchore-engine-access-credentials-external-secret.yaml +++ b/docs/snippets/aws-anchore-engine-access-credentials-external-secret.yaml @@ -5,7 +5,7 @@ metadata: name: anchore-access-credentials namespace: ci spec: - refreshInterval: 1m + refreshInterval: 1h secretStoreRef: name: cluster-secrets-store kind: ClusterSecretStore diff --git a/docs/snippets/aws-jenkins-credential-github-ssh-external-secret.yaml b/docs/snippets/aws-jenkins-credential-github-ssh-external-secret.yaml index d52917eb3b0..f0e81828c5a 100644 --- a/docs/snippets/aws-jenkins-credential-github-ssh-external-secret.yaml +++ b/docs/snippets/aws-jenkins-credential-github-ssh-external-secret.yaml @@ -5,7 +5,7 @@ metadata: name: github-ssh-access namespace: ci spec: - refreshInterval: 1m + refreshInterval: 1h secretStoreRef: name: cluster-parameter-store kind: ClusterSecretStore diff --git a/docs/snippets/aws-jenkins-credential-sonarqube-api-token-external-secret.yaml b/docs/snippets/aws-jenkins-credential-sonarqube-api-token-external-secret.yaml index c4404dc4f55..29024de0d62 100644 --- a/docs/snippets/aws-jenkins-credential-sonarqube-api-token-external-secret.yaml +++ b/docs/snippets/aws-jenkins-credential-sonarqube-api-token-external-secret.yaml @@ -5,7 +5,7 @@ metadata: name: sonarqube-api-token namespace: ci spec: - refreshInterval: 1m + refreshInterval: 1h secretStoreRef: name: cluster-secrets-store kind: ClusterSecretStore diff --git a/docs/snippets/aws-jenkins-credentials-harbor-chart-robot-external-secret.yaml b/docs/snippets/aws-jenkins-credentials-harbor-chart-robot-external-secret.yaml index fa8c27167c0..16bdbc16d28 100644 --- a/docs/snippets/aws-jenkins-credentials-harbor-chart-robot-external-secret.yaml +++ b/docs/snippets/aws-jenkins-credentials-harbor-chart-robot-external-secret.yaml @@ -5,7 +5,7 @@ metadata: name: harbor-chart-robot namespace: ci spec: - refreshInterval: 1m + refreshInterval: 1h secretStoreRef: name: cluster-secrets-store kind: ClusterSecretStore diff --git a/docs/snippets/aws-pm-push-secret-with-metadata.yaml b/docs/snippets/aws-pm-push-secret-with-metadata.yaml index b4999c3d23c..8e1cfdce33b 100644 --- a/docs/snippets/aws-pm-push-secret-with-metadata.yaml +++ b/docs/snippets/aws-pm-push-secret-with-metadata.yaml @@ -5,7 +5,7 @@ metadata: namespace: default # Same of the SecretStores spec: deletionPolicy: Delete # the provider' secret will be deleted if the PushSecret is deleted - refreshInterval: 10s # Refresh interval for which push secret will reconcile + refreshInterval: 1h # Refresh interval for which push secret will reconcile secretStoreRefs: # A list of secret stores to push secrets to - name: aws-parameterstore kind: SecretStore diff --git a/docs/snippets/aws-sm-external-secret.yaml b/docs/snippets/aws-sm-external-secret.yaml index 479253c7c21..e9e6ea9ee7e 100644 --- a/docs/snippets/aws-sm-external-secret.yaml +++ b/docs/snippets/aws-sm-external-secret.yaml @@ -3,7 +3,7 @@ kind: ExternalSecret metadata: name: example spec: - refreshInterval: 1m + refreshInterval: 1h secretStoreRef: name: aws-secretsmanager kind: SecretStore diff --git a/docs/snippets/aws-sm-push-secret-with-metadata.yaml b/docs/snippets/aws-sm-push-secret-with-metadata.yaml index b1622a042e6..6343262344e 100644 --- a/docs/snippets/aws-sm-push-secret-with-metadata.yaml +++ b/docs/snippets/aws-sm-push-secret-with-metadata.yaml @@ -5,7 +5,7 @@ metadata: namespace: teamb # Same of the SecretStores spec: deletionPolicy: Delete - refreshInterval: 10s # Refresh interval for which push secret will reconcile + refreshInterval: 1h # Refresh interval for which push secret will reconcile secretStoreRefs: # A list of secret stores to push secrets to - name: teamb-secret-store kind: SecretStore diff --git a/docs/snippets/azkv-pushsecret-certificate.yaml b/docs/snippets/azkv-pushsecret-certificate.yaml index f4401959345..cb16fb255d3 100644 --- a/docs/snippets/azkv-pushsecret-certificate.yaml +++ b/docs/snippets/azkv-pushsecret-certificate.yaml @@ -21,7 +21,7 @@ metadata: name: pushsecret-example namespace: default spec: - refreshInterval: 10s # Refresh interval for which push secret will reconcile + refreshInterval: 1h # Refresh interval for which push secret will reconcile deletionPolicy: Delete secretStoreRefs: # A list of secret stores to push secrets to - name: azure-store diff --git a/docs/snippets/azkv-pushsecret-key.yaml b/docs/snippets/azkv-pushsecret-key.yaml index ae954527cd2..e2530b1e330 100644 --- a/docs/snippets/azkv-pushsecret-key.yaml +++ b/docs/snippets/azkv-pushsecret-key.yaml @@ -11,7 +11,7 @@ metadata: name: pushsecret-example namespace: default spec: - refreshInterval: 10s # Refresh interval for which push secret will reconcile + refreshInterval: 1h # Refresh interval for which push secret will reconcile deletionPolicy: Delete secretStoreRefs: # A list of secret stores to push secrets to - name: azure-store diff --git a/docs/snippets/azkv-pushsecret-secret.yaml b/docs/snippets/azkv-pushsecret-secret.yaml index b52f95386c3..b0c32914dfa 100644 --- a/docs/snippets/azkv-pushsecret-secret.yaml +++ b/docs/snippets/azkv-pushsecret-secret.yaml @@ -11,7 +11,7 @@ metadata: name: pushsecret-example namespace: default spec: - refreshInterval: 10s # Refresh interval for which push secret will reconcile + refreshInterval: 1h # Refresh interval for which push secret will reconcile deletionPolicy: Delete secretStoreRefs: # A list of secret stores to push secrets to - name: azure-store diff --git a/docs/snippets/beyondtrust-external-secret.yaml b/docs/snippets/beyondtrust-external-secret.yaml index 5dc92939ca4..41b8e9e9958 100644 --- a/docs/snippets/beyondtrust-external-secret.yaml +++ b/docs/snippets/beyondtrust-external-secret.yaml @@ -3,7 +3,7 @@ kind: ExternalSecret metadata: name: beyondtrust-external-secret spec: - refreshInterval: 300s + refreshInterval: 1h secretStoreRef: kind: SecretStore name: secretstore-beyondtrust diff --git a/docs/snippets/chef-external-secret.yaml b/docs/snippets/chef-external-secret.yaml index 704a6bb9f48..5069a6076b6 100644 --- a/docs/snippets/chef-external-secret.yaml +++ b/docs/snippets/chef-external-secret.yaml @@ -10,7 +10,7 @@ metadata: labels: app.kubernetes.io/name: external-secrets spec: - refreshInterval: 15m + refreshInterval: 1h secretStoreRef: name: vivid-clustersecretstore # name of ClusterSecretStore kind: ClusterSecretStore diff --git a/docs/snippets/conjur-external-secret-find.yaml b/docs/snippets/conjur-external-secret-find.yaml index 829a9b838b1..1e64d30ef2f 100644 --- a/docs/snippets/conjur-external-secret-find.yaml +++ b/docs/snippets/conjur-external-secret-find.yaml @@ -3,7 +3,7 @@ kind: ExternalSecret metadata: name: conjur-find-by-name spec: - refreshInterval: 10s + refreshInterval: 1h secretStoreRef: # This name must match the metadata.name in the `SecretStore` name: conjur diff --git a/docs/snippets/conjur-external-secret.yaml b/docs/snippets/conjur-external-secret.yaml index b4a34585823..5519df2cab7 100644 --- a/docs/snippets/conjur-external-secret.yaml +++ b/docs/snippets/conjur-external-secret.yaml @@ -3,7 +3,7 @@ kind: ExternalSecret metadata: name: conjur spec: - refreshInterval: 10s + refreshInterval: 1h secretStoreRef: # This name must match the metadata.name in the `SecretStore` name: conjur diff --git a/docs/snippets/device42-external-secret.yaml b/docs/snippets/device42-external-secret.yaml index 6a2080a5bfb..7b717ff9f8e 100644 --- a/docs/snippets/device42-external-secret.yaml +++ b/docs/snippets/device42-external-secret.yaml @@ -3,7 +3,7 @@ kind: ExternalSecret metadata: name: device42-find-by-id spec: - refreshInterval: 10s + refreshInterval: 1h secretStoreRef: # This name must match the metadata.name in the `SecretStore` name: device42 diff --git a/docs/snippets/full-pushsecret-no-key-no-property.yaml b/docs/snippets/full-pushsecret-no-key-no-property.yaml index 71a811ae5a2..314fbbd48d0 100644 --- a/docs/snippets/full-pushsecret-no-key-no-property.yaml +++ b/docs/snippets/full-pushsecret-no-key-no-property.yaml @@ -5,7 +5,7 @@ metadata: namespace: default # Same of the SecretStores spec: deletionPolicy: Delete # the provider' secret will be deleted if the PushSecret is deleted - refreshInterval: 10s # Refresh interval for which push secret will reconcile + refreshInterval: 1h # Refresh interval for which push secret will reconcile secretStoreRefs: # A list of secret stores to push secrets to - name: aws-parameterstore kind: SecretStore diff --git a/docs/snippets/full-pushsecret-no-key-with-property.yaml b/docs/snippets/full-pushsecret-no-key-with-property.yaml index 3ed813cccdc..821f977a343 100644 --- a/docs/snippets/full-pushsecret-no-key-with-property.yaml +++ b/docs/snippets/full-pushsecret-no-key-with-property.yaml @@ -5,7 +5,7 @@ metadata: namespace: default # Same of the SecretStores spec: deletionPolicy: Delete # the provider' secret will be deleted if the PushSecret is deleted - refreshInterval: 10s # Refresh interval for which push secret will reconcile + refreshInterval: 1h # Refresh interval for which push secret will reconcile secretStoreRefs: # A list of secret stores to push secrets to - name: aws-parameterstore kind: SecretStore diff --git a/docs/snippets/full-pushsecret.yaml b/docs/snippets/full-pushsecret.yaml index f8ff45f5270..3a678c0e633 100644 --- a/docs/snippets/full-pushsecret.yaml +++ b/docs/snippets/full-pushsecret.yaml @@ -7,7 +7,7 @@ metadata: spec: updatePolicy: Replace # Policy to overwrite existing secrets in the provider on sync deletionPolicy: Delete # the provider' secret will be deleted if the PushSecret is deleted - refreshInterval: 10s # Refresh interval for which push secret will reconcile + refreshInterval: 1h # Refresh interval for which push secret will reconcile secretStoreRefs: # A list of secret stores to push secrets to - name: aws-parameterstore kind: SecretStore diff --git a/docs/snippets/ibm-external-secret-by-name.yaml b/docs/snippets/ibm-external-secret-by-name.yaml index 3cf445a1e1f..863c49a8464 100644 --- a/docs/snippets/ibm-external-secret-by-name.yaml +++ b/docs/snippets/ibm-external-secret-by-name.yaml @@ -3,7 +3,7 @@ kind: ExternalSecret metadata: name: database-credentials spec: - refreshInterval: 60m + refreshInterval: 1h secretStoreRef: name: ibm-store kind: SecretStore diff --git a/docs/snippets/ibm-external-secret.yaml b/docs/snippets/ibm-external-secret.yaml index ca2c92b1e5a..7912f1f93d9 100644 --- a/docs/snippets/ibm-external-secret.yaml +++ b/docs/snippets/ibm-external-secret.yaml @@ -3,7 +3,7 @@ kind: ExternalSecret metadata: name: database-credentials spec: - refreshInterval: 60m + refreshInterval: 1h secretStoreRef: name: ibm-store kind: SecretStore diff --git a/docs/snippets/keepersecurity-external-secret.yaml b/docs/snippets/keepersecurity-external-secret.yaml index fe458477f8d..097e0c4d6d7 100644 --- a/docs/snippets/keepersecurity-external-secret.yaml +++ b/docs/snippets/keepersecurity-external-secret.yaml @@ -21,7 +21,7 @@ metadata: name: regcred namespace: external-secrets spec: - refreshInterval: 1m + refreshInterval: 1h secretStoreRef: name: keeper kind: ClusterSecretStore @@ -49,7 +49,7 @@ metadata: name: config namespace: external-secrets spec: - refreshInterval: 1m + refreshInterval: 1h secretStoreRef: name: keeper kind: ClusterSecretStore diff --git a/docs/snippets/onboardbase-fetch-all-secrets.yaml b/docs/snippets/onboardbase-fetch-all-secrets.yaml index 0411c671c12..ffb0fb66524 100644 --- a/docs/snippets/onboardbase-fetch-all-secrets.yaml +++ b/docs/snippets/onboardbase-fetch-all-secrets.yaml @@ -3,7 +3,7 @@ kind: ExternalSecret metadata: name: service-name-secrets spec: - refreshInterval: 10m + refreshInterval: 1h secretStoreRef: name: onboardbase-external-secret-store kind: SecretStore diff --git a/docs/snippets/onboardbase-fetch-secret.yaml b/docs/snippets/onboardbase-fetch-secret.yaml index 2bb8ca50b25..2fddb0f9043 100644 --- a/docs/snippets/onboardbase-fetch-secret.yaml +++ b/docs/snippets/onboardbase-fetch-secret.yaml @@ -3,7 +3,7 @@ kind: ExternalSecret metadata: name: service-name-secrets spec: - refreshInterval: 10m + refreshInterval: 1h secretStoreRef: name: onboardbase-external-secret-store kind: SecretStore diff --git a/docs/snippets/onboardbase-filtered-secrets.yaml b/docs/snippets/onboardbase-filtered-secrets.yaml index 0f75a8dca51..5db463ca6e5 100644 --- a/docs/snippets/onboardbase-filtered-secrets.yaml +++ b/docs/snippets/onboardbase-filtered-secrets.yaml @@ -3,7 +3,7 @@ kind: ExternalSecret metadata: name: service-name-secrets spec: - refreshInterval: 10m + refreshInterval: 1h secretStoreRef: name: onboardbase-external-secret-store kind: SecretStore diff --git a/docs/snippets/vault-anchore-engine-access-credentials-external-secret.yaml b/docs/snippets/vault-anchore-engine-access-credentials-external-secret.yaml index 613c2410ceb..435ff59a3ef 100644 --- a/docs/snippets/vault-anchore-engine-access-credentials-external-secret.yaml +++ b/docs/snippets/vault-anchore-engine-access-credentials-external-secret.yaml @@ -5,7 +5,7 @@ metadata: name: anchore-access-credentials namespace: security spec: - refreshInterval: 1m + refreshInterval: 1h secretStoreRef: name: vault-backend kind: ClusterSecretStore diff --git a/docs/snippets/vault-jenkins-credential-github-ssh-access-external-secret.yaml b/docs/snippets/vault-jenkins-credential-github-ssh-access-external-secret.yaml index 9b5d3e36806..1784bd2a23b 100644 --- a/docs/snippets/vault-jenkins-credential-github-ssh-access-external-secret.yaml +++ b/docs/snippets/vault-jenkins-credential-github-ssh-access-external-secret.yaml @@ -5,7 +5,7 @@ metadata: name: github-ssh-access namespace: ci spec: - refreshInterval: 1m + refreshInterval: 1h secretStoreRef: name: vault-backend kind: ClusterSecretStore diff --git a/docs/snippets/vault-jenkins-credential-harbor-chart-robot-external-secret.yaml b/docs/snippets/vault-jenkins-credential-harbor-chart-robot-external-secret.yaml index 4622e2ba8b9..cca29c407b7 100644 --- a/docs/snippets/vault-jenkins-credential-harbor-chart-robot-external-secret.yaml +++ b/docs/snippets/vault-jenkins-credential-harbor-chart-robot-external-secret.yaml @@ -5,7 +5,7 @@ metadata: name: harbor-chart-robot namespace: ci spec: - refreshInterval: 1m + refreshInterval: 1h secretStoreRef: name: vault-backend kind: ClusterSecretStore diff --git a/docs/snippets/vault-jenkins-credential-sonarqube-api-token-external-secret.yaml b/docs/snippets/vault-jenkins-credential-sonarqube-api-token-external-secret.yaml index 1915a98c733..ca53fc2d0e4 100644 --- a/docs/snippets/vault-jenkins-credential-sonarqube-api-token-external-secret.yaml +++ b/docs/snippets/vault-jenkins-credential-sonarqube-api-token-external-secret.yaml @@ -5,7 +5,7 @@ metadata: name: sonarqube-api-token namespace: ci spec: - refreshInterval: 1m + refreshInterval: 1h secretStoreRef: name: vault-backend kind: ClusterSecretStore diff --git a/docs/snippets/vault-pushsecret.yaml b/docs/snippets/vault-pushsecret.yaml index f7801ceb554..483f1e86918 100644 --- a/docs/snippets/vault-pushsecret.yaml +++ b/docs/snippets/vault-pushsecret.yaml @@ -13,7 +13,7 @@ metadata: name: pushsecret-example namespace: default spec: - refreshInterval: 10s + refreshInterval: 1h secretStoreRefs: - name: vault-secretstore kind: SecretStore From b5cdec5687cddba7a2c6fe9e4d7b79902f1e2b64 Mon Sep 17 00:00:00 2001 From: Arun Murugan Date: Mon, 18 Nov 2024 12:23:38 +0530 Subject: [PATCH 405/517] Sign helm chart artifact in ghcr.io (#4098) * Install cosign for signing helm charts Signed-off-by: Aruuunn * Fix helm push failing when GITHUB_REPOSITORY_OWNER contains Uppercase alphabets Signed-off-by: Aruuunn * Sign helm chart in oci registry using cosign Signed-off-by: Aruuunn * Add permissions required for cosign signing and provenance attestations Signed-off-by: Aruuunn * Log helm push output Signed-off-by: Aruuunn * Attest build provenance for helm artifact Signed-off-by: Aruuunn * Format: break code block Signed-off-by: Aruuunn * Reformat: Remove temp variable Signed-off-by: Aruuunn * Verify signed helm chart after signing it Signed-off-by: Aruuunn * Remove unnecessary helm action changes for external-secrets repository Signed-off-by: Aruuunn --------- Signed-off-by: Aruuunn Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/helm.yml | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 1625872d1a0..14d3298afe2 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -71,6 +71,8 @@ jobs: permissions: contents: write # for helm/chart-releaser-action to push chart release and create a release packages: write # to push OCI chart package to GitHub Registry + id-token: write # gives the action the ability to mint the OIDC token necessary to request a Sigstore signing certificate + attestations: write # this permission is necessary to persist the attestation runs-on: ubuntu-latest steps: - name: Checkout @@ -125,12 +127,41 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Install cosign + uses: sigstore/cosign-installer@v3.7.0 + with: + cosign-release: 'v2.4.1' + - name: Push chart to GHCR + id: push_chart run: | shopt -s nullglob for pkg in .cr-release-packages/*.tgz; do if [ -z "${pkg:-}" ]; then break fi - helm push "${pkg}" "oci://ghcr.io/${GITHUB_REPOSITORY_OWNER}/charts" - done \ No newline at end of file + chart_name=$(helm show chart "${pkg}" | yq .name) + # helm push fails when registry path contains Uppercase letters + chart_registry="ghcr.io/${GITHUB_REPOSITORY_OWNER}/charts" + + helm_push_output=$(helm push "${pkg}" "oci://${chart_registry}" 2>&1) + digest=$(echo "$helm_push_output" | grep -o 'sha256:[a-z0-9]*') + echo "$helm_push_output" + + artifact_digest_uri="${chart_registry}/${chart_name}@${digest}" + cosign sign --yes "$artifact_digest_uri" + cosign verify "$artifact_digest_uri" \ + --certificate-identity-regexp "https://github.com/$GITHUB_REPOSITORY/*" \ + --certificate-oidc-issuer https://token.actions.githubusercontent.com + + echo "digest=${digest}" >> "$GITHUB_OUTPUT" + echo "chart_name=${chart_name}" >> "$GITHUB_OUTPUT" + echo "registry=${chart_registry}" >> "$GITHUB_OUTPUT" + done + + - name: Generate provenance attestation and push to OCI registry + uses: actions/attest-build-provenance@v1.4.4 + with: + push-to-registry: true + subject-name: ${{ steps.push_chart.outputs.registry }}/${{ steps.push_chart.outputs.chart_name }} + subject-digest: ${{ steps.push_chart.outputs.digest }} From 933e1b15425d66f1b230fd82ab0077f3070bab9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 10:15:28 +0100 Subject: [PATCH 406/517] chore(deps): bump distroless/static from `cc226ca` to `f4a57e8` (#4112) Bumps distroless/static from `cc226ca` to `f4a57e8`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile | 2 +- Dockerfile.standalone | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index aa48a12c727..add05e3ec9d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM gcr.io/distroless/static@sha256:cc226ca14d17d01d4b278d9489da930a0dd11150df10ae95829d13e6d00fbdbf +FROM gcr.io/distroless/static@sha256:f4a57e8ffd7ba407bdd0eb315bb54ef1f21a2100a7f032e9102e4da34fe7c196 ARG TARGETOS ARG TARGETARCH COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 4ca898ff7e2..4aab3dc9567 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -12,7 +12,7 @@ COPY . /app/ RUN go build -o external-secrets main.go -FROM gcr.io/distroless/static@sha256:cc226ca14d17d01d4b278d9489da930a0dd11150df10ae95829d13e6d00fbdbf AS app +FROM gcr.io/distroless/static@sha256:f4a57e8ffd7ba407bdd0eb315bb54ef1f21a2100a7f032e9102e4da34fe7c196 AS app COPY --from=builder /app/external-secrets /bin/external-secrets # Run as UID for nobody From 2f4e3094d49d40a0c8c69f42df9c7459501c9871 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 11:04:32 +0100 Subject: [PATCH 407/517] chore(deps): bump golang from `0974259` to `c694a4d` (#4113) Bumps golang from `0974259` to `c694a4d`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.standalone | 2 +- tilt.debug.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 4aab3dc9567..92136039b72 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.23.3-alpine@sha256:09742590377387b931261cbeb72ce56da1b0d750a27379f7385245b2b058b63a AS builder +FROM golang:1.23.3-alpine@sha256:c694a4d291a13a9f9d94933395673494fc2cc9d4777b85df3a7e70b3492d3574 AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 2a0b2bfea6c..5d58c6c5e1b 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3@sha256:d56c3e08fe5b27729ee3834854ae8f7015af48fd651cd25d1e3bcf3c19830174 +FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 WORKDIR / COPY ./bin/external-secrets /external-secrets From b4bf572e08b16d35dd7b8b58eb3eef0e5ca14b67 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 11:15:57 +0100 Subject: [PATCH 408/517] chore(deps): bump alpine from `beefdbd` to `1e42bbe` (#4114) Bumps alpine from `beefdbd` to `1e42bbe`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tilt.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.dockerfile b/tilt.dockerfile index f0fc0c1fbf1..209cb778b2d 100644 --- a/tilt.dockerfile +++ b/tilt.dockerfile @@ -1,4 +1,4 @@ -FROM alpine@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d +FROM alpine@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a WORKDIR / COPY ./bin/external-secrets /external-secrets From 7b8cc5f2336c9f232385bdb392f3bd3fff2f7554 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 11:30:04 +0100 Subject: [PATCH 409/517] chore(deps): bump github/codeql-action from 3.27.1 to 3.27.4 (#4115) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.1 to 3.27.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4f3212b61783c3c68e8309a0f18a699764811cda...ea9e4e37992a54ee68a9622e985e60c8e8f12d9f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 52b975bc888..78e520f7eec 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@4f3212b61783c3c68e8309a0f18a699764811cda # v3.27.1 + uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 with: sarif_file: results.sarif From 67241196381072ea91f53feacec7ebdbfb843771 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 11:51:38 +0100 Subject: [PATCH 410/517] chore(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2 (#4116) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.6.0 to 5.0.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238...5c47607acb93fed5485fdbf7232e8a31425f672a) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b3910c899d2..7c2f199227b 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -126,7 +126,7 @@ jobs: make test - name: Publish Unit Test Coverage - uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0 + uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: From d1d9889d7b1bd68decf43de1cec224517142b2ee Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 11:53:30 +0100 Subject: [PATCH 411/517] chore(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 (#4117) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.9 to 2.1.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8...01570a1f39cb168c169c802c3bceb9e93fb10974) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e39d9521b7f..bd220414a97 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: ref: ${{ github.event.inputs.source_ref }} - name: Create Release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 with: tag_name: ${{ github.event.inputs.version }} target_commitish: ${{ github.event.inputs.source_ref }} @@ -113,7 +113,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Update Release - uses: softprops/action-gh-release@e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8 # v2.0.9 + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 with: tag_name: ${{ github.event.inputs.version }} files: | From accb0a5ac4dfd9f149e3cc7db2675de89ef7aff0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 13:10:26 +0100 Subject: [PATCH 412/517] chore(deps): bump alpine from `beefdbd` to `1e42bbe` in /hack/api-docs (#4118) Bumps alpine from `beefdbd` to `1e42bbe`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/Dockerfile b/hack/api-docs/Dockerfile index 7e64ee27910..b433c0ef250 100644 --- a/hack/api-docs/Dockerfile +++ b/hack/api-docs/Dockerfile @@ -11,7 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.20@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d +FROM alpine:3.20@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a RUN apk add -U --no-cache \ python3 \ python3-dev \ From 24942b8410c38b9d248785c72eb84fb346c3d9a3 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 13:11:57 +0100 Subject: [PATCH 413/517] chore(deps): bump alpine from `beefdbd` to `1e42bbe` in /e2e (#4119) Bumps alpine from `beefdbd` to `1e42bbe`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 4118c007eac..f5d2dde85cd 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -16,7 +16,7 @@ COPY . . WORKDIR /usr/src/app/e2e RUN make e2e-bin -FROM alpine:3.20.3@sha256:beefdbd8a1da6d2915566fde36db9db0b524eb737fc57cd1367effd16dc0d06d +FROM alpine:3.20.3@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a RUN apk add -U --no-cache \ ca-certificates \ bash \ From 4e6372bd47861af2cbf016f66bd462ab5672edfe Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 13:14:05 +0100 Subject: [PATCH 414/517] chore(deps): bump golang from `0e3377d` to `3f3b9da` in /e2e (#4120) Bumps golang from `0e3377d` to `3f3b9da`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index f5d2dde85cd..c7b6e9189db 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3-bookworm@sha256:0e3377d7a71c1fcb31cdc3215292712e83baec44e4792aeaa75e503cfcae16ec as builder +FROM golang:1.23.3-bookworm@sha256:3f3b9daa3de608f3e869cd2ff8baf21555cf0fca9fd34251b8f340f9b7c30ec5 as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From df54ac99867431e95414018b7cece2f4853d21dd Mon Sep 17 00:00:00 2001 From: Moritz Johner Date: Mon, 18 Nov 2024 13:29:25 +0100 Subject: [PATCH 415/517] fix: re-enable signing helm release (#4109) Signed-off-by: Moritz Johner --- .github/workflows/helm.yml | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 14d3298afe2..93f5ac0d5a4 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -92,22 +92,20 @@ jobs: - name: Generate chart run: | make helm.generate - ## Temporarily removing - This is making the release break. - # - name: Import GPG key - # run: | - # echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --dearmor --output keyring.gpg - # echo "${{ secrets.GPG_PASSPHRASE }}" > passphrase-file.txt + - name: Import GPG key + run: | + echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --dearmor --output keyring.gpg + echo -n "${{ secrets.GPG_PASSPHRASE }}" > passphrase-file.txt - name: Run chart-releaser uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 if: | github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/heads/release-') env: - ## Temporarily removing - This is making the release break - # CR_KEY: external-secrets - # CR_KEYRING: keyring.gpg - # CR_PASSPHRASE_FILE: passphrase-file.txt - # CR_SIGN: true + CR_KEY: external-secrets + CR_KEYRING: keyring.gpg + CR_PASSPHRASE_FILE: passphrase-file.txt + CR_SIGN: true CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" CR_RELEASE_NAME_TEMPLATE: "helm-chart-{{ .Version }}" with: From 210b39715ee37ab56e1575cf5a95303c9037f696 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 18 Nov 2024 15:18:30 +0100 Subject: [PATCH 416/517] update dependencies (#4122) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/go.mod | 20 +++++++++---------- e2e/go.sum | 40 +++++++++++++++++++------------------- go.mod | 28 +++++++++++++-------------- go.sum | 56 +++++++++++++++++++++++++++--------------------------- 4 files changed, 72 insertions(+), 72 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 51c8b06fb67..c5e3295efb8 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -58,11 +58,11 @@ require ( github.com/hashicorp/vault/api v1.15.0 github.com/onsi/ginkgo/v2 v2.21.0 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.78.0 + github.com/oracle/oci-go-sdk/v65 v65.78.1 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 github.com/xanzy/go-gitlab v0.113.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.205.0 + google.golang.org/api v0.206.0 k8s.io/api v0.31.2 k8s.io/apiextensions-apiserver v0.31.2 k8s.io/apimachinery v0.31.2 @@ -75,7 +75,7 @@ require ( require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.10.1 // indirect + cloud.google.com/go/auth v0.10.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect cloud.google.com/go/iam v1.2.2 // indirect @@ -132,7 +132,7 @@ require ( github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect - github.com/googleapis/gax-go/v2 v2.13.0 // indirect + github.com/googleapis/gax-go/v2 v2.14.0 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -202,18 +202,18 @@ require ( golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.27.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f // indirect google.golang.org/grpc v1.68.0 // indirect - google.golang.org/protobuf v1.35.1 // indirect + google.golang.org/protobuf v1.35.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094 // indirect + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.3 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index d641cbd4a2b..475b2260e17 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -22,8 +22,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.10.1 h1:TnK46qldSfHWt2a0b/hciaiVJsmDXWy9FqyUan0uYiI= -cloud.google.com/go/auth v0.10.1/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth v0.10.2 h1:oKF7rgBfSHdp/kuhXtqU/tNDr0mZqhYbEh+6SiqzkKo= +cloud.google.com/go/auth v0.10.2/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk= cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -317,8 +317,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gT github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= -github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= +github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o= +github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -428,8 +428,8 @@ github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.78.0 h1:iM7lFFA7cJkUD4tmrlsAHWgL3HuTuF9mdvTAliMkcFA= -github.com/oracle/oci-go-sdk/v65 v65.78.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.78.1 h1:M9nLmaOsjTZJHQ5hlkF5UK6XV/sbFUodAgCfbM2Ve00= +github.com/oracle/oci-go-sdk/v65 v65.78.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -833,8 +833,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.205.0 h1:LFaxkAIpDb/GsrWV20dMMo5MR0h8UARTbn24LmD+0Pg= -google.golang.org/api v0.205.0/go.mod h1:NrK1EMqO8Xk6l6QwRAmrXXg2v6dzukhlOyvkYtnvUuc= +google.golang.org/api v0.206.0 h1:A27GClesCSheW5P2BymVHjpEeQ2XHH8DI8Srs2HI2L8= +google.golang.org/api v0.206.0/go.mod h1:BtB8bfjTYIrai3d8UyvPmV9REGgox7coh+ZRwm0b+W8= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -882,12 +882,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28 h1:KJjNNclfpIkVqrZlTWcgOOaVQ00LdBnoEaRfkUx760s= -google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:mt9/MofW7AWQ+Gy179ChOnvmJatV8YHUmrcedo9CIFI= -google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= -google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f h1:zDoHYmMzMacIdjNe+P2XiTmPsLawi/pCbSPfxt6lTfw= +google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f/go.mod h1:Q5m6g8b5KaFFzsQFIGdJkSJDGeJiybVenoYFMMa3ohI= +google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f h1:M65LEviCfuZTfrfzwwEoxVtgvfkFkBUbFnRbxCXuXhU= +google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f/go.mod h1:Yo94eF2nj7igQt+TiJ49KxjIH8ndLYPZMIRSiRcEbg0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f h1:C1QccEa9kUwvMgEUORqQD9S17QesQijxjZ84sO82mfo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -922,8 +922,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -964,8 +964,8 @@ k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094 h1:MErs8YA0abvOqJ8gIupA1Tz6PKXYUw34XsGlA7uSL1k= -k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094/go.mod h1:7ioBJr1A6igWjsR2fxq2EZ0mlMwYLejazSIc2bzMp2U= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno= k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= @@ -975,8 +975,8 @@ sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn sigs.k8s.io/controller-runtime v0.19.1/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/structured-merge-diff/v4 v4.4.3 h1:sCP7Vv3xx/CWIuTPVN38lUPx0uw0lcLfzaiDa8Ja01A= +sigs.k8s.io/structured-merge-diff/v4 v4.4.3/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= software.sslmate.com/src/go-pkcs12 v0.5.0 h1:EC6R394xgENTpZ4RltKydeDUjtlM5drOYIG9c6TVj2M= diff --git a/go.mod b/go.mod index e401dec2333..01678b94a27 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 github.com/google/uuid v1.6.0 - github.com/googleapis/gax-go/v2 v2.13.0 + github.com/googleapis/gax-go/v2 v2.14.0 github.com/hashicorp/vault/api v1.15.0 github.com/hashicorp/vault/api/auth/approle v0.8.0 github.com/hashicorp/vault/api/auth/kubernetes v0.8.0 @@ -32,21 +32,21 @@ require ( github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.21.0 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.78.0 + github.com/oracle/oci-go-sdk/v65 v65.78.1 github.com/prometheus/client_golang v1.20.5 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.18.0 github.com/xanzy/go-gitlab v0.113.0 - github.com/yandex-cloud/go-genproto v0.0.0-20241101135610-76a0cfc1a773 - github.com/yandex-cloud/go-sdk v0.0.0-20241101143304-947cf519f6bd + github.com/yandex-cloud/go-genproto v0.0.0-20241114125552-204702d61ed0 + github.com/yandex-cloud/go-sdk v0.0.0-20241114131935-2a8bbd3c67f1 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.29.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.205.0 - google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28 + google.golang.org/api v0.206.0 + google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f google.golang.org/grpc v1.68.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -75,7 +75,7 @@ require ( github.com/alibabacloud-go/openapi-util v0.1.1 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.7 - github.com/aliyun/credentials-go v1.4.1 + github.com/aliyun/credentials-go v1.4.2 github.com/avast/retry-go/v4 v4.6.0 github.com/cenkalti/backoff/v4 v4.3.0 github.com/cyberark/conjur-api-go v0.12.6 @@ -95,14 +95,14 @@ require ( github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094 + k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.5.0 ) require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.10.1 // indirect + cloud.google.com/go/auth v0.10.2 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect github.com/ProtonMail/go-crypto v1.1.2 // indirect @@ -127,7 +127,7 @@ require ( github.com/gabriel-vasile/mimetype v1.4.6 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect - github.com/go-playground/validator/v10 v10.22.1 // indirect + github.com/go-playground/validator/v10 v10.23.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.12.1 // indirect @@ -149,11 +149,11 @@ require ( go.opentelemetry.io/otel/metric v1.32.0 // indirect go.opentelemetry.io/otel/trace v1.32.0 // indirect golang.org/x/sync v0.9.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.4.3 // indirect ) require ( @@ -257,7 +257,7 @@ require ( golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.27.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/protobuf v1.35.1 // indirect + google.golang.org/protobuf v1.35.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 3d75c05081d..30f44c7dcd9 100644 --- a/go.sum +++ b/go.sum @@ -22,8 +22,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.10.1 h1:TnK46qldSfHWt2a0b/hciaiVJsmDXWy9FqyUan0uYiI= -cloud.google.com/go/auth v0.10.1/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth v0.10.2 h1:oKF7rgBfSHdp/kuhXtqU/tNDr0mZqhYbEh+6SiqzkKo= +cloud.google.com/go/auth v0.10.2/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk= cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -191,8 +191,8 @@ github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6q github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= -github.com/aliyun/credentials-go v1.4.1 h1:kjcAN/h6QoqxMNphFvElsJLgCBo76ayWDj07h5cwfjg= -github.com/aliyun/credentials-go v1.4.1/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= +github.com/aliyun/credentials-go v1.4.2 h1:sJUeZNVjgP6X5UGYS0M6F4Ka5gxm1rhT/6ji1zIL9Tg= +github.com/aliyun/credentials-go v1.4.2/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinRJA= @@ -307,8 +307,8 @@ github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/o github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.22.1 h1:40JcKH+bBNGFczGuoBYgX4I6m/i27HYW8P9FDk5PbgA= -github.com/go-playground/validator/v10 v10.22.1/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= +github.com/go-playground/validator/v10 v10.23.0 h1:/PwmTwZhS0dPkav3cdK9kV1FsAmrL8sThn8IHr/sO+o= +github.com/go-playground/validator/v10 v10.23.0/go.mod h1:dbuPbCMFw/DrkbEynArYaCwl3amGuJotoKCe95atGMM= github.com/go-sql-driver/mysql v1.5.0/go.mod h1:DCzpHaOWr8IXmIStZouvnhqoel9Qv2LBy8hT2VhHyBg= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= @@ -422,8 +422,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gT github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.13.0 h1:yitjD5f7jQHhyDsnhKEBU52NdvvdSeGzlAnDPT0hH1s= -github.com/googleapis/gax-go/v2 v2.13.0/go.mod h1:Z/fvTZXF8/uw7Xu5GuslPw+bplx6SS338j1Is2S+B7A= +github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o= +github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -572,8 +572,8 @@ github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.78.0 h1:iM7lFFA7cJkUD4tmrlsAHWgL3HuTuF9mdvTAliMkcFA= -github.com/oracle/oci-go-sdk/v65 v65.78.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.78.1 h1:M9nLmaOsjTZJHQ5hlkF5UK6XV/sbFUodAgCfbM2Ve00= +github.com/oracle/oci-go-sdk/v65 v65.78.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.1 h1:boNYHZmSnWl/3bKbUiaWgF/mELCtHfliGHzggf884GE= github.com/passbolt/go-passbolt v0.7.1/go.mod h1:if/jzzYYUjRtq/5h+l+J5Dka0f5dED67QM1lhpTx4pY= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -680,10 +680,10 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.113.0 h1:v5O4R+YZbJGxKqa9iIZxjMyeKkMKBN8P6sZsNl+YckM= github.com/xanzy/go-gitlab v0.113.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20241101135610-76a0cfc1a773 h1:xkWrnYFWxiwCKVbmuOEMR030UCFklpglmOcPv9yJz2c= -github.com/yandex-cloud/go-genproto v0.0.0-20241101135610-76a0cfc1a773/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= -github.com/yandex-cloud/go-sdk v0.0.0-20241101143304-947cf519f6bd h1:LcA5pQoWjS2hhG6bV2ZL9eBEV2wLSVbM2KcpDphYP/w= -github.com/yandex-cloud/go-sdk v0.0.0-20241101143304-947cf519f6bd/go.mod h1:oku4OkbdLLOOpZEz2XxYGXI7rFhxBI5W0cLPmpStdqA= +github.com/yandex-cloud/go-genproto v0.0.0-20241114125552-204702d61ed0 h1:CTEV6vCJy1LBX1FNKwkpXOU3vSyPiUJoEdjhuX+U8rc= +github.com/yandex-cloud/go-genproto v0.0.0-20241114125552-204702d61ed0/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= +github.com/yandex-cloud/go-sdk v0.0.0-20241114131935-2a8bbd3c67f1 h1:tGbuhiS87CooN6fbGV+Cu3MyJ2oMenxjYrdlj8Pr1f0= +github.com/yandex-cloud/go-sdk v0.0.0-20241114131935-2a8bbd3c67f1/go.mod h1:jMDvCxZIWr1+wrNCkjFMTxpW2XCCofiotwjND0YpYJI= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -1049,8 +1049,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.205.0 h1:LFaxkAIpDb/GsrWV20dMMo5MR0h8UARTbn24LmD+0Pg= -google.golang.org/api v0.205.0/go.mod h1:NrK1EMqO8Xk6l6QwRAmrXXg2v6dzukhlOyvkYtnvUuc= +google.golang.org/api v0.206.0 h1:A27GClesCSheW5P2BymVHjpEeQ2XHH8DI8Srs2HI2L8= +google.golang.org/api v0.206.0/go.mod h1:BtB8bfjTYIrai3d8UyvPmV9REGgox7coh+ZRwm0b+W8= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1098,12 +1098,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28 h1:KJjNNclfpIkVqrZlTWcgOOaVQ00LdBnoEaRfkUx760s= -google.golang.org/genproto v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:mt9/MofW7AWQ+Gy179ChOnvmJatV8YHUmrcedo9CIFI= -google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28 h1:M0KvPgPmDZHPlbRbaNU1APr28TvwvvdUPlSv7PUvy8g= -google.golang.org/genproto/googleapis/api v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:dguCy7UOdZhTvLzDyt15+rOrawrpM4q7DD9dQ1P11P4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28 h1:XVhgTWWV3kGQlwJHR3upFWZeTsei6Oks1apkZSeonIE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241104194629-dd2ea8efbc28/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f h1:zDoHYmMzMacIdjNe+P2XiTmPsLawi/pCbSPfxt6lTfw= +google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f/go.mod h1:Q5m6g8b5KaFFzsQFIGdJkSJDGeJiybVenoYFMMa3ohI= +google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f h1:M65LEviCfuZTfrfzwwEoxVtgvfkFkBUbFnRbxCXuXhU= +google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f/go.mod h1:Yo94eF2nj7igQt+TiJ49KxjIH8ndLYPZMIRSiRcEbg0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f h1:C1QccEa9kUwvMgEUORqQD9S17QesQijxjZ84sO82mfo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1138,8 +1138,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.35.1 h1:m3LfL6/Ca+fqnjnlqQXNpFPABW1UD7mjh8KO2mKFytA= -google.golang.org/protobuf v1.35.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= +google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1192,8 +1192,8 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094 h1:MErs8YA0abvOqJ8gIupA1Tz6PKXYUw34XsGlA7uSL1k= -k8s.io/kube-openapi v0.0.0-20241009091222-67ed5848f094/go.mod h1:7ioBJr1A6igWjsR2fxq2EZ0mlMwYLejazSIc2bzMp2U= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= +k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno= k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= @@ -1205,8 +1205,8 @@ sigs.k8s.io/controller-tools v0.16.5 h1:5k9FNRqziBPwqr17AMEPPV/En39ZBplLAdOwwQHr sigs.k8s.io/controller-tools v0.16.5/go.mod h1:8vztuRVzs8IuuJqKqbXCSlXcw+lkAv/M2sTpg55qjMY= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4= -sigs.k8s.io/structured-merge-diff/v4 v4.4.1/go.mod h1:N8hJocpFajUSSeSJ9bOZ77VzejKZaXsTtZo4/u7Io08= +sigs.k8s.io/structured-merge-diff/v4 v4.4.3 h1:sCP7Vv3xx/CWIuTPVN38lUPx0uw0lcLfzaiDa8Ja01A= +sigs.k8s.io/structured-merge-diff/v4 v4.4.3/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= From 3ffeeb55dda4a01394793ce94c005158a012d984 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Tue, 19 Nov 2024 12:20:05 +0100 Subject: [PATCH 417/517] feat: enable concurrent reconciling for push secret reconciler (#4124) * feat: enable concurrent reconciling for push secret reconciler Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * add cluster secret store concurrent option as well Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- cmd/root.go | 8 ++++++-- pkg/controllers/pushsecret/pushsecret_controller.go | 4 +++- pkg/controllers/pushsecret/suite_test.go | 5 ++++- .../secretstore/clustersecretstore_controller.go | 4 +++- pkg/controllers/secretstore/suite_test.go | 2 +- 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index 0472d665095..88aed014cac 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -189,7 +189,9 @@ var rootCmd = &cobra.Command{ Scheme: mgr.GetScheme(), ControllerClass: controllerClass, RequeueInterval: storeRequeueInterval, - }).SetupWithManager(mgr); err != nil { + }).SetupWithManager(mgr, controller.Options{ + MaxConcurrentReconciles: concurrent, + }); err != nil { setupLog.Error(err, errCreateController, "controller", "ClusterSecretStore") os.Exit(1) } @@ -218,7 +220,9 @@ var rootCmd = &cobra.Command{ ControllerClass: controllerClass, RestConfig: mgr.GetConfig(), RequeueInterval: time.Hour, - }).SetupWithManager(mgr); err != nil { + }).SetupWithManager(mgr, controller.Options{ + MaxConcurrentReconciles: concurrent, + }); err != nil { setupLog.Error(err, errCreateController, "controller", "PushSecret") os.Exit(1) } diff --git a/pkg/controllers/pushsecret/pushsecret_controller.go b/pkg/controllers/pushsecret/pushsecret_controller.go index d30f49666f6..09e60523c0c 100644 --- a/pkg/controllers/pushsecret/pushsecret_controller.go +++ b/pkg/controllers/pushsecret/pushsecret_controller.go @@ -32,6 +32,7 @@ import ( "k8s.io/client-go/tools/record" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1" @@ -69,10 +70,11 @@ type Reconciler struct { ControllerClass string } -func (r *Reconciler) SetupWithManager(mgr ctrl.Manager) error { +func (r *Reconciler) SetupWithManager(mgr ctrl.Manager, opts controller.Options) error { r.recorder = mgr.GetEventRecorderFor("pushsecret") return ctrl.NewControllerManagedBy(mgr). + WithOptions(opts). For(&esapi.PushSecret{}). Complete(r) } diff --git a/pkg/controllers/pushsecret/suite_test.go b/pkg/controllers/pushsecret/suite_test.go index 2d49551a766..b6c66264298 100644 --- a/pkg/controllers/pushsecret/suite_test.go +++ b/pkg/controllers/pushsecret/suite_test.go @@ -25,6 +25,7 @@ import ( "k8s.io/client-go/rest" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/envtest" logf "sigs.k8s.io/controller-runtime/pkg/log" "sigs.k8s.io/controller-runtime/pkg/log/zap" @@ -96,7 +97,9 @@ var _ = BeforeSuite(func() { Log: ctrl.Log.WithName("controllers").WithName("PushSecret"), RestConfig: cfg, RequeueInterval: time.Second, - }).SetupWithManager(k8sManager) + }).SetupWithManager(k8sManager, controller.Options{ + MaxConcurrentReconciles: 1, + }) Expect(err).ToNot(HaveOccurred()) go func() { diff --git a/pkg/controllers/secretstore/clustersecretstore_controller.go b/pkg/controllers/secretstore/clustersecretstore_controller.go index d7a769ce2d7..02b39cbbdd0 100644 --- a/pkg/controllers/secretstore/clustersecretstore_controller.go +++ b/pkg/controllers/secretstore/clustersecretstore_controller.go @@ -24,6 +24,7 @@ import ( "k8s.io/client-go/tools/record" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/controller" esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" ctrlmetrics "github.com/external-secrets/external-secrets/pkg/controllers/metrics" @@ -66,10 +67,11 @@ func (r *ClusterStoreReconciler) Reconcile(ctx context.Context, req ctrl.Request } // SetupWithManager returns a new controller builder that will be started by the provided Manager. -func (r *ClusterStoreReconciler) SetupWithManager(mgr ctrl.Manager) error { +func (r *ClusterStoreReconciler) SetupWithManager(mgr ctrl.Manager, opts controller.Options) error { r.recorder = mgr.GetEventRecorderFor("cluster-secret-store") return ctrl.NewControllerManagedBy(mgr). + WithOptions(opts). For(&esapi.ClusterSecretStore{}). Complete(r) } diff --git a/pkg/controllers/secretstore/suite_test.go b/pkg/controllers/secretstore/suite_test.go index 2e984bd7e9b..0885f672dfe 100644 --- a/pkg/controllers/secretstore/suite_test.go +++ b/pkg/controllers/secretstore/suite_test.go @@ -93,7 +93,7 @@ var _ = BeforeSuite(func() { Scheme: k8sManager.GetScheme(), ControllerClass: defaultControllerClass, Log: ctrl.Log.WithName("controllers").WithName("ClusterSecretStore"), - }).SetupWithManager(k8sManager) + }).SetupWithManager(k8sManager, controller.Options{}) Expect(err).ToNot(HaveOccurred()) go func() { From 7b7dad464d6d3f3ccfe1ea7c648f3dd4601d15ad Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Tue, 19 Nov 2024 16:32:17 +0100 Subject: [PATCH 418/517] feat: supporting pushing entire secret for bitwarden provider (#4106) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/bitwarden/client.go | 28 +++++++++--- pkg/provider/bitwarden/client_test.go | 64 +++++++++++++++++++++++++++ 2 files changed, 85 insertions(+), 7 deletions(-) diff --git a/pkg/provider/bitwarden/client.go b/pkg/provider/bitwarden/client.go index 85271239010..5b76f1cc4d3 100644 --- a/pkg/provider/bitwarden/client.go +++ b/pkg/provider/bitwarden/client.go @@ -47,17 +47,31 @@ func (p *Provider) PushSecret(ctx context.Context, secret *corev1.Secret, data e return errors.New("store does not have a provider") } - if data.GetSecretKey() == "" { - return errors.New("pushing the whole secret is not yet implemented") - } - if data.GetRemoteKey() == "" { return errors.New("remote key must be defined") } - value, ok := secret.Data[data.GetSecretKey()] - if !ok { - return fmt.Errorf("failed to find secret key in secret with key: %s", data.GetSecretKey()) + var ( + value []byte + err error + ok bool + ) + if data.GetSecretKey() == "" { + decodedMap := make(map[string]string) + for k, v := range secret.Data { + decodedMap[k] = string(v) + } + value, err = utils.JSONMarshal(decodedMap) + + if err != nil { + return fmt.Errorf("failed to marshal secret data: %w", err) + } + } else { + value, ok = secret.Data[data.GetSecretKey()] + + if !ok { + return fmt.Errorf("failed to find secret key in secret with key: %s", data.GetSecretKey()) + } } note, err := utils.FetchValueFromMetadata(NoteMetadataKey, data.GetMetadata(), "") diff --git a/pkg/provider/bitwarden/client_test.go b/pkg/provider/bitwarden/client_test.go index 73b66762792..4010801ff8c 100644 --- a/pkg/provider/bitwarden/client_test.go +++ b/pkg/provider/bitwarden/client_test.go @@ -481,6 +481,70 @@ func TestProviderPushSecret(t *testing.T) { }, }, }, + { + name: "push entire secret succeeds", + args: args{ + ctx: context.Background(), + secret: &corev1.Secret{ + Data: map[string][]byte{ + "key": []byte("value"), + }, + }, + data: v1alpha1.PushSecretData{ + Match: v1alpha1.PushSecretMatch{ + RemoteRef: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "this-is-a-name", + }, + }, + }, + }, + fields: fields{ + kube: func() client.Client { + return fake.NewFakeClient() + }, + namespace: "default", + store: &v1beta1.SecretStore{ + Spec: v1beta1.SecretStoreSpec{ + Provider: &v1beta1.SecretStoreProvider{ + BitwardenSecretsManager: &v1beta1.BitwardenSecretsManagerProvider{ + OrganizationID: "orgid", + ProjectID: projectID, + }, + }, + }, + }, + mock: func(c *FakeClient) { + c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ + Data: []SecretIdentifierResponse{ + { + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "this-is-a-name", + OrganizationID: "orgid", + }, + }, + }) + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "no-match", // if this is this-is-a-name it would match + Note: "", + OrganizationID: "orgid", + Value: "value", + ProjectID: &projectID, + }) + c.CreateSecretReturnsOnCallN(0, &SecretResponse{}) + }, + assertMock: func(t *testing.T, c *FakeClient) { + cargs := c.createSecretCallArguments[0] + assert.Equal(t, SecretCreateRequest{ + Key: "this-is-a-name", + Note: "", + OrganizationID: "orgid", + ProjectIDS: []string{projectID}, + Value: `{"key":"value"}`, + }, cargs) + }, + }, + }, { name: "push secret is successful for a existing remote secret but only the value differs will call update", args: args{ From 1d85a90530d261d8a4071a46cadd1edef4952c7f Mon Sep 17 00:00:00 2001 From: Moritz Johner Date: Tue, 19 Nov 2024 21:58:25 +0100 Subject: [PATCH 419/517] fix: do not import gpg key from forked repo (#4126) * fix: do not import gpg key from forked repo The key does not exist there and is not needed. The import-gpg and run-chart-releaser step should only run on main. Otherwise it fails due to missing GPG key and invalid permissions on github token. --- .github/workflows/helm.yml | 9 ++++----- deploy/charts/external-secrets/Chart.yaml | 1 - 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 93f5ac0d5a4..21717b2f628 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -74,6 +74,9 @@ jobs: id-token: write # gives the action the ability to mint the OIDC token necessary to request a Sigstore signing certificate attestations: write # this permission is necessary to persist the attestation runs-on: ubuntu-latest + if: | + github.ref == 'refs/heads/main' || + startsWith(github.ref, 'refs/heads/release-') steps: - name: Checkout uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 @@ -90,17 +93,13 @@ jobs: version: v3.4.2 - name: Generate chart - run: | - make helm.generate + run: make helm.generate - name: Import GPG key run: | echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --dearmor --output keyring.gpg echo -n "${{ secrets.GPG_PASSPHRASE }}" > passphrase-file.txt - name: Run chart-releaser uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 - if: | - github.ref == 'refs/heads/main' || - startsWith(github.ref, 'refs/heads/release-') env: CR_KEY: external-secrets CR_KEYRING: keyring.gpg diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index ab906289844..7d57235379d 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -13,7 +13,6 @@ icon: https://raw.githubusercontent.com/external-secrets/external-secrets/main/a maintainers: - name: mcavoyk email: kellinmcavoy@gmail.com - dependencies: - name: bitwarden-sdk-server version: v0.3.1 From 44e462f5104770055022396d960c04be56c211a8 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Wed, 20 Nov 2024 10:40:41 +0100 Subject: [PATCH 420/517] feat: implement SecretExists function for gcp secretsmanager (#4127) * feat: implement SecretExists function for gcp secretsmanager Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * refactored the test for lesser complexity Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/gcp/secretmanager/client.go | 16 +++- pkg/provider/gcp/secretmanager/client_test.go | 79 +++++++++++++++++++ 2 files changed, 93 insertions(+), 2 deletions(-) diff --git a/pkg/provider/gcp/secretmanager/client.go b/pkg/provider/gcp/secretmanager/client.go index 4892cc26029..aa859df68ed 100644 --- a/pkg/provider/gcp/secretmanager/client.go +++ b/pkg/provider/gcp/secretmanager/client.go @@ -130,8 +130,20 @@ func parseError(err error) error { return err } -func (c *Client) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef) (bool, error) { - return false, errors.New("not implemented") +func (c *Client) SecretExists(ctx context.Context, ref esv1beta1.PushSecretRemoteRef) (bool, error) { + secretName := fmt.Sprintf("projects/%s/secrets/%s", c.store.ProjectID, ref.GetRemoteKey()) + gcpSecret, err := c.smClient.GetSecret(ctx, &secretmanagerpb.GetSecretRequest{ + Name: secretName, + }) + if err != nil { + if status.Code(err) == codes.NotFound { + return false, nil + } + + return false, err + } + + return gcpSecret != nil, nil } // PushSecret pushes a kubernetes secret key into gcp provider Secret. diff --git a/pkg/provider/gcp/secretmanager/client_test.go b/pkg/provider/gcp/secretmanager/client_test.go index fd1774f3e86..f5edf565654 100644 --- a/pkg/provider/gcp/secretmanager/client_test.go +++ b/pkg/provider/gcp/secretmanager/client_test.go @@ -25,12 +25,15 @@ import ( "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb" "github.com/googleapis/gax-go/v2" "github.com/googleapis/gax-go/v2/apierror" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" "google.golang.org/grpc/codes" "google.golang.org/grpc/status" corev1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" pointer "k8s.io/utils/ptr" + "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" v1 "github.com/external-secrets/external-secrets/apis/meta/v1" fakesm "github.com/external-secrets/external-secrets/pkg/provider/gcp/secretmanager/fake" @@ -913,6 +916,82 @@ func TestPushSecret(t *testing.T) { } } +func TestSecretExists(t *testing.T) { + tests := []struct { + name string + ref esv1beta1.PushSecretRemoteRef + getSecretMockReturn fakesm.SecretMockReturn + expectedSecret bool + expectedErr func(t *testing.T, err error) + }{ + { + name: "secret exists", + ref: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "bar", + }, + getSecretMockReturn: fakesm.SecretMockReturn{ + Secret: &secretmanagerpb.Secret{ + Name: "projects/foo/secret/bar", + }, + Err: nil, + }, + expectedSecret: true, + expectedErr: func(t *testing.T, err error) { + require.NoError(t, err) + }, + }, + { + name: "secret does not exists", + ref: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "bar", + }, + getSecretMockReturn: fakesm.SecretMockReturn{ + Err: nil, + }, + expectedSecret: false, + expectedErr: func(t *testing.T, err error) { + require.NoError(t, err) + }, + }, + { + name: "unexpected error occurs", + ref: v1alpha1.PushSecretRemoteRef{ + RemoteKey: "bar2", + }, + getSecretMockReturn: fakesm.SecretMockReturn{ + Secret: &secretmanagerpb.Secret{ + Name: "projects/foo/secret/bar", + }, + Err: errors.New("some error"), + }, + expectedSecret: false, + expectedErr: func(t *testing.T, err error) { + assert.ErrorContains(t, err, "some error") + }, + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + smClient := fakesm.MockSMClient{} + smClient.NewGetSecretFn(tc.getSecretMockReturn) + + client := Client{ + smClient: &smClient, + store: &esv1beta1.GCPSMProvider{ + ProjectID: "foo", + }, + } + got, err := client.SecretExists(context.TODO(), tc.ref) + tc.expectedErr(t, err) + + if got != tc.expectedSecret { + t.Fatalf("unexpected secret: expected %t, got %t", tc.expectedSecret, got) + } + }) + } +} + func TestPushSecret_Property(t *testing.T) { secretKey := "secret-key" defaultAddSecretVersionMockReturn := func(gotPayload, expectedPayload string) (*secretmanagerpb.SecretVersion, error) { From dc7c2ab443676471d2ed8277bb7bfaa696237503 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Wed, 20 Nov 2024 11:19:00 +0100 Subject: [PATCH 421/517] fix: restrict the token permission update to the push chart step (#4128) --- .github/workflows/helm.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 21717b2f628..4e3c89d9b5d 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -71,8 +71,6 @@ jobs: permissions: contents: write # for helm/chart-releaser-action to push chart release and create a release packages: write # to push OCI chart package to GitHub Registry - id-token: write # gives the action the ability to mint the OIDC token necessary to request a Sigstore signing certificate - attestations: write # this permission is necessary to persist the attestation runs-on: ubuntu-latest if: | github.ref == 'refs/heads/main' || @@ -130,6 +128,9 @@ jobs: cosign-release: 'v2.4.1' - name: Push chart to GHCR + permissions: + id-token: write # gives the action the ability to mint the OIDC token necessary to request a Sigstore signing certificate + attestations: write # this permission is necessary to persist the attestation id: push_chart run: | shopt -s nullglob @@ -140,11 +141,11 @@ jobs: chart_name=$(helm show chart "${pkg}" | yq .name) # helm push fails when registry path contains Uppercase letters chart_registry="ghcr.io/${GITHUB_REPOSITORY_OWNER}/charts" - + helm_push_output=$(helm push "${pkg}" "oci://${chart_registry}" 2>&1) digest=$(echo "$helm_push_output" | grep -o 'sha256:[a-z0-9]*') echo "$helm_push_output" - + artifact_digest_uri="${chart_registry}/${chart_name}@${digest}" cosign sign --yes "$artifact_digest_uri" cosign verify "$artifact_digest_uri" \ From f61580e0dd0ccaed674cf1cff4005309532e9781 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Wed, 20 Nov 2024 12:07:42 +0100 Subject: [PATCH 422/517] fix: further restrict token permissions on helm action steps (#4129) * fix: further restrict token permissions on helm action steps Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * pin cosign to a specific hash Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/helm.yml | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 4e3c89d9b5d..d999f654bba 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -69,8 +69,7 @@ jobs: release: permissions: - contents: write # for helm/chart-releaser-action to push chart release and create a release - packages: write # to push OCI chart package to GitHub Registry + contents: read runs-on: ubuntu-latest if: | github.ref == 'refs/heads/main' || @@ -97,6 +96,9 @@ jobs: echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --dearmor --output keyring.gpg echo -n "${{ secrets.GPG_PASSPHRASE }}" > passphrase-file.txt - name: Run chart-releaser + permissions: + contents: write # for helm/chart-releaser-action to push chart release and create a release + packages: write # to push OCI chart package to GitHub Registry uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 env: CR_KEY: external-secrets @@ -123,7 +125,7 @@ jobs: password: ${{ secrets.GITHUB_TOKEN }} - name: Install cosign - uses: sigstore/cosign-installer@v3.7.0 + uses: sigstore/cosign-installer@dc72c7d5c4d10cd6bcb8cf6e3fd625a9e5e537da # v3.7.0 with: cosign-release: 'v2.4.1' @@ -158,7 +160,10 @@ jobs: done - name: Generate provenance attestation and push to OCI registry - uses: actions/attest-build-provenance@v1.4.4 + permissions: + attestation: write + packages: write + uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 with: push-to-registry: true subject-name: ${{ steps.push_chart.outputs.registry }}/${{ steps.push_chart.outputs.chart_name }} From 23eea8927a65adc2f67242198a02e42eb3cdbb70 Mon Sep 17 00:00:00 2001 From: Antonio Spadaro Date: Wed, 20 Nov 2024 13:23:46 +0100 Subject: [PATCH 423/517] Change wrong YAML TLS keys (#4131) See https://github.com/external-secrets/external-secrets/issues/4130 Signed-off-by: Antonio Spadaro --- docs/snippets/full-secret-store.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/snippets/full-secret-store.yaml b/docs/snippets/full-secret-store.yaml index afec84f574f..4c27343280e 100644 --- a/docs/snippets/full-secret-store.yaml +++ b/docs/snippets/full-secret-store.yaml @@ -64,11 +64,11 @@ spec: key: "cert-key" # client side related TLS communication, when the Vault server requires mutual authentication tls: - clientCert: + certSecretRef: namespace: ... name: "my-cert-secret" key: "tls.crt" - secretRef: + keySecretRef: namespace: ... name: "my-cert-secret" key: "tls.key" From f68c0a96ad94ac0ba7350038f1d469e4c5a62a3a Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Wed, 20 Nov 2024 18:40:35 +0100 Subject: [PATCH 424/517] Release v0.10.6 helm chart docs (#4133) * chore: bump helm-chart version v0.10.6 Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * updated the release doc Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- deploy/charts/external-secrets/Chart.yaml | 4 ++-- deploy/charts/external-secrets/README.md | 2 +- .../__snapshot__/cert_controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/webhook_test.yaml.snap | 14 +++++++------- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index 7d57235379d..52c2cf93d3e 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.10.5" -appVersion: "v0.10.5" +version: "0.10.6" +appVersion: "v0.10.6" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index 5d25e7ea738..a78904e7ecc 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.5](https://img.shields.io/badge/Version-0.10.5-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.6](https://img.shields.io/badge/Version-0.10.6-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 4d9dfbb1949..4b54c54a8a2 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.5 - helm.sh/chart: external-secrets-0.10.5 + app.kubernetes.io/version: v0.10.6 + helm.sh/chart: external-secrets-0.10.6 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.5 - helm.sh/chart: external-secrets-0.10.5 + app.kubernetes.io/version: v0.10.6 + helm.sh/chart: external-secrets-0.10.6 spec: automountServiceAccountToken: true containers: @@ -41,7 +41,7 @@ should match snapshot of default values: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.5 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.6 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 3f6a82cc7a7..b49c27b9a3f 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.5 - helm.sh/chart: external-secrets-0.10.5 + app.kubernetes.io/version: v0.10.6 + helm.sh/chart: external-secrets-0.10.6 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.5 - helm.sh/chart: external-secrets-0.10.5 + app.kubernetes.io/version: v0.10.6 + helm.sh/chart: external-secrets-0.10.6 spec: automountServiceAccountToken: true containers: @@ -34,7 +34,7 @@ should match snapshot of default values: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.5 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.6 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 4980664d624..d67da0e4588 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.5 - helm.sh/chart: external-secrets-0.10.5 + app.kubernetes.io/version: v0.10.6 + helm.sh/chart: external-secrets-0.10.6 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.5 - helm.sh/chart: external-secrets-0.10.5 + app.kubernetes.io/version: v0.10.6 + helm.sh/chart: external-secrets-0.10.6 spec: automountServiceAccountToken: true containers: @@ -39,7 +39,7 @@ should match snapshot of default values: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.5 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.6 imagePullPolicy: IfNotPresent name: webhook ports: @@ -83,8 +83,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.5 + app.kubernetes.io/version: v0.10.6 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.10.5 + helm.sh/chart: external-secrets-0.10.6 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From 1ae44e4167c9902c1e2a1ff0bdb8f5953687cc63 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Wed, 20 Nov 2024 20:58:44 +0100 Subject: [PATCH 425/517] fix: permissions on steps is not a thing (#4134) * fix: permissions on steps is not a thing Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * add comment in the values about the conversion Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/helm.yml | 14 ++++---------- deploy/charts/external-secrets/README.md | 2 +- deploy/charts/external-secrets/values.yaml | 1 + 3 files changed, 6 insertions(+), 11 deletions(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index d999f654bba..c10ee656ead 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -69,7 +69,10 @@ jobs: release: permissions: - contents: read + contents: write # for helm/chart-releaser-action to push chart release and create a release + packages: write # to push OCI chart package to GitHub Registry + id-token: write # gives the action the ability to mint the OIDC token necessary to request a Sigstore signing certificate + attestations: write # this permission is necessary to persist the attestation runs-on: ubuntu-latest if: | github.ref == 'refs/heads/main' || @@ -96,9 +99,6 @@ jobs: echo "${{ secrets.GPG_PRIVATE_KEY }}" | gpg --dearmor --output keyring.gpg echo -n "${{ secrets.GPG_PASSPHRASE }}" > passphrase-file.txt - name: Run chart-releaser - permissions: - contents: write # for helm/chart-releaser-action to push chart release and create a release - packages: write # to push OCI chart package to GitHub Registry uses: helm/chart-releaser-action@a917fd15b20e8b64b94d9158ad54cd6345335584 # v1.6.0 env: CR_KEY: external-secrets @@ -130,9 +130,6 @@ jobs: cosign-release: 'v2.4.1' - name: Push chart to GHCR - permissions: - id-token: write # gives the action the ability to mint the OIDC token necessary to request a Sigstore signing certificate - attestations: write # this permission is necessary to persist the attestation id: push_chart run: | shopt -s nullglob @@ -160,9 +157,6 @@ jobs: done - name: Generate provenance attestation and push to OCI registry - permissions: - attestation: write - packages: write uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 with: push-to-registry: true diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index a78904e7ecc..d5e2002f364 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -87,7 +87,7 @@ The command removes all the Kubernetes components associated with the chart and | concurrent | int | `1` | Specifies the number of concurrent ExternalSecret Reconciles external-secret executes at a time. | | controllerClass | string | `""` | If set external secrets will filter matching Secret Stores with the appropriate controller values. | | crds.annotations | object | `{}` | | -| crds.conversion.enabled | bool | `true` | | +| crds.conversion.enabled | bool | `true` | If webhook is set to false this also needs to be set to false otherwise the kubeapi will be hammered because the conversion is looking for a webhook endpoint. | | crds.createClusterExternalSecret | bool | `true` | If true, create CRDs for Cluster External Secret. | | crds.createClusterSecretStore | bool | `true` | If true, create CRDs for Cluster Secret Store. | | crds.createPushSecret | bool | `true` | If true, create CRDs for Push Secret. | diff --git a/deploy/charts/external-secrets/values.yaml b/deploy/charts/external-secrets/values.yaml index 21f4a94c394..036ac755345 100644 --- a/deploy/charts/external-secrets/values.yaml +++ b/deploy/charts/external-secrets/values.yaml @@ -43,6 +43,7 @@ crds: createPushSecret: true annotations: {} conversion: + # -- If webhook is set to false this also needs to be set to false otherwise the kubeapi will be hammered because the conversion is looking for a webhook endpoint. enabled: true imagePullSecrets: [] From 96921ee1310e4d4d1356b45aab0552613ff41ca0 Mon Sep 17 00:00:00 2001 From: Igor Beliakov <46579601+weisdd@users.noreply.github.com> Date: Thu, 21 Nov 2024 12:37:38 +0100 Subject: [PATCH 426/517] fix(azure-keyvault): remove incorrect suffix from provider URL (#4136) Signed-off-by: Igor Beliakov --- pkg/provider/azure/keyvault/keyvault.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/provider/azure/keyvault/keyvault.go b/pkg/provider/azure/keyvault/keyvault.go index 854828cc23f..000166e9e45 100644 --- a/pkg/provider/azure/keyvault/keyvault.go +++ b/pkg/provider/azure/keyvault/keyvault.go @@ -956,7 +956,7 @@ func NewTokenProvider(ctx context.Context, token, clientID, tenantID, aadEndpoin cred := confidential.NewCredFromAssertionCallback(func(ctx context.Context, aro confidential.AssertionRequestOptions) (string, error) { return token, nil }) - cClient, err := confidential.New(fmt.Sprintf("%s%s/oauth2/token", aadEndpoint, tenantID), clientID, cred) + cClient, err := confidential.New(fmt.Sprintf("%s%s", aadEndpoint, tenantID), clientID, cred) if err != nil { return nil, err } From 9f91fe80d20014e99e12ab67db9a8c4ed66a9f99 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Thu, 21 Nov 2024 12:37:31 -0300 Subject: [PATCH 427/517] chore: add blog (#4137) Signed-off-by: Gustavo Carvalho --- docs/eso-blogs.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/eso-blogs.md b/docs/eso-blogs.md index 44ac14ad154..6de37abf812 100644 --- a/docs/eso-blogs.md +++ b/docs/eso-blogs.md @@ -2,6 +2,10 @@ A list of blogs written by people all over the community. Feel free to let us know if you are writing about ESO at some place! We would be happy to mention you here! +## [Secrets Replication in Kubernetes with ESO](https://externalsecrets.com/blog/secrets-replication/) + +[@Gustavo Carvalho](https://www.linkedin.com/in/gustavo-carvalho-51427444/) describes how to use ESO to synchronize in-cluster secrets across multiple namespaces using only two manifests: `ClusterSecretStore` and `ClusterExternalSecret`. + ## [Pulumi ESC and External Secrets Operator: The Perfect Solution for Today's Cloud-Native Secret Management](https://www.pulumi.com/blog/cloud-native-secret-management-with-pulumi-esc-and-external-secrets-operator/) [@Engin Diri](https://www.linkedin.com/in/engin-diri/) walks through the integration of ESO with Pulumi ESC, offering a practical guide for enhancing security from cloud-native application development to infrastructure provisioning. This blog provides a hands-on guide to setting up ESO and Pulumi ESC, and demonstrates how to use them together to manage secrets in a Kubernetes cluster. From dc6be312cf592a294bfe370762856d98de29a64d Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Sat, 23 Nov 2024 07:31:53 +0100 Subject: [PATCH 428/517] feat: add yaml based encoding for get secrets as map (#4001) --- pkg/provider/bitwarden/client.go | 36 ++++++++++- pkg/provider/bitwarden/client_test.go | 86 +++++++++++++++++++++++++++ 2 files changed, 120 insertions(+), 2 deletions(-) diff --git a/pkg/provider/bitwarden/client.go b/pkg/provider/bitwarden/client.go index 5b76f1cc4d3..94215d4a9f7 100644 --- a/pkg/provider/bitwarden/client.go +++ b/pkg/provider/bitwarden/client.go @@ -15,11 +15,13 @@ limitations under the License. package bitwarden import ( + "bytes" "context" "encoding/json" "errors" "fmt" + "gopkg.in/yaml.v3" corev1 "k8s.io/api/core/v1" "k8s.io/kube-openapi/pkg/validation/strfmt" @@ -238,9 +240,12 @@ func (p *Provider) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecre return nil, err } + if err := yaml.Unmarshal(data, map[string]any{}); err == nil { + return p.parseYamlSecretData(data) + } + kv := make(map[string]json.RawMessage) - err = json.Unmarshal(data, &kv) - if err != nil { + if err := json.Unmarshal(data, &kv); err != nil { return nil, fmt.Errorf("error unmarshalling secret: %w", err) } @@ -258,6 +263,33 @@ func (p *Provider) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecre return secretData, nil } +func (p *Provider) parseYamlSecretData(data []byte) (map[string][]byte, error) { + kv := make(map[string]any) + if err := yaml.Unmarshal(data, &kv); err != nil { + return nil, fmt.Errorf("error unmarshalling secret: %w", err) + } + + secretData := make(map[string][]byte) + for k, v := range kv { + switch t := v.(type) { + case string: + secretData[k] = []byte(t) + case []byte: + secretData[k] = t + case map[string]any: + d, err := yaml.Marshal(t) + if err != nil { + return nil, fmt.Errorf("error marshaling secret: %w", err) + } + secretData[k] = bytes.TrimSpace(d) + default: + secretData[k] = []byte(fmt.Sprintf("%v", t)) // Convert to string and then []byte + } + } + + return secretData, nil +} + // GetAllSecrets gets multiple secrets from the provider and loads into a kubernetes secret. // First load all secrets from secretStore path configuration // Then, gets secrets from a matching name or matching custom_metadata. diff --git a/pkg/provider/bitwarden/client_test.go b/pkg/provider/bitwarden/client_test.go index 4010801ff8c..3672600a08e 100644 --- a/pkg/provider/bitwarden/client_test.go +++ b/pkg/provider/bitwarden/client_test.go @@ -934,6 +934,92 @@ func TestProviderGetSecretMap(t *testing.T) { }, want: []byte("value"), }, + { + name: "get secret map with yaml", + fields: fields{ + kube: func() client.Client { + return fake.NewFakeClient() + }, + namespace: "default", + store: &v1beta1.SecretStore{}, + mock: func(c *FakeClient) { + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "key", + Note: "note", + OrganizationID: "org", + Value: `key: value`, + }) + }, + }, + args: args{ + ctx: context.Background(), + ref: v1beta1.ExternalSecretDataRemoteRef{ + Key: "d8f29773-3019-4973-9bbc-66327d077fe2", + Property: "key", + }, + key: "key", + }, + want: []byte("value"), + }, + { + name: "get secret map with nested yaml", + fields: fields{ + kube: func() client.Client { + return fake.NewFakeClient() + }, + namespace: "default", + store: &v1beta1.SecretStore{}, + mock: func(c *FakeClient) { + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "key", + Note: "note", + OrganizationID: "org", + Value: `key: + key2: value`, + }) + }, + }, + args: args{ + ctx: context.Background(), + ref: v1beta1.ExternalSecretDataRemoteRef{ + Key: "d8f29773-3019-4973-9bbc-66327d077fe2", + Property: "key", + }, + key: "key", + }, + want: []byte("key2: value"), + }, + { + name: "get secret map with binary yaml data", + fields: fields{ + kube: func() client.Client { + return fake.NewFakeClient() + }, + namespace: "default", + store: &v1beta1.SecretStore{}, + mock: func(c *FakeClient) { + c.GetSecretReturnsOnCallN(0, &SecretResponse{ + ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: "key", + Note: "note", + OrganizationID: "org", + Value: `key: value +key2: !!binary VGhpcyBpcyBhIHRlc3Q=`, + }) + }, + }, + args: args{ + ctx: context.Background(), + ref: v1beta1.ExternalSecretDataRemoteRef{ + Key: "d8f29773-3019-4973-9bbc-66327d077fe2", + Property: "key2", + }, + key: "key2", + }, + want: []byte(`This is a test`), + }, { name: "get secret map - missing key", fields: fields{ From bea0fb63615e12c72d1b5de14c58e751882e00c6 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Sat, 23 Nov 2024 11:43:25 +0100 Subject: [PATCH 429/517] chore: bump version v0.10.7 (#4141) --- deploy/charts/external-secrets/Chart.yaml | 4 ++-- deploy/charts/external-secrets/README.md | 2 +- .../__snapshot__/cert_controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/webhook_test.yaml.snap | 14 +++++++------- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index 52c2cf93d3e..b10162ae2ac 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.10.6" -appVersion: "v0.10.6" +version: "0.10.7" +appVersion: "v0.10.7" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index d5e2002f364..a2b444a2359 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.6](https://img.shields.io/badge/Version-0.10.6-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.7](https://img.shields.io/badge/Version-0.10.7-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 4b54c54a8a2..1ffd677e9d8 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.6 - helm.sh/chart: external-secrets-0.10.6 + app.kubernetes.io/version: v0.10.7 + helm.sh/chart: external-secrets-0.10.7 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.6 - helm.sh/chart: external-secrets-0.10.6 + app.kubernetes.io/version: v0.10.7 + helm.sh/chart: external-secrets-0.10.7 spec: automountServiceAccountToken: true containers: @@ -41,7 +41,7 @@ should match snapshot of default values: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.6 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.7 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index b49c27b9a3f..d1a67d1511b 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.6 - helm.sh/chart: external-secrets-0.10.6 + app.kubernetes.io/version: v0.10.7 + helm.sh/chart: external-secrets-0.10.7 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.6 - helm.sh/chart: external-secrets-0.10.6 + app.kubernetes.io/version: v0.10.7 + helm.sh/chart: external-secrets-0.10.7 spec: automountServiceAccountToken: true containers: @@ -34,7 +34,7 @@ should match snapshot of default values: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.6 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.7 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index d67da0e4588..95f20d0b649 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.6 - helm.sh/chart: external-secrets-0.10.6 + app.kubernetes.io/version: v0.10.7 + helm.sh/chart: external-secrets-0.10.7 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.6 - helm.sh/chart: external-secrets-0.10.6 + app.kubernetes.io/version: v0.10.7 + helm.sh/chart: external-secrets-0.10.7 spec: automountServiceAccountToken: true containers: @@ -39,7 +39,7 @@ should match snapshot of default values: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.6 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.7 imagePullPolicy: IfNotPresent name: webhook ports: @@ -83,8 +83,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.6 + app.kubernetes.io/version: v0.10.7 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.10.6 + helm.sh/chart: external-secrets-0.10.7 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From ac26166ac9eb413ab60bccef512978704e831bb9 Mon Sep 17 00:00:00 2001 From: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Date: Sun, 24 Nov 2024 13:53:53 -0800 Subject: [PATCH 430/517] feat: significantly reduce api calls and introduce partial secret cache (#4086) * feat: reduce api calls and introduce partial secret cache Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * updates from review 1 Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * updates from review 2 Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * fix updating CreationPolicy after secret creation Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * updates from review 3 Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * prevent loop when two ES claim Owner on the same target secret Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * updates from review 4 Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * fix ClusterSecretStore not ready message Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> --------- Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .../v1beta1/externalsecret_types.go | 12 +- cmd/certcontroller.go | 46 +- cmd/root.go | 50 +- docs/api/controller-options.md | 9 +- e2e/framework/eso.go | 3 +- pkg/controllers/commontest/common.go | 13 +- .../externalsecret_controller.go | 881 ++++++++++++------ .../externalsecret_controller_template.go | 43 +- .../externalsecret_controller_test.go | 143 ++- pkg/controllers/externalsecret/suite_test.go | 14 +- pkg/controllers/secretstore/client_manager.go | 4 +- 11 files changed, 780 insertions(+), 438 deletions(-) diff --git a/apis/externalsecrets/v1beta1/externalsecret_types.go b/apis/externalsecrets/v1beta1/externalsecret_types.go index 6df9d538d54..b59a5eced9f 100644 --- a/apis/externalsecrets/v1beta1/externalsecret_types.go +++ b/apis/externalsecrets/v1beta1/externalsecret_types.go @@ -427,6 +427,8 @@ const ( ConditionReasonSecretSyncedError = "SecretSyncedError" // ConditionReasonSecretDeleted indicates that the secret has been deleted. ConditionReasonSecretDeleted = "SecretDeleted" + // ConditionReasonSecretMissing indicates that the secret is missing. + ConditionReasonSecretMissing = "SecretMissing" ReasonUpdateFailed = "UpdateFailed" ReasonDeprecated = "ParameterDeprecated" @@ -470,10 +472,14 @@ type ExternalSecret struct { } const ( - // AnnotationDataHash is used to ensure consistency. + // AnnotationDataHash all secrets managed by an ExternalSecret have this annotation with the hash of their data. AnnotationDataHash = "reconcile.external-secrets.io/data-hash" - // LabelOwner points to the owning ExternalSecret resource - // and is used to manage the lifecycle of a Secret + + // LabelManaged all secrets managed by an ExternalSecret will have this label equal to "true". + LabelManaged = "reconcile.external-secrets.io/managed" + LabelManagedValue = "true" + + // LabelOwner points to the owning ExternalSecret resource when CreationPolicy=Owner. LabelOwner = "reconcile.external-secrets.io/created-by" ) diff --git a/cmd/certcontroller.go b/cmd/certcontroller.go index 01d1f18bf85..b61ac51be25 100644 --- a/cmd/certcontroller.go +++ b/cmd/certcontroller.go @@ -64,19 +64,27 @@ var certcontrollerCmd = &cobra.Command{ logger := zap.New(zap.UseFlagOptions(&opts)) ctrl.SetLogger(logger) - cacheOptions := cache.Options{} + // completely disable caching of Secrets and ConfigMaps to save memory + // see: https://github.com/external-secrets/external-secrets/issues/721 + clientCacheDisableFor := make([]client.Object, 0) + clientCacheDisableFor = append(clientCacheDisableFor, &v1.Secret{}, &v1.ConfigMap{}) + + // in large clusters, the CRDs and ValidatingWebhookConfigurations can take up a lot of memory + // see: https://github.com/external-secrets/external-secrets/pull/3588 + cacheByObject := make(map[client.Object]cache.ByObject) if enablePartialCache { - cacheOptions.ByObject = map[client.Object]cache.ByObject{ - &admissionregistration.ValidatingWebhookConfiguration{}: { - Label: labels.SelectorFromSet(map[string]string{ - constants.WellKnownLabelKey: constants.WellKnownLabelValueWebhook, - }), - }, - &apiextensions.CustomResourceDefinition{}: { - Label: labels.SelectorFromSet(map[string]string{ - constants.WellKnownLabelKey: constants.WellKnownLabelValueController, - }), - }, + // only cache ValidatingWebhookConfiguration with "external-secrets.io/component=webhook" label + cacheByObject[&admissionregistration.ValidatingWebhookConfiguration{}] = cache.ByObject{ + Label: labels.SelectorFromSet(labels.Set{ + constants.WellKnownLabelKey: constants.WellKnownLabelValueWebhook, + }), + } + + // only cache CustomResourceDefinition with "external-secrets.io/component=controller" label + cacheByObject[&apiextensions.CustomResourceDefinition{}] = cache.ByObject{ + Label: labels.SelectorFromSet(labels.Set{ + constants.WellKnownLabelKey: constants.WellKnownLabelValueController, + }), } } @@ -91,18 +99,12 @@ var certcontrollerCmd = &cobra.Command{ HealthProbeBindAddress: healthzAddr, LeaderElection: enableLeaderElection, LeaderElectionID: "crd-certs-controller", - Cache: cacheOptions, + Cache: cache.Options{ + ByObject: cacheByObject, + }, Client: client.Options{ Cache: &client.CacheOptions{ - DisableFor: []client.Object{ - // the client creates a ListWatch for all resource kinds that - // are requested with .Get(). - // We want to avoid to cache all secrets or configmaps in memory. - // The ES controller uses v1.PartialObjectMetadata for the secrets - // that he owns. - // see #721 - &v1.Secret{}, - }, + DisableFor: clientCacheDisableFor, }, }, }) diff --git a/cmd/root.go b/cmd/root.go index 88aed014cac..a8a85681605 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -64,6 +64,7 @@ var ( enableLeaderElection bool enableSecretsCache bool enableConfigMapsCache bool + enableManagedSecretsCache bool enablePartialCache bool concurrent int port int @@ -107,19 +108,6 @@ var rootCmd = &cobra.Command{ Run: func(cmd *cobra.Command, args []string) { var lvl zapcore.Level var enc zapcore.TimeEncoder - // the client creates a ListWatch for all resource kinds that - // are requested with .Get(). - // We want to avoid to cache all secrets or configmaps in memory. - // The ES controller uses v1.PartialObjectMetadata for the secrets - // that he owns. - // see #721 - cacheList := make([]client.Object, 0) - if !enableSecretsCache { - cacheList = append(cacheList, &v1.Secret{}) - } - if !enableConfigMapsCache { - cacheList = append(cacheList, &v1.ConfigMap{}) - } lvlErr := lvl.UnmarshalText([]byte(loglevel)) if lvlErr != nil { setupLog.Error(lvlErr, "error unmarshalling loglevel") @@ -141,6 +129,21 @@ var rootCmd = &cobra.Command{ config := ctrl.GetConfigOrDie() config.QPS = clientQPS config.Burst = clientBurst + + // the client creates a ListWatch for resources that are requested with .Get() or .List() + // some users might want to completely disable caching of Secrets and ConfigMaps + // to decrease memory usage at the expense of high Kubernetes API usage + // see: https://github.com/external-secrets/external-secrets/issues/721 + clientCacheDisableFor := make([]client.Object, 0) + if !enableSecretsCache { + // dont cache any secrets + clientCacheDisableFor = append(clientCacheDisableFor, &v1.Secret{}) + } + if !enableConfigMapsCache { + // dont cache any configmaps + clientCacheDisableFor = append(clientCacheDisableFor, &v1.ConfigMap{}) + } + ctrlOpts := ctrl.Options{ Scheme: scheme, Metrics: server.Options{ @@ -151,7 +154,7 @@ var rootCmd = &cobra.Command{ }), Client: client.Options{ Cache: &client.CacheOptions{ - DisableFor: cacheList, + DisableFor: clientCacheDisableFor, }, }, LeaderElection: enableLeaderElection, @@ -168,6 +171,19 @@ var rootCmd = &cobra.Command{ os.Exit(1) } + // we create a special client for accessing secrets in the ExternalSecret reconcile loop. + // by default, it is the same as the normal client, but if `--enable-managed-secrets-caching` + // is set, we use a special client that only caches secrets managed by an ExternalSecret. + // if we are already caching all secrets, we don't need to use the special client. + secretClient := mgr.GetClient() + if enableManagedSecretsCache && !enableSecretsCache { + secretClient, err = externalsecret.BuildManagedSecretClient(mgr) + if err != nil { + setupLog.Error(err, "unable to create managed secret client") + os.Exit(1) + } + } + ssmetrics.SetUpMetrics() if err = (&secretstore.StoreReconciler{ Client: mgr.GetClient(), @@ -198,6 +214,7 @@ var rootCmd = &cobra.Command{ } if err = (&externalsecret.Reconciler{ Client: mgr.GetClient(), + SecretClient: secretClient, Log: ctrl.Log.WithName("controllers").WithName("ExternalSecret"), Scheme: mgr.GetScheme(), RestConfig: mgr.GetConfig(), @@ -277,8 +294,9 @@ func init() { rootCmd.Flags().BoolVar(&enableClusterStoreReconciler, "enable-cluster-store-reconciler", true, "Enable cluster store reconciler.") rootCmd.Flags().BoolVar(&enableClusterExternalSecretReconciler, "enable-cluster-external-secret-reconciler", true, "Enable cluster external secret reconciler.") rootCmd.Flags().BoolVar(&enablePushSecretReconciler, "enable-push-secret-reconciler", true, "Enable push secret reconciler.") - rootCmd.Flags().BoolVar(&enableSecretsCache, "enable-secrets-caching", false, "Enable secrets caching for external-secrets pod.") - rootCmd.Flags().BoolVar(&enableConfigMapsCache, "enable-configmaps-caching", false, "Enable secrets caching for external-secrets pod.") + rootCmd.Flags().BoolVar(&enableSecretsCache, "enable-secrets-caching", false, "Enable secrets caching for ALL secrets in the cluster (WARNING: can increase memory usage).") + rootCmd.Flags().BoolVar(&enableConfigMapsCache, "enable-configmaps-caching", false, "Enable configmaps caching for ALL configmaps in the cluster (WARNING: can increase memory usage).") + rootCmd.Flags().BoolVar(&enableManagedSecretsCache, "enable-managed-secrets-caching", true, "Enable secrets caching for secrets managed by an ExternalSecret") rootCmd.Flags().DurationVar(&storeRequeueInterval, "store-requeue-interval", time.Minute*5, "Default Time duration between reconciling (Cluster)SecretStores") rootCmd.Flags().BoolVar(&enableFloodGate, "enable-flood-gate", true, "Enable flood gate. External secret will be reconciled only if the ClusterStore or Store have an healthy or unknown state.") rootCmd.Flags().BoolVar(&enableExtendedMetricLabels, "enable-extended-metric-labels", false, "Enable recommended kubernetes annotations as labels in metrics.") diff --git a/docs/api/controller-options.md b/docs/api/controller-options.md index 61ea9ad91ef..5911f6a1b4c 100644 --- a/docs/api/controller-options.md +++ b/docs/api/controller-options.md @@ -12,7 +12,7 @@ The external-secrets binary includes three components: `core controller`, `certc The core controller is invoked without a subcommand and can be configured with the following flags: | Name | Type | Default | Description | -| --------------------------------------------- | -------- | ----------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +|-----------------------------------------------|----------|-------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `--client-burst` | int | uses rest client default (10) | Maximum Burst allowed to be passed to rest.Client | | `--client-qps` | float32 | uses rest client default (5) | QPS configuration to be passed to rest.Client | | `--concurrent` | int | 1 | The number of concurrent reconciles. | @@ -20,15 +20,16 @@ The core controller is invoked without a subcommand and can be configured with t | `--enable-cluster-external-secret-reconciler` | boolean | true | Enables the cluster external secret reconciler. | | `--enable-cluster-store-reconciler` | boolean | true | Enables the cluster store reconciler. | | `--enable-push-secret-reconciler` | boolean | true | Enables the push secret reconciler. | -| `--enable-secrets-caching` | boolean | false | Enables the secrets caching for external-secrets pod. | -| `--enable-configmaps-caching` | boolean | false | Enables the ConfigMap caching for external-secrets pod. | +| `--enable-secrets-caching` | boolean | false | Enable secrets caching for ALL secrets in the cluster (WARNING: can increase memory usage). | +| `--enable-configmaps-caching` | boolean | false | Enable configmaps caching for ALL configmaps in the cluster (WARNING: can increase memory usage). | +| `--enable-managed-secrets-caching` | boolean | true | Enable secrets caching for secrets managed by an ExternalSecret. | | `--enable-flood-gate` | boolean | true | Enable flood gate. External secret will be reconciled only if the ClusterStore or Store have an healthy or unknown state. | | `--enable-extended-metric-labels` | boolean | true | Enable recommended kubernetes annotations as labels in metrics. | | `--enable-leader-election` | boolean | false | Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. | | `--experimental-enable-aws-session-cache` | boolean | false | Enable experimental AWS session cache. External secret will reuse the AWS session without creating a new one on each request. | | `--help` | | | help for external-secrets | | `--loglevel` | string | info | loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal | -| `--zap-time-encoding` | string | epoch | loglevel to use, one of: epoch, millis, nano, iso8601, rfc3339, rfc3339nano | +| `--zap-time-encoding` | string | epoch | loglevel to use, one of: epoch, millis, nano, iso8601, rfc3339, rfc3339nano | | `--metrics-addr` | string | :8080 | The address the metric endpoint binds to. | | `--namespace` | string | - | watch external secrets scoped in the provided namespace only. ClusterSecretStore can be used but only work if it doesn't reference resources from other namespaces | | `--store-requeue-interval` | duration | 5m0s | Default Time duration between reconciling (Cluster)SecretStores | diff --git a/e2e/framework/eso.go b/e2e/framework/eso.go index 3003f72a3e6..baa50c5cbc6 100644 --- a/e2e/framework/eso.go +++ b/e2e/framework/eso.go @@ -105,8 +105,9 @@ func equalSecrets(exp, ts *v1.Secret) bool { return false } - // secret contains label owner which must be ignored + // secret contains labels which must be ignored delete(ts.ObjectMeta.Labels, esv1beta1.LabelOwner) + delete(ts.ObjectMeta.Labels, esv1beta1.LabelManaged) if len(ts.ObjectMeta.Labels) == 0 { ts.ObjectMeta.Labels = nil } diff --git a/pkg/controllers/commontest/common.go b/pkg/controllers/commontest/common.go index 72aa47bc980..b1332deb830 100644 --- a/pkg/controllers/commontest/common.go +++ b/pkg/controllers/commontest/common.go @@ -19,7 +19,6 @@ import ( "fmt" "time" - "github.com/google/go-cmp/cmp" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/util/wait" @@ -62,14 +61,12 @@ func HasOwnerRef(meta metav1.ObjectMeta, kind, name string) bool { return false } -func HasFieldOwnership(meta metav1.ObjectMeta, mgr, expected string) string { +// FirstManagedFieldForManager returns the JSON representation of the first `metadata.managedFields` entry for a given manager. +func FirstManagedFieldForManager(meta metav1.ObjectMeta, managerName string) string { for _, ref := range meta.ManagedFields { - if ref.Manager == mgr { - if diff := cmp.Diff(string(ref.FieldsV1.Raw), expected); diff != "" { - return fmt.Sprintf("(-got, +want)\n%s", diff) - } - return "" + if ref.Manager == managerName { + return ref.FieldsV1.String() } } - return fmt.Sprintf("No managed fields managed by %s", mgr) + return fmt.Sprintf("No managed fields managed by %s", managerName) } diff --git a/pkg/controllers/externalsecret/externalsecret_controller.go b/pkg/controllers/externalsecret/externalsecret_controller.go index c800a9bd045..d7d016dc3f8 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller.go +++ b/pkg/controllers/externalsecret/externalsecret_controller.go @@ -30,12 +30,18 @@ import ( "k8s.io/apimachinery/pkg/api/equality" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/fields" + "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/selection" "k8s.io/apimachinery/pkg/types" "k8s.io/client-go/rest" "k8s.io/client-go/tools/record" + "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/builder" + "sigs.k8s.io/controller-runtime/pkg/cache" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/controller" "sigs.k8s.io/controller-runtime/pkg/controller/controllerutil" @@ -57,34 +63,65 @@ import ( ) const ( - fieldOwnerTemplate = "externalsecrets.external-secrets.io/%v" - errGetES = "could not get ExternalSecret" - errConvert = "could not apply conversion strategy to keys: %v" - errDecode = "could not apply decoding strategy to %v[%d]: %v" - errGenerate = "could not generate [%d]: %w" - errRewrite = "could not rewrite spec.dataFrom[%d]: %v" - errInvalidKeys = "secret keys from spec.dataFrom.%v[%d] can only have alphanumeric,'-', '_' or '.' characters. Convert them using rewrite (https://external-secrets.io/latest/guides-datafrom-rewrite)" - errUpdateSecret = "could not update Secret" - errPatchStatus = "unable to patch status" - errGetExistingSecret = "could not get existing secret: %w" - errSetCtrlReference = "could not set ExternalSecret controller reference: %w" - errFetchTplFrom = "error fetching templateFrom data: %w" - errGetSecretData = "could not get secret data from provider" - errDeleteSecret = "could not delete secret" - errApplyTemplate = "could not apply template: %w" - errExecTpl = "could not execute template: %w" - errInvalidCreatePolicy = "invalid creationPolicy=%s. Can not delete secret i do not own" - errPolicyMergeNotFound = "the desired secret %s was not found. With creationPolicy=Merge the secret won't be created" - errPolicyMergeGetSecret = "unable to get secret %s: %w" - errPolicyMergeMutate = "unable to mutate secret %s: %w" - errPolicyMergePatch = "unable to patch secret %s: %w" + fieldOwnerTemplate = "externalsecrets.external-secrets.io/%v" + + // condition messages for "SecretSynced" reason. + msgSynced = "secret synced" + msgSyncedRetain = "secret retained due to DeletionPolicy=Retain" + + // condition messages for "SecretDeleted" reason. + msgDeleted = "secret deleted due to DeletionPolicy=Delete" + + // condition messages for "SecretMissing" reason. + msgMissing = "secret will not be created due to CreationPolicy=Merge" + + // condition messages for "SecretSyncedError" reason. + msgErrorGetSecretData = "could not get secret data from provider" + msgErrorDeleteSecret = "could not delete secret" + msgErrorDeleteOrphaned = "could not delete orphaned secrets" + msgErrorUpdateSecret = "could not update secret" + msgErrorUpdateImmutable = "could not update secret, target is immutable" + msgErrorBecomeOwner = "failed to take ownership of target secret" + msgErrorIsOwned = "target is owned by another ExternalSecret" + + // log messages. + logErrorGetES = "unable to get ExternalSecret" + logErrorUpdateESStatus = "unable to update ExternalSecret status" + logErrorGetSecret = "unable to get Secret" + logErrorPatchSecret = "unable to patch Secret" + logErrorSecretCacheNotSynced = "controller caches for Secret are not in sync" + logErrorUnmanagedStore = "unable to determine if store is managed" + + // error formats. + errConvert = "could not apply conversion strategy to keys: %v" + errDecode = "could not apply decoding strategy to %v[%d]: %v" + errGenerate = "could not generate [%d]: %w" + errRewrite = "could not rewrite spec.dataFrom[%d]: %v" + errInvalidKeys = "secret keys from spec.dataFrom.%v[%d] can only have alphanumeric, '-', '_' or '.' characters. Convert them using rewrite (https://external-secrets.io/latest/guides/datafrom-rewrite/)" + errFetchTplFrom = "error fetching templateFrom data: %w" + errApplyTemplate = "could not apply template: %w" + errExecTpl = "could not execute template: %w" + errMutate = "unable to mutate secret %s: %w" + errUpdate = "unable to update secret %s: %w" + errUpdateNotFound = "unable to update secret %s: not found" + errDeleteCreatePolicy = "unable to delete secret %s: creationPolicy=%s is not Owner" + errSecretCachesNotSynced = "controller caches for secret %s are not in sync" ) -const externalSecretSecretNameKey = ".spec.target.name" +// these errors are explicitly defined so we can detect them with `errors.Is()`. +var ( + ErrSecretImmutable = fmt.Errorf("secret is immutable") + ErrSecretIsOwned = fmt.Errorf("secret is owned by another ExternalSecret") + ErrSecretSetCtrlRef = fmt.Errorf("could not set controller reference on secret") + ErrSecretRemoveCtrlRef = fmt.Errorf("could not remove controller reference on secret") +) + +const indexESTargetSecretNameField = ".metadata.targetSecretName" // Reconciler reconciles a ExternalSecret object. type Reconciler struct { client.Client + SecretClient client.Client Log logr.Logger Scheme *runtime.Scheme RestConfig *rest.Config @@ -98,7 +135,7 @@ type Reconciler struct { // Reconcile implements the main reconciliation loop // for watched objects (ExternalSecret, ClusterSecretStore and SecretStore), // and updates/creates a Kubernetes secret based on them. -func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) { +func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ctrl.Result, err error) { log := r.Log.WithValues("ExternalSecret", req.NamespacedName) resourceLabels := ctrlmetrics.RefineNonConditionMetricLabels(map[string]string{"name": req.Name, "namespace": req.Namespace}) @@ -112,11 +149,13 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu esmetrics.GetCounterVec(esmetrics.SyncCallsKey).With(resourceLabels).Inc() }() - var externalSecret esv1beta1.ExternalSecret - err := r.Get(ctx, req.NamespacedName, &externalSecret) - + externalSecret := &esv1beta1.ExternalSecret{} + err = r.Get(ctx, req.NamespacedName, externalSecret) if err != nil { if apierrors.IsNotFound(err) { + // NOTE: this does not actually set the condition on the ExternalSecret, because it does not exist + // this is a hack to disable metrics for deleted ExternalSecrets, see: + // https://github.com/external-secrets/external-secrets/pull/612 conditionSynced := NewExternalSecretCondition(esv1beta1.ExternalSecretDeleted, v1.ConditionFalse, esv1beta1.ConditionReasonSecretDeleted, "Secret was deleted") SetExternalSecretCondition(&esv1beta1.ExternalSecret{ ObjectMeta: metav1.ObjectMeta{ @@ -128,114 +167,160 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu return ctrl.Result{}, nil } - log.Error(err, errGetES) + log.Error(err, logErrorGetES) syncCallsError.With(resourceLabels).Inc() - return ctrl.Result{}, err } - // See https://github.com/external-secrets/external-secrets/issues/3604 - // We fetch the ExternalSecret resource above, however the status subresource is inconsistent. - // We have to explicitly fetch it, otherwise it may be missing and will cause - // unexpected side effects. - err = r.SubResource("status").Get(ctx, &externalSecret, &externalSecret) - if err != nil { - log.Error(err, "failed to get status subresource") - return ctrl.Result{}, err - } - - timeSinceLastRefresh := 0 * time.Second - if !externalSecret.Status.RefreshTime.IsZero() { - timeSinceLastRefresh = time.Since(externalSecret.Status.RefreshTime.Time) - } - // skip reconciliation if deletion timestamp is set on external secret - if externalSecret.DeletionTimestamp != nil { - log.Info("skipping as it is in deletion") + if !externalSecret.GetDeletionTimestamp().IsZero() { + log.V(1).Info("skipping ExternalSecret, it is marked for deletion") return ctrl.Result{}, nil } // if extended metrics is enabled, refine the time series vector resourceLabels = ctrlmetrics.RefineLabels(resourceLabels, externalSecret.Labels) + // skip this ExternalSecret if it uses a ClusterSecretStore and the feature is disabled if shouldSkipClusterSecretStore(r, externalSecret) { - log.Info("skipping cluster secret store as it is disabled") + log.V(1).Info("skipping ExternalSecret, ClusterSecretStore feature is disabled") return ctrl.Result{}, nil } - // skip when pointing to an unmanaged store + // skip this ExternalSecret if it uses any SecretStore not managed by this controller skip, err := shouldSkipUnmanagedStore(ctx, req.Namespace, r, externalSecret) + if err != nil { + log.Error(err, logErrorUnmanagedStore) + syncCallsError.With(resourceLabels).Inc() + return ctrl.Result{}, err + } if skip { - log.Info("skipping unmanaged store as it points to a unmanaged controllerClass") + log.V(1).Info("skipping ExternalSecret, uses unmanaged SecretStore") return ctrl.Result{}, nil } - refreshInt := r.RequeueInterval - if externalSecret.Spec.RefreshInterval != nil { - refreshInt = externalSecret.Spec.RefreshInterval.Duration - } - - // Target Secret Name should default to the ExternalSecret name if not explicitly specified + // the target secret name defaults to the ExternalSecret name, if not explicitly set secretName := externalSecret.Spec.Target.Name if secretName == "" { - secretName = externalSecret.ObjectMeta.Name + secretName = externalSecret.Name + } + + // fetch the existing secret (from the partial cache) + // - please note that the ~partial cache~ is different from the ~full cache~ + // so there can be race conditions between the two caches + // - the WatchesMetadata(v1.Secret{}) in SetupWithManager() is using the partial cache + // so we might receive a reconcile request before the full cache is updated + // - furthermore, when `--enable-managed-secrets-caching` is true, the full cache + // will ONLY include secrets with the "managed" label, so we cant use the full cache + // to reliably determine if a secret exists or not + secretPartial := &metav1.PartialObjectMetadata{} + secretPartial.SetGroupVersionKind(v1.SchemeGroupVersion.WithKind("Secret")) + err = r.Get(ctx, client.ObjectKey{Name: secretName, Namespace: externalSecret.Namespace}, secretPartial) + if err != nil && !apierrors.IsNotFound(err) { + log.Error(err, logErrorGetSecret, "secretName", secretName, "secretNamespace", externalSecret.Namespace) + syncCallsError.With(resourceLabels).Inc() + return ctrl.Result{}, err } - // fetch external secret, we need to ensure that it exists, and it's hashmap corresponds - var existingSecret v1.Secret - err = r.Get(ctx, types.NamespacedName{ - Name: secretName, - Namespace: externalSecret.Namespace, - }, &existingSecret) + // if the secret exists but does not have the "managed" label, add the label + // using a PATCH so it is visible in the cache, then requeue immediately + if secretPartial.UID != "" && secretPartial.Labels[esv1beta1.LabelManaged] != esv1beta1.LabelManagedValue { + fqdn := fmt.Sprintf(fieldOwnerTemplate, externalSecret.Name) + patch := client.MergeFrom(secretPartial.DeepCopy()) + if secretPartial.Labels == nil { + secretPartial.Labels = make(map[string]string) + } + secretPartial.Labels[esv1beta1.LabelManaged] = esv1beta1.LabelManagedValue + err = r.Patch(ctx, secretPartial, patch, client.FieldOwner(fqdn)) + if err != nil { + log.Error(err, logErrorPatchSecret, "secretName", secretName, "secretNamespace", externalSecret.Namespace) + syncCallsError.With(resourceLabels).Inc() + return ctrl.Result{}, err + } + return ctrl.Result{Requeue: true}, nil + } + + // fetch existing secret (from the full cache) + // NOTE: we are using the `r.SecretClient` which we only use for managed secrets. + // when `enableManagedSecretsCache` is true, this is a cached client that only sees our managed secrets, + // otherwise it will be the normal controller-runtime client which may be cached or make direct API calls, + // depending on if `enabledSecretCache` is true or false. + existingSecret := &v1.Secret{} + err = r.SecretClient.Get(ctx, client.ObjectKey{Name: secretName, Namespace: externalSecret.Namespace}, existingSecret) if err != nil && !apierrors.IsNotFound(err) { - log.Error(err, errGetExistingSecret) + log.Error(err, logErrorGetSecret, "secretName", secretName, "secretNamespace", externalSecret.Namespace) + syncCallsError.With(resourceLabels).Inc() return ctrl.Result{}, err } - // refresh should be skipped if - // 1. resource generation hasn't changed - // 2. refresh interval is 0 - // 3. if we're still within refresh-interval - if !shouldRefresh(externalSecret) && isSecretValid(existingSecret) { - refreshInt = (externalSecret.Spec.RefreshInterval.Duration - timeSinceLastRefresh) + 5*time.Second - log.V(1).Info("skipping refresh", "rv", getResourceVersion(externalSecret), "nr", refreshInt.Seconds()) - return ctrl.Result{RequeueAfter: refreshInt}, nil + // ensure the full cache is up-to-date + // NOTE: this prevents race conditions between the partial and full cache. + // we return an error so we get an exponential backoff if we end up looping, + // for example, during high cluster load and frequent updates to the target secret by other controllers. + if secretPartial.UID != existingSecret.UID || secretPartial.ResourceVersion != existingSecret.ResourceVersion { + err = fmt.Errorf(errSecretCachesNotSynced, secretName) + log.Error(err, logErrorSecretCacheNotSynced, "secretName", secretName, "secretNamespace", externalSecret.Namespace) + syncCallsError.With(resourceLabels).Inc() + return ctrl.Result{}, err } - if !shouldReconcile(externalSecret) { - log.V(1).Info("stopping reconciling", "rv", getResourceVersion(externalSecret)) - return ctrl.Result{}, nil + + // refresh will be skipped if ALL the following conditions are met: + // 1. refresh interval is not 0 + // 2. resource generation of the ExternalSecret has not changed + // 3. the last refresh time of the ExternalSecret is within the refresh interval + // 4. the target secret is valid: + // - it exists + // - it has the correct "managed" label + // - it has the correct "data-hash" annotation + if !shouldRefresh(externalSecret) && isSecretValid(existingSecret) { + log.V(1).Info("skipping refresh") + return r.getRequeueResult(externalSecret), nil } - // patch status when done processing - p := client.MergeFrom(externalSecret.DeepCopy()) + // update status of the ExternalSecret when this function returns, if needed. + // NOTE: we use the ability of deferred functions to update named return values `result` and `err` + // NOTE: we dereference the DeepCopy of the status field because status fields are NOT pointers, + // so otherwise the `equality.Semantic.DeepEqual` will always return false. + currentStatus := *externalSecret.Status.DeepCopy() defer func() { - err = r.Status().Patch(ctx, &externalSecret, p) - if err != nil { - log.Error(err, errPatchStatus) + // if the status has not changed, we don't need to update it + if equality.Semantic.DeepEqual(currentStatus, externalSecret.Status) { + return } - }() - secret := &v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: secretName, - Namespace: externalSecret.Namespace, - }, - Immutable: &externalSecret.Spec.Target.Immutable, - Data: make(map[string][]byte), - } + // update the status of the ExternalSecret, storing any error in a new variable + // if there was no new error, we don't need to change the `result` or `err` values + updateErr := r.Status().Update(ctx, externalSecret) + if updateErr == nil { + return + } - dataMap, err := r.getProviderSecretData(ctx, &externalSecret) - if err != nil { - r.markAsFailed(log, errGetSecretData, err, &externalSecret, syncCallsError.With(resourceLabels)) - return ctrl.Result{}, err - } + // if we got an update conflict, we should requeue immediately + if apierrors.IsConflict(updateErr) { + log.V(1).Info("conflict while updating status, will requeue") - // secret data was not modified. - if errors.Is(err, esv1beta1.NotModifiedErr) { - log.Info("secret was not modified as a NotModified was returned by the provider") - r.markAsDone(&externalSecret, start, log) + // we only explicitly request a requeue if the main function did not return an `err`. + // otherwise, we get an annoying log saying that results are ignored when there is an error, + // as errors are always retried. + if err == nil { + result = ctrl.Result{Requeue: true} + } + return + } - return ctrl.Result{}, nil + // for other errors, log and update the `err` variable if there is no error already + // so the reconciler will requeue the request + log.Error(updateErr, logErrorUpdateESStatus) + if err == nil { + err = updateErr + } + }() + + // retrieve the provider secret data. + dataMap, err := r.getProviderSecretData(ctx, externalSecret) + if err != nil { + r.markAsFailed(msgErrorGetSecretData, err, externalSecret, syncCallsError.With(resourceLabels)) + return ctrl.Result{}, err } // if no data was found we can delete the secret if needed. @@ -243,230 +328,392 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu switch externalSecret.Spec.Target.DeletionPolicy { // delete secret and return early. case esv1beta1.DeletionPolicyDelete: - // safeguard that we only can delete secrets we own - // this is also implemented in the es validation webhook - if externalSecret.Spec.Target.CreationPolicy != esv1beta1.CreatePolicyOwner { - err := fmt.Errorf(errInvalidCreatePolicy, externalSecret.Spec.Target.CreationPolicy) - r.markAsFailed(log, errDeleteSecret, err, &externalSecret, syncCallsError.With(resourceLabels)) - return ctrl.Result{}, err + // safeguard that we only can delete secrets we own. + // this is also implemented in the es validation webhook. + // NOTE: this error cant be fixed by retrying so we don't return an error (which would requeue immediately) + creationPolicy := externalSecret.Spec.Target.CreationPolicy + if creationPolicy != esv1beta1.CreatePolicyOwner { + err := fmt.Errorf(errDeleteCreatePolicy, secretName, creationPolicy) + r.markAsFailed(msgErrorDeleteSecret, err, externalSecret, syncCallsError.With(resourceLabels)) + return ctrl.Result{}, nil } - if err := r.Delete(ctx, secret); err != nil && !apierrors.IsNotFound(err) { - r.markAsFailed(log, errDeleteSecret, err, &externalSecret, syncCallsError.With(resourceLabels)) - return ctrl.Result{}, err + // delete the secret, if it exists + if existingSecret.UID != "" { + if err := r.Delete(ctx, existingSecret); err != nil && !apierrors.IsNotFound(err) { + r.markAsFailed(msgErrorDeleteSecret, err, externalSecret, syncCallsError.With(resourceLabels)) + return ctrl.Result{}, err + } } - conditionSynced := NewExternalSecretCondition(esv1beta1.ExternalSecretReady, v1.ConditionTrue, esv1beta1.ConditionReasonSecretDeleted, "secret deleted due to DeletionPolicy") - SetExternalSecretCondition(&externalSecret, *conditionSynced) - return ctrl.Result{RequeueAfter: refreshInt}, nil + r.markAsDone(externalSecret, start, log, esv1beta1.ConditionReasonSecretDeleted, msgDeleted) + return r.getRequeueResult(externalSecret), nil // In case provider secrets don't exist the kubernetes secret will be kept as-is. case esv1beta1.DeletionPolicyRetain: - r.markAsDone(&externalSecret, start, log) - return ctrl.Result{RequeueAfter: refreshInt}, nil + r.markAsDone(externalSecret, start, log, esv1beta1.ConditionReasonSecretSynced, msgSyncedRetain) + return r.getRequeueResult(externalSecret), nil // noop, handled below case esv1beta1.DeletionPolicyMerge: } } - mutationFunc := func() error { + // mutationFunc is a function which can be applied to a secret to make it match the desired state. + mutationFunc := func(secret *v1.Secret) error { + // get information about the current owner of the secret + // - we ignore the API version as it can change over time + // - we ignore the UID for consistency with the SetControllerReference function + currentOwner := metav1.GetControllerOf(secret) + ownerIsESKind := false + ownerIsCurrentES := false + if currentOwner != nil { + currentOwnerGK := schema.FromAPIVersionAndKind(currentOwner.APIVersion, currentOwner.Kind).GroupKind() + ownerIsESKind = currentOwnerGK.String() == esv1beta1.ExtSecretGroupKind + ownerIsCurrentES = ownerIsESKind && currentOwner.Name == externalSecret.Name + } + + // if another ExternalSecret is the owner, we should return an error + // otherwise the controller will fight with itself to update the secret. + // note, this does not prevent other controllers from owning the secret. + if ownerIsESKind && !ownerIsCurrentES { + return fmt.Errorf("%w: %s", ErrSecretIsOwned, currentOwner.Name) + } + + // if the CreationPolicy is Owner, we should set ourselves as the owner of the secret if externalSecret.Spec.Target.CreationPolicy == esv1beta1.CreatePolicyOwner { - err = controllerutil.SetControllerReference(&externalSecret, &secret.ObjectMeta, r.Scheme) + err = controllerutil.SetControllerReference(externalSecret, secret, r.Scheme) + if err != nil { + return fmt.Errorf("%w: %w", ErrSecretSetCtrlRef, err) + } + } + + // if the creation policy is not Owner, we should remove ourselves as the owner + // this could happen if the creation policy was changed after the secret was created + if externalSecret.Spec.Target.CreationPolicy != esv1beta1.CreatePolicyOwner && ownerIsCurrentES { + err = controllerutil.RemoveControllerReference(externalSecret, secret, r.Scheme) if err != nil { - return fmt.Errorf(errSetCtrlReference, err) + return fmt.Errorf("%w: %w", ErrSecretRemoveCtrlRef, err) } } + + // initialize maps within the secret so it's safe to set values + if secret.Annotations == nil { + secret.Annotations = make(map[string]string) + } + if secret.Labels == nil { + secret.Labels = make(map[string]string) + } if secret.Data == nil { secret.Data = make(map[string][]byte) } - // diff existing keys - keys, err := getManagedDataKeys(&existingSecret, externalSecret.Name) + + // get the list of keys that are managed by this ExternalSecret + keys, err := getManagedDataKeys(secret, externalSecret.Name) if err != nil { return err } - // Sanitize data map for any updates on the ES + + // remove any data keys that are managed by this ExternalSecret, so we can re-add them + // this ensures keys added by templates are not left behind when they are removed from the template for _, key := range keys { - if dataMap[key] == nil { - secret.Data[key] = nil - // Sanitizing any templated / updated keys - delete(secret.Data, key) - } + delete(secret.Data, key) } - err = r.applyTemplate(ctx, &externalSecret, secret, dataMap) + + // WARNING: this will remove any labels or annotations managed by this ExternalSecret + // so any updates to labels and annotations should be done AFTER this point + err = r.applyTemplate(ctx, externalSecret, secret, dataMap) if err != nil { return fmt.Errorf(errApplyTemplate, err) } + + // set the immutable flag on the secret if requested by the ExternalSecret + if externalSecret.Spec.Target.Immutable { + secret.Immutable = ptr.To(true) + } + + // we also use a label to keep track of the owner of the secret + // this lets us remove secrets that are no longer needed if the target secret name changes if externalSecret.Spec.Target.CreationPolicy == esv1beta1.CreatePolicyOwner { lblValue := utils.ObjectHash(fmt.Sprintf("%v/%v", externalSecret.Namespace, externalSecret.Name)) secret.Labels[esv1beta1.LabelOwner] = lblValue + } else { + // the label should not be set if the creation policy is not Owner + delete(secret.Labels, esv1beta1.LabelOwner) } - secret.Annotations[esv1beta1.AnnotationDataHash] = r.computeDataHashAnnotation(&existingSecret, secret) + secret.Labels[esv1beta1.LabelManaged] = esv1beta1.LabelManagedValue + secret.Annotations[esv1beta1.AnnotationDataHash] = utils.ObjectHash(secret.Data) return nil } switch externalSecret.Spec.Target.CreationPolicy { //nolint:exhaustive case esv1beta1.CreatePolicyMerge: - err = r.patchSecret(ctx, secret, mutationFunc, &externalSecret) - if err == nil { - externalSecret.Status.Binding = v1.LocalObjectReference{Name: secret.Name} + // update the secret, if it exists + if existingSecret.UID != "" { + err = r.updateSecret(ctx, existingSecret, mutationFunc, externalSecret, secretName) + } else { + // if the secret does not exist, we wait until the next refresh interval + // rather than returning an error which would requeue immediately + r.markAsDone(externalSecret, start, log, esv1beta1.ConditionReasonSecretMissing, msgMissing) + return r.getRequeueResult(externalSecret), nil } case esv1beta1.CreatePolicyNone: log.V(1).Info("secret creation skipped due to creationPolicy=None") err = nil default: - var created bool - created, err = r.createOrUpdateSecret(ctx, secret, mutationFunc, &externalSecret) - if err == nil { - externalSecret.Status.Binding = v1.LocalObjectReference{Name: secret.Name} - } - // cleanup orphaned secrets - if created { - delErr := deleteOrphanedSecrets(ctx, r.Client, &externalSecret) - if delErr != nil { - msg := fmt.Sprintf("failed to clean up orphaned secrets: %v", delErr) - r.markAsFailed(log, msg, delErr, &externalSecret, syncCallsError.With(resourceLabels)) - return ctrl.Result{}, delErr + // create the secret, if it does not exist + if existingSecret.UID == "" { + err = r.createSecret(ctx, mutationFunc, externalSecret, secretName) + + // we may have orphaned secrets to clean up, + // for example, if the target secret name was changed + if err == nil { + delErr := deleteOrphanedSecrets(ctx, r.Client, externalSecret, secretName) + if delErr != nil { + r.markAsFailed(msgErrorDeleteOrphaned, delErr, externalSecret, syncCallsError.With(resourceLabels)) + return ctrl.Result{}, delErr + } } + } else { + // update the secret, if it exists + err = r.updateSecret(ctx, existingSecret, mutationFunc, externalSecret, secretName) } } - if err != nil { - r.markAsFailed(log, errUpdateSecret, err, &externalSecret, syncCallsError.With(resourceLabels)) + // if we got an update conflict, we should requeue immediately + if apierrors.IsConflict(err) { + log.V(1).Info("conflict while updating secret, will requeue") + return ctrl.Result{Requeue: true}, nil + } + + // detect errors indicating that we failed to set ourselves as the owner of the secret + // NOTE: this error cant be fixed by retrying so we don't return an error (which would requeue immediately) + if errors.Is(err, ErrSecretSetCtrlRef) { + r.markAsFailed(msgErrorBecomeOwner, err, externalSecret, syncCallsError.With(resourceLabels)) + return ctrl.Result{}, nil + } + + // detect errors indicating that the secret has another ExternalSecret as owner + // NOTE: this error cant be fixed by retrying so we don't return an error (which would requeue immediately) + if errors.Is(err, ErrSecretIsOwned) { + r.markAsFailed(msgErrorIsOwned, err, externalSecret, syncCallsError.With(resourceLabels)) + return ctrl.Result{}, nil + } + + // detect errors indicating that the secret is immutable + // NOTE: this error cant be fixed by retrying so we don't return an error (which would requeue immediately) + if errors.Is(err, ErrSecretImmutable) { + r.markAsFailed(msgErrorUpdateImmutable, err, externalSecret, syncCallsError.With(resourceLabels)) + return ctrl.Result{}, nil + } + + r.markAsFailed(msgErrorUpdateSecret, err, externalSecret, syncCallsError.With(resourceLabels)) return ctrl.Result{}, err } - r.markAsDone(&externalSecret, start, log) + r.markAsDone(externalSecret, start, log, esv1beta1.ConditionReasonSecretSynced, msgSynced) + return r.getRequeueResult(externalSecret), nil +} + +// getRequeueResult create a result with requeueAfter based on the ExternalSecret refresh interval. +func (r *Reconciler) getRequeueResult(externalSecret *esv1beta1.ExternalSecret) ctrl.Result { + // default to the global requeue interval + // note, this will never be used because the CRD has a default value of 1 hour + refreshInterval := r.RequeueInterval + if externalSecret.Spec.RefreshInterval != nil { + refreshInterval = externalSecret.Spec.RefreshInterval.Duration + } + + // if the refresh interval is <= 0, we should not requeue + if refreshInterval <= 0 { + return ctrl.Result{} + } + + // if the last refresh time is not set, requeue after the refresh interval + // note, this should not happen, as we only call this function on ExternalSecrets + // that have been reconciled at least once + if externalSecret.Status.RefreshTime.IsZero() { + return ctrl.Result{RequeueAfter: refreshInterval} + } + + timeSinceLastRefresh := time.Since(externalSecret.Status.RefreshTime.Time) + + // if the last refresh time is in the future, we should requeue immediately + // note, this should not happen, as we always refresh an ExternalSecret + // that has a last refresh time in the future + if timeSinceLastRefresh < 0 { + return ctrl.Result{Requeue: true} + } + + // if there is time remaining, requeue after the remaining time + if timeSinceLastRefresh < refreshInterval { + return ctrl.Result{RequeueAfter: refreshInterval - timeSinceLastRefresh} + } - return ctrl.Result{ - RequeueAfter: refreshInt, - }, nil + // otherwise, requeue immediately + return ctrl.Result{Requeue: true} } -func (r *Reconciler) markAsDone(externalSecret *esv1beta1.ExternalSecret, start time.Time, log logr.Logger) { - conditionSynced := NewExternalSecretCondition(esv1beta1.ExternalSecretReady, v1.ConditionTrue, esv1beta1.ConditionReasonSecretSynced, "Secret was synced") - currCond := GetExternalSecretCondition(externalSecret.Status, esv1beta1.ExternalSecretReady) - SetExternalSecretCondition(externalSecret, *conditionSynced) +func (r *Reconciler) markAsDone(externalSecret *esv1beta1.ExternalSecret, start time.Time, log logr.Logger, reason, msg string) { + oldReadyCondition := GetExternalSecretCondition(externalSecret.Status, esv1beta1.ExternalSecretReady) + newReadyCondition := NewExternalSecretCondition(esv1beta1.ExternalSecretReady, v1.ConditionTrue, reason, msg) + SetExternalSecretCondition(externalSecret, *newReadyCondition) + externalSecret.Status.RefreshTime = metav1.NewTime(start) - externalSecret.Status.SyncedResourceVersion = getResourceVersion(*externalSecret) - if currCond == nil || currCond.Status != conditionSynced.Status { - log.Info("reconciled secret") // Log once if on success in any verbosity + externalSecret.Status.SyncedResourceVersion = getResourceVersion(externalSecret) + + // if the status or reason has changed, log at the appropriate verbosity level + if oldReadyCondition == nil || oldReadyCondition.Status != newReadyCondition.Status || oldReadyCondition.Reason != newReadyCondition.Reason { + if newReadyCondition.Reason == esv1beta1.ConditionReasonSecretDeleted { + log.Info("deleted secret") + } else { + log.Info("reconciled secret") + } } else { - log.V(1).Info("reconciled secret") // Log all reconciliation cycles if higher verbosity applied + log.V(1).Info("reconciled secret") } } -func (r *Reconciler) markAsFailed(log logr.Logger, msg string, err error, externalSecret *esv1beta1.ExternalSecret, counter prometheus.Counter) { - log.Error(err, msg) +func (r *Reconciler) markAsFailed(msg string, err error, externalSecret *esv1beta1.ExternalSecret, counter prometheus.Counter) { r.recorder.Event(externalSecret, v1.EventTypeWarning, esv1beta1.ReasonUpdateFailed, err.Error()) conditionSynced := NewExternalSecretCondition(esv1beta1.ExternalSecretReady, v1.ConditionFalse, esv1beta1.ConditionReasonSecretSyncedError, msg) SetExternalSecretCondition(externalSecret, *conditionSynced) counter.Inc() } -func deleteOrphanedSecrets(ctx context.Context, cl client.Client, externalSecret *esv1beta1.ExternalSecret) error { - secretList := v1.SecretList{} - lblValue := utils.ObjectHash(fmt.Sprintf("%v/%v", externalSecret.Namespace, externalSecret.Name)) - ls := &metav1.LabelSelector{ - MatchLabels: map[string]string{ - esv1beta1.LabelOwner: lblValue, - }, - } - labelSelector, err := metav1.LabelSelectorAsSelector(ls) - if err != nil { - return err +func deleteOrphanedSecrets(ctx context.Context, cl client.Client, externalSecret *esv1beta1.ExternalSecret, secretName string) error { + ownerLabel := utils.ObjectHash(fmt.Sprintf("%v/%v", externalSecret.Namespace, externalSecret.Name)) + + secretListPartial := &metav1.PartialObjectMetadataList{} + secretListPartial.SetGroupVersionKind(v1.SchemeGroupVersion.WithKind("SecretList")) + listOpts := &client.ListOptions{ + LabelSelector: labels.SelectorFromSet(map[string]string{ + esv1beta1.LabelOwner: ownerLabel, + }), + Namespace: externalSecret.Namespace, } - err = cl.List(ctx, &secretList, &client.ListOptions{LabelSelector: labelSelector}) - if err != nil { + if err := cl.List(ctx, secretListPartial, listOpts); err != nil { return err } - for key, secret := range secretList.Items { - if externalSecret.Spec.Target.Name != "" && secret.Name != externalSecret.Spec.Target.Name { - err = cl.Delete(ctx, &secretList.Items[key]) - if err != nil { + + // delete all secrets that are not the target secret + for _, secretPartial := range secretListPartial.Items { + if secretPartial.GetName() != secretName { + if err := cl.Delete(ctx, &secretPartial); err != nil { return err } } } + return nil } -func (r *Reconciler) createOrUpdateSecret(ctx context.Context, secret *v1.Secret, mutationFunc func() error, es *esv1beta1.ExternalSecret) (bool, error) { +// createSecret creates a new secret with the given mutation function. +func (r *Reconciler) createSecret(ctx context.Context, mutationFunc func(secret *v1.Secret) error, es *esv1beta1.ExternalSecret, secretName string) error { fqdn := fmt.Sprintf(fieldOwnerTemplate, es.Name) - key := client.ObjectKeyFromObject(secret) - if err := r.Client.Get(ctx, key, secret); err != nil { - if !apierrors.IsNotFound(err) { - return false, err - } - if err := mutationFunc(); err != nil { - return false, err - } - // Setting Field Owner even for CreationPolicy==Create - if err := r.Client.Create(ctx, secret, client.FieldOwner(fqdn)); err != nil { - return false, err - } - r.recorder.Event(es, v1.EventTypeNormal, esv1beta1.ReasonCreated, "Created Secret") - return true, nil - } - existing := secret.DeepCopyObject() - if err := mutationFunc(); err != nil { - return false, err + // define and mutate the new secret + newSecret := &v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + Name: secretName, + Namespace: es.Namespace, + }, + Data: make(map[string][]byte), } - - if equality.Semantic.DeepEqual(existing, secret) { - return false, nil + if err := mutationFunc(newSecret); err != nil { + return err } - if err := r.Client.Update(ctx, secret, client.FieldOwner(fqdn)); err != nil { - return false, err + // note, we set field owner even for Create + if err := r.Create(ctx, newSecret, client.FieldOwner(fqdn)); err != nil { + return err } - r.recorder.Event(es, v1.EventTypeNormal, esv1beta1.ReasonUpdated, "Updated Secret") - return false, nil + + // set the binding reference to the secret + // https://github.com/external-secrets/external-secrets/pull/2263 + es.Status.Binding = v1.LocalObjectReference{Name: newSecret.Name} + + r.recorder.Event(es, v1.EventTypeNormal, esv1beta1.ReasonCreated, "Created Secret") + return nil } -func (r *Reconciler) patchSecret(ctx context.Context, secret *v1.Secret, mutationFunc func() error, es *esv1beta1.ExternalSecret) error { +func (r *Reconciler) updateSecret(ctx context.Context, existingSecret *v1.Secret, mutationFunc func(secret *v1.Secret) error, es *esv1beta1.ExternalSecret, secretName string) error { fqdn := fmt.Sprintf(fieldOwnerTemplate, es.Name) - err := r.Client.Get(ctx, client.ObjectKeyFromObject(secret), secret.DeepCopy()) - if apierrors.IsNotFound(err) { - return fmt.Errorf(errPolicyMergeNotFound, secret.Name) - } - if err != nil { - return fmt.Errorf(errPolicyMergeGetSecret, secret.Name, err) - } - existing := secret.DeepCopyObject() - if err = mutationFunc(); err != nil { - return fmt.Errorf(errPolicyMergeMutate, secret.Name, err) + // fail if the secret does not exist + // this should never happen because we check this before calling this function + if existingSecret.UID == "" { + return fmt.Errorf(errUpdateNotFound, secretName) } - // GVK is missing in the Secret, see: - // https://github.com/kubernetes-sigs/controller-runtime/issues/526 - // https://github.com/kubernetes-sigs/controller-runtime/issues/1517 - // https://github.com/kubernetes/kubernetes/issues/80609 - // we need to manually set it before doing a Patch() as it depends on the GVK - gvks, unversioned, err := r.Scheme.ObjectKinds(secret) - if err != nil { - return err - } - if !unversioned && len(gvks) == 1 { - secret.SetGroupVersionKind(gvks[0]) + // set the binding reference to the secret + // https://github.com/external-secrets/external-secrets/pull/2263 + es.Status.Binding = v1.LocalObjectReference{Name: secretName} + + // mutate a copy of the existing secret with the mutation function + updatedSecret := existingSecret.DeepCopy() + if err := mutationFunc(updatedSecret); err != nil { + return fmt.Errorf(errMutate, updatedSecret.Name, err) } - if equality.Semantic.DeepEqual(existing, secret) { + // if the secret does not need to be updated, return early + if equality.Semantic.DeepEqual(existingSecret, updatedSecret) { return nil } - // Cleaning up Managed fields manually as to keep patch coherence - secret.ObjectMeta.ManagedFields = nil - // we're not able to resolve conflicts so we force ownership - // see: https://kubernetes.io/docs/reference/using-api/server-side-apply/#using-server-side-apply-in-a-controller - if err := r.Client.Patch(ctx, secret, client.Apply, client.FieldOwner(fqdn), client.ForceOwnership); err != nil { - return fmt.Errorf(errPolicyMergePatch, secret.Name, err) + + // if the existing secret is immutable, we can only update the object metadata + if ptr.Deref(existingSecret.Immutable, false) { + // check if the metadata was changed + metadataChanged := !equality.Semantic.DeepEqual(existingSecret.ObjectMeta, updatedSecret.ObjectMeta) + + // check if the immutable data/type was changed + var dataChanged bool + if metadataChanged { + // update the `existingSecret` object with the metadata from `updatedSecret` + // this lets us compare the objects to see if the immutable data/type was changed + existingSecret.ObjectMeta = *updatedSecret.ObjectMeta.DeepCopy() + dataChanged = !equality.Semantic.DeepEqual(existingSecret, updatedSecret) + + // because we use labels and annotations to keep track of the secret, + // we need to update the metadata, regardless of if the immutable data was changed + // NOTE: we are using the `existingSecret` object here, as we ONLY want to update the metadata, + // and we previously copied the metadata from the `updatedSecret` object + if err := r.Update(ctx, existingSecret, client.FieldOwner(fqdn)); err != nil { + // if we get a conflict, we should return early to requeue immediately + // note, we don't wrap this error so we can handle it in the caller + if apierrors.IsConflict(err) { + return err + } + return fmt.Errorf(errUpdate, existingSecret.Name, err) + } + } else { + // we know there was some change in the secret (or we would have returned early) + // we know the metadata was NOT changed (metadataChanged == false) + // so, the only thing that could have changed is the immutable data/type fields + dataChanged = true + } + + // if the immutable data was changed, we should return an error + if dataChanged { + return fmt.Errorf(errUpdate, existingSecret.Name, ErrSecretImmutable) + } + } + + // update the secret + if err := r.Update(ctx, updatedSecret, client.FieldOwner(fqdn)); err != nil { + // if we get a conflict, we should return early to requeue immediately + // note, we don't wrap this error so we can handle it in the caller + if apierrors.IsConflict(err) { + return err + } + return fmt.Errorf(errUpdate, updatedSecret.Name, err) } + r.recorder.Event(es, v1.EventTypeNormal, esv1beta1.ReasonUpdated, "Updated Secret") return nil } +// getManagedDataKeys returns the list of data keys in a secret which are managed by a specified owner. func getManagedDataKeys(secret *v1.Secret, fieldOwner string) ([]string, error) { return getManagedFieldKeys(secret, fieldOwner, func(fields map[string]any) []string { dataFields := fields["f:data"] @@ -508,29 +755,31 @@ func getManagedFieldKeys( return keys, nil } -func getResourceVersion(es esv1beta1.ExternalSecret) string { +func getResourceVersion(es *esv1beta1.ExternalSecret) string { return fmt.Sprintf("%d-%s", es.ObjectMeta.GetGeneration(), hashMeta(es.ObjectMeta)) } +// hashMeta returns a consistent hash of the `metadata.labels` and `metadata.annotations` fields of the given object. func hashMeta(m metav1.ObjectMeta) string { type meta struct { annotations map[string]string labels map[string]string } - return utils.ObjectHash(meta{ + objectMeta := meta{ annotations: m.Annotations, labels: m.Labels, - }) + } + return utils.ObjectHash(objectMeta) } -func shouldSkipClusterSecretStore(r *Reconciler, es esv1beta1.ExternalSecret) bool { +func shouldSkipClusterSecretStore(r *Reconciler, es *esv1beta1.ExternalSecret) bool { return !r.ClusterSecretStoreEnabled && es.Spec.SecretStoreRef.Kind == esv1beta1.ClusterSecretStoreKind } // shouldSkipUnmanagedStore iterates over all secretStore references in the externalSecret spec, // fetches the store and evaluates the controllerClass property. // Returns true if any storeRef points to store with a non-matching controllerClass. -func shouldSkipUnmanagedStore(ctx context.Context, namespace string, r *Reconciler, es esv1beta1.ExternalSecret) (bool, error) { +func shouldSkipUnmanagedStore(ctx context.Context, namespace string, r *Reconciler, es *esv1beta1.ExternalSecret) (bool, error) { var storeList []esv1beta1.SecretStoreRef if es.Spec.SecretStoreRef.Name != "" { @@ -552,6 +801,10 @@ func shouldSkipUnmanagedStore(ctx context.Context, namespace string, r *Reconcil if ref.SourceRef != nil && ref.SourceRef.GeneratorRef != nil { _, obj, err := resolvers.GeneratorRef(ctx, r.RestConfig, namespace, ref.SourceRef.GeneratorRef) if err != nil { + if apierrors.IsNotFound(err) { + // skip non-existent generators + continue + } return false, err } skipGenerator, err := shouldSkipGenerator(r, obj) @@ -575,11 +828,15 @@ func shouldSkipUnmanagedStore(ctx context.Context, namespace string, r *Reconcil namespace = "" } - err := r.Client.Get(ctx, types.NamespacedName{ + err := r.Get(ctx, types.NamespacedName{ Name: ref.Name, Namespace: namespace, }, store) if err != nil { + if apierrors.IsNotFound(err) { + // skip non-existent stores + continue + } return false, err } class := store.GetSpec().Controller @@ -590,110 +847,162 @@ func shouldSkipUnmanagedStore(ctx context.Context, namespace string, r *Reconcil return false, nil } -func shouldRefresh(es esv1beta1.ExternalSecret) bool { - // refresh if resource version changed +func shouldRefresh(es *esv1beta1.ExternalSecret) bool { + // if the refresh interval is 0, and we have synced previously, we should not refresh + if es.Spec.RefreshInterval.Duration <= 0 && es.Status.SyncedResourceVersion != "" { + return false + } + + // if the ExternalSecret has been updated, we should refresh if es.Status.SyncedResourceVersion != getResourceVersion(es) { return true } - // skip refresh if refresh interval is 0 - if es.Spec.RefreshInterval.Duration == 0 && es.Status.SyncedResourceVersion != "" { - return false - } + // if the last refresh time is zero, we should refresh if es.Status.RefreshTime.IsZero() { return true } - return es.Status.RefreshTime.Add(es.Spec.RefreshInterval.Duration).Before(time.Now()) -} -func shouldReconcile(es esv1beta1.ExternalSecret) bool { - if es.Spec.Target.Immutable && hasSyncedCondition(es) { - return false + // if the last refresh time is in the future, we should refresh + if es.Status.RefreshTime.Time.After(time.Now()) { + return true } - return true -} -func hasSyncedCondition(es esv1beta1.ExternalSecret) bool { - for _, condition := range es.Status.Conditions { - if condition.Reason == "SecretSynced" { - return true - } - } - return false + // if the last refresh time + refresh interval is before now, we should refresh + return es.Status.RefreshTime.Add(es.Spec.RefreshInterval.Duration).Before(time.Now()) } // isSecretValid checks if the secret exists, and it's data is consistent with the calculated hash. -func isSecretValid(existingSecret v1.Secret) bool { - // if target secret doesn't exist, or annotations as not set, we need to refresh - if existingSecret.UID == "" || existingSecret.Annotations == nil { +func isSecretValid(existingSecret *v1.Secret) bool { + // if target secret doesn't exist, we need to refresh + if existingSecret.UID == "" { return false } - // if the calculated hash is different from the calculation, then it's invalid - if existingSecret.Annotations[esv1beta1.AnnotationDataHash] != utils.ObjectHash(existingSecret.Data) { + // if the managed label is missing or incorrect, then it's invalid + if existingSecret.Labels[esv1beta1.LabelManaged] != esv1beta1.LabelManagedValue { return false } - return true -} -// computeDataHashAnnotation generate a hash of the secret data combining the old key with the new keys to add or override. -func (r *Reconciler) computeDataHashAnnotation(existing, secret *v1.Secret) string { - data := make(map[string][]byte) - maps.Insert(data, maps.All(existing.Data)) - maps.Insert(data, maps.All(secret.Data)) + // if the data-hash annotation is missing or incorrect, then it's invalid + // this is how we know if the data has chanced since we last updated the secret + if existingSecret.Annotations[esv1beta1.AnnotationDataHash] != utils.ObjectHash(existingSecret.Data) { + return false + } - return utils.ObjectHash(data) + return true } // SetupWithManager returns a new controller builder that will be started by the provided Manager. func (r *Reconciler) SetupWithManager(mgr ctrl.Manager, opts controller.Options) error { r.recorder = mgr.GetEventRecorderFor("external-secrets") - // Index .Spec.Target.Name to reconcile ExternalSecrets effectively when secrets have changed - if err := mgr.GetFieldIndexer().IndexField(context.Background(), &esv1beta1.ExternalSecret{}, externalSecretSecretNameKey, func(obj client.Object) []string { + // index ExternalSecrets based on the target secret name, + // this lets us quickly find all ExternalSecrets which target a specific Secret + if err := mgr.GetFieldIndexer().IndexField(context.Background(), &esv1beta1.ExternalSecret{}, indexESTargetSecretNameField, func(obj client.Object) []string { es := obj.(*esv1beta1.ExternalSecret) - - if name := es.Spec.Target.Name; name != "" { - return []string{name} + // if the target name is set, use that as the index + if es.Spec.Target.Name != "" { + return []string{es.Spec.Target.Name} } + // otherwise, use the ExternalSecret name return []string{es.Name} }); err != nil { return err } + // predicate function to ignore secret events unless they have the "managed" label + secretHasESLabel := predicate.NewPredicateFuncs(func(object client.Object) bool { + value, hasLabel := object.GetLabels()[esv1beta1.LabelManaged] + return hasLabel && value == esv1beta1.LabelManagedValue + }) + return ctrl.NewControllerManagedBy(mgr). WithOptions(opts). For(&esv1beta1.ExternalSecret{}). - // Cannot use Owns since the controller does not set owner reference when creation policy is not Owner - Watches( + // we cant use Owns(), as we don't set ownerReferences when the creationPolicy is not Owner. + // we use WatchesMetadata() to reduce memory usage, as otherwise we have to process full secret objects. + WatchesMetadata( &v1.Secret{}, handler.EnqueueRequestsFromMapFunc(r.findObjectsForSecret), - builder.WithPredicates(predicate.ResourceVersionChangedPredicate{}), - builder.OnlyMetadata, + builder.WithPredicates(predicate.ResourceVersionChangedPredicate{}, secretHasESLabel), ). Complete(r) } func (r *Reconciler) findObjectsForSecret(ctx context.Context, secret client.Object) []reconcile.Request { - var externalSecrets esv1beta1.ExternalSecretList - err := r.List( - ctx, - &externalSecrets, - client.InNamespace(secret.GetNamespace()), - client.MatchingFields{externalSecretSecretNameKey: secret.GetName()}, - ) + externalSecretsList := &esv1beta1.ExternalSecretList{} + listOps := &client.ListOptions{ + FieldSelector: fields.OneTermEqualSelector(indexESTargetSecretNameField, secret.GetName()), + Namespace: secret.GetNamespace(), + } + err := r.List(ctx, externalSecretsList, listOps) if err != nil { return []reconcile.Request{} } - requests := make([]reconcile.Request, len(externalSecrets.Items)) - for i := range externalSecrets.Items { + requests := make([]reconcile.Request, len(externalSecretsList.Items)) + for i, item := range externalSecretsList.Items { requests[i] = reconcile.Request{ NamespacedName: types.NamespacedName{ - Name: externalSecrets.Items[i].GetName(), - Namespace: externalSecrets.Items[i].GetNamespace(), + Name: item.GetName(), + Namespace: item.GetNamespace(), }, } } return requests } + +func BuildManagedSecretClient(mgr ctrl.Manager) (client.Client, error) { + // secrets we manage will have the `reconcile.external-secrets.io/managed=true` label + managedLabelReq, _ := labels.NewRequirement(esv1beta1.LabelManaged, selection.Equals, []string{esv1beta1.LabelManagedValue}) + managedLabelSelector := labels.NewSelector().Add(*managedLabelReq) + + // create a new cache with a label selector for managed secrets + // NOTE: this means that the cache/client will be unable to see secrets without the "managed" label + secretCacheOpts := cache.Options{ + HTTPClient: mgr.GetHTTPClient(), + Scheme: mgr.GetScheme(), + Mapper: mgr.GetRESTMapper(), + ByObject: map[client.Object]cache.ByObject{ + &v1.Secret{}: { + Label: managedLabelSelector, + }, + }, + // this requires us to explicitly start an informer for each object type + // and helps avoid people mistakenly using the secret client for other resources + ReaderFailOnMissingInformer: true, + } + secretCache, err := cache.New(mgr.GetConfig(), secretCacheOpts) + if err != nil { + return nil, err + } + + // start an informer for secrets + // this is required because we set ReaderFailOnMissingInformer to true + _, err = secretCache.GetInformer(context.Background(), &v1.Secret{}) + if err != nil { + return nil, err + } + + // add the secret cache to the manager, so that it starts at the same time + err = mgr.Add(secretCache) + if err != nil { + return nil, err + } + + // create a new client that uses the secret cache + secretClient, err := client.New(mgr.GetConfig(), client.Options{ + HTTPClient: mgr.GetHTTPClient(), + Scheme: mgr.GetScheme(), + Mapper: mgr.GetRESTMapper(), + Cache: &client.CacheOptions{ + Reader: secretCache, + }, + }) + if err != nil { + return nil, err + } + + return secretClient, nil +} diff --git a/pkg/controllers/externalsecret/externalsecret_controller_template.go b/pkg/controllers/externalsecret/externalsecret_controller_template.go index 73fb35edd17..19eb8c48a9b 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_template.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_template.go @@ -31,22 +31,37 @@ import ( // merge template in the following order: // * template.Data (highest precedence) -// * template.templateFrom -// * secret via es.data or es.dataFrom. +// * template.TemplateFrom +// * secret via es.data or es.dataFrom (if template.MergePolicy is Merge, or there is no template) +// * existing secret keys (if CreationPolicy is Merge). func (r *Reconciler) applyTemplate(ctx context.Context, es *esv1beta1.ExternalSecret, secret *v1.Secret, dataMap map[string][]byte) error { + // update metadata (labels, annotations) of the secret if err := setMetadata(secret, es); err != nil { return err } + // we only keep existing keys if creation policy is Merge, otherwise we clear the secret + if es.Spec.Target.CreationPolicy != esv1beta1.CreatePolicyMerge { + secret.Data = make(map[string][]byte) + } + // no template: copy data and return if es.Spec.Target.Template == nil { - secret.Data = dataMap + maps.Insert(secret.Data, maps.All(dataMap)) return nil } - // Merge Policy should merge secrets - if es.Spec.Target.Template.MergePolicy == esv1beta1.MergePolicyMerge { + + // set the secret type if it is defined in the template, otherwise keep the existing type + if es.Spec.Target.Template.Type != "" { + secret.Type = es.Spec.Target.Template.Type + } + + // when TemplateMergePolicy is Merge, or there is no data template, we include the keys from `dataMap` + noTemplate := len(es.Spec.Target.Template.Data) == 0 && len(es.Spec.Target.Template.TemplateFrom) == 0 + if es.Spec.Target.Template.MergePolicy == esv1beta1.MergePolicyMerge || noTemplate { maps.Insert(secret.Data, maps.All(dataMap)) } + execute, err := template.EngineForVersion(es.Spec.Target.Template.EngineVersion) if err != nil { return err @@ -58,6 +73,7 @@ func (r *Reconciler) applyTemplate(ctx context.Context, es *esv1beta1.ExternalSe DataMap: dataMap, Exec: execute, } + // apply templates defined in template.templateFrom err = p.MergeTemplateFrom(ctx, es.Namespace, es.Spec.Target.Template) if err != nil { @@ -79,24 +95,23 @@ func (r *Reconciler) applyTemplate(ctx context.Context, es *esv1beta1.ExternalSe if err != nil { return fmt.Errorf(errExecTpl, err) } - // if no data was provided by template fallback - // to value from the provider - if len(es.Spec.Target.Template.Data) == 0 && len(es.Spec.Target.Template.TemplateFrom) == 0 { - secret.Data = dataMap - } + return nil } // setMetadata sets Labels and Annotations to the given secret. func setMetadata(secret *v1.Secret, es *esv1beta1.ExternalSecret) error { + // ensure that Labels and Annotations are not nil + // so it is safe to merge them if secret.Labels == nil { secret.Labels = make(map[string]string) } if secret.Annotations == nil { secret.Annotations = make(map[string]string) } - // Clean up Labels and Annotations added by the operator - // so that it won't leave outdated ones + + // remove any existing labels managed by this external secret + // this is to ensure that we don't have any stale labels labelKeys, err := templating.GetManagedLabelKeys(secret, es.Name) if err != nil { return err @@ -104,7 +119,6 @@ func setMetadata(secret *v1.Secret, es *esv1beta1.ExternalSecret) error { for _, key := range labelKeys { delete(secret.ObjectMeta.Labels, key) } - annotationKeys, err := templating.GetManagedAnnotationKeys(secret, es.Name) if err != nil { return err @@ -113,13 +127,14 @@ func setMetadata(secret *v1.Secret, es *esv1beta1.ExternalSecret) error { delete(secret.ObjectMeta.Annotations, key) } + // if no template is defined, copy labels and annotations from the ExternalSecret if es.Spec.Target.Template == nil { utils.MergeStringMap(secret.ObjectMeta.Labels, es.ObjectMeta.Labels) utils.MergeStringMap(secret.ObjectMeta.Annotations, es.ObjectMeta.Annotations) return nil } - secret.Type = es.Spec.Target.Template.Type + // copy labels and annotations from the template utils.MergeStringMap(secret.ObjectMeta.Labels, es.Spec.Target.Template.Metadata.Labels) utils.MergeStringMap(secret.ObjectMeta.Annotations, es.Spec.Target.Template.Metadata.Annotations) return nil diff --git a/pkg/controllers/externalsecret/externalsecret_controller_test.go b/pkg/controllers/externalsecret/externalsecret_controller_test.go index 99b2d2b2247..525e49795ef 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_test.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_test.go @@ -26,6 +26,7 @@ import ( "github.com/google/go-cmp/cmp" "github.com/google/go-cmp/cmp/cmpopts" + "github.com/onsi/gomega/format" "github.com/prometheus/client_golang/prometheus" dto "github.com/prometheus/client_model/go" v1 "k8s.io/api/core/v1" @@ -89,30 +90,23 @@ var _ = Describe("Kind=secret existence logic", func() { } type testCase struct { Name string - Input v1.Secret + Input *v1.Secret ExpectedOutput bool } tests := []testCase{ { Name: "Should not be valid in case of missing uid", - Input: v1.Secret{}, + Input: &v1.Secret{}, ExpectedOutput: false, }, { Name: "A nil annotation should not be valid", - Input: v1.Secret{ + Input: &v1.Secret{ ObjectMeta: metav1.ObjectMeta{ - UID: "xxx", - Annotations: map[string]string{}, - }, - }, - ExpectedOutput: false, - }, - { - Name: "A nil annotation should not be valid", - Input: v1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - UID: "xxx", + UID: "xxx", + Labels: map[string]string{ + esv1beta1.LabelManaged: esv1beta1.LabelManagedValue, + }, Annotations: map[string]string{}, }, }, @@ -120,9 +114,12 @@ var _ = Describe("Kind=secret existence logic", func() { }, { Name: "An invalid annotation hash should not be valid", - Input: v1.Secret{ + Input: &v1.Secret{ ObjectMeta: metav1.ObjectMeta{ UID: "xxx", + Labels: map[string]string{ + esv1beta1.LabelManaged: esv1beta1.LabelManagedValue, + }, Annotations: map[string]string{ esv1beta1.AnnotationDataHash: "xxxxxx", }, @@ -131,10 +128,13 @@ var _ = Describe("Kind=secret existence logic", func() { ExpectedOutput: false, }, { - Name: "A valid config map should return true", - Input: v1.Secret{ + Name: "A valid secret should return true", + Input: &v1.Secret{ ObjectMeta: metav1.ObjectMeta{ UID: "xxx", + Labels: map[string]string{ + esv1beta1.LabelManaged: esv1beta1.LabelManagedValue, + }, Annotations: map[string]string{ esv1beta1.AnnotationDataHash: utils.ObjectHash(validData), }, @@ -449,9 +449,10 @@ var _ = Describe("ExternalSecret controller", Serial, func() { Expect(string(secret.Data[existingKey])).To(Equal(existingVal)) Expect(string(secret.Data[targetProp])).To(Equal(secretVal)) - Expect(secret.ObjectMeta.Labels).To(HaveLen(2)) + Expect(secret.ObjectMeta.Labels).To(HaveLen(3)) Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue("existing-label-key", "existing-label-value")) Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue("es-label-key", "es-label-value")) + Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue(esv1beta1.LabelManaged, esv1beta1.LabelManagedValue)) Expect(secret.ObjectMeta.Annotations).To(HaveLen(3)) Expect(secret.ObjectMeta.Annotations).To(HaveKeyWithValue("existing-annotation-key", "existing-annotation-value")) @@ -460,12 +461,15 @@ var _ = Describe("ExternalSecret controller", Serial, func() { Expect(ctest.HasOwnerRef(secret.ObjectMeta, "ExternalSecret", ExternalSecretFQDN)).To(BeFalse()) Expect(secret.ObjectMeta.ManagedFields).To(HaveLen(2)) - Expect(ctest.HasFieldOwnership( - secret.ObjectMeta, - ExternalSecretFQDN, - fmt.Sprintf(`{"f:data":{"f:targetProperty":{}},"f:immutable":{},"f:metadata":{"f:annotations":{"f:es-annotation-key":{},"f:%s":{}},"f:labels":{"f:es-label-key":{}}}}`, esv1beta1.AnnotationDataHash)), - ).To(BeEmpty()) - Expect(ctest.HasFieldOwnership(secret.ObjectMeta, FakeManager, `{"f:data":{".":{},"f:pre-existing-key":{}},"f:metadata":{"f:annotations":{".":{},"f:existing-annotation-key":{}},"f:labels":{".":{},"f:existing-label-key":{}}},"f:type":{}}`)).To(BeEmpty()) + oldCharactersAroundMismatchToInclude := format.CharactersAroundMismatchToInclude + format.CharactersAroundMismatchToInclude = 10 + Expect(ctest.FirstManagedFieldForManager(secret.ObjectMeta, ExternalSecretFQDN)).To( + Equal(fmt.Sprintf(`{"f:data":{"f:targetProperty":{}},"f:metadata":{"f:annotations":{"f:es-annotation-key":{},"f:%s":{}},"f:labels":{"f:es-label-key":{},"f:%s":{}}}}`, esv1beta1.AnnotationDataHash, esv1beta1.LabelManaged)), + ) + Expect(ctest.FirstManagedFieldForManager(secret.ObjectMeta, FakeManager)).To( + Equal(`{"f:data":{".":{},"f:pre-existing-key":{}},"f:metadata":{"f:annotations":{".":{},"f:existing-annotation-key":{}},"f:labels":{".":{},"f:existing-label-key":{}}},"f:type":{}}`), + ) + format.CharactersAroundMismatchToInclude = oldCharactersAroundMismatchToInclude } } @@ -548,8 +552,18 @@ var _ = Describe("ExternalSecret controller", Serial, func() { fakeProvider.WithGetSecret([]byte(secretVal), nil) tc.checkCondition = func(es *esv1beta1.ExternalSecret) bool { - cond := GetExternalSecretCondition(es.Status, esv1beta1.ExternalSecretReady) - if cond == nil || cond.Status != v1.ConditionFalse || cond.Reason != esv1beta1.ConditionReasonSecretSyncedError { + expected := []esv1beta1.ExternalSecretStatusCondition{ + { + Type: esv1beta1.ExternalSecretReady, + Status: v1.ConditionTrue, + Reason: esv1beta1.ConditionReasonSecretMissing, + Message: msgMissing, + }, + } + + opts := cmpopts.IgnoreFields(esv1beta1.ExternalSecretStatusCondition{}, "LastTransitionTime") + if diff := cmp.Diff(expected, es.Status.Conditions, opts); diff != "" { + GinkgoLogr.Info("(-got, +want)\n%s", "diff", diff) return false } return true @@ -558,10 +572,10 @@ var _ = Describe("ExternalSecret controller", Serial, func() { Eventually(func() bool { Expect(testSyncCallsError.WithLabelValues(ExternalSecretName, ExternalSecretNamespace).Write(&metric)).To(Succeed()) Expect(testExternalSecretReconcileDuration.WithLabelValues(ExternalSecretName, ExternalSecretNamespace).Write(&metricDuration)).To(Succeed()) - return metric.GetCounter().GetValue() >= 2.0 && metricDuration.GetGauge().GetValue() > 0.0 + return metric.GetCounter().GetValue() == 0 && metricDuration.GetGauge().GetValue() > 0.0 }, timeout, interval).Should(BeTrue()) - Expect(externalSecretConditionShouldBe(ExternalSecretName, ExternalSecretNamespace, esv1beta1.ExternalSecretReady, v1.ConditionFalse, 1.0)).To(BeTrue()) - Expect(externalSecretConditionShouldBe(ExternalSecretName, ExternalSecretNamespace, esv1beta1.ExternalSecretReady, v1.ConditionTrue, 0.0)).To(BeTrue()) + Expect(externalSecretConditionShouldBe(ExternalSecretName, ExternalSecretNamespace, esv1beta1.ExternalSecretReady, v1.ConditionFalse, 0.0)).To(BeTrue()) + Expect(externalSecretConditionShouldBe(ExternalSecretName, ExternalSecretNamespace, esv1beta1.ExternalSecretReady, v1.ConditionTrue, 1.0)).To(BeTrue()) } } @@ -591,11 +605,12 @@ var _ = Describe("ExternalSecret controller", Serial, func() { // check owner/managedFields Expect(ctest.HasOwnerRef(secret.ObjectMeta, "ExternalSecret", ExternalSecretFQDN)).To(BeFalse()) Expect(secret.ObjectMeta.ManagedFields).To(HaveLen(2)) - Expect(ctest.HasFieldOwnership( - secret.ObjectMeta, - ExternalSecretFQDN, - fmt.Sprintf("{\"f:data\":{\"f:targetProperty\":{}},\"f:immutable\":{},\"f:metadata\":{\"f:annotations\":{\"f:%s\":{}}}}", esv1beta1.AnnotationDataHash)), - ).To(BeEmpty()) + oldCharactersAroundMismatchToInclude := format.CharactersAroundMismatchToInclude + format.CharactersAroundMismatchToInclude = 10 + Expect(ctest.FirstManagedFieldForManager(secret.ObjectMeta, ExternalSecretFQDN)).To( + Equal(fmt.Sprintf(`{"f:data":{"f:targetProperty":{}},"f:metadata":{"f:annotations":{".":{},"f:%s":{}},"f:labels":{".":{},"f:%s":{}}}}`, esv1beta1.AnnotationDataHash, esv1beta1.LabelManaged)), + ) + format.CharactersAroundMismatchToInclude = oldCharactersAroundMismatchToInclude } } @@ -1394,7 +1409,7 @@ var _ = Describe("ExternalSecret controller", Serial, func() { Type: esv1beta1.ExternalSecretReady, Status: v1.ConditionTrue, Reason: esv1beta1.ConditionReasonSecretSynced, - Message: "Secret was synced", + Message: msgSyncedRetain, }, } @@ -1841,7 +1856,7 @@ var _ = Describe("ExternalSecret controller", Serial, func() { &Reconciler{ ClusterSecretStoreEnabled: false, }, - *tc.externalSecret, + tc.externalSecret, )).To(BeTrue()) tc.checkCondition = func(es *esv1beta1.ExternalSecret) bool { @@ -2315,14 +2330,17 @@ var _ = Describe("ExternalSecret controller", Serial, func() { var _ = Describe("ExternalSecret refresh logic", func() { Context("secret refresh", func() { It("should refresh when resource version does not match", func() { - Expect(shouldRefresh(esv1beta1.ExternalSecret{ + Expect(shouldRefresh(&esv1beta1.ExternalSecret{ + Spec: esv1beta1.ExternalSecretSpec{ + RefreshInterval: &metav1.Duration{Duration: time.Minute}, + }, Status: esv1beta1.ExternalSecretStatus{ SyncedResourceVersion: "some resource version", }, })).To(BeTrue()) }) It("should refresh when labels change", func() { - es := esv1beta1.ExternalSecret{ + es := &esv1beta1.ExternalSecret{ ObjectMeta: metav1.ObjectMeta{ Generation: 1, Labels: map[string]string{ @@ -2346,7 +2364,7 @@ var _ = Describe("ExternalSecret refresh logic", func() { }) It("should refresh when annotations change", func() { - es := esv1beta1.ExternalSecret{ + es := &esv1beta1.ExternalSecret{ ObjectMeta: metav1.ObjectMeta{ Generation: 1, Annotations: map[string]string{ @@ -2370,12 +2388,12 @@ var _ = Describe("ExternalSecret refresh logic", func() { }) It("should refresh when generation has changed", func() { - es := esv1beta1.ExternalSecret{ + es := &esv1beta1.ExternalSecret{ ObjectMeta: metav1.ObjectMeta{ Generation: 1, }, Spec: esv1beta1.ExternalSecretSpec{ - RefreshInterval: &metav1.Duration{Duration: 0}, + RefreshInterval: &metav1.Duration{Duration: time.Minute}, }, Status: esv1beta1.ExternalSecretStatus{ RefreshTime: metav1.Now(), @@ -2390,7 +2408,7 @@ var _ = Describe("ExternalSecret refresh logic", func() { }) It("should skip refresh when refreshInterval is 0", func() { - es := esv1beta1.ExternalSecret{ + es := &esv1beta1.ExternalSecret{ ObjectMeta: metav1.ObjectMeta{ Generation: 1, }, @@ -2405,7 +2423,7 @@ var _ = Describe("ExternalSecret refresh logic", func() { }) It("should refresh when refresh interval has passed", func() { - es := esv1beta1.ExternalSecret{ + es := &esv1beta1.ExternalSecret{ ObjectMeta: metav1.ObjectMeta{ Generation: 1, }, @@ -2422,7 +2440,7 @@ var _ = Describe("ExternalSecret refresh logic", func() { }) It("should refresh when no refresh time was set", func() { - es := esv1beta1.ExternalSecret{ + es := &esv1beta1.ExternalSecret{ ObjectMeta: metav1.ObjectMeta{ Generation: 1, }, @@ -2502,43 +2520,6 @@ var _ = Describe("ExternalSecret refresh logic", func() { }) }) -var _ = Describe("Controller Reconcile logic", func() { - Context("controller reconcile", func() { - It("should reconcile when resource is not synced", func() { - Expect(shouldReconcile(esv1beta1.ExternalSecret{ - Status: esv1beta1.ExternalSecretStatus{ - SyncedResourceVersion: "some resource version", - Conditions: []esv1beta1.ExternalSecretStatusCondition{{Reason: "NotASecretSynced"}}, - }, - })).To(BeTrue()) - }) - - It("should reconcile when secret isn't immutable", func() { - Expect(shouldReconcile(esv1beta1.ExternalSecret{ - Spec: esv1beta1.ExternalSecretSpec{ - Target: esv1beta1.ExternalSecretTarget{ - Immutable: false, - }, - }, - })).To(BeTrue()) - }) - - It("should not reconcile if secret is immutable and has synced condition", func() { - Expect(shouldReconcile(esv1beta1.ExternalSecret{ - Spec: esv1beta1.ExternalSecretSpec{ - Target: esv1beta1.ExternalSecretTarget{ - Immutable: true, - }, - }, - Status: esv1beta1.ExternalSecretStatus{ - SyncedResourceVersion: "some resource version", - Conditions: []esv1beta1.ExternalSecretStatusCondition{{Reason: "SecretSynced"}}, - }, - })).To(BeFalse()) - }) - }) -}) - func externalSecretConditionShouldBe(name, ns string, ct esv1beta1.ExternalSecretConditionType, cs v1.ConditionStatus, v float64) bool { return Eventually(func() float64 { Expect(testExternalSecretCondition.WithLabelValues(name, ns, string(ct), string(cs)).Write(&metric)).To(Succeed()) diff --git a/pkg/controllers/externalsecret/suite_test.go b/pkg/controllers/externalsecret/suite_test.go index d99e0b1e583..b8faa46c8ee 100644 --- a/pkg/controllers/externalsecret/suite_test.go +++ b/pkg/controllers/externalsecret/suite_test.go @@ -83,7 +83,13 @@ var _ = BeforeSuite(func() { }, Client: client.Options{ Cache: &client.CacheOptions{ - DisableFor: []client.Object{&v1.Secret{}, &v1.ConfigMap{}}, + // the client creates a ListWatch for resources that are requested with .Get() or .List() + // we disable caching in the production code, so we disable it here as well for consistency + // see: https://github.com/external-secrets/external-secrets/issues/721 + DisableFor: []client.Object{ + &v1.Secret{}, + &v1.ConfigMap{}, + }, }, }, }) @@ -95,8 +101,14 @@ var _ = BeforeSuite(func() { Expect(k8sClient).ToNot(BeNil()) Expect(err).ToNot(HaveOccurred()) + // by default, we use a separate cached client for secrets that are managed by the controller + // so we should test under the same conditions + secretClient, err := BuildManagedSecretClient(k8sManager) + Expect(err).ToNot(HaveOccurred()) + err = (&Reconciler{ Client: k8sManager.GetClient(), + SecretClient: secretClient, RestConfig: cfg, Scheme: k8sManager.GetScheme(), Log: ctrl.Log.WithName("controllers").WithName("ExternalSecrets"), diff --git a/pkg/controllers/secretstore/client_manager.go b/pkg/controllers/secretstore/client_manager.go index dc8d5bee454..077380e92fa 100644 --- a/pkg/controllers/secretstore/client_manager.go +++ b/pkg/controllers/secretstore/client_manager.go @@ -35,7 +35,7 @@ import ( const ( errGetClusterSecretStore = "could not get ClusterSecretStore %q, %w" errGetSecretStore = "could not get SecretStore %q, %w" - errSecretStoreNotReady = "the desired SecretStore %s is not ready" + errSecretStoreNotReady = "%s %q is not ready" errClusterStoreMismatch = "using cluster store %q is not allowed from namespace %q: denied by spec.condition" ) @@ -271,7 +271,7 @@ func assertStoreIsUsable(store esv1beta1.GenericStore) error { } condition := GetSecretStoreCondition(store.GetStatus(), esv1beta1.SecretStoreReady) if condition == nil || condition.Status != v1.ConditionTrue { - return fmt.Errorf(errSecretStoreNotReady, store.GetName()) + return fmt.Errorf(errSecretStoreNotReady, store.GetKind(), store.GetName()) } return nil } From 662d5840fe082f7b78642ae30c991aa767edaa7c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:33:44 +0100 Subject: [PATCH 431/517] chore(deps): bump mkdocs-material in /hack/api-docs (#4143) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.44 to 9.5.45. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.44...9.5.45) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 50b969cdd75..56930f96003 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 mkdocs-macros-plugin==1.3.7 -mkdocs-material==9.5.44 +mkdocs-material==9.5.45 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.2 From 5f537ac8316e02f081d93e3b9ecfce323a1f431f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:42:15 +0100 Subject: [PATCH 432/517] chore(deps): bump tornado from 6.4.1 to 6.4.2 in /hack/api-docs (#4144) Bumps [tornado](https://github.com/tornadoweb/tornado) from 6.4.1 to 6.4.2. - [Changelog](https://github.com/tornadoweb/tornado/blob/v6.4.2/docs/releases.rst) - [Commits](https://github.com/tornadoweb/tornado/compare/v6.4.1...v6.4.2) --- updated-dependencies: - dependency-name: tornado dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 56930f96003..4faf501b844 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -35,7 +35,7 @@ regex==2024.11.6 requests==2.32.3 six==1.16.0 termcolor==2.5.0 -tornado==6.4.1 +tornado==6.4.2 urllib3==2.2.3 verspec==0.1.0 watchdog==6.0.0 From bcbf90a3638178df1f0acc2882e1d5bd8005dd64 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:50:33 +0100 Subject: [PATCH 433/517] chore(deps): bump codecov/codecov-action from 5.0.2 to 5.0.7 (#4145) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.0.2 to 5.0.7. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/5c47607acb93fed5485fdbf7232e8a31425f672a...015f24e6818733317a2da2edd6290ab26238649a) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7c2f199227b..b864297e63e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -126,7 +126,7 @@ jobs: make test - name: Publish Unit Test Coverage - uses: codecov/codecov-action@5c47607acb93fed5485fdbf7232e8a31425f672a # v5.0.2 + uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: From 6c7d829edebbbe9fda8dd37b36ce4b6ab099a723 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:53:38 +0100 Subject: [PATCH 434/517] chore(deps): bump aquasecurity/trivy-action from 0.28.0 to 0.29.0 (#4146) Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.28.0 to 0.29.0. - [Release notes](https://github.com/aquasecurity/trivy-action/releases) - [Commits](https://github.com/aquasecurity/trivy-action/compare/915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2...18f2510ee396bbf400402947b394f2dd8c87dbb0) --- updated-dependencies: - dependency-name: aquasecurity/trivy-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9f2b765e55b..9df7a4b4dfd 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -126,7 +126,7 @@ jobs: run: make docker.build - name: Run Trivy vulnerability scanner - uses: aquasecurity/trivy-action@915b19bbe73b92a6cf82a1bc12b087c9a19a5fe2 # master + uses: aquasecurity/trivy-action@18f2510ee396bbf400402947b394f2dd8c87dbb0 # master with: image-ref: ${{ inputs.image-name }}:${{ steps.container_info.outputs.image-tag }} format: 'table' From 62ea79f76869772d4d75b4d4ce64177e674c9738 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 10:54:56 +0100 Subject: [PATCH 435/517] chore(deps): bump github/codeql-action from 3.27.4 to 3.27.5 (#4147) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.4 to 3.27.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/ea9e4e37992a54ee68a9622e985e60c8e8f12d9f...f09c1c0a94de965c15400f5634aa42fac8fb8f88) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 78e520f7eec..d22d4749c16 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@ea9e4e37992a54ee68a9622e985e60c8e8f12d9f # v3.27.4 + uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 with: sarif_file: results.sarif From 3218a21cb7e7905137e947e3166f52c30f4b7c6d Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 25 Nov 2024 12:30:34 +0100 Subject: [PATCH 436/517] update dependencies (#4148) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator --- e2e/go.mod | 38 ++++++++++----------- e2e/go.sum | 64 ++++++++++++++++++------------------ go.mod | 48 +++++++++++++-------------- go.sum | 96 +++++++++++++++++++++++++++--------------------------- 4 files changed, 123 insertions(+), 123 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index c5e3295efb8..9445578939a 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -44,39 +44,39 @@ require ( github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 - github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 + github.com/DelineaXPM/tss-sdk-go/v2 v2.0.3 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 github.com/aws/aws-sdk-go v1.55.5 - github.com/cyberark/conjur-api-go v0.12.6 + github.com/cyberark/conjur-api-go v0.12.7 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 github.com/fluxcd/pkg/apis/meta v1.2.0 github.com/fluxcd/source-controller/api v1.2.3 github.com/golang-jwt/jwt/v4 v4.5.1 github.com/hashicorp/vault/api v1.15.0 - github.com/onsi/ginkgo/v2 v2.21.0 + github.com/onsi/ginkgo/v2 v2.22.0 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.78.1 + github.com/oracle/oci-go-sdk/v65 v65.79.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 - github.com/xanzy/go-gitlab v0.113.0 + github.com/xanzy/go-gitlab v0.114.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.206.0 - k8s.io/api v0.31.2 - k8s.io/apiextensions-apiserver v0.31.2 - k8s.io/apimachinery v0.31.2 + google.golang.org/api v0.209.0 + k8s.io/api v0.31.3 + k8s.io/apiextensions-apiserver v0.31.3 + k8s.io/apimachinery v0.31.3 k8s.io/client-go v1.5.2 k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 - sigs.k8s.io/controller-runtime v0.19.1 + sigs.k8s.io/controller-runtime v0.19.2 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.5.0 ) require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.10.2 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect + cloud.google.com/go/auth v0.11.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect cloud.google.com/go/iam v1.2.2 // indirect dario.cat/mergo v1.0.1 // indirect @@ -91,9 +91,9 @@ require ( github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 // indirect github.com/Masterminds/goutils v1.1.1 // indirect - github.com/Masterminds/semver/v3 v3.3.0 // indirect + github.com/Masterminds/semver/v3 v3.3.1 // indirect github.com/Masterminds/sprig/v3 v3.3.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect @@ -128,7 +128,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 // indirect + github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect @@ -154,7 +154,7 @@ require ( github.com/lestrrat-go/httpcc v1.0.1 // indirect github.com/lestrrat-go/httprc v1.0.6 // indirect github.com/lestrrat-go/iter v1.0.2 // indirect - github.com/lestrrat-go/jwx/v2 v2.1.2 // indirect + github.com/lestrrat-go/jwx/v2 v2.1.3 // indirect github.com/lestrrat-go/option v1.0.1 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect @@ -202,9 +202,9 @@ require ( golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.27.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f // indirect + google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect google.golang.org/grpc v1.68.0 // indirect google.golang.org/protobuf v1.35.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 475b2260e17..46c17b89144 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -22,10 +22,10 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.10.2 h1:oKF7rgBfSHdp/kuhXtqU/tNDr0mZqhYbEh+6SiqzkKo= -cloud.google.com/go/auth v0.10.2/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= -cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk= -cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= +cloud.google.com/go/auth v0.11.0 h1:Ic5SZz2lsvbYcWT5dfjNWgw6tTlGi2Wc8hyQSC9BstA= +cloud.google.com/go/auth v0.11.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= +cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -98,19 +98,19 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= -github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 h1:gUDtaZk8heteyfdmv+pcfHvhR9llnh7c7GMwZ8RVG04= -github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 h1:kYRSnvJju5gYVyhkij+RTJ/VR6QIUaCfWeaFm2ycsjQ= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2/go.mod h1:tNlpIXJlIwQlRbobXDPme4qv/Rc8+a1GbuUhE3m4JhQ= -github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 h1:/rzzzaBuj/FYTcbt8sYZ9IzlnENqcgh5zKqBhHiBBm4= -github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1/go.mod h1:xz6FXP2Do88Vc5Hx7OamZgZC1W45yfmLy4+iDKxlGXo= +github.com/DelineaXPM/tss-sdk-go/v2 v2.0.3 h1:Yk8VZUIer8deRzi1Zx2Di2wEpw138IP09O5eKUYmDRs= +github.com/DelineaXPM/tss-sdk-go/v2 v2.0.3/go.mod h1:xz6FXP2Do88Vc5Hx7OamZgZC1W45yfmLy4+iDKxlGXo= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= -github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4= +github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 h1:ly0WKARATneFzwBlTZ2lUyjtLqoOEYqt1vOlf89za/4= github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5/go.mod h1:W6DMNwPyIE3jpXDaJOvCKUT/kHPZrpl/BGiIVUILbMk= github.com/akeylesslabs/akeyless-go/v3 v3.6.3 h1:fMF8SMDiBL9CufVjLUyF1Z+Z04t5CC3KGOROSjaJ/eA= @@ -138,8 +138,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cyberark/conjur-api-go v0.12.6 h1:AmJbsyBfgdQ0TbH3D9MduqX88Mnb0O8ST9MKqDJpMHw= -github.com/cyberark/conjur-api-go v0.12.6/go.mod h1:NwX17s8cIbiM+gx7PzHGwBkFXbNIXRLHciKakVabq6Q= +github.com/cyberark/conjur-api-go v0.12.7 h1:LxkiEeDolVoVR96Zfr+s2NhlEdyt/sIT2oFbtcYdlhk= +github.com/cyberark/conjur-api-go v0.12.7/go.mod h1:/lZcWpHodKrwJC85J8h6R8uCvt3TknQeUZMUxSinFGU= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -300,8 +300,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 h1:sAGdeJj0bnMgUNVeUpp6AYlVdCt3/GdI3pGRqsNSQLs= -github.com/google/pprof v0.0.0-20241101162523-b92577c0c142/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b h1:SXO0REt4iu865upYCk8aKBBJQ4BqoE0ReP23ClMu60s= +github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -388,8 +388,8 @@ github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCG github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.1.2 h1:6poete4MPsO8+LAEVhpdrNI4Xp2xdiafgl2RD89moBc= -github.com/lestrrat-go/jwx/v2 v2.1.2/go.mod h1:pO+Gz9whn7MPdbsqSJzG8TlEpMZCwQDXnFJ+zsUVh8Y= +github.com/lestrrat-go/jwx/v2 v2.1.3 h1:Ud4lb2QuxRClYAmRleF50KrbKIoM1TddXgBrneT5/Jo= +github.com/lestrrat-go/jwx/v2 v2.1.3/go.mod h1:q6uFgbgZfEmQrfJfrCo90QcQOcXFMfbI/fO0NqRtvZo= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= @@ -422,14 +422,14 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= -github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= +github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.78.1 h1:M9nLmaOsjTZJHQ5hlkF5UK6XV/sbFUodAgCfbM2Ve00= -github.com/oracle/oci-go-sdk/v65 v65.78.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.79.0 h1:Tv9L1XTKWkdXtSViMbP+dA93WunquvW++/2s5pOvOgU= +github.com/oracle/oci-go-sdk/v65 v65.79.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -505,8 +505,8 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.113.0 h1:v5O4R+YZbJGxKqa9iIZxjMyeKkMKBN8P6sZsNl+YckM= -github.com/xanzy/go-gitlab v0.113.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/xanzy/go-gitlab v0.114.0 h1:0wQr/KBckwrZPfEMjRqpUz0HmsKKON9UhCYv9KDy19M= +github.com/xanzy/go-gitlab v0.114.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -833,8 +833,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.206.0 h1:A27GClesCSheW5P2BymVHjpEeQ2XHH8DI8Srs2HI2L8= -google.golang.org/api v0.206.0/go.mod h1:BtB8bfjTYIrai3d8UyvPmV9REGgox7coh+ZRwm0b+W8= +google.golang.org/api v0.209.0 h1:Ja2OXNlyRlWCWu8o+GgI4yUn/wz9h/5ZfFbKz+dQX+w= +google.golang.org/api v0.209.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -882,12 +882,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f h1:zDoHYmMzMacIdjNe+P2XiTmPsLawi/pCbSPfxt6lTfw= -google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f/go.mod h1:Q5m6g8b5KaFFzsQFIGdJkSJDGeJiybVenoYFMMa3ohI= -google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f h1:M65LEviCfuZTfrfzwwEoxVtgvfkFkBUbFnRbxCXuXhU= -google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f/go.mod h1:Yo94eF2nj7igQt+TiJ49KxjIH8ndLYPZMIRSiRcEbg0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f h1:C1QccEa9kUwvMgEUORqQD9S17QesQijxjZ84sO82mfo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= +google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= +google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ= +google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -971,8 +971,8 @@ k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn/cxOk= -sigs.k8s.io/controller-runtime v0.19.1/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/controller-runtime v0.19.2 h1:3sPrF58XQEPzbE8T81TN6selQIMGbtYwuaJ6eDssDF8= +sigs.k8s.io/controller-runtime v0.19.2/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/structured-merge-diff/v4 v4.4.3 h1:sCP7Vv3xx/CWIuTPVN38lUPx0uw0lcLfzaiDa8Ja01A= diff --git a/go.mod b/go.mod index 01678b94a27..0e05d6afe7c 100644 --- a/go.mod +++ b/go.mod @@ -11,7 +11,7 @@ require ( github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 - github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 + github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 github.com/IBM/go-sdk-core/v5 v5.18.1 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.8 github.com/Masterminds/goutils v1.1.1 // indirect @@ -30,32 +30,32 @@ require ( github.com/hashicorp/vault/api/auth/kubernetes v0.8.0 github.com/hashicorp/vault/api/auth/ldap v0.8.0 github.com/huandu/xstrings v1.5.0 // indirect - github.com/onsi/ginkgo/v2 v2.21.0 + github.com/onsi/ginkgo/v2 v2.22.0 github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.78.1 + github.com/oracle/oci-go-sdk/v65 v65.79.0 github.com/prometheus/client_golang v1.20.5 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.9.0 github.com/tidwall/gjson v1.18.0 - github.com/xanzy/go-gitlab v0.113.0 - github.com/yandex-cloud/go-genproto v0.0.0-20241114125552-204702d61ed0 - github.com/yandex-cloud/go-sdk v0.0.0-20241114131935-2a8bbd3c67f1 + github.com/xanzy/go-gitlab v0.114.0 + github.com/yandex-cloud/go-genproto v0.0.0-20241125092406-f84a9a79c742 + github.com/yandex-cloud/go-sdk v0.0.0-20241125093903-abc9da85b811 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.29.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.206.0 - google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f + google.golang.org/api v0.209.0 + google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 google.golang.org/grpc v1.68.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 - k8s.io/api v0.31.2 - k8s.io/apiextensions-apiserver v0.31.2 - k8s.io/apimachinery v0.31.2 - k8s.io/client-go v0.31.2 + k8s.io/api v0.31.3 + k8s.io/apiextensions-apiserver v0.31.3 + k8s.io/apimachinery v0.31.3 + k8s.io/client-go v0.31.3 k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 - sigs.k8s.io/controller-runtime v0.19.1 + sigs.k8s.io/controller-runtime v0.19.2 sigs.k8s.io/controller-tools v0.16.5 ) @@ -67,7 +67,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 github.com/BeyondTrust/go-client-library-passwordsafe v0.9.1 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 - github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 + github.com/DelineaXPM/tss-sdk-go/v2 v2.0.3 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/alibabacloud-go/darabonba-openapi/v2 v2.0.10 @@ -75,10 +75,10 @@ require ( github.com/alibabacloud-go/openapi-util v0.1.1 github.com/alibabacloud-go/tea v1.2.2 github.com/alibabacloud-go/tea-utils/v2 v2.0.7 - github.com/aliyun/credentials-go v1.4.2 + github.com/aliyun/credentials-go v1.4.3 github.com/avast/retry-go/v4 v4.6.0 github.com/cenkalti/backoff/v4 v4.3.0 - github.com/cyberark/conjur-api-go v0.12.6 + github.com/cyberark/conjur-api-go v0.12.7 github.com/fortanix/sdkms-client-go v0.4.0 github.com/go-openapi/strfmt v0.23.0 github.com/golang-jwt/jwt/v5 v5.2.1 @@ -86,7 +86,7 @@ require ( github.com/hashicorp/vault/api/auth/aws v0.8.0 github.com/hashicorp/vault/api/auth/userpass v0.8.0 github.com/keeper-security/secrets-manager-go/core v1.6.4 - github.com/lestrrat-go/jwx/v2 v2.1.2 + github.com/lestrrat-go/jwx/v2 v2.1.3 github.com/maxbrunsfeld/counterfeiter/v6 v6.10.0 github.com/passbolt/go-passbolt v0.7.1 github.com/previder/vault-cli v0.1.2 @@ -102,8 +102,8 @@ require ( require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.10.2 // indirect - cloud.google.com/go/auth/oauth2adapt v0.2.5 // indirect + cloud.google.com/go/auth v0.11.0 // indirect + cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect github.com/ProtonMail/go-crypto v1.1.2 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect @@ -124,7 +124,7 @@ require ( github.com/danieljoos/wincred v1.2.2 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.6 // indirect + github.com/gabriel-vasile/mimetype v1.4.7 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-playground/validator/v10 v10.23.0 // indirect @@ -149,8 +149,8 @@ require ( go.opentelemetry.io/otel/metric v1.32.0 // indirect go.opentelemetry.io/otel/trace v1.32.0 // indirect golang.org/x/sync v0.9.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.3 // indirect @@ -165,7 +165,7 @@ require ( github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect - github.com/Masterminds/semver/v3 v3.3.0 // indirect + github.com/Masterminds/semver/v3 v3.3.1 // indirect github.com/PaesslerAG/gval v1.2.3 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect @@ -195,7 +195,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 // indirect + github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect diff --git a/go.sum b/go.sum index 30f44c7dcd9..d8d0cc1a113 100644 --- a/go.sum +++ b/go.sum @@ -22,10 +22,10 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.10.2 h1:oKF7rgBfSHdp/kuhXtqU/tNDr0mZqhYbEh+6SiqzkKo= -cloud.google.com/go/auth v0.10.2/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= -cloud.google.com/go/auth/oauth2adapt v0.2.5 h1:2p29+dePqsCHPP1bqDJcKj4qxRyYCcbzKpFyKGt3MTk= -cloud.google.com/go/auth/oauth2adapt v0.2.5/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= +cloud.google.com/go/auth v0.11.0 h1:Ic5SZz2lsvbYcWT5dfjNWgw6tTlGi2Wc8hyQSC9BstA= +cloud.google.com/go/auth v0.11.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= +cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= @@ -100,16 +100,16 @@ github.com/Azure/go-autorest/tracing v0.6.0/go.mod h1:+vhtPC754Xsa23ID7GlGsrdKBp github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1 h1:WJTmL004Abzc5wDB5VtZG2PJk5ndYDgVacGqfirKxjM= github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mod h1:tCcJZ0uHAmvjsVYzEFivsRTN00oz5BEsRgQHu5JZ9WE= github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= -github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1 h1:gUDtaZk8heteyfdmv+pcfHvhR9llnh7c7GMwZ8RVG04= -github.com/AzureAD/microsoft-authentication-library-for-go v1.3.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 h1:kYRSnvJju5gYVyhkij+RTJ/VR6QIUaCfWeaFm2ycsjQ= +github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/BeyondTrust/go-client-library-passwordsafe v0.9.1 h1:4mDFg59G33h74UrvXln2oAz2ojXsKVoEI6XUMtOkBXw= github.com/BeyondTrust/go-client-library-passwordsafe v0.9.1/go.mod h1:TnbBwWYg9rtfDxQGF7pmD0gCPcbWgCUQIqum3dFMRTk= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2/go.mod h1:tNlpIXJlIwQlRbobXDPme4qv/Rc8+a1GbuUhE3m4JhQ= -github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1 h1:/rzzzaBuj/FYTcbt8sYZ9IzlnENqcgh5zKqBhHiBBm4= -github.com/DelineaXPM/tss-sdk-go/v2 v2.0.1/go.mod h1:xz6FXP2Do88Vc5Hx7OamZgZC1W45yfmLy4+iDKxlGXo= +github.com/DelineaXPM/tss-sdk-go/v2 v2.0.3 h1:Yk8VZUIer8deRzi1Zx2Di2wEpw138IP09O5eKUYmDRs= +github.com/DelineaXPM/tss-sdk-go/v2 v2.0.3/go.mod h1:xz6FXP2Do88Vc5Hx7OamZgZC1W45yfmLy4+iDKxlGXo= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= github.com/IBM/go-sdk-core/v5 v5.18.1 h1:wdftQO8xejECTWTKF3FGXyW0McKxxDAopH7MKwA187c= @@ -119,8 +119,8 @@ github.com/IBM/secrets-manager-go-sdk/v2 v2.0.8/go.mod h1:RglK3v6CPe3T1myRtQCD6z github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= github.com/Masterminds/goutils v1.1.1/go.mod h1:8cTjp+g8YejhMuvIA5y2vz3BpJxksy863GQaJW2MFNU= github.com/Masterminds/semver/v3 v3.2.0/go.mod h1:qvl/7zhW3nngYb5+80sSMF+FG2BjYrf8m9wsX0PNOMQ= -github.com/Masterminds/semver/v3 v3.3.0 h1:B8LGeaivUe71a5qox1ICM/JLl0NqZSW5CHyL+hmvYS0= -github.com/Masterminds/semver/v3 v3.3.0/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= +github.com/Masterminds/semver/v3 v3.3.1 h1:QtNSWtVZ3nBfk8mAOu/B6v7FMJ+NHTIgUPi7rj+4nv4= +github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lprf4nC11bSS5beM= github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d h1:V7xPdg5XgCcUJgL57zfZSNOIvrDPWA4SpWuRJ0UVwKs= github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d/go.mod h1:WI6HYqD62DSW+C0gMS0zHe/vXhZVCUg2ecVosnglPNc= github.com/PaesslerAG/gval v1.0.0/go.mod h1:y/nm5yEyTeX6av0OfKJNp9rBNj2XrGhAf5+v24IBN1I= @@ -191,8 +191,8 @@ github.com/aliyun/credentials-go v1.1.2/go.mod h1:ozcZaMR5kLM7pwtCMEpVmQ242suV6q github.com/aliyun/credentials-go v1.3.1/go.mod h1:8jKYhQuDawt8x2+fusqa1Y6mPxemTsBEN04dgcAcYz0= github.com/aliyun/credentials-go v1.3.6/go.mod h1:1LxUuX7L5YrZUWzBrRyk0SwSdH4OmPrib8NVePL3fxM= github.com/aliyun/credentials-go v1.3.10/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= -github.com/aliyun/credentials-go v1.4.2 h1:sJUeZNVjgP6X5UGYS0M6F4Ka5gxm1rhT/6ji1zIL9Tg= -github.com/aliyun/credentials-go v1.4.2/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= +github.com/aliyun/credentials-go v1.4.3 h1:N3iHyvHRMyOwY1+0qBLSf3hb5JFiOujVSVuEpgeGttY= +github.com/aliyun/credentials-go v1.4.3/go.mod h1:Jm6d+xIgwJVLVWT561vy67ZRP4lPTQxMbEYRuT2Ti1U= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/avast/retry-go/v4 v4.6.0 h1:K9xNA+KeB8HHc2aWFuLb25Offp+0iVRXEvFx8IinRJA= @@ -226,8 +226,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= github.com/ctdk/goiardi v0.11.10/go.mod h1:Pr6Cj6Wsahw45myttaOEZeZ0LE7p1qzWmzgsBISkrNI= -github.com/cyberark/conjur-api-go v0.12.6 h1:AmJbsyBfgdQ0TbH3D9MduqX88Mnb0O8ST9MKqDJpMHw= -github.com/cyberark/conjur-api-go v0.12.6/go.mod h1:NwX17s8cIbiM+gx7PzHGwBkFXbNIXRLHciKakVabq6Q= +github.com/cyberark/conjur-api-go v0.12.7 h1:LxkiEeDolVoVR96Zfr+s2NhlEdyt/sIT2oFbtcYdlhk= +github.com/cyberark/conjur-api-go v0.12.7/go.mod h1:/lZcWpHodKrwJC85J8h6R8uCvt3TknQeUZMUxSinFGU= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -271,8 +271,8 @@ github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/ github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= -github.com/gabriel-vasile/mimetype v1.4.6 h1:3+PzJTKLkvgjeTbts6msPJt4DixhT4YtFNf1gtGe3zc= -github.com/gabriel-vasile/mimetype v1.4.6/go.mod h1:JX1qVKqZd40hUPpAfiNTe0Sne7hdfKSbOqqmkq8GCXc= +github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA= +github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-chef/chef v0.30.1 h1:yvOSijEBWAQtRbBPj9hz1atEJUU6HckPc7AaEyZXnLg= @@ -405,8 +405,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20241101162523-b92577c0c142 h1:sAGdeJj0bnMgUNVeUpp6AYlVdCt3/GdI3pGRqsNSQLs= -github.com/google/pprof v0.0.0-20241101162523-b92577c0c142/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b h1:SXO0REt4iu865upYCk8aKBBJQ4BqoE0ReP23ClMu60s= +github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -519,8 +519,8 @@ github.com/lestrrat-go/httprc v1.0.6 h1:qgmgIRhpvBqexMJjA/PmwSvhNk679oqD1RbovdCG github.com/lestrrat-go/httprc v1.0.6/go.mod h1:mwwz3JMTPBjHUkkDv/IGJ39aALInZLrhBp0X7KGUZlo= github.com/lestrrat-go/iter v1.0.2 h1:gMXo1q4c2pHmC3dn8LzRhJfP1ceCbgSiT9lUydIzltI= github.com/lestrrat-go/iter v1.0.2/go.mod h1:Momfcq3AnRlRjI5b5O8/G5/BvpzrhoFTZcn06fEOPt4= -github.com/lestrrat-go/jwx/v2 v2.1.2 h1:6poete4MPsO8+LAEVhpdrNI4Xp2xdiafgl2RD89moBc= -github.com/lestrrat-go/jwx/v2 v2.1.2/go.mod h1:pO+Gz9whn7MPdbsqSJzG8TlEpMZCwQDXnFJ+zsUVh8Y= +github.com/lestrrat-go/jwx/v2 v2.1.3 h1:Ud4lb2QuxRClYAmRleF50KrbKIoM1TddXgBrneT5/Jo= +github.com/lestrrat-go/jwx/v2 v2.1.3/go.mod h1:q6uFgbgZfEmQrfJfrCo90QcQOcXFMfbI/fO0NqRtvZo= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= @@ -566,14 +566,14 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.21.0 h1:7rg/4f3rB88pb5obDgNZrNHrQ4e6WpjonchcpuBRnZM= -github.com/onsi/ginkgo/v2 v2.21.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= +github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= +github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.78.1 h1:M9nLmaOsjTZJHQ5hlkF5UK6XV/sbFUodAgCfbM2Ve00= -github.com/oracle/oci-go-sdk/v65 v65.78.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.79.0 h1:Tv9L1XTKWkdXtSViMbP+dA93WunquvW++/2s5pOvOgU= +github.com/oracle/oci-go-sdk/v65 v65.79.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.1 h1:boNYHZmSnWl/3bKbUiaWgF/mELCtHfliGHzggf884GE= github.com/passbolt/go-passbolt v0.7.1/go.mod h1:if/jzzYYUjRtq/5h+l+J5Dka0f5dED67QM1lhpTx4pY= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -678,12 +678,12 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.113.0 h1:v5O4R+YZbJGxKqa9iIZxjMyeKkMKBN8P6sZsNl+YckM= -github.com/xanzy/go-gitlab v0.113.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20241114125552-204702d61ed0 h1:CTEV6vCJy1LBX1FNKwkpXOU3vSyPiUJoEdjhuX+U8rc= -github.com/yandex-cloud/go-genproto v0.0.0-20241114125552-204702d61ed0/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= -github.com/yandex-cloud/go-sdk v0.0.0-20241114131935-2a8bbd3c67f1 h1:tGbuhiS87CooN6fbGV+Cu3MyJ2oMenxjYrdlj8Pr1f0= -github.com/yandex-cloud/go-sdk v0.0.0-20241114131935-2a8bbd3c67f1/go.mod h1:jMDvCxZIWr1+wrNCkjFMTxpW2XCCofiotwjND0YpYJI= +github.com/xanzy/go-gitlab v0.114.0 h1:0wQr/KBckwrZPfEMjRqpUz0HmsKKON9UhCYv9KDy19M= +github.com/xanzy/go-gitlab v0.114.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/yandex-cloud/go-genproto v0.0.0-20241125092406-f84a9a79c742 h1:W/UYKPy8e+rTODsmsbxxBNOV+5Ps3mUCPB0sa/MD49U= +github.com/yandex-cloud/go-genproto v0.0.0-20241125092406-f84a9a79c742/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= +github.com/yandex-cloud/go-sdk v0.0.0-20241125093903-abc9da85b811 h1:3iS3N3jZArMR0nAvX2e8+kXHFBJM14Mh0suliUjGYmU= +github.com/yandex-cloud/go-sdk v0.0.0-20241125093903-abc9da85b811/go.mod h1:NTyXTgu30+aHAisiaPxzMu502MFTC7EORix3gdziNV8= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -1049,8 +1049,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.206.0 h1:A27GClesCSheW5P2BymVHjpEeQ2XHH8DI8Srs2HI2L8= -google.golang.org/api v0.206.0/go.mod h1:BtB8bfjTYIrai3d8UyvPmV9REGgox7coh+ZRwm0b+W8= +google.golang.org/api v0.209.0 h1:Ja2OXNlyRlWCWu8o+GgI4yUn/wz9h/5ZfFbKz+dQX+w= +google.golang.org/api v0.209.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1098,12 +1098,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f h1:zDoHYmMzMacIdjNe+P2XiTmPsLawi/pCbSPfxt6lTfw= -google.golang.org/genproto v0.0.0-20241113202542-65e8d215514f/go.mod h1:Q5m6g8b5KaFFzsQFIGdJkSJDGeJiybVenoYFMMa3ohI= -google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f h1:M65LEviCfuZTfrfzwwEoxVtgvfkFkBUbFnRbxCXuXhU= -google.golang.org/genproto/googleapis/api v0.0.0-20241113202542-65e8d215514f/go.mod h1:Yo94eF2nj7igQt+TiJ49KxjIH8ndLYPZMIRSiRcEbg0= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f h1:C1QccEa9kUwvMgEUORqQD9S17QesQijxjZ84sO82mfo= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241113202542-65e8d215514f/go.mod h1:GX3210XPVPUjJbTUbvwI8f2IpZDMZuPJWDzDuebbviI= +google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= +google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= +google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ= +google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1175,14 +1175,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.31.2 h1:3wLBbL5Uom/8Zy98GRPXpJ254nEFpl+hwndmk9RwmL0= -k8s.io/api v0.31.2/go.mod h1:bWmGvrGPssSK1ljmLzd3pwCQ9MgoTsRCuK35u6SygUk= -k8s.io/apiextensions-apiserver v0.31.2 h1:W8EwUb8+WXBLu56ser5IudT2cOho0gAKeTOnywBLxd0= -k8s.io/apiextensions-apiserver v0.31.2/go.mod h1:i+Geh+nGCJEGiCGR3MlBDkS7koHIIKWVfWeRFiOsUcM= -k8s.io/apimachinery v0.31.2 h1:i4vUt2hPK56W6mlT7Ry+AO8eEsyxMD1U44NR22CLTYw= -k8s.io/apimachinery v0.31.2/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/client-go v0.31.2 h1:Y2F4dxU5d3AQj+ybwSMqQnpZH9F30//1ObxOKlTI9yc= -k8s.io/client-go v0.31.2/go.mod h1:NPa74jSVR/+eez2dFsEIHNa+3o09vtNaWwWwb1qSxSs= +k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8= +k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE= +k8s.io/apiextensions-apiserver v0.31.3 h1:+GFGj2qFiU7rGCsA5o+p/rul1OQIq6oYpQw4+u+nciE= +k8s.io/apiextensions-apiserver v0.31.3/go.mod h1:2DSpFhUZZJmn/cr/RweH1cEVVbzFw9YBu4T+U3mf1e4= +k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= +k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= +k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4= +k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20240911193312-2b36238f13e9 h1:B0l8GxRsVc/tP/uCLBQdAjf2nBARx6u/r2OGuL/CyXQ= k8s.io/gengo v0.0.0-20240911193312-2b36238f13e9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= @@ -1199,8 +1199,8 @@ k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.19.1 h1:Son+Q40+Be3QWb+niBXAg2vFiYWolDjjRfO8hn/cxOk= -sigs.k8s.io/controller-runtime v0.19.1/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/controller-runtime v0.19.2 h1:3sPrF58XQEPzbE8T81TN6selQIMGbtYwuaJ6eDssDF8= +sigs.k8s.io/controller-runtime v0.19.2/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= sigs.k8s.io/controller-tools v0.16.5 h1:5k9FNRqziBPwqr17AMEPPV/En39ZBplLAdOwwQHruP4= sigs.k8s.io/controller-tools v0.16.5/go.mod h1:8vztuRVzs8IuuJqKqbXCSlXcw+lkAv/M2sTpg55qjMY= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= From b518bae15fe8a6d4287c6aa6f59d897fd785337d Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Tue, 26 Nov 2024 08:14:47 +0100 Subject: [PATCH 437/517] fix: gitlab empty response (#4152) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/gitlab/gitlab.go | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/pkg/provider/gitlab/gitlab.go b/pkg/provider/gitlab/gitlab.go index 5f5c600e3fa..4e1158ea756 100644 --- a/pkg/provider/gitlab/gitlab.go +++ b/pkg/provider/gitlab/gitlab.go @@ -224,14 +224,22 @@ func (g *gitlabBase) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDa data, resp, err := g.projectVariablesClient.GetVariable(g.store.ProjectID, ref.Key, vopts) metrics.ObserveAPICall(constants.ProviderGitLab, constants.CallGitLabProjectVariableGet, err) + if err != nil { + return nil, err + } + + if resp == nil { + return nil, errors.New("gitlab response is nil") + } + if !isEmptyOrWildcard(g.store.Environment) && resp.StatusCode == http.StatusNotFound { vopts.Filter.EnvironmentScope = "*" data, resp, err = g.projectVariablesClient.GetVariable(g.store.ProjectID, ref.Key, vopts) metrics.ObserveAPICall(constants.ProviderGitLab, constants.CallGitLabProjectVariableGet, err) } - if resp.StatusCode >= 400 && resp.StatusCode != http.StatusNotFound && err != nil { - return nil, err + if resp.StatusCode >= 400 && resp.StatusCode != http.StatusNotFound { + return nil, fmt.Errorf("gitlab response status code was not OK: %d", resp.StatusCode) } err = g.ResolveGroupIds() From 40a698dafd7c1488baf9f0209c1db1d6b68dda02 Mon Sep 17 00:00:00 2001 From: "Daniel R. Dagfinrud" Date: Tue, 26 Nov 2024 10:15:40 +0100 Subject: [PATCH 438/517] feat: add ability to push expiration date to secret in azure key vault (#4149) * feat: add ability to push expiration date of secret to azure key vault with annotation Signed-off-by: deggja * docs: set example annotation on secret in docs Signed-off-by: deggja * test: added test for updating to new expiration date Signed-off-by: deggja * chore: format Signed-off-by: deggja * chore: clean up go.mod Signed-off-by: deggja * feat: add expiration date for secret as field in metadata block in pushsecret Signed-off-by: deggja * extract the metadata from Kubernetes package and put it into its own package Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: deggja Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/snippets/azkv-pushsecret-secret.yaml | 7 ++- go.mod | 6 +-- go.sum | 4 +- pkg/provider/azure/keyvault/keyvault.go | 43 +++++++++++++-- pkg/provider/azure/keyvault/keyvault_test.go | 47 +++++++++++++++++ pkg/provider/kubernetes/client.go | 3 +- pkg/provider/kubernetes/metadata.go | 37 ++----------- pkg/utils/metadata/metadata.go | 55 ++++++++++++++++++++ 8 files changed, 156 insertions(+), 46 deletions(-) create mode 100644 pkg/utils/metadata/metadata.go diff --git a/docs/snippets/azkv-pushsecret-secret.yaml b/docs/snippets/azkv-pushsecret-secret.yaml index b0c32914dfa..16cc27cd499 100644 --- a/docs/snippets/azkv-pushsecret-secret.yaml +++ b/docs/snippets/azkv-pushsecret-secret.yaml @@ -23,4 +23,9 @@ spec: - match: secretKey: source-key # Source Kubernetes secret key containing the secret remoteRef: - remoteKey: my-azkv-secret-name \ No newline at end of file + remoteKey: my-azkv-secret-name + metadata: + apiVersion: kubernetes.external-secrets.io/v1alpha1 + kind: PushSecretMetadata + spec: + expirationDate: "2024-12-31T23:59:59Z" # Expiration date for the secret in Azure Key Vault \ No newline at end of file diff --git a/go.mod b/go.mod index 0e05d6afe7c..c18e2bf4b34 100644 --- a/go.mod +++ b/go.mod @@ -105,7 +105,7 @@ require ( cloud.google.com/go/auth v0.11.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect - github.com/ProtonMail/go-crypto v1.1.2 // indirect + github.com/ProtonMail/go-crypto v1.1.3 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/ProtonMail/gopenpgp/v2 v2.8.0 // indirect github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 // indirect @@ -160,7 +160,7 @@ require ( github.com/Azure/azure-sdk-for-go/sdk/internal v1.10.0 // indirect github.com/Azure/go-autorest v14.2.0+incompatible // indirect github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect - github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect + github.com/Azure/go-autorest/autorest/date v0.3.0 github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect github.com/Azure/go-autorest/logger v0.2.1 // indirect @@ -260,7 +260,7 @@ require ( google.golang.org/protobuf v1.35.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect + gopkg.in/yaml.v2 v2.4.0 k8s.io/gengo v0.0.0-20240911193312-2b36238f13e9 // indirect k8s.io/klog v1.0.0 // indirect k8s.io/klog/v2 v2.130.1 // indirect diff --git a/go.sum b/go.sum index d8d0cc1a113..6934ee444b3 100644 --- a/go.sum +++ b/go.sum @@ -129,8 +129,8 @@ github.com/PaesslerAG/gval v1.2.3/go.mod h1:XRFLwvmkTEdYziLdaCeCa5ImcGVrfQbeNUbV github.com/PaesslerAG/jsonpath v0.1.0/go.mod h1:4BzmtoM/PI8fPO4aQGIusjGxGir2BzcV0grWtFzq1Y8= github.com/PaesslerAG/jsonpath v0.1.1 h1:c1/AToHQMVsduPAa4Vh6xp2U0evy4t8SWp8imEsylIk= github.com/PaesslerAG/jsonpath v0.1.1/go.mod h1:lVboNxFGal/VwW6d9JzIy56bUsYAP6tH/x80vjnCseY= -github.com/ProtonMail/go-crypto v1.1.2 h1:A7JbD57ThNqh7XjmHE+PXpQ3Dqt3BrSAC0AL0Go3KS0= -github.com/ProtonMail/go-crypto v1.1.2/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= +github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXxPxCFk= +github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw= github.com/ProtonMail/gopenpgp/v2 v2.8.0 h1:WvMv3CMcFsqKSM4/Qf8sf3tgyQkzDqQmoSE49bnBuP4= diff --git a/pkg/provider/azure/keyvault/keyvault.go b/pkg/provider/azure/keyvault/keyvault.go index 000166e9e45..5af350db210 100644 --- a/pkg/provider/azure/keyvault/keyvault.go +++ b/pkg/provider/azure/keyvault/keyvault.go @@ -26,12 +26,14 @@ import ( "path" "regexp" "strings" + "time" "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault" "github.com/Azure/go-autorest/autorest" "github.com/Azure/go-autorest/autorest/adal" "github.com/Azure/go-autorest/autorest/azure" kvauth "github.com/Azure/go-autorest/autorest/azure/auth" + "github.com/Azure/go-autorest/autorest/date" "github.com/AzureAD/microsoft-authentication-library-for-go/apps/confidential" "github.com/lestrrat-go/jwx/v2/jwk" "github.com/tidwall/gjson" @@ -52,6 +54,7 @@ import ( "github.com/external-secrets/external-secrets/pkg/constants" "github.com/external-secrets/external-secrets/pkg/metrics" "github.com/external-secrets/external-secrets/pkg/utils" + "github.com/external-secrets/external-secrets/pkg/utils/metadata" "github.com/external-secrets/external-secrets/pkg/utils/resolvers" ) @@ -119,6 +122,10 @@ type Azure struct { namespace string } +type PushSecretMetadataSpec struct { + ExpirationDate string `json:"expirationDate,omitempty"` +} + func init() { esv1beta1.Register(&Azure{}, &esv1beta1.SecretStoreProvider{ AzureKV: &esv1beta1.AzureKVProvider{}, @@ -411,7 +418,7 @@ func canCreate(tags map[string]*string, err error) (bool, error) { return true, nil } -func (a *Azure) setKeyVaultSecret(ctx context.Context, secretName string, value []byte) error { +func (a *Azure) setKeyVaultSecret(ctx context.Context, secretName string, value []byte, expires *date.UnixTime) error { secret, err := a.baseClient.GetSecret(ctx, *a.provider.VaultURL, secretName, "") metrics.ObserveAPICall(constants.ProviderAzureKV, constants.CallAzureKVGetSecret, err) ok, err := canCreate(secret.Tags, err) @@ -423,8 +430,14 @@ func (a *Azure) setKeyVaultSecret(ctx context.Context, secretName string, value } val := string(value) if secret.Value != nil && val == *secret.Value { - return nil + if secret.Attributes != nil { + if (secret.Attributes.Expires == nil && expires == nil) || + (secret.Attributes.Expires != nil && expires != nil && *secret.Attributes.Expires == *expires) { + return nil + } + } } + secretParams := keyvault.SecretSetParameters{ Value: &val, Tags: map[string]*string{ @@ -434,6 +447,11 @@ func (a *Azure) setKeyVaultSecret(ctx context.Context, secretName string, value Enabled: pointer.To(true), }, } + + if expires != nil { + secretParams.SecretAttributes.Expires = expires + } + _, err = a.baseClient.SetSecret(ctx, *a.provider.VaultURL, secretName, secretParams) metrics.ObserveAPICall(constants.ProviderAzureKV, constants.CallAzureKVGetSecret, err) if err != nil { @@ -534,8 +552,9 @@ func (a *Azure) setKeyVaultKey(ctx context.Context, secretName string, value []b // PushSecret stores secrets into a Key vault instance. func (a *Azure) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { var ( - value []byte - err error + value []byte + err error + expires *date.UnixTime ) if data.GetSecretKey() == "" { // Must convert secret values to string, otherwise data will be sent as base64 to Vault @@ -551,10 +570,24 @@ func (a *Azure) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1 value = secret.Data[data.GetSecretKey()] } + metadata, err := metadata.ParseMetadataParameters[PushSecretMetadataSpec](data.GetMetadata()) + if err != nil { + return fmt.Errorf("failed to parse push secret metadata: %w", err) + } + + if metadata != nil && metadata.Spec.ExpirationDate != "" { + t, err := time.Parse(time.RFC3339, metadata.Spec.ExpirationDate) + if err != nil { + return fmt.Errorf("error parsing expiration date in metadata: %w. Expected format: YYYY-MM-DDTHH:MM:SSZ (RFC3339). Example: 2024-12-31T20:00:00Z", err) + } + unixTime := date.UnixTime(t) + expires = &unixTime + } + objectType, secretName := getObjType(esv1beta1.ExternalSecretDataRemoteRef{Key: data.GetRemoteKey()}) switch objectType { case defaultObjType: - return a.setKeyVaultSecret(ctx, secretName, value) + return a.setKeyVaultSecret(ctx, secretName, value, expires) case objectTypeCert: return a.setKeyVaultCertificate(ctx, secretName, value) case objectTypeKey: diff --git a/pkg/provider/azure/keyvault/keyvault_test.go b/pkg/provider/azure/keyvault/keyvault_test.go index 585cd3e25f0..b9b8ecbb45f 100644 --- a/pkg/provider/azure/keyvault/keyvault_test.go +++ b/pkg/provider/azure/keyvault/keyvault_test.go @@ -22,10 +22,14 @@ import ( "fmt" "reflect" "testing" + "time" "github.com/Azure/azure-sdk-for-go/services/keyvault/v7.0/keyvault" "github.com/Azure/go-autorest/autorest" + "github.com/Azure/go-autorest/autorest/date" + "gopkg.in/yaml.v2" corev1 "k8s.io/api/core/v1" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" pointer "k8s.io/utils/ptr" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" @@ -33,6 +37,7 @@ import ( "github.com/external-secrets/external-secrets/pkg/provider/azure/keyvault/fake" testingfake "github.com/external-secrets/external-secrets/pkg/provider/testing/fake" "github.com/external-secrets/external-secrets/pkg/utils" + "github.com/external-secrets/external-secrets/pkg/utils/metadata" ) type secretManagerTestCase struct { @@ -65,6 +70,8 @@ type secretManagerTestCase struct { expectedExistence bool // for testing pushing multi-key k8s secrets secret *corev1.Secret + // for testing changes in expiration date for akv secrets + newExpiry *date.UnixTime } func makeValidSecretManagerTestCase() *secretManagerTestCase { @@ -416,6 +423,45 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { Value: &goodSecret, } } + secretExpiryChange := func(smtc *secretManagerTestCase) { + newExpiry := date.UnixTime(time.Now().Add(24 * time.Hour)) + oldExpiry := date.UnixTime(time.Now().Add(-1 * time.Hour)) + mdata := &metadata.PushSecretMetadata[PushSecretMetadataSpec]{ + APIVersion: metadata.APIVersion, + Kind: metadata.Kind, + Spec: PushSecretMetadataSpec{ + ExpirationDate: time.Now().Add(24 * time.Hour).Format(time.RFC3339), + }, + } + metadataRaw, _ := yaml.Marshal(mdata) + smtc.newExpiry = &newExpiry + smtc.setValue = []byte(goodSecret) + smtc.pushData = testingfake.PushSecretData{ + SecretKey: secretKey, + RemoteKey: secretName, + Metadata: &apiextensionsv1.JSON{ + Raw: metadataRaw, + }, + } + smtc.secretOutput = keyvault.SecretBundle{ + Tags: map[string]*string{ + "managed-by": pointer.To("external-secrets"), + }, + Value: &goodSecret, + Attributes: &keyvault.SecretAttributes{ + Expires: &oldExpiry, + }, + } + smtc.setSecretOutput = keyvault.SecretBundle{ + Tags: map[string]*string{ + "managed-by": pointer.To("external-secrets"), + }, + Value: &goodSecret, + Attributes: &keyvault.SecretAttributes{ + Expires: smtc.newExpiry, + }, + } + } secretWrongTags := func(smtc *secretManagerTestCase) { smtc.setValue = []byte(goodSecret) smtc.pushData = testingfake.PushSecretData{ @@ -814,6 +860,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { makeValidSecretManagerTestCaseCustom(wrongTags), makeValidSecretManagerTestCaseCustom(secretSuccess), makeValidSecretManagerTestCaseCustom(secretNoChange), + makeValidSecretManagerTestCaseCustom(secretExpiryChange), makeValidSecretManagerTestCaseCustom(secretWrongTags), makeValidSecretManagerTestCaseCustom(secretNoTags), makeValidSecretManagerTestCaseCustom(secretNotFound), diff --git a/pkg/provider/kubernetes/client.go b/pkg/provider/kubernetes/client.go index 70aa5946592..d8b8afcb6de 100644 --- a/pkg/provider/kubernetes/client.go +++ b/pkg/provider/kubernetes/client.go @@ -34,6 +34,7 @@ import ( "github.com/external-secrets/external-secrets/pkg/find" "github.com/external-secrets/external-secrets/pkg/metrics" "github.com/external-secrets/external-secrets/pkg/utils" + "github.com/external-secrets/external-secrets/pkg/utils/metadata" ) const ( @@ -133,7 +134,7 @@ func (c *Client) mergePushSecretData(remoteRef esv1beta1.PushSecretData, remoteS remoteSecret.Data = make(map[string][]byte) } - pushMeta, err := parseMetadataParameters(remoteRef.GetMetadata()) + pushMeta, err := metadata.ParseMetadataParameters[PushSecretMetadataSpec](remoteRef.GetMetadata()) if err != nil { return fmt.Errorf("unable to parse metadata parameters: %w", err) } diff --git a/pkg/provider/kubernetes/metadata.go b/pkg/provider/kubernetes/metadata.go index 29d5abe4b82..651864f3a0c 100644 --- a/pkg/provider/kubernetes/metadata.go +++ b/pkg/provider/kubernetes/metadata.go @@ -18,20 +18,10 @@ import ( "fmt" v1 "k8s.io/api/core/v1" - apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/yaml" -) -const ( - metadataAPIVersion = "kubernetes.external-secrets.io/v1alpha1" - metadataKind = "PushSecretMetadata" + "github.com/external-secrets/external-secrets/pkg/utils/metadata" ) -type PushSecretMetadata struct { - metav1.TypeMeta - Spec PushSecretMetadataSpec `json:"spec,omitempty"` -} type PushSecretMetadataSpec struct { TargetMergePolicy targetMergePolicy `json:"targetMergePolicy,omitempty"` SourceMergePolicy sourceMergePolicy `json:"sourceMergePolicy,omitempty"` @@ -55,31 +45,10 @@ const ( sourceMergePolicyReplace sourceMergePolicy = "Replace" ) -func parseMetadataParameters(data *apiextensionsv1.JSON) (*PushSecretMetadata, error) { - if data == nil { - return nil, nil - } - var metadata PushSecretMetadata - err := yaml.Unmarshal(data.Raw, &metadata, yaml.DisallowUnknownFields) - if err != nil { - return nil, fmt.Errorf("failed to parse %s %s: %w", metadataAPIVersion, metadataKind, err) - } - - if metadata.APIVersion != metadataAPIVersion { - return nil, fmt.Errorf("unexpected apiVersion %q, expected %q", metadata.APIVersion, metadataAPIVersion) - } - - if metadata.Kind != metadataKind { - return nil, fmt.Errorf("unexpected kind %q, expected %q", metadata.Kind, metadataKind) - } - - return &metadata, nil -} - // Takes the local secret metadata and merges it with the push metadata. // The push metadata takes precedence. // Depending on the policy, we either merge or overwrite the metadata from the local secret. -func mergeSourceMetadata(localSecret *v1.Secret, pushMeta *PushSecretMetadata) (map[string]string, map[string]string, error) { +func mergeSourceMetadata(localSecret *v1.Secret, pushMeta *metadata.PushSecretMetadata[PushSecretMetadataSpec]) (map[string]string, map[string]string, error) { labels := localSecret.ObjectMeta.Labels annotations := localSecret.ObjectMeta.Annotations if pushMeta == nil { @@ -112,7 +81,7 @@ func mergeSourceMetadata(localSecret *v1.Secret, pushMeta *PushSecretMetadata) ( // Takes the remote secret metadata and merges it with the source metadata. // The source metadata may replace the existing labels/annotations // or merge into it depending on policy. -func mergeTargetMetadata(remoteSecret *v1.Secret, pushMeta *PushSecretMetadata, sourceLabels, sourceAnnotations map[string]string) (map[string]string, map[string]string, error) { +func mergeTargetMetadata(remoteSecret *v1.Secret, pushMeta *metadata.PushSecretMetadata[PushSecretMetadataSpec], sourceLabels, sourceAnnotations map[string]string) (map[string]string, map[string]string, error) { labels := remoteSecret.ObjectMeta.Labels annotations := remoteSecret.ObjectMeta.Annotations if labels == nil { diff --git a/pkg/utils/metadata/metadata.go b/pkg/utils/metadata/metadata.go new file mode 100644 index 00000000000..dc6712e34f6 --- /dev/null +++ b/pkg/utils/metadata/metadata.go @@ -0,0 +1,55 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package metadata + +import ( + "fmt" + + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "sigs.k8s.io/yaml" +) + +const ( + APIVersion = "kubernetes.external-secrets.io/v1alpha1" + Kind = "PushSecretMetadata" +) + +type PushSecretMetadata[T any] struct { + Kind string `json:"kind"` + APIVersion string `json:"apiVersion"` + Spec T `json:"spec,omitempty"` +} + +// ParseMetadataParameters parses metadata with an arbitrary Spec. +func ParseMetadataParameters[T any](data *apiextensionsv1.JSON) (*PushSecretMetadata[T], error) { + if data == nil { + return nil, nil + } + var metadata PushSecretMetadata[T] + err := yaml.Unmarshal(data.Raw, &metadata, yaml.DisallowUnknownFields) + if err != nil { + return nil, fmt.Errorf("failed to parse %s %s: %w", APIVersion, Kind, err) + } + + if metadata.APIVersion != APIVersion { + return nil, fmt.Errorf("unexpected apiVersion %q, expected %q", metadata.APIVersion, APIVersion) + } + + if metadata.Kind != Kind { + return nil, fmt.Errorf("unexpected kind %q, expected %q", metadata.Kind, Kind) + } + + return &metadata, nil +} From fb9526f38a32d2ffa7a261147fcb21ad3fb003a1 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Tue, 26 Nov 2024 15:32:26 +0100 Subject: [PATCH 439/517] feat: implement a cluster-wide generator (#4140) * feat: implement a cluster-wide generator Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * remove unneeded function Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * check diff run output Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * alternative implementation of the Generator approach using specs only Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * refactor the extracting code Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * slight modification to the naming of the spec from generatorSpec to simply generator Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * write a unit test for the generator and register it in the scheme Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * add documentation for the cluster generator Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .../v1beta1/externalsecret_types.go | 2 +- apis/generators/v1alpha1/generator_schema.go | 4 +- apis/generators/v1alpha1/generator_types.go | 57 + apis/generators/v1alpha1/register.go | 9 + .../v1alpha1/zz_generated.deepcopy.go | 155 ++ ...nal-secrets.io_clusterexternalsecrets.yaml | 4 +- .../external-secrets.io_externalsecrets.yaml | 4 +- .../external-secrets.io_pushsecrets.yaml | 2 +- ...external-secrets.io_clustergenerators.yaml | 1408 +++++++++++++++++ config/crds/bases/kustomization.yaml | 1 + deploy/charts/external-secrets/README.md | 1 + .../external-secrets/templates/rbac.yaml | 3 + .../external-secrets/values.schema.json | 3 + deploy/charts/external-secrets/values.yaml | 2 + deploy/crds/bundle.yaml | 1351 +++++++++++++++- docs/api/generator/cluster.md | 20 + docs/api/spec.md | 2 +- docs/guides/generator.md | 46 +- docs/snippets/generator-cluster-example.yaml | 14 + docs/snippets/generator-cluster.yaml | 24 + hack/api-docs/mkdocs.yml | 1 + .../externalsecret_controller_secret.go | 3 +- .../externalsecret_controller_test.go | 40 + pkg/utils/resolvers/generator.go | 84 +- 24 files changed, 3220 insertions(+), 20 deletions(-) create mode 100644 config/crds/bases/generators.external-secrets.io_clustergenerators.yaml create mode 100644 docs/api/generator/cluster.md create mode 100644 docs/snippets/generator-cluster-example.yaml create mode 100644 docs/snippets/generator-cluster.yaml diff --git a/apis/externalsecrets/v1beta1/externalsecret_types.go b/apis/externalsecrets/v1beta1/externalsecret_types.go index b59a5eced9f..9b3590205a2 100644 --- a/apis/externalsecrets/v1beta1/externalsecret_types.go +++ b/apis/externalsecrets/v1beta1/externalsecret_types.go @@ -393,7 +393,7 @@ type GeneratorRef struct { // Specify the apiVersion of the generator resource // +kubebuilder:default="generators.external-secrets.io/v1alpha1" APIVersion string `json:"apiVersion,omitempty"` - // Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. + // Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc. Kind string `json:"kind"` // Specify the name of the generator resource Name string `json:"name"` diff --git a/apis/generators/v1alpha1/generator_schema.go b/apis/generators/v1alpha1/generator_schema.go index 3eaa263c97b..f97d67461ed 100644 --- a/apis/generators/v1alpha1/generator_schema.go +++ b/apis/generators/v1alpha1/generator_schema.go @@ -59,7 +59,7 @@ func GetGeneratorByName(kind string) (Generator, bool) { return f, ok } -// GetGenerator returns a implementation from a generator +// GetGenerator returns an implementation from a generator // defined as json. func GetGenerator(obj *apiextensions.JSON) (Generator, error) { type unknownGenerator struct { @@ -75,7 +75,7 @@ func GetGenerator(obj *apiextensions.JSON) (Generator, error) { defer buildlock.RUnlock() gen, ok := builder[res.Kind] if !ok { - return nil, fmt.Errorf("failed to find registered generator for: %s", string(obj.Raw)) + return nil, fmt.Errorf("failed to find registered generator for: %s with kind: %s", string(obj.Raw), res.Kind) } return gen, nil } diff --git a/apis/generators/v1alpha1/generator_types.go b/apis/generators/v1alpha1/generator_types.go index 6d7ac9d4242..e0e9cc9e210 100644 --- a/apis/generators/v1alpha1/generator_types.go +++ b/apis/generators/v1alpha1/generator_types.go @@ -14,8 +14,65 @@ limitations under the License. package v1alpha1 +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// A couple of constants to define the generator's keys for accessing via Resource map values. +const ( + GeneratorGeneratorKey = "generator" + GeneratorKindKey = "kind" + GeneratorSpecKey = "spec" +) + type ControllerClassResource struct { Spec struct { ControllerClass string `json:"controller"` } `json:"spec"` } + +type GeneratorSpec struct { + ACRAccessTokenSpec *ACRAccessTokenSpec `json:"acrAccessTokenSpec,omitempty"` + ECRAuthorizationTokenSpec *ECRAuthorizationTokenSpec `json:"ecrRAuthorizationTokenSpec,omitempty"` + FakeSpec *FakeSpec `json:"fakeSpec,omitempty"` + GCRAccessTokenSpec *GCRAccessTokenSpec `json:"gcrAccessTokenSpec,omitempty"` + GithubAccessTokenSpec *GithubAccessTokenSpec `json:"githubAccessTokenSpec,omitempty"` + PasswordSpec *PasswordSpec `json:"passwordSpec,omitempty"` + STSSessionTokenSpec *STSSessionTokenSpec `json:"stsSessionTokenSpec,omitempty"` + UUIDSpec *UUIDSpec `json:"uuidSpec,omitempty"` + VaultDynamicSecretSpec *VaultDynamicSecretSpec `json:"vaultDynamicSecretSpec,omitempty"` + WebhookSpec *WebhookSpec `json:"webhookSpec,omitempty"` +} + +type ClusterGeneratorSpec struct { + Kind string `json:"kind"` + Generator GeneratorSpec `json:"generator"` +} + +type ClusterGeneratorStatus struct{} + +// +kubebuilder:object:root=true +// +kubebuilder:storageversion + +// ClusterGenerator represents a cluster-wide generator which can be referenced as part of `generatorRef` fields. +// +kubebuilder:object:root=true +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" +// +kubebuilder:resource:scope=Cluster,categories={external-secrets, external-secrets-generators},shortName=cg +type ClusterGenerator struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ClusterGeneratorSpec `json:"spec,omitempty"` + Status ClusterGeneratorStatus `json:"status,omitempty"` +} + +// +kubebuilder:object:root=true + +// ClusterGeneratorList contains a list of ClusterGenerator resources. +type ClusterGeneratorList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClusterGenerator `json:"items"` +} diff --git a/apis/generators/v1alpha1/register.go b/apis/generators/v1alpha1/register.go index 689b50ee263..6379de14425 100644 --- a/apis/generators/v1alpha1/register.go +++ b/apis/generators/v1alpha1/register.go @@ -116,6 +116,14 @@ var ( UUIDGroupVersionKind = SchemeGroupVersion.WithKind(UUIDKind) ) +// ClusterGenerator type metadata. +var ( + ClusterGeneratorKind = reflect.TypeOf(ClusterGenerator{}).Name() + ClusterGeneratorGroupKind = schema.GroupKind{Group: Group, Kind: ClusterGeneratorKind}.String() + ClusterGeneratorKindAPIVersion = ClusterGeneratorKind + "." + SchemeGroupVersion.String() + ClusterGeneratorGroupVersionKind = SchemeGroupVersion.WithKind(ClusterGeneratorKind) +) + func init() { SchemeBuilder.Register(&ECRAuthorizationToken{}, &ECRAuthorizationToken{}) SchemeBuilder.Register(&GCRAccessToken{}, &GCRAccessTokenList{}) @@ -125,4 +133,5 @@ func init() { SchemeBuilder.Register(&VaultDynamicSecret{}, &VaultDynamicSecretList{}) SchemeBuilder.Register(&Password{}, &PasswordList{}) SchemeBuilder.Register(&Webhook{}, &WebhookList{}) + SchemeBuilder.Register(&ClusterGenerator{}, &ClusterGeneratorList{}) } diff --git a/apis/generators/v1alpha1/zz_generated.deepcopy.go b/apis/generators/v1alpha1/zz_generated.deepcopy.go index 7a2662e3658..5eea441bc4c 100644 --- a/apis/generators/v1alpha1/zz_generated.deepcopy.go +++ b/apis/generators/v1alpha1/zz_generated.deepcopy.go @@ -265,6 +265,96 @@ func (in *AzureACRWorkloadIdentityAuth) DeepCopy() *AzureACRWorkloadIdentityAuth return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterGenerator) DeepCopyInto(out *ClusterGenerator) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + out.Status = in.Status +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGenerator. +func (in *ClusterGenerator) DeepCopy() *ClusterGenerator { + if in == nil { + return nil + } + out := new(ClusterGenerator) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterGenerator) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterGeneratorList) DeepCopyInto(out *ClusterGeneratorList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]ClusterGenerator, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGeneratorList. +func (in *ClusterGeneratorList) DeepCopy() *ClusterGeneratorList { + if in == nil { + return nil + } + out := new(ClusterGeneratorList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *ClusterGeneratorList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterGeneratorSpec) DeepCopyInto(out *ClusterGeneratorSpec) { + *out = *in + in.Generator.DeepCopyInto(&out.Generator) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGeneratorSpec. +func (in *ClusterGeneratorSpec) DeepCopy() *ClusterGeneratorSpec { + if in == nil { + return nil + } + out := new(ClusterGeneratorSpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ClusterGeneratorStatus) DeepCopyInto(out *ClusterGeneratorStatus) { + *out = *in +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGeneratorStatus. +func (in *ClusterGeneratorStatus) DeepCopy() *ClusterGeneratorStatus { + if in == nil { + return nil + } + out := new(ClusterGeneratorStatus) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ControllerClassResource) DeepCopyInto(out *ControllerClassResource) { *out = *in @@ -566,6 +656,71 @@ func (in *GCRAccessTokenSpec) DeepCopy() *GCRAccessTokenSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *GeneratorSpec) DeepCopyInto(out *GeneratorSpec) { + *out = *in + if in.ACRAccessTokenSpec != nil { + in, out := &in.ACRAccessTokenSpec, &out.ACRAccessTokenSpec + *out = new(ACRAccessTokenSpec) + (*in).DeepCopyInto(*out) + } + if in.ECRAuthorizationTokenSpec != nil { + in, out := &in.ECRAuthorizationTokenSpec, &out.ECRAuthorizationTokenSpec + *out = new(ECRAuthorizationTokenSpec) + (*in).DeepCopyInto(*out) + } + if in.FakeSpec != nil { + in, out := &in.FakeSpec, &out.FakeSpec + *out = new(FakeSpec) + (*in).DeepCopyInto(*out) + } + if in.GCRAccessTokenSpec != nil { + in, out := &in.GCRAccessTokenSpec, &out.GCRAccessTokenSpec + *out = new(GCRAccessTokenSpec) + (*in).DeepCopyInto(*out) + } + if in.GithubAccessTokenSpec != nil { + in, out := &in.GithubAccessTokenSpec, &out.GithubAccessTokenSpec + *out = new(GithubAccessTokenSpec) + (*in).DeepCopyInto(*out) + } + if in.PasswordSpec != nil { + in, out := &in.PasswordSpec, &out.PasswordSpec + *out = new(PasswordSpec) + (*in).DeepCopyInto(*out) + } + if in.STSSessionTokenSpec != nil { + in, out := &in.STSSessionTokenSpec, &out.STSSessionTokenSpec + *out = new(STSSessionTokenSpec) + (*in).DeepCopyInto(*out) + } + if in.UUIDSpec != nil { + in, out := &in.UUIDSpec, &out.UUIDSpec + *out = new(UUIDSpec) + **out = **in + } + if in.VaultDynamicSecretSpec != nil { + in, out := &in.VaultDynamicSecretSpec, &out.VaultDynamicSecretSpec + *out = new(VaultDynamicSecretSpec) + (*in).DeepCopyInto(*out) + } + if in.WebhookSpec != nil { + in, out := &in.WebhookSpec, &out.WebhookSpec + *out = new(WebhookSpec) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GeneratorSpec. +func (in *GeneratorSpec) DeepCopy() *GeneratorSpec { + if in == nil { + return nil + } + out := new(GeneratorSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *GithubAccessToken) DeepCopyInto(out *GithubAccessToken) { *out = *in diff --git a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml index 0df4036c39c..072ef756329 100644 --- a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml @@ -151,7 +151,7 @@ spec: type: string kind: description: Specify the Kind of the resource, e.g. - Password, ACRAccessToken etc. + Password, ACRAccessToken, ClusterGenerator etc. type: string name: description: Specify the name of the generator resource @@ -327,7 +327,7 @@ spec: type: string kind: description: Specify the Kind of the resource, e.g. - Password, ACRAccessToken etc. + Password, ACRAccessToken, ClusterGenerator etc. type: string name: description: Specify the name of the generator resource diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index f5928409300..fa8e101af19 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -416,7 +416,7 @@ spec: type: string kind: description: Specify the Kind of the resource, e.g. - Password, ACRAccessToken etc. + Password, ACRAccessToken, ClusterGenerator etc. type: string name: description: Specify the name of the generator resource @@ -591,7 +591,7 @@ spec: type: string kind: description: Specify the Kind of the resource, e.g. - Password, ACRAccessToken etc. + Password, ACRAccessToken, ClusterGenerator etc. type: string name: description: Specify the name of the generator resource diff --git a/config/crds/bases/external-secrets.io_pushsecrets.yaml b/config/crds/bases/external-secrets.io_pushsecrets.yaml index 993acdf1e82..0e5d78217cd 100644 --- a/config/crds/bases/external-secrets.io_pushsecrets.yaml +++ b/config/crds/bases/external-secrets.io_pushsecrets.yaml @@ -177,7 +177,7 @@ spec: type: string kind: description: Specify the Kind of the resource, e.g. Password, - ACRAccessToken etc. + ACRAccessToken, ClusterGenerator etc. type: string name: description: Specify the name of the generator resource diff --git a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml new file mode 100644 index 00000000000..91bf1211ae0 --- /dev/null +++ b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml @@ -0,0 +1,1408 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + external-secrets.io/component: controller + name: clustergenerators.generators.external-secrets.io +spec: + group: generators.external-secrets.io + names: + categories: + - external-secrets + - external-secrets-generators + kind: ClusterGenerator + listKind: ClusterGeneratorList + plural: clustergenerators + shortNames: + - cg + singular: clustergenerator + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterGenerator represents a cluster-wide generator which can + be referenced as part of `generatorRef` fields. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + generator: + properties: + acrAccessTokenSpec: + description: |- + ACRAccessTokenSpec defines how to generate the access token + e.g. how to authenticate and which registry to use. + see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview + properties: + auth: + properties: + managedIdentity: + description: ManagedIdentity uses Azure Managed Identity + to authenticate with Azure. + properties: + identityId: + description: If multiple Managed Identity is assigned + to the pod, you can select the one to be used + type: string + type: object + servicePrincipal: + description: ServicePrincipal uses Azure Service Principal + credentials to authenticate with Azure. + properties: + secretRef: + description: |- + Configuration used to authenticate with Azure using static + credentials stored in a Kind=Secret. + properties: + clientId: + description: The Azure clientId of the service + principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + clientSecret: + description: The Azure ClientSecret of the service + principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + required: + - secretRef + type: object + workloadIdentity: + description: WorkloadIdentity uses Azure Workload Identity + to authenticate with Azure. + properties: + serviceAccountRef: + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + type: object + type: object + environmentType: + default: PublicCloud + description: |- + EnvironmentType specifies the Azure cloud environment endpoints to use for + connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. + The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 + PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud + enum: + - PublicCloud + - USGovernmentCloud + - ChinaCloud + - GermanCloud + type: string + registry: + description: |- + the domain name of the ACR registry + e.g. foobarexample.azurecr.io + type: string + scope: + description: |- + Define the scope for the access token, e.g. pull/push access for a repository. + if not provided it will return a refresh token that has full scope. + Note: you need to pin it down to the repository level, there is no wildcard available. + + examples: + repository:my-repository:pull,push + repository:my-repository:pull + + see docs for details: https://docs.docker.com/registry/spec/auth/scope/ + type: string + tenantId: + description: TenantID configures the Azure Tenant to send + requests to. Required for ServicePrincipal auth type. + type: string + required: + - auth + - registry + type: object + ecrRAuthorizationTokenSpec: + properties: + auth: + description: Auth defines how to authenticate with AWS + properties: + jwt: + description: Authenticate against AWS using service account + tokens. + properties: + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + type: object + secretRef: + description: |- + AWSAuthSecretRef holds secret references for AWS credentials + both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + sessionTokenSecretRef: + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + type: object + region: + description: Region specifies the region to operate in. + type: string + role: + description: |- + You can assume a role before making calls to the + desired AWS service. + type: string + required: + - region + type: object + fakeSpec: + description: FakeSpec contains the static data. + properties: + controller: + description: |- + Used to select the correct ESO controller (think: ingress.ingressClassName) + The ESO controller is instantiated with a specific controller name and filters VDS based on this property + type: string + data: + additionalProperties: + type: string + description: |- + Data defines the static data returned + by this generator. + type: object + type: object + gcrAccessTokenSpec: + properties: + auth: + description: Auth defines the means for authenticating with + GCP + properties: + secretRef: + properties: + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + workloadIdentity: + properties: + clusterLocation: + type: string + clusterName: + type: string + clusterProjectID: + type: string + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + required: + - clusterLocation + - clusterName + - serviceAccountRef + type: object + type: object + projectID: + description: ProjectID defines which project to use to authenticate + with + type: string + required: + - auth + - projectID + type: object + githubAccessTokenSpec: + properties: + appID: + type: string + auth: + description: Auth configures how ESO authenticates with a + Github instance. + properties: + privateKey: + properties: + secretRef: + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - secretRef + type: object + required: + - privateKey + type: object + installID: + type: string + permissions: + additionalProperties: + type: string + description: Map of permissions the token will have. If omitted, + defaults to all permissions the GitHub App has. + type: object + repositories: + description: |- + List of repositories the token will have access to. If omitted, defaults to all repositories the GitHub App + is installed to. + items: + type: string + type: array + url: + description: URL configures the Github instance URL. Defaults + to https://github.com/. + type: string + required: + - appID + - auth + - installID + type: object + passwordSpec: + description: PasswordSpec controls the behavior of the password + generator. + properties: + allowRepeat: + default: false + description: set AllowRepeat to true to allow repeating characters. + type: boolean + digits: + description: |- + Digits specifies the number of digits in the generated + password. If omitted it defaults to 25% of the length of the password + type: integer + length: + default: 24 + description: |- + Length of the password to be generated. + Defaults to 24 + type: integer + noUpper: + default: false + description: Set NoUpper to disable uppercase characters + type: boolean + symbolCharacters: + description: |- + SymbolCharacters specifies the special characters that should be used + in the generated password. + type: string + symbols: + description: |- + Symbols specifies the number of symbol characters in the generated + password. If omitted it defaults to 25% of the length of the password + type: integer + required: + - allowRepeat + - length + - noUpper + type: object + stsSessionTokenSpec: + properties: + auth: + description: Auth defines how to authenticate with AWS + properties: + jwt: + description: Authenticate against AWS using service account + tokens. + properties: + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + type: object + secretRef: + description: |- + AWSAuthSecretRef holds secret references for AWS credentials + both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + sessionTokenSecretRef: + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + type: object + region: + description: Region specifies the region to operate in. + type: string + requestParameters: + description: RequestParameters contains parameters that can + be passed to the STS service. + properties: + serialNumber: + description: |- + SerialNumber is the identification number of the MFA device that is associated with the IAM user who is making + the GetSessionToken call. + Possible values: hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device + (such as arn:aws:iam::123456789012:mfa/user) + type: string + sessionDuration: + description: |- + SessionDuration The duration, in seconds, that the credentials should remain valid. Acceptable durations for + IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds + (12 hours) as the default. + format: int64 + type: integer + tokenCode: + description: TokenCode is the value provided by the MFA + device, if MFA is required. + type: string + type: object + role: + description: |- + You can assume a role before making calls to the + desired AWS service. + type: string + required: + - region + type: object + uuidSpec: + description: UUIDSpec controls the behavior of the uuid generator. + type: object + vaultDynamicSecretSpec: + properties: + controller: + description: |- + Used to select the correct ESO controller (think: ingress.ingressClassName) + The ESO controller is instantiated with a specific controller name and filters VDS based on this property + type: string + method: + description: Vault API method to use (GET/POST/other) + type: string + parameters: + description: Parameters to pass to Vault write (for non-GET + methods) + x-kubernetes-preserve-unknown-fields: true + path: + description: Vault path to obtain the dynamic secret from + type: string + provider: + description: Vault provider common spec + properties: + auth: + description: Auth configures how secret-manager authenticates + with the Vault server. + properties: + appRole: + description: |- + AppRole authenticates with Vault using the App Role auth mechanism, + with the role and secret stored in a Kubernetes Secret resource. + properties: + path: + default: approle + description: |- + Path where the App Role authentication backend is mounted + in Vault, e.g: "approle" + type: string + roleId: + description: |- + RoleID configured in the App Role authentication backend when setting + up the authentication backend in Vault. + type: string + roleRef: + description: |- + Reference to a key in a Secret that contains the App Role ID used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role id. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + secretRef: + description: |- + Reference to a key in a Secret that contains the App Role secret used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role secret. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - path + - secretRef + type: object + cert: + description: |- + Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate + Cert authentication method + properties: + clientCert: + description: |- + ClientCert is a certificate to authenticate using the Cert Vault + authentication method + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + secretRef: + description: |- + SecretRef to a key in a Secret resource containing client private key to + authenticate with Vault using the Cert authentication method + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + iam: + description: |- + Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials + AWS IAM authentication method + properties: + externalID: + description: AWS External ID set on assumed IAM + roles + type: string + jwt: + description: Specify a service account with IRSA + enabled + properties: + serviceAccountRef: + description: A reference to a ServiceAccount + resource. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount + resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + type: object + path: + description: 'Path where the AWS auth method is + enabled in Vault, e.g: "aws"' + type: string + region: + description: AWS region + type: string + role: + description: This is the AWS role to be assumed + before talking to vault + type: string + secretRef: + description: Specify credentials in a Secret object + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for + authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + sessionTokenSecretRef: + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + vaultAwsIamServerID: + description: 'X-Vault-AWS-IAM-Server-ID is an + additional header used by Vault IAM auth method + to mitigate against different types of replay + attacks. More details here: https://developer.hashicorp.com/vault/docs/auth/aws' + type: string + vaultRole: + description: Vault Role. In vault, a role describes + an identity with a set of permissions, groups, + or policies you want to attach a user of the + secrets engine + type: string + required: + - vaultRole + type: object + jwt: + description: |- + Jwt authenticates with Vault by passing role and JWT token using the + JWT/OIDC authentication method + properties: + kubernetesServiceAccountToken: + description: |- + Optional ServiceAccountToken specifies the Kubernetes service account for which to request + a token for with the `TokenRequest` API. + properties: + audiences: + description: |- + Optional audiences field that will be used to request a temporary Kubernetes service + account token for the service account referenced by `serviceAccountRef`. + Defaults to a single audience `vault` it not specified. + Deprecated: use serviceAccountRef.Audiences instead + items: + type: string + type: array + expirationSeconds: + description: |- + Optional expiration time in seconds that will be used to request a temporary + Kubernetes service account token for the service account referenced by + `serviceAccountRef`. + Deprecated: this will be removed in the future. + Defaults to 10 minutes. + format: int64 + type: integer + serviceAccountRef: + description: Service account field containing + the name of a kubernetes ServiceAccount. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount + resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + required: + - serviceAccountRef + type: object + path: + default: jwt + description: |- + Path where the JWT authentication backend is mounted + in Vault, e.g: "jwt" + type: string + role: + description: |- + Role is a JWT role to authenticate using the JWT/OIDC Vault + authentication method + type: string + secretRef: + description: |- + Optional SecretRef that refers to a key in a Secret resource containing JWT token to + authenticate with Vault using the JWT/OIDC authentication method. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - path + type: object + kubernetes: + description: |- + Kubernetes authenticates with Vault by passing the ServiceAccount + token stored in the named Secret resource to the Vault server. + properties: + mountPath: + default: kubernetes + description: |- + Path where the Kubernetes authentication backend is mounted in Vault, e.g: + "kubernetes" + type: string + role: + description: |- + A required field containing the Vault Role to assume. A Role binds a + Kubernetes ServiceAccount with a set of Vault policies. + type: string + secretRef: + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Vault. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + serviceAccountRef: + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Vault. If the service account selector is not supplied, + the secretRef will be used instead. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount + resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + required: + - mountPath + - role + type: object + ldap: + description: |- + Ldap authenticates with Vault by passing username/password pair using + the LDAP authentication method + properties: + path: + default: ldap + description: |- + Path where the LDAP authentication backend is mounted + in Vault, e.g: "ldap" + type: string + secretRef: + description: |- + SecretRef to a key in a Secret resource containing password for the LDAP + user used to authenticate with Vault using the LDAP authentication + method + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + username: + description: |- + Username is a LDAP user name used to authenticate using the LDAP Vault + authentication method + type: string + required: + - path + - username + type: object + namespace: + description: |- + Name of the vault namespace to authenticate to. This can be different than the namespace your secret is in. + Namespaces is a set of features within Vault Enterprise that allows + Vault environments to support Secure Multi-tenancy. e.g: "ns1". + More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + This will default to Vault.Namespace field if set, or empty otherwise + type: string + tokenSecretRef: + description: TokenSecretRef authenticates with Vault + by presenting a token. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + userPass: + description: UserPass authenticates with Vault by + passing username/password pair + properties: + path: + default: user + description: |- + Path where the UserPassword authentication backend is mounted + in Vault, e.g: "user" + type: string + secretRef: + description: |- + SecretRef to a key in a Secret resource containing password for the + user used to authenticate with Vault using the UserPass authentication + method + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource + being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + username: + description: |- + Username is a user name used to authenticate using the UserPass Vault + authentication method + type: string + required: + - path + - username + type: object + type: object + caBundle: + description: |- + PEM encoded CA bundle used to validate Vault server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. + format: byte + type: string + caProvider: + description: The provider for the CA bundle to use to + validate Vault server certificate. + properties: + key: + description: The key where the CA certificate can + be found in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the + provider type. + type: string + namespace: + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", + or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object + forwardInconsistent: + description: |- + ForwardInconsistent tells Vault to forward read-after-write requests to the Vault + leader instead of simply retrying within a loop. This can increase performance if + the option is enabled serverside. + https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header + type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object + namespace: + description: |- + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows + Vault environments to support Secure Multi-tenancy. e.g: "ns1". + More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + type: string + path: + description: |- + Path is the mount path of the Vault KV backend endpoint, e.g: + "secret". The v2 KV secret engine version specific "/data" path suffix + for fetching secrets from Vault is optional and will be appended + if not present in specified path. + type: string + readYourWrites: + description: |- + ReadYourWrites ensures isolated read-after-write semantics by + providing discovered cluster replication states in each request. + More information about eventual consistency in Vault can be found here + https://www.vaultproject.io/docs/enterprise/consistency + type: boolean + server: + description: 'Server is the connection address for the + Vault server, e.g: "https://vault.example.com:8200".' + type: string + tls: + description: |- + The configuration used for client side related TLS communication, when the Vault server + requires mutual authentication. Only used if the Server URL is using HTTPS protocol. + This parameter is ignored for plain HTTP protocol connection. + It's worth noting this configuration is different from the "TLS certificates auth method", + which is available under the `auth.cert` section. + properties: + certSecretRef: + description: |- + CertSecretRef is a certificate added to the transport layer + when communicating with the Vault server. + If no key for the Secret is specified, external-secret will default to 'tls.crt'. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + keySecretRef: + description: |- + KeySecretRef to a key in a Secret resource containing client private key + added to the transport layer when communicating with the Vault server. + If no key for the Secret is specified, external-secret will default to 'tls.key'. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + version: + default: v2 + description: |- + Version is the Vault KV secret engine version. This can be either "v1" or + "v2". Version defaults to "v2". + enum: + - v1 + - v2 + type: string + required: + - auth + - server + type: object + resultType: + default: Data + description: |- + Result type defines which data is returned from the generator. + By default it is the "data" section of the Vault API response. + When using e.g. /auth/token/create the "data" section is empty but + the "auth" section contains the generated token. + Please refer to the vault docs regarding the result data structure. + enum: + - Data + - Auth + type: string + retrySettings: + description: Used to configure http retries if failed + properties: + maxRetries: + format: int32 + type: integer + retryInterval: + type: string + type: object + required: + - path + - provider + type: object + webhookSpec: + description: WebhookSpec controls the behavior of the external + generator. Any body parameters should be passed to the server + through the parameters field. + properties: + body: + description: Body + type: string + caBundle: + description: |- + PEM encoded CA bundle used to validate webhook server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. + format: byte + type: string + caProvider: + description: The provider for the CA bundle to use to validate + webhook server certificate. + properties: + key: + description: The key the value inside of the provider + type to use, only used with "Secret" type + type: string + name: + description: The name of the object located at the provider + type. + type: string + namespace: + description: The namespace the Provider type is in. + type: string + type: + description: The type of provider to use such as "Secret", + or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object + headers: + additionalProperties: + type: string + description: Headers + type: object + method: + description: Webhook Method + type: string + result: + description: Result formatting + properties: + jsonPath: + description: Json path of return value + type: string + type: object + secrets: + description: |- + Secrets to fill in templates + These secrets will be passed to the templating function as key value pairs under the given name + items: + properties: + name: + description: Name of this secret in templates + type: string + secretRef: + description: Secret ref to fill in credentials + properties: + key: + description: The key where the token is found. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + type: object + required: + - name + - secretRef + type: object + type: array + timeout: + description: Timeout + type: string + url: + description: Webhook url to call + type: string + required: + - result + - url + type: object + type: object + kind: + type: string + required: + - generator + - kind + type: object + status: + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crds/bases/kustomization.yaml b/config/crds/bases/kustomization.yaml index d532f45f1b2..72ca951d8ef 100644 --- a/config/crds/bases/kustomization.yaml +++ b/config/crds/bases/kustomization.yaml @@ -8,6 +8,7 @@ resources: - external-secrets.io_pushsecrets.yaml - external-secrets.io_secretstores.yaml - generators.external-secrets.io_acraccesstokens.yaml + - generators.external-secrets.io_clustergenerators.yaml - generators.external-secrets.io_ecrauthorizationtokens.yaml - generators.external-secrets.io_fakes.yaml - generators.external-secrets.io_gcraccesstokens.yaml diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index a2b444a2359..e360660b52f 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -89,6 +89,7 @@ The command removes all the Kubernetes components associated with the chart and | crds.annotations | object | `{}` | | | crds.conversion.enabled | bool | `true` | If webhook is set to false this also needs to be set to false otherwise the kubeapi will be hammered because the conversion is looking for a webhook endpoint. | | crds.createClusterExternalSecret | bool | `true` | If true, create CRDs for Cluster External Secret. | +| crds.createClusterGenerator | bool | `true` | If true, create CRDs for Cluster Generator. | | crds.createClusterSecretStore | bool | `true` | If true, create CRDs for Cluster Secret Store. | | crds.createPushSecret | bool | `true` | If true, create CRDs for Push Secret. | | createOperator | bool | `true` | Specifies whether an external secret operator deployment be created. | diff --git a/deploy/charts/external-secrets/templates/rbac.yaml b/deploy/charts/external-secrets/templates/rbac.yaml index 4f4ab48fe87..f39beb0d24e 100644 --- a/deploy/charts/external-secrets/templates/rbac.yaml +++ b/deploy/charts/external-secrets/templates/rbac.yaml @@ -51,6 +51,7 @@ rules: - "generators.external-secrets.io" resources: - "acraccesstokens" + - "clustergenerators" - "ecrauthorizationtokens" - "fakes" - "gcraccesstokens" @@ -145,6 +146,7 @@ rules: - "generators.external-secrets.io" resources: - "acraccesstokens" + - "clustergenerators" - "ecrauthorizationtokens" - "fakes" - "gcraccesstokens" @@ -190,6 +192,7 @@ rules: - "generators.external-secrets.io" resources: - "acraccesstokens" + - "clustergenerators" - "ecrauthorizationtokens" - "fakes" - "gcraccesstokens" diff --git a/deploy/charts/external-secrets/values.schema.json b/deploy/charts/external-secrets/values.schema.json index 08cef96a31f..f1edecd83d7 100644 --- a/deploy/charts/external-secrets/values.schema.json +++ b/deploy/charts/external-secrets/values.schema.json @@ -270,6 +270,9 @@ "createClusterExternalSecret": { "type": "boolean" }, + "createClusterGenerator": { + "type": "boolean" + }, "createClusterSecretStore": { "type": "boolean" }, diff --git a/deploy/charts/external-secrets/values.yaml b/deploy/charts/external-secrets/values.yaml index 036ac755345..071e7373712 100644 --- a/deploy/charts/external-secrets/values.yaml +++ b/deploy/charts/external-secrets/values.yaml @@ -39,6 +39,8 @@ crds: createClusterExternalSecret: true # -- If true, create CRDs for Cluster Secret Store. createClusterSecretStore: true + # -- If true, create CRDs for Cluster Generator. + createClusterGenerator: true # -- If true, create CRDs for Push Secret. createPushSecret: true annotations: {} diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 1898611eb45..0f05f69e954 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -140,7 +140,7 @@ spec: description: Specify the apiVersion of the generator resource type: string kind: - description: Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. + description: Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc. type: string name: description: Specify the name of the generator resource @@ -306,7 +306,7 @@ spec: description: Specify the apiVersion of the generator resource type: string kind: - description: Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. + description: Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc. type: string name: description: Specify the name of the generator resource @@ -5689,7 +5689,7 @@ spec: description: Specify the apiVersion of the generator resource type: string kind: - description: Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. + description: Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc. type: string name: description: Specify the name of the generator resource @@ -5855,7 +5855,7 @@ spec: description: Specify the apiVersion of the generator resource type: string kind: - description: Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. + description: Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc. type: string name: description: Specify the name of the generator resource @@ -6276,7 +6276,7 @@ spec: description: Specify the apiVersion of the generator resource type: string kind: - description: Specify the Kind of the resource, e.g. Password, ACRAccessToken etc. + description: Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc. type: string name: description: Specify the name of the generator resource @@ -11331,6 +11331,1347 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + external-secrets.io/component: controller + name: clustergenerators.generators.external-secrets.io +spec: + group: generators.external-secrets.io + names: + categories: + - external-secrets + - external-secrets-generators + kind: ClusterGenerator + listKind: ClusterGeneratorList + plural: clustergenerators + shortNames: + - cg + singular: clustergenerator + scope: Cluster + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: ClusterGenerator represents a cluster-wide generator which can be referenced as part of `generatorRef` fields. + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + generator: + properties: + acrAccessTokenSpec: + description: |- + ACRAccessTokenSpec defines how to generate the access token + e.g. how to authenticate and which registry to use. + see: https://github.com/Azure/acr/blob/main/docs/AAD-OAuth.md#overview + properties: + auth: + properties: + managedIdentity: + description: ManagedIdentity uses Azure Managed Identity to authenticate with Azure. + properties: + identityId: + description: If multiple Managed Identity is assigned to the pod, you can select the one to be used + type: string + type: object + servicePrincipal: + description: ServicePrincipal uses Azure Service Principal credentials to authenticate with Azure. + properties: + secretRef: + description: |- + Configuration used to authenticate with Azure using static + credentials stored in a Kind=Secret. + properties: + clientId: + description: The Azure clientId of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + clientSecret: + description: The Azure ClientSecret of the service principle used for authentication. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + required: + - secretRef + type: object + workloadIdentity: + description: WorkloadIdentity uses Azure Workload Identity to authenticate with Azure. + properties: + serviceAccountRef: + description: |- + ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + type: object + type: object + environmentType: + default: PublicCloud + description: |- + EnvironmentType specifies the Azure cloud environment endpoints to use for + connecting and authenticating with Azure. By default it points to the public cloud AAD endpoint. + The following endpoints are available, also see here: https://github.com/Azure/go-autorest/blob/main/autorest/azure/environments.go#L152 + PublicCloud, USGovernmentCloud, ChinaCloud, GermanCloud + enum: + - PublicCloud + - USGovernmentCloud + - ChinaCloud + - GermanCloud + type: string + registry: + description: |- + the domain name of the ACR registry + e.g. foobarexample.azurecr.io + type: string + scope: + description: |- + Define the scope for the access token, e.g. pull/push access for a repository. + if not provided it will return a refresh token that has full scope. + Note: you need to pin it down to the repository level, there is no wildcard available. + + examples: + repository:my-repository:pull,push + repository:my-repository:pull + + see docs for details: https://docs.docker.com/registry/spec/auth/scope/ + type: string + tenantId: + description: TenantID configures the Azure Tenant to send requests to. Required for ServicePrincipal auth type. + type: string + required: + - auth + - registry + type: object + ecrRAuthorizationTokenSpec: + properties: + auth: + description: Auth defines how to authenticate with AWS + properties: + jwt: + description: Authenticate against AWS using service account tokens. + properties: + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + type: object + secretRef: + description: |- + AWSAuthSecretRef holds secret references for AWS credentials + both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + sessionTokenSecretRef: + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + type: object + region: + description: Region specifies the region to operate in. + type: string + role: + description: |- + You can assume a role before making calls to the + desired AWS service. + type: string + required: + - region + type: object + fakeSpec: + description: FakeSpec contains the static data. + properties: + controller: + description: |- + Used to select the correct ESO controller (think: ingress.ingressClassName) + The ESO controller is instantiated with a specific controller name and filters VDS based on this property + type: string + data: + additionalProperties: + type: string + description: |- + Data defines the static data returned + by this generator. + type: object + type: object + gcrAccessTokenSpec: + properties: + auth: + description: Auth defines the means for authenticating with GCP + properties: + secretRef: + properties: + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + workloadIdentity: + properties: + clusterLocation: + type: string + clusterName: + type: string + clusterProjectID: + type: string + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + required: + - clusterLocation + - clusterName + - serviceAccountRef + type: object + type: object + projectID: + description: ProjectID defines which project to use to authenticate with + type: string + required: + - auth + - projectID + type: object + githubAccessTokenSpec: + properties: + appID: + type: string + auth: + description: Auth configures how ESO authenticates with a Github instance. + properties: + privateKey: + properties: + secretRef: + description: |- + A reference to a specific 'key' within a Secret resource, + In some instances, `key` is a required field. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - secretRef + type: object + required: + - privateKey + type: object + installID: + type: string + permissions: + additionalProperties: + type: string + description: Map of permissions the token will have. If omitted, defaults to all permissions the GitHub App has. + type: object + repositories: + description: |- + List of repositories the token will have access to. If omitted, defaults to all repositories the GitHub App + is installed to. + items: + type: string + type: array + url: + description: URL configures the Github instance URL. Defaults to https://github.com/. + type: string + required: + - appID + - auth + - installID + type: object + passwordSpec: + description: PasswordSpec controls the behavior of the password generator. + properties: + allowRepeat: + default: false + description: set AllowRepeat to true to allow repeating characters. + type: boolean + digits: + description: |- + Digits specifies the number of digits in the generated + password. If omitted it defaults to 25% of the length of the password + type: integer + length: + default: 24 + description: |- + Length of the password to be generated. + Defaults to 24 + type: integer + noUpper: + default: false + description: Set NoUpper to disable uppercase characters + type: boolean + symbolCharacters: + description: |- + SymbolCharacters specifies the special characters that should be used + in the generated password. + type: string + symbols: + description: |- + Symbols specifies the number of symbol characters in the generated + password. If omitted it defaults to 25% of the length of the password + type: integer + required: + - allowRepeat + - length + - noUpper + type: object + stsSessionTokenSpec: + properties: + auth: + description: Auth defines how to authenticate with AWS + properties: + jwt: + description: Authenticate against AWS using service account tokens. + properties: + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + type: object + secretRef: + description: |- + AWSAuthSecretRef holds secret references for AWS credentials + both AccessKeyID and SecretAccessKey must be defined in order to properly authenticate. + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + sessionTokenSecretRef: + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + type: object + region: + description: Region specifies the region to operate in. + type: string + requestParameters: + description: RequestParameters contains parameters that can be passed to the STS service. + properties: + serialNumber: + description: |- + SerialNumber is the identification number of the MFA device that is associated with the IAM user who is making + the GetSessionToken call. + Possible values: hardware device (such as GAHT12345678) or an Amazon Resource Name (ARN) for a virtual device + (such as arn:aws:iam::123456789012:mfa/user) + type: string + sessionDuration: + description: |- + SessionDuration The duration, in seconds, that the credentials should remain valid. Acceptable durations for + IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds + (12 hours) as the default. + format: int64 + type: integer + tokenCode: + description: TokenCode is the value provided by the MFA device, if MFA is required. + type: string + type: object + role: + description: |- + You can assume a role before making calls to the + desired AWS service. + type: string + required: + - region + type: object + uuidSpec: + description: UUIDSpec controls the behavior of the uuid generator. + type: object + vaultDynamicSecretSpec: + properties: + controller: + description: |- + Used to select the correct ESO controller (think: ingress.ingressClassName) + The ESO controller is instantiated with a specific controller name and filters VDS based on this property + type: string + method: + description: Vault API method to use (GET/POST/other) + type: string + parameters: + description: Parameters to pass to Vault write (for non-GET methods) + x-kubernetes-preserve-unknown-fields: true + path: + description: Vault path to obtain the dynamic secret from + type: string + provider: + description: Vault provider common spec + properties: + auth: + description: Auth configures how secret-manager authenticates with the Vault server. + properties: + appRole: + description: |- + AppRole authenticates with Vault using the App Role auth mechanism, + with the role and secret stored in a Kubernetes Secret resource. + properties: + path: + default: approle + description: |- + Path where the App Role authentication backend is mounted + in Vault, e.g: "approle" + type: string + roleId: + description: |- + RoleID configured in the App Role authentication backend when setting + up the authentication backend in Vault. + type: string + roleRef: + description: |- + Reference to a key in a Secret that contains the App Role ID used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role id. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + secretRef: + description: |- + Reference to a key in a Secret that contains the App Role secret used + to authenticate with Vault. + The `key` field must be specified and denotes which entry within the Secret + resource is used as the app role secret. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - path + - secretRef + type: object + cert: + description: |- + Cert authenticates with TLS Certificates by passing client certificate, private key and ca certificate + Cert authentication method + properties: + clientCert: + description: |- + ClientCert is a certificate to authenticate using the Cert Vault + authentication method + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + secretRef: + description: |- + SecretRef to a key in a Secret resource containing client private key to + authenticate with Vault using the Cert authentication method + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + iam: + description: |- + Iam authenticates with vault by passing a special AWS request signed with AWS IAM credentials + AWS IAM authentication method + properties: + externalID: + description: AWS External ID set on assumed IAM roles + type: string + jwt: + description: Specify a service account with IRSA enabled + properties: + serviceAccountRef: + description: A reference to a ServiceAccount resource. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + type: object + path: + description: 'Path where the AWS auth method is enabled in Vault, e.g: "aws"' + type: string + region: + description: AWS region + type: string + role: + description: This is the AWS role to be assumed before talking to vault + type: string + secretRef: + description: Specify credentials in a Secret object + properties: + accessKeyIDSecretRef: + description: The AccessKeyID is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + secretAccessKeySecretRef: + description: The SecretAccessKey is used for authentication + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + sessionTokenSecretRef: + description: |- + The SessionToken used for authentication + This must be defined if AccessKeyID and SecretAccessKey are temporary credentials + see: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + vaultAwsIamServerID: + description: 'X-Vault-AWS-IAM-Server-ID is an additional header used by Vault IAM auth method to mitigate against different types of replay attacks. More details here: https://developer.hashicorp.com/vault/docs/auth/aws' + type: string + vaultRole: + description: Vault Role. In vault, a role describes an identity with a set of permissions, groups, or policies you want to attach a user of the secrets engine + type: string + required: + - vaultRole + type: object + jwt: + description: |- + Jwt authenticates with Vault by passing role and JWT token using the + JWT/OIDC authentication method + properties: + kubernetesServiceAccountToken: + description: |- + Optional ServiceAccountToken specifies the Kubernetes service account for which to request + a token for with the `TokenRequest` API. + properties: + audiences: + description: |- + Optional audiences field that will be used to request a temporary Kubernetes service + account token for the service account referenced by `serviceAccountRef`. + Defaults to a single audience `vault` it not specified. + Deprecated: use serviceAccountRef.Audiences instead + items: + type: string + type: array + expirationSeconds: + description: |- + Optional expiration time in seconds that will be used to request a temporary + Kubernetes service account token for the service account referenced by + `serviceAccountRef`. + Deprecated: this will be removed in the future. + Defaults to 10 minutes. + format: int64 + type: integer + serviceAccountRef: + description: Service account field containing the name of a kubernetes ServiceAccount. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + required: + - serviceAccountRef + type: object + path: + default: jwt + description: |- + Path where the JWT authentication backend is mounted + in Vault, e.g: "jwt" + type: string + role: + description: |- + Role is a JWT role to authenticate using the JWT/OIDC Vault + authentication method + type: string + secretRef: + description: |- + Optional SecretRef that refers to a key in a Secret resource containing JWT token to + authenticate with Vault using the JWT/OIDC authentication method. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + required: + - path + type: object + kubernetes: + description: |- + Kubernetes authenticates with Vault by passing the ServiceAccount + token stored in the named Secret resource to the Vault server. + properties: + mountPath: + default: kubernetes + description: |- + Path where the Kubernetes authentication backend is mounted in Vault, e.g: + "kubernetes" + type: string + role: + description: |- + A required field containing the Vault Role to assume. A Role binds a + Kubernetes ServiceAccount with a set of Vault policies. + type: string + secretRef: + description: |- + Optional secret field containing a Kubernetes ServiceAccount JWT used + for authenticating with Vault. If a name is specified without a key, + `token` is the default. If one is not specified, the one bound to + the controller will be used. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + serviceAccountRef: + description: |- + Optional service account field containing the name of a kubernetes ServiceAccount. + If the service account is specified, the service account secret token JWT will be used + for authenticating with Vault. If the service account selector is not supplied, + the secretRef will be used instead. + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + required: + - name + type: object + required: + - mountPath + - role + type: object + ldap: + description: |- + Ldap authenticates with Vault by passing username/password pair using + the LDAP authentication method + properties: + path: + default: ldap + description: |- + Path where the LDAP authentication backend is mounted + in Vault, e.g: "ldap" + type: string + secretRef: + description: |- + SecretRef to a key in a Secret resource containing password for the LDAP + user used to authenticate with Vault using the LDAP authentication + method + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + username: + description: |- + Username is a LDAP user name used to authenticate using the LDAP Vault + authentication method + type: string + required: + - path + - username + type: object + namespace: + description: |- + Name of the vault namespace to authenticate to. This can be different than the namespace your secret is in. + Namespaces is a set of features within Vault Enterprise that allows + Vault environments to support Secure Multi-tenancy. e.g: "ns1". + More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + This will default to Vault.Namespace field if set, or empty otherwise + type: string + tokenSecretRef: + description: TokenSecretRef authenticates with Vault by presenting a token. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + userPass: + description: UserPass authenticates with Vault by passing username/password pair + properties: + path: + default: user + description: |- + Path where the UserPassword authentication backend is mounted + in Vault, e.g: "user" + type: string + secretRef: + description: |- + SecretRef to a key in a Secret resource containing password for the + user used to authenticate with Vault using the UserPass authentication + method + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + username: + description: |- + Username is a user name used to authenticate using the UserPass Vault + authentication method + type: string + required: + - path + - username + type: object + type: object + caBundle: + description: |- + PEM encoded CA bundle used to validate Vault server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. + format: byte + type: string + caProvider: + description: The provider for the CA bundle to use to validate Vault server certificate. + properties: + key: + description: The key where the CA certificate can be found in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the provider type. + type: string + namespace: + description: |- + The namespace the Provider type is in. + Can only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object + forwardInconsistent: + description: |- + ForwardInconsistent tells Vault to forward read-after-write requests to the Vault + leader instead of simply retrying within a loop. This can increase performance if + the option is enabled serverside. + https://www.vaultproject.io/docs/configuration/replication#allow_forwarding_via_header + type: boolean + headers: + additionalProperties: + type: string + description: Headers to be added in Vault request + type: object + namespace: + description: |- + Name of the vault namespace. Namespaces is a set of features within Vault Enterprise that allows + Vault environments to support Secure Multi-tenancy. e.g: "ns1". + More about namespaces can be found here https://www.vaultproject.io/docs/enterprise/namespaces + type: string + path: + description: |- + Path is the mount path of the Vault KV backend endpoint, e.g: + "secret". The v2 KV secret engine version specific "/data" path suffix + for fetching secrets from Vault is optional and will be appended + if not present in specified path. + type: string + readYourWrites: + description: |- + ReadYourWrites ensures isolated read-after-write semantics by + providing discovered cluster replication states in each request. + More information about eventual consistency in Vault can be found here + https://www.vaultproject.io/docs/enterprise/consistency + type: boolean + server: + description: 'Server is the connection address for the Vault server, e.g: "https://vault.example.com:8200".' + type: string + tls: + description: |- + The configuration used for client side related TLS communication, when the Vault server + requires mutual authentication. Only used if the Server URL is using HTTPS protocol. + This parameter is ignored for plain HTTP protocol connection. + It's worth noting this configuration is different from the "TLS certificates auth method", + which is available under the `auth.cert` section. + properties: + certSecretRef: + description: |- + CertSecretRef is a certificate added to the transport layer + when communicating with the Vault server. + If no key for the Secret is specified, external-secret will default to 'tls.crt'. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + keySecretRef: + description: |- + KeySecretRef to a key in a Secret resource containing client private key + added to the transport layer when communicating with the Vault server. + If no key for the Secret is specified, external-secret will default to 'tls.key'. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + type: object + version: + default: v2 + description: |- + Version is the Vault KV secret engine version. This can be either "v1" or + "v2". Version defaults to "v2". + enum: + - v1 + - v2 + type: string + required: + - auth + - server + type: object + resultType: + default: Data + description: |- + Result type defines which data is returned from the generator. + By default it is the "data" section of the Vault API response. + When using e.g. /auth/token/create the "data" section is empty but + the "auth" section contains the generated token. + Please refer to the vault docs regarding the result data structure. + enum: + - Data + - Auth + type: string + retrySettings: + description: Used to configure http retries if failed + properties: + maxRetries: + format: int32 + type: integer + retryInterval: + type: string + type: object + required: + - path + - provider + type: object + webhookSpec: + description: WebhookSpec controls the behavior of the external generator. Any body parameters should be passed to the server through the parameters field. + properties: + body: + description: Body + type: string + caBundle: + description: |- + PEM encoded CA bundle used to validate webhook server certificate. Only used + if the Server URL is using HTTPS protocol. This parameter is ignored for + plain HTTP protocol connection. If not set the system root certificates + are used to validate the TLS connection. + format: byte + type: string + caProvider: + description: The provider for the CA bundle to use to validate webhook server certificate. + properties: + key: + description: The key the value inside of the provider type to use, only used with "Secret" type + type: string + name: + description: The name of the object located at the provider type. + type: string + namespace: + description: The namespace the Provider type is in. + type: string + type: + description: The type of provider to use such as "Secret", or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object + headers: + additionalProperties: + type: string + description: Headers + type: object + method: + description: Webhook Method + type: string + result: + description: Result formatting + properties: + jsonPath: + description: Json path of return value + type: string + type: object + secrets: + description: |- + Secrets to fill in templates + These secrets will be passed to the templating function as key value pairs under the given name + items: + properties: + name: + description: Name of this secret in templates + type: string + secretRef: + description: Secret ref to fill in credentials + properties: + key: + description: The key where the token is found. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + type: object + required: + - name + - secretRef + type: object + type: array + timeout: + description: Timeout + type: string + url: + description: Webhook url to call + type: string + required: + - result + - url + type: object + type: object + kind: + type: string + required: + - generator + - kind + type: object + status: + type: object + type: object + served: true + storage: true + subresources: + status: {} + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: + - v1 + clientConfig: + service: + name: kubernetes + namespace: default + path: /convert +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.5 diff --git a/docs/api/generator/cluster.md b/docs/api/generator/cluster.md new file mode 100644 index 00000000000..ccb9ab276e2 --- /dev/null +++ b/docs/api/generator/cluster.md @@ -0,0 +1,20 @@ +`ClusterGenerator` is a generator wrapper that is available to configure a generator +cluster-wide. The purpose of this generator is that the user doesn't have to redefine +the generator in every namespace. They could define it once in the cluster and then reference that +in the consuming `ExternalSecret`. + +## Limitations + +With this, the generator will still create objects in the namespace in which the referencing ES lives. +That has not changed as of now. It will change in future modifications. + +## Example Manifest + +```yaml +{% include 'generator-cluster.yaml' %} +``` + +Example `ExternalSecret` that references the Cluster generator: +```yaml +{% include 'generator-cluster-example.yaml' %} +``` diff --git a/docs/api/spec.md b/docs/api/spec.md index ceecadcf9ba..d993fe775dd 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -4569,7 +4569,7 @@ string     -

    Specify the Kind of the resource, e.g. Password, ACRAccessToken etc.

    +

    Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc.

    diff --git a/docs/guides/generator.md b/docs/guides/generator.md index 2876dc8024f..90d775894cf 100644 --- a/docs/guides/generator.md +++ b/docs/guides/generator.md @@ -1,4 +1,3 @@ - Generators allow you to generate values. They are used through a ExternalSecret `spec.DataFrom`. They are referenced from a custom resource using `sourceRef.generatorRef`. If the External Secret should be refreshed via `spec.refreshInterval` the generator produces a map of values with the `generator.spec` as input. The generator does not keep track of the produced values. Every invocation produces a new set of values. @@ -24,4 +23,47 @@ spec: apiVersion: generators.external-secrets.io/v1alpha1 kind: ECRAuthorizationToken name: "my-ecr" -``` \ No newline at end of file +``` + +## Cluster Generate Resource + +It's possible to use a `Cluster` scoped generator. At the moment of this writing, this Generator +will only help in locating the Generator cluster-wide. It doesn't mean that the generator can create resources in all +namespaces. It will still only create a resource in the given namespace where the referencing `ExternalSecret` lives. + +To define a `ClusterGenerator` use the following config: + +```yaml +apiVersion: generators.external-secrets.io/v1alpha1 +kind: ClusterGenerator +metadata: + name: my-generator +spec: + kind: Password + generator: + passwordSpec: + length: 42 + digits: 5 + symbols: 5 + symbolCharacters: "-_$@" + noUpper: false + allowRepeat: true +``` + +All the generators are available as a ClusterGenerator spec. The `kind` field MUST match the kind of the Generator +exactly. The following Spec fields are available: + +```go +type GeneratorSpec struct { + ACRAccessTokenSpec *ACRAccessTokenSpec `json:"acrAccessTokenSpec,omitempty"` + ECRAuthorizationTokenSpec *ECRAuthorizationTokenSpec `json:"ecrRAuthorizationTokenSpec,omitempty"` + FakeSpec *FakeSpec `json:"fakeSpec,omitempty"` + GCRAccessTokenSpec *GCRAccessTokenSpec `json:"gcrAccessTokenSpec,omitempty"` + GithubAccessTokenSpec *GithubAccessTokenSpec `json:"githubAccessTokenSpec,omitempty"` + PasswordSpec *PasswordSpec `json:"passwordSpec,omitempty"` + STSSessionTokenSpec *STSSessionTokenSpec `json:"stsSessionTokenSpec,omitempty"` + UUIDSpec *UUIDSpec `json:"uuidSpec,omitempty"` + VaultDynamicSecretSpec *VaultDynamicSecretSpec `json:"vaultDynamicSecretSpec,omitempty"` + WebhookSpec *WebhookSpec `json:"webhookSpec,omitempty"` +} +``` diff --git a/docs/snippets/generator-cluster-example.yaml b/docs/snippets/generator-cluster-example.yaml new file mode 100644 index 00000000000..7262db80bb6 --- /dev/null +++ b/docs/snippets/generator-cluster-example.yaml @@ -0,0 +1,14 @@ +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: "cluster-secret" +spec: + refreshInterval: "1h" + target: + name: cluster-secret + dataFrom: + - sourceRef: + generatorRef: + apiVersion: generators.external-secrets.io/v1alpha1 + kind: ClusterGenerator + name: "cluster-gen" diff --git a/docs/snippets/generator-cluster.yaml b/docs/snippets/generator-cluster.yaml new file mode 100644 index 00000000000..cf3344bbd90 --- /dev/null +++ b/docs/snippets/generator-cluster.yaml @@ -0,0 +1,24 @@ +apiVersion: generators.external-secrets.io/v1alpha1 +kind: ClusterGenerator +metadata: + name: cluster-gen +spec: + kind: Password + generator: +# Further specs are available: +# acrAccessTokenSpec: +# ecrRAuthorizationTokenSpec: +# fakeSpec: +# gcrAccessTokenSpec: +# githubAccessTokenSpec: +# stsSessionTokenSpec: +# uuidSpec: +# vaultDynamicSecretSpec: +# webhookSpec: + passwordSpec: + length: 42 + digits: 5 + symbols: 5 + symbolCharacters: "-_$@" + noUpper: false + allowRepeat: true diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index 75da116f15d..c3b5c385d90 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -69,6 +69,7 @@ nav: - Azure Container Registry: api/generator/acr.md - AWS Elastic Container Registry: api/generator/ecr.md - AWS STS Session Token: api/generator/sts.md + - Cluster Generator: api/generator/cluster.md - Google Container Registry: api/generator/gcr.md - Vault Dynamic Secret: api/generator/vault.md - Password: api/generator/password.md diff --git a/pkg/controllers/externalsecret/externalsecret_controller_secret.go b/pkg/controllers/externalsecret/externalsecret_controller_secret.go index fd231861396..e122e284c7f 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_secret.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_secret.go @@ -25,7 +25,6 @@ import ( esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1" - // Loading registered providers. "github.com/external-secrets/external-secrets/pkg/controllers/secretstore" "github.com/external-secrets/external-secrets/pkg/utils" "github.com/external-secrets/external-secrets/pkg/utils/resolvers" @@ -116,6 +115,8 @@ func (r *Reconciler) handleGenerateSecrets(ctx context.Context, namespace string if err != nil { return nil, fmt.Errorf("unable to resolve generator: %w", err) } + // We still pass the namespace to the generate function because it needs to create + // namespace based objects. secretMap, err := gen.Generate(ctx, obj, r.Client, namespace) if err != nil { return nil, fmt.Errorf(errGenerate, i, err) diff --git a/pkg/controllers/externalsecret/externalsecret_controller_test.go b/pkg/controllers/externalsecret/externalsecret_controller_test.go index 525e49795ef..3c7afaf0de4 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_test.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_test.go @@ -650,6 +650,45 @@ var _ = Describe("ExternalSecret controller", Serial, func() { Expect(string(secret.Data[secretKey])).To(Equal(secretVal)) } } + syncWithClusterGeneratorRef := func(tc *testCase) { + const secretKey = "somekey2" + const secretVal = "someValue2" + Expect(k8sClient.Create(context.Background(), &genv1alpha1.ClusterGenerator{ + ObjectMeta: metav1.ObjectMeta{ + Name: "mytestfake", + }, + Spec: genv1alpha1.ClusterGeneratorSpec{ + Kind: "Fake", + Generator: genv1alpha1.GeneratorSpec{ + FakeSpec: &genv1alpha1.FakeSpec{ + Data: map[string]string{ + secretKey: secretVal, + }, + }, + }, + }, + })).To(Succeed()) + + // reset secretStoreRef + tc.externalSecret.Spec.SecretStoreRef = esv1beta1.SecretStoreRef{} + tc.externalSecret.Spec.Data = nil + tc.externalSecret.Spec.DataFrom = []esv1beta1.ExternalSecretDataFromRemoteRef{ + { + SourceRef: &esv1beta1.StoreGeneratorSourceRef{ + GeneratorRef: &esv1beta1.GeneratorRef{ + APIVersion: genv1alpha1.Group + "/" + genv1alpha1.Version, + Kind: "ClusterGenerator", + Name: "mytestfake", + }, + }, + }, + } + + tc.checkSecret = func(es *esv1beta1.ExternalSecret, secret *v1.Secret) { + // check values + Expect(string(secret.Data[secretKey])).To(Equal(secretVal)) + } + } deleteOrphanedSecrets := func(tc *testCase) { tc.checkSecret = func(es *esv1beta1.ExternalSecret, secret *v1.Secret) { @@ -2280,6 +2319,7 @@ var _ = Describe("ExternalSecret controller", Serial, func() { Entry("should not resolve conflicts with creationPolicy=Merge", mergeWithConflict), Entry("should not update unchanged secret using creationPolicy=Merge", mergeWithSecretNoChange), Entry("should not delete pre-existing secret with creationPolicy=Orphan", createSecretPolicyOrphan), + Entry("should sync cluster generator ref", syncWithClusterGeneratorRef), Entry("should sync with generatorRef", syncWithGeneratorRef), Entry("should not process generatorRef with mismatching controller field", ignoreMismatchControllerForGeneratorRef), Entry("should sync with multiple secret stores via sourceRef", syncWithMultipleSecretStores), diff --git a/pkg/utils/resolvers/generator.go b/pkg/utils/resolvers/generator.go index b83d8bcd911..fcc90a9549f 100644 --- a/pkg/utils/resolvers/generator.go +++ b/pkg/utils/resolvers/generator.go @@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ + package resolvers import ( @@ -18,8 +19,10 @@ import ( "fmt" apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + "k8s.io/apimachinery/pkg/api/meta" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime/schema" + "k8s.io/apimachinery/pkg/util/json" "k8s.io/client-go/discovery" "k8s.io/client-go/dynamic" "k8s.io/client-go/rest" @@ -70,15 +73,90 @@ func getGeneratorDefinition(ctx context.Context, restConfig *rest.Config, namesp if err != nil { return nil, err } - res, err := d.Resource(mapping.Resource). - Namespace(namespace). - Get(ctx, generatorRef.Name, metav1.GetOptions{}) + + if generatorRef.Kind == "ClusterGenerator" { + return extractGeneratorFromClusterGenerator(ctx, d, mapping, generatorRef) + } + + res, err := d.Resource(mapping.Resource).Namespace(namespace).Get(ctx, generatorRef.Name, metav1.GetOptions{}) if err != nil { return nil, err } + jsonRes, err := res.MarshalJSON() if err != nil { return nil, err } return &apiextensions.JSON{Raw: jsonRes}, nil } + +func extractGeneratorFromClusterGenerator( + ctx context.Context, + d *dynamic.DynamicClient, + mapping *meta.RESTMapping, + generatorRef *esv1beta1.GeneratorRef, +) (*apiextensions.JSON, error) { + res, err := d.Resource(mapping.Resource).Get(ctx, generatorRef.Name, metav1.GetOptions{}) + if err != nil { + return nil, err + } + + spec, err := extractValue[map[string]any](res.Object, genv1alpha1.GeneratorSpecKey) + if err != nil { + return nil, err + } + + generator, err := extractValue[map[string]any](spec, genv1alpha1.GeneratorGeneratorKey) + if err != nil { + return nil, err + } + + kind, err := extractValue[string](spec, genv1alpha1.GeneratorKindKey) + if err != nil { + return nil, err + } + + // find the first value and that's what we are going to take + // this will be the generator that has been set by the user + var result []byte + for _, v := range generator { + vMap, ok := v.(map[string]interface{}) + if !ok { + return nil, fmt.Errorf("kind was not of object type for cluster generator %T", v) + } + + // Construct our generator object so it can be later unmarshalled into a valid Generator Spec. + object := map[string]interface{}{} + object["kind"] = kind + object["spec"] = vMap + result, err = json.Marshal(object) + if err != nil { + return nil, err + } + + return &apiextensions.JSON{Raw: result}, nil + } + + return nil, fmt.Errorf("no defined generators found for cluster generator spec: %v", spec) +} + +// extractValue fetches a specific key value that we are looking for in a map. +func extractValue[T any](m any, k string) (T, error) { + var result T + v, ok := m.(map[string]any) + if !ok { + return result, fmt.Errorf("value was not of type map[string]any but: %T", m) + } + + vv, ok := v[k] + if !ok { + return result, fmt.Errorf("key %s was not found in map", k) + } + + vvv, ok := vv.(T) + if !ok { + return result, fmt.Errorf("value was not of type T but: %T", vvv) + } + + return vvv, nil +} From 4dfa4d2622b52fc23498c302d90b34e959538da5 Mon Sep 17 00:00:00 2001 From: Diego Tejada Date: Tue, 26 Nov 2024 15:54:58 -0500 Subject: [PATCH 440/517] feat: Add API key auth support on BeyondTrust provider (#4101) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: bump BeyondTrust/go-client-library-passwordsafe version v0.9.1 Signed-off-by: Diego Tejada * feat: add ApiKey attribute to BeyondtrustAuth Signed-off-by: Diego Tejada * chore: update docs with ApiKey reference, add extra help comments Signed-off-by: Diego Tejada * feat: conditionally using API Key or Client Credentials Auth on BeyondTrust provider Signed-off-by: Diego Tejada * test: Add API key tests for BeyondTrust provider Signed-off-by: Diego Tejada * chore: add apiKey to spec.md Signed-off-by: Diego Tejada * chore: make reviewable files Signed-off-by: Diego Tejada * chore: ensured fmt Signed-off-by: Diego Tejada * chore: update APIKey variable case Signed-off-by: Diego Tejada * chore: fix typo Signed-off-by: Diego Tejada * chore: fix typo Signed-off-by: Diego Tejada * chore: fix typo Signed-off-by: Diego Tejada * chore(deps): bump watchdog from 5.0.3 to 6.0.0 in /hack/api-docs (#4067) Bumps [watchdog](https://github.com/gorakhargosh/watchdog) from 5.0.3 to 6.0.0. - [Release notes](https://github.com/gorakhargosh/watchdog/releases) - [Changelog](https://github.com/gorakhargosh/watchdog/blob/master/changelog.rst) - [Commits](https://github.com/gorakhargosh/watchdog/compare/v5.0.3...v6.0.0) --- updated-dependencies: - dependency-name: watchdog dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump pymdown-extensions in /hack/api-docs (#4068) Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.11.2 to 10.12. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.11.2...10.12) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump mkdocs-material in /hack/api-docs (#4069) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.42 to 9.5.43. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.42...9.5.43) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump softprops/action-gh-release from 2.0.8 to 2.0.9 (#4070) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.8 to 2.0.9. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/c062e08bd532815e2082a85e87e3ef29c3e6d191...e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore: move inactive maintainers to emeritus (#4073) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * chore: update dependencies (#4071) * update dependencies Signed-off-by: External Secrets Operator * removed updating sigs.k8s.io/structured-merge-diff/v4 because that broke compilation and fixed two lint issues Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: External Secrets Operator Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * Update VaultAppRole documentation to show/use roleRef in its examples (#4035) Signed-off-by: Mike Tougeron Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Signed-off-by: Diego Tejada * feat: add option to configure topic information for GCM (#4055) * feat: add option to configure topic information for GCM Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix the comparison logic for updates to include topics Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * feat: add AWS STS Session token generator (#4041) * feat: add AWS STS Session token generator Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * version update for the generated CRD Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(helm): Add extra labels to the validating webhooks (#4074) It should add a bunch of app.kubernetes.io labels Signed-off-by: Miguel Sacristán Izcue Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * Reduce refreshInterval example for ACR (#4078) The old example used a `refreshInterval` value of 12h for the ACR access token. This change reduces that to 3h instead, since that is the expiration time for Service Principal authentication tokens: https://learn.microsoft.com/en-us/azure/container-registry/container-registry-authentication?tabs=azure-cli#service-principal Service principals are not the only way to authenticate towards ACR. In fact, two other ways (`managedIdentity` and `workloadIdentity`) are also outlined in the docs. I was unable to find any documentation in Azure for the default expiration time for those tokens, so as far as I know it is always 3 hours. Thus I think we should reflect this in our examples. Signed-off-by: Andreas Lindhé <7773090+lindhe@users.noreply.github.com> Signed-off-by: Diego Tejada * Fix PushSecret lookup in keepersecurity provider (#4077) * Fixed Keeper Security custom record type name in docs Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> * Fixed Keeper records lookup in PushSecret Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> * Improved Keeper record lookup to search only for records of the expected type Improved PushSecret and DeleteSecret Fixed "nil pointer dereference" errors Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> * Fixed tests Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> * chore(helm): Add extra labels to the validating webhooks (#4074) It should add a bunch of app.kubernetes.io labels Signed-off-by: Miguel Sacristán Izcue Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> * Added tests for secrets with multiple matches Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> --------- Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> Signed-off-by: Miguel Sacristán Izcue Co-authored-by: Tete17 Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * Add ability to use RetrySettings in the VaultDynamicSecret generator (#4076) Signed-off-by: Oleksij Samorukov Signed-off-by: Diego Tejada * chore: make reviewable format Signed-off-by: Diego Tejada * refactor: reduced complexity in NewClient Signed-off-by: Diego Tejada * refactor: reduced function parameters Signed-off-by: Diego Tejada * chore(deps): bump golang from 1.23.2 to 1.23.3 (#4089) Bumps golang from 1.23.2 to 1.23.3. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump packaging from 24.1 to 24.2 in /hack/api-docs (#4090) Bumps [packaging](https://github.com/pypa/packaging) from 24.1 to 24.2. - [Release notes](https://github.com/pypa/packaging/releases) - [Changelog](https://github.com/pypa/packaging/blob/main/CHANGELOG.rst) - [Commits](https://github.com/pypa/packaging/compare/24.1...24.2) --- updated-dependencies: - dependency-name: packaging dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump mkdocs-material in /hack/api-docs (#4091) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.43 to 9.5.44. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.43...9.5.44) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * Update docs for ExternalSecrets's refreshInterval (#4097) Fixes #4079 Signed-off-by: Andreas Lindhé <7773090+lindhe@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump zipp from 3.20.2 to 3.21.0 in /hack/api-docs (#4092) Bumps [zipp](https://github.com/jaraco/zipp) from 3.20.2 to 3.21.0. - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](https://github.com/jaraco/zipp/compare/v3.20.2...v3.21.0) --- updated-dependencies: - dependency-name: zipp dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump regex from 2024.9.11 to 2024.11.6 in /hack/api-docs (#4093) Bumps [regex](https://github.com/mrabarnett/mrab-regex) from 2024.9.11 to 2024.11.6. - [Changelog](https://github.com/mrabarnett/mrab-regex/blob/hg/changelog.txt) - [Commits](https://github.com/mrabarnett/mrab-regex/compare/2024.9.11...2024.11.6) --- updated-dependencies: - dependency-name: regex dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump golang from 1.23.2-bookworm to 1.23.3-bookworm in /e2e (#4094) Bumps golang from 1.23.2-bookworm to 1.23.3-bookworm. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * update dependencies (#4096) Signed-off-by: External Secrets Operator Signed-off-by: Moritz Johner Co-authored-by: External Secrets Operator Signed-off-by: Diego Tejada * chore(deps): bump github/codeql-action from 3.27.0 to 3.27.1 (#4088) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.0 to 3.27.1. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/662472033e021d55d94146f66f6058822b0b39fd...4f3212b61783c3c68e8309a0f18a699764811cda) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * Fix typo in webhook.md (#4100) Signed-off-by: Stas Alekseev <100800+salekseev@users.noreply.github.com> Signed-off-by: Diego Tejada * docs: reformat pushsecrets documentation to be a list (#4102) * reformat pushsecrets documentation to be a list Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> * Use sections instead of a list Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> --------- Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * fix: refresh interval values (#4111) Signed-off-by: Gustavo Signed-off-by: Diego Tejada * Sign helm chart artifact in ghcr.io (#4098) * Install cosign for signing helm charts Signed-off-by: Aruuunn * Fix helm push failing when GITHUB_REPOSITORY_OWNER contains Uppercase alphabets Signed-off-by: Aruuunn * Sign helm chart in oci registry using cosign Signed-off-by: Aruuunn * Add permissions required for cosign signing and provenance attestations Signed-off-by: Aruuunn * Log helm push output Signed-off-by: Aruuunn * Attest build provenance for helm artifact Signed-off-by: Aruuunn * Format: break code block Signed-off-by: Aruuunn * Reformat: Remove temp variable Signed-off-by: Aruuunn * Verify signed helm chart after signing it Signed-off-by: Aruuunn * Remove unnecessary helm action changes for external-secrets repository Signed-off-by: Aruuunn --------- Signed-off-by: Aruuunn Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump distroless/static from `cc226ca` to `f4a57e8` (#4112) Bumps distroless/static from `cc226ca` to `f4a57e8`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump golang from `0974259` to `c694a4d` (#4113) Bumps golang from `0974259` to `c694a4d`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump alpine from `beefdbd` to `1e42bbe` (#4114) Bumps alpine from `beefdbd` to `1e42bbe`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump github/codeql-action from 3.27.1 to 3.27.4 (#4115) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.1 to 3.27.4. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/4f3212b61783c3c68e8309a0f18a699764811cda...ea9e4e37992a54ee68a9622e985e60c8e8f12d9f) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump codecov/codecov-action from 4.6.0 to 5.0.2 (#4116) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 4.6.0 to 5.0.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238...5c47607acb93fed5485fdbf7232e8a31425f672a) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump softprops/action-gh-release from 2.0.9 to 2.1.0 (#4117) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.9 to 2.1.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/e7a8f85e1c67a31e6ed99a94b41bd0b71bbee6b8...01570a1f39cb168c169c802c3bceb9e93fb10974) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump alpine from `beefdbd` to `1e42bbe` in /hack/api-docs (#4118) Bumps alpine from `beefdbd` to `1e42bbe`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump alpine from `beefdbd` to `1e42bbe` in /e2e (#4119) Bumps alpine from `beefdbd` to `1e42bbe`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * chore(deps): bump golang from `0e3377d` to `3f3b9da` in /e2e (#4120) Bumps golang from `0e3377d` to `3f3b9da`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Signed-off-by: Diego Tejada * fix: re-enable signing helm release (#4109) Signed-off-by: Moritz Johner Signed-off-by: Diego Tejada * update dependencies (#4122) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * Update apis/externalsecrets/v1beta1/secretstore_beyondtrust_types.go Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * Update apis/externalsecrets/v1beta1/secretstore_beyondtrust_types.go Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * Update apis/externalsecrets/v1beta1/secretstore_beyondtrust_types.go Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * Update apis/externalsecrets/v1beta1/secretstore_beyondtrust_types.go Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * Update pkg/provider/beyondtrust/provider.go Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Diego Tejada * chore: fix linter errors Signed-off-by: Diego Tejada * refactor: split credentials/certificate reading functionality Signed-off-by: Diego Tejada * style: apply make fmt Signed-off-by: Diego Tejada --------- Signed-off-by: Diego Tejada Signed-off-by: dependabot[bot] Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: External Secrets Operator Signed-off-by: Mike Tougeron Signed-off-by: Miguel Sacristán Izcue Signed-off-by: Andreas Lindhé <7773090+lindhe@users.noreply.github.com> Signed-off-by: Ivan Dimov <78815270+idimov-keeper@users.noreply.github.com> Signed-off-by: Oleksij Samorukov Signed-off-by: Moritz Johner Signed-off-by: Stas Alekseev <100800+salekseev@users.noreply.github.com> Signed-off-by: twobiers <22715034+twobiers@users.noreply.github.com> Signed-off-by: Gustavo Signed-off-by: Aruuunn Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: eso-service-account-app[bot] <85832941+eso-service-account-app[bot]@users.noreply.github.com> Co-authored-by: External Secrets Operator Co-authored-by: Mike Tougeron Co-authored-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Co-authored-by: Tete17 Co-authored-by: Andreas Lindhé <7773090+lindhe@users.noreply.github.com> Co-authored-by: idimov-keeper <78815270+idimov-keeper@users.noreply.github.com> Co-authored-by: Alex Samorukov Co-authored-by: Stas Alekseev <100800+salekseev@users.noreply.github.com> Co-authored-by: Tobi <22715034+twobiers@users.noreply.github.com> Co-authored-by: Arun Murugan Co-authored-by: Moritz Johner --- .../v1beta1/secretstore_beyondtrust_types.go | 12 +- .../v1beta1/zz_generated.deepcopy.go | 5 + ...ternal-secrets.io_clustersecretstores.yaml | 38 +++- .../external-secrets.io_secretstores.yaml | 38 +++- deploy/crds/bundle.yaml | 62 ++++++- docs/api/spec.md | 17 +- docs/provider/beyondtrust.md | 20 ++- docs/snippets/beyondtrust-secret-store.yaml | 4 + pkg/provider/beyondtrust/provider.go | 168 +++++++++++++----- pkg/provider/beyondtrust/provider_test.go | 58 ++++++ 10 files changed, 345 insertions(+), 77 deletions(-) diff --git a/apis/externalsecrets/v1beta1/secretstore_beyondtrust_types.go b/apis/externalsecrets/v1beta1/secretstore_beyondtrust_types.go index 2d9663e229a..9c94b6583a6 100644 --- a/apis/externalsecrets/v1beta1/secretstore_beyondtrust_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_beyondtrust_types.go @@ -29,11 +29,13 @@ type BeyondTrustProviderSecretRef struct { // Configures a store to sync secrets using BeyondTrust Password Safe. type BeyondtrustAuth struct { - // +required - API OAuth Client ID. - ClientID *BeyondTrustProviderSecretRef `json:"clientId"` - // +required - API OAuth Client Secret. - ClientSecret *BeyondTrustProviderSecretRef `json:"clientSecret"` - // Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. + // APIKey If not provided then ClientID/ClientSecret become required. + APIKey *BeyondTrustProviderSecretRef `json:"apiKey,omitempty"` + // ClientID is the API OAuth Client ID. + ClientID *BeyondTrustProviderSecretRef `json:"clientId,omitempty"` + // ClientSecret is the API OAuth Client Secret. + ClientSecret *BeyondTrustProviderSecretRef `json:"clientSecret,omitempty"` + // Certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. Certificate *BeyondTrustProviderSecretRef `json:"certificate,omitempty"` // Certificate private key (key.pem). For use when authenticating with an OAuth client Id CertificateKey *BeyondTrustProviderSecretRef `json:"certificateKey,omitempty"` diff --git a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go index 06f0431900f..8208b7f521a 100644 --- a/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go +++ b/apis/externalsecrets/v1beta1/zz_generated.deepcopy.go @@ -414,6 +414,11 @@ func (in *BeyondTrustProviderSecretRef) DeepCopy() *BeyondTrustProviderSecretRef // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *BeyondtrustAuth) DeepCopyInto(out *BeyondtrustAuth) { *out = *in + if in.APIKey != nil { + in, out := &in.APIKey, &out.APIKey + *out = new(BeyondTrustProviderSecretRef) + (*in).DeepCopyInto(*out) + } if in.ClientID != nil { in, out := &in.ClientID, &out.ClientID *out = new(BeyondTrustProviderSecretRef) diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 47d0e973185..33f6d5cc53b 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2305,10 +2305,37 @@ spec: description: Auth configures how the operator authenticates with Beyondtrust. properties: + apiKey: + description: APIKey If not provided then ClientID/ClientSecret + become required. + properties: + secretRef: + description: SecretRef references a key in a secret + that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set + a value without using a secret. + type: string + type: object certificate: - description: Content of the certificate (cert.pem) for - use when authenticating with an OAuth client Id using - a Client Certificate. + description: Certificate (cert.pem) for use when authenticating + with an OAuth client Id using a Client Certificate. properties: secretRef: description: SecretRef references a key in a secret @@ -2363,6 +2390,7 @@ spec: type: string type: object clientId: + description: ClientID is the API OAuth Client ID. properties: secretRef: description: SecretRef references a key in a secret @@ -2389,6 +2417,7 @@ spec: type: string type: object clientSecret: + description: ClientSecret is the API OAuth Client Secret. properties: secretRef: description: SecretRef references a key in a secret @@ -2414,9 +2443,6 @@ spec: a value without using a secret. type: string type: object - required: - - clientId - - clientSecret type: object server: description: Auth configures how API server works. diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index 361ad5141ca..f8576921c74 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2305,10 +2305,37 @@ spec: description: Auth configures how the operator authenticates with Beyondtrust. properties: + apiKey: + description: APIKey If not provided then ClientID/ClientSecret + become required. + properties: + secretRef: + description: SecretRef references a key in a secret + that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set + a value without using a secret. + type: string + type: object certificate: - description: Content of the certificate (cert.pem) for - use when authenticating with an OAuth client Id using - a Client Certificate. + description: Certificate (cert.pem) for use when authenticating + with an OAuth client Id using a Client Certificate. properties: secretRef: description: SecretRef references a key in a secret @@ -2363,6 +2390,7 @@ spec: type: string type: object clientId: + description: ClientID is the API OAuth Client ID. properties: secretRef: description: SecretRef references a key in a secret @@ -2389,6 +2417,7 @@ spec: type: string type: object clientSecret: + description: ClientSecret is the API OAuth Client Secret. properties: secretRef: description: SecretRef references a key in a secret @@ -2414,9 +2443,6 @@ spec: a value without using a secret. type: string type: object - required: - - clientId - - clientSecret type: object server: description: Auth configures how API server works. diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 0f05f69e954..79e37f52949 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -2814,8 +2814,32 @@ spec: auth: description: Auth configures how the operator authenticates with Beyondtrust. properties: + apiKey: + description: APIKey If not provided then ClientID/ClientSecret become required. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object certificate: - description: Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. + description: Certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. properties: secretRef: description: SecretRef references a key in a secret that will be used as value. @@ -2863,6 +2887,7 @@ spec: type: string type: object clientId: + description: ClientID is the API OAuth Client ID. properties: secretRef: description: SecretRef references a key in a secret that will be used as value. @@ -2886,6 +2911,7 @@ spec: type: string type: object clientSecret: + description: ClientSecret is the API OAuth Client Secret. properties: secretRef: description: SecretRef references a key in a secret that will be used as value. @@ -2908,9 +2934,6 @@ spec: description: Value can be specified directly to set a value without using a secret. type: string type: object - required: - - clientId - - clientSecret type: object server: description: Auth configures how API server works. @@ -8657,8 +8680,32 @@ spec: auth: description: Auth configures how the operator authenticates with Beyondtrust. properties: + apiKey: + description: APIKey If not provided then ClientID/ClientSecret become required. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be + defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: |- + Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults + to the namespace of the referent. + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object certificate: - description: Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. + description: Certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. properties: secretRef: description: SecretRef references a key in a secret that will be used as value. @@ -8706,6 +8753,7 @@ spec: type: string type: object clientId: + description: ClientID is the API OAuth Client ID. properties: secretRef: description: SecretRef references a key in a secret that will be used as value. @@ -8729,6 +8777,7 @@ spec: type: string type: object clientSecret: + description: ClientSecret is the API OAuth Client Secret. properties: secretRef: description: SecretRef references a key in a secret that will be used as value. @@ -8751,9 +8800,6 @@ spec: description: Value can be specified directly to set a value without using a secret. type: string type: object - required: - - clientId - - clientSecret type: object server: description: Auth configures how API server works. diff --git a/docs/api/spec.md b/docs/api/spec.md index d993fe775dd..c68aae94f4c 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -1076,6 +1076,19 @@ External Secrets meta/v1.SecretKeySelector +apiKey
    + +     +BeyondTrustProviderSecretRef + + + + +

    APIKey If not provided then ClientID/ClientSecret become required.

    + + + + clientId
    @@ -1084,6 +1097,7 @@ BeyondTrustProviderSecretRef +

    ClientID is the API OAuth Client ID.

    @@ -1096,6 +1110,7 @@ BeyondTrustProviderSecretRef +

    ClientSecret is the API OAuth Client Secret.

    @@ -1108,7 +1123,7 @@ BeyondTrustProviderSecretRef -

    Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate.

    +

    Certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate.

    diff --git a/docs/provider/beyondtrust.md b/docs/provider/beyondtrust.md index 104c4bde87d..1f21a4e43da 100644 --- a/docs/provider/beyondtrust.md +++ b/docs/provider/beyondtrust.md @@ -22,13 +22,19 @@ BeyondTrust [OAuth Authentication](https://www.beyondtrust.com/docs/beyondinsigh 5. Add the user to the group 6. Add the Secrets Safe Feature to the group -> NOTE: The ClentID and ClientSecret must be stored in a Kubernetes secret in order for the SecretStore to read the configuration. +> NOTE: The ClientID and ClientSecret must be stored in a Kubernetes secret in order for the SecretStore to read the configuration. +If you're using client credentials authentication: ```sh kubectl create secret generic bt-secret --from-literal ClientSecret="" kubectl create secret generic bt-id --from-literal ClientId="" ``` +If you're using API Key authentication: +```sh +kubectl create secret generic bt-apikey --from-literal ApiKey="" +``` + ### Client Certificate If using `retrievalType: MANAGED_ACCOUNT`, you will also need to download the pfx certificate from Secrets Safe, extract that certificate and create two Kubernetes secrets. @@ -70,7 +76,7 @@ spec: beyondtrust: server: apiUrl: https://example.com:443/BeyondTrust/api/public/v3/ - retrievalType: MANAGED_ACCOUNT # or SECRET + retrievalType: MANAGED_ACCOUNT # or SECRET verifyCA: true clientTimeOutSeconds: 45 auth: @@ -82,17 +88,21 @@ spec: secretRef: name: bt-certificatekey key: ClientCertificateKey - clientSecret: + clientSecret: # define this section if using client credentials authentication secretRef: name: bt-secret key: ClientSecret - clientId: + clientId: # define this section if using client credentials authentication secretRef: name: bt-id key: ClientId + apiKey: # define this section if using Api Key authentication + secretRef: + name: bt-apikey + key: ApiKey ``` -### Creating a ExternalSecret +### Creating an ExternalSecret You can follow the below example to create a `ExternalSecret` resource. Secrets can be referenced by path. You can also use a `ClusterExternalSecret` allowing you to reference secrets from all namespaces. diff --git a/docs/snippets/beyondtrust-secret-store.yaml b/docs/snippets/beyondtrust-secret-store.yaml index 9b4deccf4b3..ea163a3ea52 100644 --- a/docs/snippets/beyondtrust-secret-store.yaml +++ b/docs/snippets/beyondtrust-secret-store.yaml @@ -22,6 +22,10 @@ spec: secretRef: name: bt-id key: ClientId + apiKey: + secretRef: + name: bt-apikey + key: ApiKey server: retrievalType: MANAGED_ACCOUNT verifyCA: true diff --git a/pkg/provider/beyondtrust/provider.go b/pkg/provider/beyondtrust/provider.go index c8fe32fd11d..a32fed02416 100644 --- a/pkg/provider/beyondtrust/provider.go +++ b/pkg/provider/beyondtrust/provider.go @@ -65,6 +65,18 @@ type Provider struct { separator string } +type AuthenticatorInput struct { + Config *esv1beta1.BeyondtrustProvider + HTTPClientObj utils.HttpClientObj + BackoffDefinition *backoff.ExponentialBackOff + APIURL string + ClientID string + ClientSecret string + APIKey string + Logger *logging.LogrLogger + RetryMaxElapsedTimeMinutes int +} + // Capabilities implements v1beta1.Provider. func (*Provider) Capabilities() esv1beta1.SecretStoreCapabilities { return esv1beta1.SecretStoreReadOnly @@ -111,57 +123,30 @@ func (*Provider) SecretExists(_ context.Context, _ esv1beta1.PushSecretRemoteRef func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Client, namespace string) (esv1beta1.SecretsClient, error) { config := store.GetSpec().Provider.Beyondtrust logger := logging.NewLogrLogger(&ESOLogger) - apiURL := config.Server.APIURL - certificate := "" - certificateKey := "" - clientTimeOutInSeconds := 45 - retryMaxElapsedTimeMinutes := 15 - separator := "/" - if config.Server.Separator != "" { - separator = config.Server.Separator - } - - if config.Server.ClientTimeOutSeconds != 0 { - clientTimeOutInSeconds = config.Server.ClientTimeOutSeconds + clientID, clientSecret, apiKey, err := loadCredentialsFromConfig(ctx, config, kube, namespace) + if err != nil { + return nil, fmt.Errorf("error loading credentials: %w", err) } - backoffDefinition := backoff.NewExponentialBackOff() - backoffDefinition.InitialInterval = 1 * time.Second - backoffDefinition.MaxElapsedTime = time.Duration(retryMaxElapsedTimeMinutes) * time.Second - backoffDefinition.RandomizationFactor = 0.5 - - clientID, err := loadConfigSecret(ctx, config.Auth.ClientID, kube, namespace) + certificate, certificateKey, err := loadCertificateFromConfig(ctx, config, kube, namespace) if err != nil { - return nil, fmt.Errorf("error loading clientID: %w", err) + return nil, fmt.Errorf("error loading certificate: %w", err) } - clientSecret, err := loadConfigSecret(ctx, config.Auth.ClientSecret, kube, namespace) if err != nil { - return nil, fmt.Errorf("error loading clientSecret: %w", err) + return nil, fmt.Errorf("error loading secrets: %w", err) } - if config.Auth.Certificate != nil && config.Auth.CertificateKey != nil { - loadedCertificate, err := loadConfigSecret(ctx, config.Auth.Certificate, kube, namespace) - if err != nil { - return nil, fmt.Errorf("error loading Certificate: %w", err) - } + clientTimeOutInSeconds, separator, retryMaxElapsedTimeMinutes := getConfigValues(config) - certificate = loadedCertificate + backoffDefinition := getBackoffDefinition(retryMaxElapsedTimeMinutes) - loadedCertificateKey, err := loadConfigSecret(ctx, config.Auth.CertificateKey, kube, namespace) - if err != nil { - return nil, fmt.Errorf("error loading Certificate Key: %w", err) - } - - certificateKey = loadedCertificateKey - } - - // Create an instance of ValidationParams params := utils.ValidationParams{ + ApiKey: apiKey, ClientID: clientID, ClientSecret: clientSecret, - ApiUrl: &apiURL, + ApiUrl: &config.Server.APIURL, ClientTimeOutInSeconds: clientTimeOutInSeconds, Separator: &separator, VerifyCa: config.Server.VerifyCA, @@ -172,22 +157,33 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, MaxFileSecretSizeBytes: &maxFileSecretSizeBytes, } - errorsInInputs := utils.ValidateInputs(params) + if err := validateInputs(params); err != nil { + return nil, fmt.Errorf("error in Inputs: %w", err) + } + + httpClient, err := utils.GetHttpClient(clientTimeOutInSeconds, config.Server.VerifyCA, certificate, certificateKey, logger) + if err != nil { + return nil, fmt.Errorf("error creating HTTP client: %w", err) + } - if errorsInInputs != nil { - return nil, fmt.Errorf("error in Inputs: %w", errorsInInputs) + authenticatorInput := AuthenticatorInput{ + Config: config, + HTTPClientObj: *httpClient, + BackoffDefinition: backoffDefinition, + APIURL: config.Server.APIURL, + ClientID: clientID, + ClientSecret: clientSecret, + APIKey: apiKey, + Logger: logger, + RetryMaxElapsedTimeMinutes: retryMaxElapsedTimeMinutes, } - // creating a http client - httpClientObj, err := utils.GetHttpClient(clientTimeOutInSeconds, config.Server.VerifyCA, certificate, certificateKey, logger) + authenticate, err := getAuthenticator(authenticatorInput) if err != nil { - return nil, fmt.Errorf("error creating http client: %w", err) + return nil, fmt.Errorf("error authenticating: %w", err) } - // instantiating authenticate obj, injecting httpClient object - authenticate, _ := auth.Authenticate(*httpClientObj, backoffDefinition, apiURL, clientID, clientSecret, logger, retryMaxElapsedTimeMinutes) - return &Provider{ apiURL: config.Server.APIURL, retrievaltype: config.Server.RetrievalType, @@ -197,6 +193,86 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore, }, nil } +func loadCredentialsFromConfig(ctx context.Context, config *esv1beta1.BeyondtrustProvider, kube client.Client, namespace string) (string, string, string, error) { + var clientID, clientSecret, apiKey string + var err error + + if config.Auth.APIKey != nil { + apiKey, err = loadConfigSecret(ctx, config.Auth.APIKey, kube, namespace) + if err != nil { + return "", "", "", fmt.Errorf("error loading apiKey: %w", err) + } + } else { + clientID, err = loadConfigSecret(ctx, config.Auth.ClientID, kube, namespace) + if err != nil { + return "", "", "", fmt.Errorf("error loading clientID: %w", err) + } + + clientSecret, err = loadConfigSecret(ctx, config.Auth.ClientSecret, kube, namespace) + if err != nil { + return "", "", "", fmt.Errorf("error loading clientSecret: %w", err) + } + } + + return clientID, clientSecret, apiKey, nil +} + +func loadCertificateFromConfig(ctx context.Context, config *esv1beta1.BeyondtrustProvider, kube client.Client, namespace string) (string, string, error) { + var certificate, certificateKey string + var err error + + if config.Auth.Certificate != nil && config.Auth.CertificateKey != nil { + certificate, err = loadConfigSecret(ctx, config.Auth.Certificate, kube, namespace) + if err != nil { + return "", "", fmt.Errorf("error loading Certificate: %w", err) + } + + certificateKey, err = loadConfigSecret(ctx, config.Auth.CertificateKey, kube, namespace) + if err != nil { + return "", "", fmt.Errorf("error loading Certificate Key: %w", err) + } + } + + return certificate, certificateKey, nil +} + +func getConfigValues(config *esv1beta1.BeyondtrustProvider) (int, string, int) { + clientTimeOutInSeconds := 45 + separator := "/" + retryMaxElapsedTimeMinutes := 15 + + if config.Server.ClientTimeOutSeconds != 0 { + clientTimeOutInSeconds = config.Server.ClientTimeOutSeconds + } + + if config.Server.Separator != "" { + separator = config.Server.Separator + } + + return clientTimeOutInSeconds, separator, retryMaxElapsedTimeMinutes +} + +func getBackoffDefinition(retryMaxElapsedTimeMinutes int) *backoff.ExponentialBackOff { + backoffDefinition := backoff.NewExponentialBackOff() + backoffDefinition.InitialInterval = 1 * time.Second + backoffDefinition.MaxElapsedTime = time.Duration(retryMaxElapsedTimeMinutes) * time.Minute + backoffDefinition.RandomizationFactor = 0.5 + + return backoffDefinition +} + +func validateInputs(params utils.ValidationParams) error { + return utils.ValidateInputs(params) +} + +func getAuthenticator(input AuthenticatorInput) (*auth.AuthenticationObj, error) { + if input.Config.Auth.APIKey != nil { + return auth.AuthenticateUsingApiKey(input.HTTPClientObj, input.BackoffDefinition, input.APIURL, input.Logger, input.RetryMaxElapsedTimeMinutes, input.APIKey) + } + + return auth.Authenticate(input.HTTPClientObj, input.BackoffDefinition, input.APIURL, input.ClientID, input.ClientSecret, input.Logger, input.RetryMaxElapsedTimeMinutes) +} + func loadConfigSecret(ctx context.Context, ref *esv1beta1.BeyondTrustProviderSecretRef, kube client.Client, defaultNamespace string) (string, error) { if ref.SecretRef == nil { return ref.Value, nil diff --git a/pkg/provider/beyondtrust/provider_test.go b/pkg/provider/beyondtrust/provider_test.go index 37bb6a4af31..5ec5bda1689 100644 --- a/pkg/provider/beyondtrust/provider_test.go +++ b/pkg/provider/beyondtrust/provider_test.go @@ -29,6 +29,7 @@ import ( const ( errTestCase = "Test case Failed" fakeAPIURL = "https://example.com:443/BeyondTrust/api/public/v3/" + apiKey = "fakeapikey00fakeapikeydd0000000000065b010f20fakeapikey0000000008700000a93fb5d74fddc0000000000000000000000000000000000000;runas=test_user" clientID = "12345678-25fg-4b05-9ced-35e7dd5093ae" clientSecret = "12345678-25fg-4b05-9ced-35e7dd5093ae" ) @@ -268,6 +269,63 @@ func TestNewClient(t *testing.T) { validateErrorText: true, expectedErrorText: "error in Inputs: Key: 'UserInputValidaton.ClientTimeOutinSeconds' Error:Field validation for 'ClientTimeOutinSeconds' failed on the 'lte' tag", }, + { + name: "ApiKey ok", + nameSpace: "test", + args: args{ + store: esv1beta1.SecretStore{ + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + Beyondtrust: &esv1beta1.BeyondtrustProvider{ + Server: &esv1beta1.BeyondtrustServer{ + APIURL: fakeAPIURL, + RetrievalType: "SECRET", + }, + + Auth: &esv1beta1.BeyondtrustAuth{ + APIKey: &esv1beta1.BeyondTrustProviderSecretRef{ + Value: apiKey, + }, + }, + }, + }, + }, + }, + kube: createMockPasswordSafeClient(t), + provider: &Provider{}, + }, + validateErrorNil: true, + validateErrorText: false, + }, + { + name: "Bad ApiKey", + nameSpace: "test", + args: args{ + store: esv1beta1.SecretStore{ + Spec: esv1beta1.SecretStoreSpec{ + Provider: &esv1beta1.SecretStoreProvider{ + Beyondtrust: &esv1beta1.BeyondtrustProvider{ + Server: &esv1beta1.BeyondtrustServer{ + APIURL: fakeAPIURL, + RetrievalType: "SECRET", + }, + + Auth: &esv1beta1.BeyondtrustAuth{ + APIKey: &esv1beta1.BeyondTrustProviderSecretRef{ + Value: "bad_api_key", + }, + }, + }, + }, + }, + }, + kube: createMockPasswordSafeClient(t), + provider: &Provider{}, + }, + validateErrorNil: false, + validateErrorText: true, + expectedErrorText: "error in Inputs: Key: 'UserInputValidaton.ApiKey' Error:Field validation for 'ApiKey' failed on the 'min' tag", + }, } for _, tt := range tests { From 4f3909e0c9965886764584b45b8ef5906d718b04 Mon Sep 17 00:00:00 2001 From: Ronaldo Date: Wed, 27 Nov 2024 06:35:52 +0000 Subject: [PATCH 441/517] Add support for multiple Items fields in DelineSecretServer secrets (#4051) * Add support for multiple fields in DelineSecretServer secrets Signed-off-by: Ronaldo Saheki * Add tested cases for errors and update documentation Signed-off-by: Ronaldo Saheki * Update docs/provider/secretserver.md Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Ronaldo Saheki Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Ronaldo Saheki Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/provider/secretserver.md | 80 +++++++++++++++++++++++- pkg/provider/secretserver/client.go | 41 ++++++++---- pkg/provider/secretserver/client_test.go | 62 ++++++++++++++++-- 3 files changed, 166 insertions(+), 17 deletions(-) diff --git a/docs/provider/secretserver.md b/docs/provider/secretserver.md index e1ed50c7c51..2f389971fd5 100644 --- a/docs/provider/secretserver.md +++ b/docs/provider/secretserver.md @@ -69,7 +69,7 @@ You can either retrieve your entire secret or you can use a JSON formatted strin stored in your secret located at Items[0].ItemValue to retrieve a specific value.
    See example JSON secret below. -### Examples +#### Examples Using the json formatted secret below: - Lookup a single top level property using secret ID. @@ -131,3 +131,81 @@ returns: The entire secret in JSON format as displayed below ] } ``` + +### Referencing Secrets in multiple Items secrets + +If there is more then one Item in the secret, it supports to retrieve them (all Item.\*.ItemValue) looking up by Item.\*.FieldName or Item.\*.Slug, instead of the above behaviour to use gjson only on the first item Items.0.ItemValue only. + +#### Examples + +Using the json formatted secret below: + +- Lookup a single top level property using secret ID. + +>spec.data.remoteRef.key = 4000 (id of the secret)
    +spec.data.remoteRef.property = "Username" (Items.0.FieldName)
    +returns: usernamevalue + +- Lookup a nested property using secret name. + +>spec.data.remoteRef.key = "Secretname" (name of the secret)
    +spec.data.remoteRef.property = "password" (Items.1.slug)
    +returns: passwordvalue + +- Lookup by secret ID (*secret name will work as well*) and return the entire secret. + +>spec.data.remoteRef.key = "4000" (id of the secret)
    +returns: The entire secret in JSON format as displayed below + + +```JSON +{ + "Name": "Secretname", + "FolderID": 0, + "ID": 4000, + "SiteID": 0, + "SecretTemplateID": 0, + "LauncherConnectAsSecretID": 0, + "CheckOutIntervalMinutes": 0, + "Active": false, + "CheckedOut": false, + "CheckOutEnabled": false, + "AutoChangeEnabled": false, + "CheckOutChangePasswordEnabled": false, + "DelayIndexing": false, + "EnableInheritPermissions": false, + "EnableInheritSecretPolicy": false, + "ProxyEnabled": false, + "RequiresComment": false, + "SessionRecordingEnabled": false, + "WebLauncherRequiresIncognitoMode": false, + "Items": [ + { + "ItemID": 0, + "FieldID": 0, + "FileAttachmentID": 0, + "FieldName": "Username", + "Slug": "username", + "FieldDescription": "", + "Filename": "", + "ItemValue": "usernamevalue", + "IsFile": false, + "IsNotes": false, + "IsPassword": false + }, + { + "ItemID": 0, + "FieldID": 0, + "FileAttachmentID": 0, + "FieldName": "Password", + "Slug": "password", + "FieldDescription": "", + "Filename": "", + "ItemValue": "passwordvalue", + "IsFile": false, + "IsNotes": false, + "IsPassword": false + } + ] +} +``` diff --git a/pkg/provider/secretserver/client.go b/pkg/provider/secretserver/client.go index c3f19db3b3f..49398675ec9 100644 --- a/pkg/provider/secretserver/client.go +++ b/pkg/provider/secretserver/client.go @@ -61,18 +61,37 @@ func (c *client) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretData if ref.Property == "" { return jsonStr, nil } - // extract first "field" i.e. Items.0.ItemValue, data from secret using gjson - val := gjson.Get(string(jsonStr), "Items.0.ItemValue") - if !val.Exists() { - return nil, esv1beta1.NoSecretError{} - } - // extract specific value from data directly above using gjson - out := gjson.Get(val.String(), ref.Property) - if !out.Exists() { - return nil, esv1beta1.NoSecretError{} - } - return []byte(out.String()), nil + // Keep original behavior of decoding first Item into gjson + if len(secret.Fields) == 1 { + // extract first "field" i.e. Items.0.ItemValue, data from secret using gjson + val := gjson.Get(string(jsonStr), "Items.0.ItemValue") + if !val.Exists() { + return nil, esv1beta1.NoSecretError{} + } + // extract specific value from data directly above using gjson + out := gjson.Get(val.String(), ref.Property) + if !out.Exists() { + return nil, esv1beta1.NoSecretError{} + } + return []byte(out.String()), nil + } else { + // More general case Fields is an array in DelineaXPM/tss-sdk-go/v2/server + // https://github.com/DelineaXPM/tss-sdk-go/blob/571e5674a8103031ad6f873453db27959ec1ca67/server/secret.go#L23 + secretMap := make(map[string]string) + + for index := range secret.Fields { + secretMap[secret.Fields[index].FieldName] = secret.Fields[index].ItemValue + secretMap[secret.Fields[index].Slug] = secret.Fields[index].ItemValue + } + + out, ok := secretMap[ref.Property] + if !ok { + return nil, esv1beta1.NoSecretError{} + } + + return []byte(out), nil + } } // Not supported at this time. diff --git a/pkg/provider/secretserver/client_test.go b/pkg/provider/secretserver/client_test.go index c338de70ee1..026136c36d1 100644 --- a/pkg/provider/secretserver/client_test.go +++ b/pkg/provider/secretserver/client_test.go @@ -79,6 +79,20 @@ func getJSONData() (*server.Secret, error) { return s, nil } +func createTestSecretFromCode(id int) *server.Secret { + s := new(server.Secret) + s.ID = id + s.Name = "Secretname" + s.Fields = make([]server.SecretField, 2) + s.Fields[0].ItemValue = "usernamevalue" + s.Fields[0].FieldName = "Username" + s.Fields[0].Slug = "username" + s.Fields[1].FieldName = "Password" + s.Fields[1].Slug = "password" + s.Fields[1].ItemValue = "passwordvalue" + return s +} + func newTestClient() esv1beta1.SecretsClient { return &client{ api: &fakeAPI{ @@ -86,16 +100,18 @@ func newTestClient() esv1beta1.SecretsClient { createSecret(1000, "{ \"user\": \"robertOppenheimer\", \"password\": \"badPassword\",\"server\":\"192.168.1.50\"}"), createSecret(2000, "{ \"user\": \"helloWorld\", \"password\": \"badPassword\",\"server\":[ \"192.168.1.50\",\"192.168.1.51\"] }"), createSecret(3000, "{ \"user\": \"chuckTesta\", \"password\": \"badPassword\",\"server\":\"192.168.1.50\"}"), + createTestSecretFromCode(4000), }, }, } } -func TestGetSecret(t *testing.T) { +func TestGetSecretSecretServer(t *testing.T) { ctx := context.Background() c := newTestClient() s, _ := getJSONData() jsonStr, _ := json.Marshal(s) + jsonStr2, _ := json.Marshal(createTestSecretFromCode(4000)) testCases := map[string]struct { ref esv1beta1.ExternalSecretDataRemoteRef @@ -116,33 +132,69 @@ func TestGetSecret(t *testing.T) { }, want: []byte(`robertOppenheimer`), }, - "key and password property returns a single value": { + "Secret from JSON: key and password property returns a single value": { ref: esv1beta1.ExternalSecretDataRemoteRef{ Key: "1000", Property: "password", }, want: []byte(`badPassword`), }, - "key and nested property returns a single value": { + "Secret from JSON: key and nested property returns a single value": { ref: esv1beta1.ExternalSecretDataRemoteRef{ Key: "2000", Property: "server.1", }, want: []byte(`192.168.1.51`), }, - "existent key with non-existing propery": { + "Secret from JSON: existent key with non-existing propery": { ref: esv1beta1.ExternalSecretDataRemoteRef{ Key: "3000", Property: "foo.bar", }, err: esv1beta1.NoSecretError{}, }, - "existent 'name' key with no propery": { + "Secret from JSON: existent 'name' key with no propery": { ref: esv1beta1.ExternalSecretDataRemoteRef{ Key: "1000", }, want: jsonStr, }, + "Secret from code: existent key with no property": { + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: "4000", + }, + want: jsonStr2, + }, + "Secret from code: key and username fieldnamereturns a single value": { + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: "4000", + Property: "Username", + }, + want: []byte(`usernamevalue`), + }, + "Secret from code: 'name' and password slug returns a single value": { + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: "Secretname", + Property: "password", + }, + want: []byte(`passwordvalue`), + }, + "Secret from code: 'name' not found and password slug returns error": { + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: "Secretnameerror", + Property: "password", + }, + want: []byte(nil), + err: errNotFound, + }, + "Secret from code: 'name' found and non-existent attribute slug returns noSecretError": { + ref: esv1beta1.ExternalSecretDataRemoteRef{ + Key: "Secretname", + Property: "passwordkey", + }, + want: []byte(nil), + err: esv1beta1.NoSecretError{}, + }, } for name, tc := range testCases { From e65bf8d402af3c983249c16c11494ec92e31e7cd Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Wed, 27 Nov 2024 16:04:38 -0300 Subject: [PATCH 442/517] chore: deprecation policy and deprecating process (#4154) * chore: deprecation policy and deprecating process Signed-off-by: Gustavo Carvalho * fix: add missing non-scope to website Signed-off-by: Gustavo Carvalho * chore: adds inclusion to in-scope Signed-off-by: Gustavo Carvalho * Update DEPRECATING.md Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> * Update DEPRECATING.md Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> --------- Signed-off-by: Gustavo Carvalho Signed-off-by: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- DEPRECATING.md | 108 ++++++++++++++++++++++++ docs/introduction/deprecation-policy.md | 18 +++- 2 files changed, 123 insertions(+), 3 deletions(-) create mode 100644 DEPRECATING.md diff --git a/DEPRECATING.md b/DEPRECATING.md new file mode 100644 index 00000000000..8bc824b0568 --- /dev/null +++ b/DEPRECATING.md @@ -0,0 +1,108 @@ +# External Secrets Operator Deprecation Policy + +This document defines the Deprecation Policy for External Secrets Operator components. + +## Overview + +**External Secrets Operator** is a Kubernetes operator that integrates external +secret management systems like [AWS Secrets +Manager](https://aws.amazon.com/secrets-manager/), [HashiCorp +Vault](https://www.vaultproject.io/), [Google Secrets +Manager](https://cloud.google.com/secret-manager), [Azure Key +Vault](https://azure.microsoft.com/en-us/services/key-vault/), [CyberArk Conjur](https://www.conjur.org) and many more. The +operator reads information from external APIs and automatically injects the +values into a [Kubernetes +Secret](https://kubernetes.io/docs/concepts/configuration/secret/). + +## Deprecation Policy + +We follow the [Kubernetes Deprecation Policy](https://kubernetes.io/docs/reference/using-api/deprecation-policy/) and [API Versioning Scheme](https://kubernetes.io/docs/reference/using-api/#api-versioning): alpha, beta, GA. + +The project is currently in `beta` state. Please try the `beta` features and provide feedback. After the features exits beta, it may not be practical to make more changes. + +* alpha + * The support for a feature may be dropped at any time without notice. + * The API may change in incompatible ways in a later software release without notice. + * The software is recommended for use only in short-lived testing clusters, due to increased risk of bugs and lack of long-term support. + +* beta + * The software is well tested. Enabling a feature is considered safe. Features are enabled by default. + * The support for a feature will not be dropped, though the details may change. + * The schema and/or semantics of objects may change in incompatible ways in a subsequent beta or stable release. When this happens, migration instructions are provided. Schema changes may require deleting, editing, and re-creating API objects. The editing process may not be straightforward. The migration may require downtime for applications that rely on the feature. + * The software is not recommended for production uses. Subsequent releases may introduce incompatible changes. If you have multiple clusters which can be upgraded independently, you may be able to relax this restriction. +* GA + * The stable versions of features appear in released software for many subsequent versions. + * Use it in production ;) + +## API Surface + +We define the following scope that is covered by our deprecation policy. We follow the [9 Rules of the Kubernetes Deprecation Policy](https://kubernetes.io/docs/reference/using-api/deprecation-policy/). + +### Scope +* API Objects and fields: `.Spec`, `.Status` and `.Status.Conditions[]` +* Enums and constant values +* Controller Configuration: CLI flags & environment variables +* Metrics as defined in the [Kubernetes docs](https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecating-a-metric) +* The following features or specific behavior: + * `ExternalSecret` [update mechanics](http://localhost:8000/api-externalsecret/#update-behavior) + +### Non-Scope +Everything not listed in scope is not subject to this deprecation policy and it is subject to breaking changes, updates at any point in time, and deprecation - **as long as it follows the Deprecation Process listed below**. + +This includes, but isn't limited to : +* Any feature / specific behavior not in Scope. +* Source code imports +* Helm Charts +* Release process +* Docker Images (including multi-arch builds) +* Image Signature (including provenance, providers, keys) +* OLM-specific builds + +## Including features and behaviors to the Deprecation Policy +Any maintainer may propose including a feature, component, or behavior out of scope to be in scope of the deprecation policy. + +The proposal must clearly outline the rationale for inclusion, the impact on users, stability, long term maintenance plan, and day-to-day activities, if such. + +The proposal must be formalized by submitting a `design` document as a Pull Request. + +## Deprecation Process +### Nomination of Deprecation + +Any maintainer may propose deprecating a feature, component, or behavior (both in and out of scope). In Scope changes must abide to the Deprecation Policy above. + +The proposal must clearly outline the rationale for deprecation, the impact on users, and any alternatives, if such. + +The proposal must be formalized by submiting a `design` document as a Pull Request. + +### Showcase to Maintainers + +The proposing maintainer must present the proposed deprecation to the maintainer group. This can be done synchronously during a community meeting or asynchronously, through a GitHub Pull Request. + +### Voting + +A majority vote of maintainers is required to approve the deprecation. +Votes may be conducted asynchronously, with a reasonable deadline for responses (e.g., one week). Lazy Consensus applies if the reasonable deadline is extended, with a minimal of at least one other maintainer approving the changes. + +### Implementation + +Upon approval, the proposing maintainer is responsible for implementing the changes required to mark the feature as deprecated. This includes: + +* Updating the codebase with deprecation warnings where applicable. +* Documenting the deprecation in release notes and relevant documentation. +* Updating APIs, metrics, or behaviors per the Kubernetes Deprecation Policy if in scope. +* If the feature is entirely deprecated (e.g., OLM-specific builds), archival of any associated repositories. + +### Deprecation Notice in Release + +Deprecation must be introduced in the next release. The release must follow semantic versioning: +* If the project is in the 0.x stage, a minor version bump is required. +* For projects 1.x and beyond, a major version bump is required. + +The release notes must prominently include: +* A deprecation notice for the feature. +* The expected timeline for removal (if applicable). + +### Full Deprecation and Removal + +When a deprecated feature is removed, it must be communicated in the release notes of the removal version. +The removal must follow standard Kubernetes deprecation timelines if the feature is in scope. \ No newline at end of file diff --git a/docs/introduction/deprecation-policy.md b/docs/introduction/deprecation-policy.md index 5a1705ea181..10775008c7a 100644 --- a/docs/introduction/deprecation-policy.md +++ b/docs/introduction/deprecation-policy.md @@ -27,9 +27,21 @@ We define the following scope that is covered by our deprecation policy. We foll * Enums and constant values * Controller Configuration: CLI flags & environment variables * Metrics as defined in the [Kubernetes docs](https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecating-a-metric) -* a feature or specific behavior: +* The following features or specific behavior: * `ExternalSecret` [update mechanics](http://localhost:8000/api-externalsecret/#update-behavior) ### Non-Scope -We do not provide stability guarantee for **source code imports**. The Interfaces and the behavior will change in a unexpected and backwards-incompatible way. However, -The maintained helm chart is not part of this deprecation policy. +Everything not listed in scope is not subject to this deprecation policy and it is subject to breaking changes, updates at any point in time, and deprecation - **as long as it follows the Deprecation Process listed below**. + +This includes, but insn't limited to : +* Any feature / specific behavior not in Scope. +* Source code imports +* Helm Charts +* Release process +* Docker Images (including multi-arch builds) +* Image Signature (including provenance, providers, keys) +* OLM-specific builds + +## Depreaction Process: + +Deprecation process is described within the [project github repository](https://github.com/external-secrets/external-secrets/blob/main/DEPRECATING.md) \ No newline at end of file From 73bff05bf2d284c45be3010fb396e481d9aa424f Mon Sep 17 00:00:00 2001 From: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Date: Thu, 28 Nov 2024 00:28:21 -0800 Subject: [PATCH 443/517] fix: use cache when retrieving generators (#4153) * fix: use cache when retrieving generators Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * fix longstanding schema issues Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> --------- Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- apis/generators/v1alpha1/generator_schema.go | 25 -- apis/generators/v1alpha1/generator_types.go | 4 + apis/generators/v1alpha1/register.go | 2 +- cmd/root.go | 14 +- cmd/webhook.go | 10 +- e2e/framework/util/util.go | 34 ++- .../externalsecret_controller.go | 6 +- .../externalsecret_controller_secret.go | 2 +- .../pushsecret/pushsecret_controller.go | 2 +- .../secretstore/client_manager_test.go | 21 +- pkg/utils/resolvers/generator.go | 260 +++++++++++------- 11 files changed, 219 insertions(+), 161 deletions(-) diff --git a/apis/generators/v1alpha1/generator_schema.go b/apis/generators/v1alpha1/generator_schema.go index f97d67461ed..ed0a13a0aa5 100644 --- a/apis/generators/v1alpha1/generator_schema.go +++ b/apis/generators/v1alpha1/generator_schema.go @@ -17,10 +17,6 @@ package v1alpha1 import ( "fmt" "sync" - - apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/util/json" ) var builder map[string]Generator @@ -58,24 +54,3 @@ func GetGeneratorByName(kind string) (Generator, bool) { buildlock.RUnlock() return f, ok } - -// GetGenerator returns an implementation from a generator -// defined as json. -func GetGenerator(obj *apiextensions.JSON) (Generator, error) { - type unknownGenerator struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - } - var res unknownGenerator - err := json.Unmarshal(obj.Raw, &res) - if err != nil { - return nil, err - } - buildlock.RLock() - defer buildlock.RUnlock() - gen, ok := builder[res.Kind] - if !ok { - return nil, fmt.Errorf("failed to find registered generator for: %s with kind: %s", string(obj.Raw), res.Kind) - } - return gen, nil -} diff --git a/apis/generators/v1alpha1/generator_types.go b/apis/generators/v1alpha1/generator_types.go index e0e9cc9e210..d5de79d3ad1 100644 --- a/apis/generators/v1alpha1/generator_types.go +++ b/apis/generators/v1alpha1/generator_types.go @@ -32,6 +32,10 @@ type ControllerClassResource struct { } type GeneratorSpec struct { + // NOTE: when adding new supported generators, make sure to also update + // clusterGeneratorToVirtual() function in pkg/utils/resolvers/generator.go + // so they can be unpacked correctly. + ACRAccessTokenSpec *ACRAccessTokenSpec `json:"acrAccessTokenSpec,omitempty"` ECRAuthorizationTokenSpec *ECRAuthorizationTokenSpec `json:"ecrRAuthorizationTokenSpec,omitempty"` FakeSpec *FakeSpec `json:"fakeSpec,omitempty"` diff --git a/apis/generators/v1alpha1/register.go b/apis/generators/v1alpha1/register.go index 6379de14425..beebc86f3ba 100644 --- a/apis/generators/v1alpha1/register.go +++ b/apis/generators/v1alpha1/register.go @@ -125,7 +125,7 @@ var ( ) func init() { - SchemeBuilder.Register(&ECRAuthorizationToken{}, &ECRAuthorizationToken{}) + SchemeBuilder.Register(&ECRAuthorizationToken{}, &ECRAuthorizationTokenList{}) SchemeBuilder.Register(&GCRAccessToken{}, &GCRAccessTokenList{}) SchemeBuilder.Register(&GithubAccessToken{}, &GithubAccessTokenList{}) SchemeBuilder.Register(&ACRAccessToken{}, &ACRAccessTokenList{}) diff --git a/cmd/root.go b/cmd/root.go index a8a85681605..cc2cca9dce9 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -25,6 +25,7 @@ import ( v1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/cache" @@ -94,11 +95,14 @@ const ( ) func init() { - _ = clientgoscheme.AddToScheme(scheme) - _ = esv1beta1.AddToScheme(scheme) - _ = esv1alpha1.AddToScheme(scheme) - _ = genv1alpha1.AddToScheme(scheme) - _ = apiextensionsv1.AddToScheme(scheme) + // kubernetes schemes + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + utilruntime.Must(apiextensionsv1.AddToScheme(scheme)) + + // external-secrets schemes + utilruntime.Must(esv1beta1.AddToScheme(scheme)) + utilruntime.Must(esv1alpha1.AddToScheme(scheme)) + utilruntime.Must(genv1alpha1.AddToScheme(scheme)) } var rootCmd = &cobra.Command{ diff --git a/cmd/webhook.go b/cmd/webhook.go index ea718117a4c..7040138c4e6 100644 --- a/cmd/webhook.go +++ b/cmd/webhook.go @@ -29,6 +29,7 @@ import ( "github.com/spf13/cobra" "go.uber.org/zap/zapcore" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/log/zap" @@ -45,9 +46,12 @@ const ( ) func init() { - _ = clientgoscheme.AddToScheme(scheme) - _ = esv1beta1.AddToScheme(scheme) - _ = esv1alpha1.AddToScheme(scheme) + // kubernetes schemes + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + + // external-secrets schemes + utilruntime.Must(esv1beta1.AddToScheme(scheme)) + utilruntime.Must(esv1alpha1.AddToScheme(scheme)) } var webhookCmd = &cobra.Command{ diff --git a/e2e/framework/util/util.go b/e2e/framework/util/util.go index a8464ab5a8b..43cece0bd9f 100644 --- a/e2e/framework/util/util.go +++ b/e2e/framework/util/util.go @@ -24,37 +24,43 @@ import ( fluxhelm "github.com/fluxcd/helm-controller/api/v2beta1" fluxsrc "github.com/fluxcd/source-controller/api/v1beta2" - - // nolint - . "github.com/onsi/ginkgo/v2" v1 "k8s.io/api/core/v1" apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/apimachinery/pkg/util/wait" "k8s.io/client-go/kubernetes" - "k8s.io/client-go/kubernetes/scheme" + clientgoscheme "k8s.io/client-go/kubernetes/scheme" restclient "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" "k8s.io/client-go/tools/remotecommand" crclient "sigs.k8s.io/controller-runtime/pkg/client" + // nolint + . "github.com/onsi/ginkgo/v2" + esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1" ) -var Scheme = runtime.NewScheme() +var scheme = runtime.NewScheme() func init() { - _ = scheme.AddToScheme(Scheme) - _ = esv1beta1.AddToScheme(Scheme) - _ = esv1alpha1.AddToScheme(Scheme) - _ = genv1alpha1.AddToScheme(Scheme) - _ = fluxhelm.AddToScheme(Scheme) - _ = fluxsrc.AddToScheme(Scheme) - _ = apiextensionsv1.AddToScheme(Scheme) + // kubernetes schemes + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + utilruntime.Must(apiextensionsv1.AddToScheme(scheme)) + + // external-secrets schemes + utilruntime.Must(esv1beta1.AddToScheme(scheme)) + utilruntime.Must(esv1alpha1.AddToScheme(scheme)) + utilruntime.Must(genv1alpha1.AddToScheme(scheme)) + + // other schemes + utilruntime.Must(fluxhelm.AddToScheme(scheme)) + utilruntime.Must(fluxsrc.AddToScheme(scheme)) } const ( @@ -129,7 +135,7 @@ func execCmd(client kubernetes.Interface, config *restclient.Config, podName, co } req.VersionedParams( option, - scheme.ParameterCodec, + clientgoscheme.ParameterCodec, ) exec, err := remotecommand.NewSPDYExecutor(config, "POST", req.URL()) if err != nil { @@ -290,7 +296,7 @@ func NewConfig() (*restclient.Config, *kubernetes.Clientset, crclient.Client) { Fail(err.Error()) } - CRClient, err := crclient.New(kubeConfig, crclient.Options{Scheme: Scheme}) + CRClient, err := crclient.New(kubeConfig, crclient.Options{Scheme: scheme}) if err != nil { Fail(err.Error()) } diff --git a/pkg/controllers/externalsecret/externalsecret_controller.go b/pkg/controllers/externalsecret/externalsecret_controller.go index d7d016dc3f8..b9a94897622 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller.go +++ b/pkg/controllers/externalsecret/externalsecret_controller.go @@ -799,12 +799,16 @@ func shouldSkipUnmanagedStore(ctx context.Context, namespace string, r *Reconcil // verify that generator's controllerClass matches if ref.SourceRef != nil && ref.SourceRef.GeneratorRef != nil { - _, obj, err := resolvers.GeneratorRef(ctx, r.RestConfig, namespace, ref.SourceRef.GeneratorRef) + _, obj, err := resolvers.GeneratorRef(ctx, r.Client, r.Scheme, namespace, ref.SourceRef.GeneratorRef) if err != nil { if apierrors.IsNotFound(err) { // skip non-existent generators continue } + if errors.Is(err, resolvers.ErrUnableToGetGenerator) { + // skip generators that we can't get (e.g. due to being invalid) + continue + } return false, err } skipGenerator, err := shouldSkipGenerator(r, obj) diff --git a/pkg/controllers/externalsecret/externalsecret_controller_secret.go b/pkg/controllers/externalsecret/externalsecret_controller_secret.go index e122e284c7f..00c99bf71be 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_secret.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_secret.go @@ -111,7 +111,7 @@ func toStoreGenSourceRef(ref *esv1beta1.StoreSourceRef) *esv1beta1.StoreGenerato } func (r *Reconciler) handleGenerateSecrets(ctx context.Context, namespace string, remoteRef esv1beta1.ExternalSecretDataFromRemoteRef, i int) (map[string][]byte, error) { - gen, obj, err := resolvers.GeneratorRef(ctx, r.RestConfig, namespace, remoteRef.SourceRef.GeneratorRef) + gen, obj, err := resolvers.GeneratorRef(ctx, r.Client, r.Scheme, namespace, remoteRef.SourceRef.GeneratorRef) if err != nil { return nil, fmt.Errorf("unable to resolve generator: %w", err) } diff --git a/pkg/controllers/pushsecret/pushsecret_controller.go b/pkg/controllers/pushsecret/pushsecret_controller.go index 09e60523c0c..3b2aac83e33 100644 --- a/pkg/controllers/pushsecret/pushsecret_controller.go +++ b/pkg/controllers/pushsecret/pushsecret_controller.go @@ -372,7 +372,7 @@ func (r *Reconciler) resolveSecret(ctx context.Context, ps esapi.PushSecret) (*v } func (r *Reconciler) resolveSecretFromGenerator(ctx context.Context, namespace string, generatorRef *v1beta1.GeneratorRef) (*v1.Secret, error) { - gen, obj, err := resolvers.GeneratorRef(ctx, r.RestConfig, namespace, generatorRef) + gen, obj, err := resolvers.GeneratorRef(ctx, r.Client, r.Scheme, namespace, generatorRef) if err != nil { return nil, fmt.Errorf("unable to resolve generator: %w", err) } diff --git a/pkg/controllers/secretstore/client_manager_test.go b/pkg/controllers/secretstore/client_manager_test.go index 41b5c0021d7..5038b29682f 100644 --- a/pkg/controllers/secretstore/client_manager_test.go +++ b/pkg/controllers/secretstore/client_manager_test.go @@ -25,6 +25,7 @@ import ( apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" + utilruntime "k8s.io/apimachinery/pkg/util/runtime" clientgoscheme "k8s.io/client-go/kubernetes/scheme" "sigs.k8s.io/controller-runtime/pkg/client" fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake" @@ -35,9 +36,13 @@ import ( func TestManagerGet(t *testing.T) { scheme := runtime.NewScheme() - _ = clientgoscheme.AddToScheme(scheme) - _ = esv1beta1.AddToScheme(scheme) - _ = apiextensionsv1.AddToScheme(scheme) + + // add kubernetes schemes + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + utilruntime.Must(apiextensionsv1.AddToScheme(scheme)) + + // add external-secrets schemes + utilruntime.Must(esv1beta1.AddToScheme(scheme)) // We have a test provider to control // the behavior of the NewClient func. @@ -312,9 +317,13 @@ func TestManagerGet(t *testing.T) { func TestShouldProcessSecret(t *testing.T) { scheme := runtime.NewScheme() - _ = clientgoscheme.AddToScheme(scheme) - _ = esv1beta1.AddToScheme(scheme) - _ = apiextensionsv1.AddToScheme(scheme) + + // add kubernetes schemes + utilruntime.Must(clientgoscheme.AddToScheme(scheme)) + utilruntime.Must(apiextensionsv1.AddToScheme(scheme)) + + // add external-secrets schemes + utilruntime.Must(esv1beta1.AddToScheme(scheme)) testNamespace := "test-a" testCases := []struct { diff --git a/pkg/utils/resolvers/generator.go b/pkg/utils/resolvers/generator.go index fcc90a9549f..73eb1b06317 100644 --- a/pkg/utils/resolvers/generator.go +++ b/pkg/utils/resolvers/generator.go @@ -17,146 +17,198 @@ package resolvers import ( "context" "fmt" + "reflect" apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" - "k8s.io/apimachinery/pkg/api/meta" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" + "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" - "k8s.io/apimachinery/pkg/util/json" - "k8s.io/client-go/discovery" - "k8s.io/client-go/dynamic" - "k8s.io/client-go/rest" - "k8s.io/client-go/restmapper" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" + "sigs.k8s.io/controller-runtime/pkg/reconcile" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1" ) +// these errors are explicitly defined so we can detect them with `errors.Is()`. +var ( + // ErrUnableToGetGenerator is returned when a generator reference cannot be resolved. + ErrUnableToGetGenerator = fmt.Errorf("unable to get generator") +) + // GeneratorRef resolves a generator reference to a generator implementation. -func GeneratorRef(ctx context.Context, restConfig *rest.Config, namespace string, generatorRef *esv1beta1.GeneratorRef) (genv1alpha1.Generator, *apiextensions.JSON, error) { - obj, err := getGeneratorDefinition(ctx, restConfig, namespace, generatorRef) - if err != nil { - return nil, nil, fmt.Errorf("unable to get generator definition: %w", err) - } - generator, err := genv1alpha1.GetGenerator(obj) +func GeneratorRef(ctx context.Context, cl client.Client, scheme *runtime.Scheme, namespace string, generatorRef *esv1beta1.GeneratorRef) (genv1alpha1.Generator, *apiextensions.JSON, error) { + generator, jsonObj, err := getGenerator(ctx, cl, scheme, namespace, generatorRef) if err != nil { - return nil, nil, fmt.Errorf("unable to get generator: %w", err) + return nil, nil, fmt.Errorf("%w: %w", ErrUnableToGetGenerator, err) } - return generator, obj, nil + return generator, jsonObj, nil } -func getGeneratorDefinition(ctx context.Context, restConfig *rest.Config, namespace string, generatorRef *esv1beta1.GeneratorRef) (*apiextensions.JSON, error) { - // client-go dynamic client needs a GVR to fetch the resource - // But we only have the GVK in our generatorRef. - // - // TODO: there is no need to discover the GroupVersionResource - // this should be cached. - c := discovery.NewDiscoveryClientForConfigOrDie(restConfig) - groupResources, err := restmapper.GetAPIGroupResources(c) - if err != nil { - return nil, err - } - +func getGenerator(ctx context.Context, cl client.Client, scheme *runtime.Scheme, namespace string, generatorRef *esv1beta1.GeneratorRef) (genv1alpha1.Generator, *apiextensions.JSON, error) { + // get a GVK from the generatorRef gv, err := schema.ParseGroupVersion(generatorRef.APIVersion) if err != nil { - return nil, err - } - mapper := restmapper.NewDiscoveryRESTMapper(groupResources) - mapping, err := mapper.RESTMapping(schema.GroupKind{ - Group: gv.Group, - Kind: generatorRef.Kind, - }) - if err != nil { - return nil, err + return nil, nil, reconcile.TerminalError(fmt.Errorf("generatorRef has invalid APIVersion: %w", err)) } - d, err := dynamic.NewForConfig(restConfig) - if err != nil { - return nil, err - } - - if generatorRef.Kind == "ClusterGenerator" { - return extractGeneratorFromClusterGenerator(ctx, d, mapping, generatorRef) + gvk := schema.GroupVersionKind{ + Group: gv.Group, + Version: gv.Version, + Kind: generatorRef.Kind, } - res, err := d.Resource(mapping.Resource).Namespace(namespace).Get(ctx, generatorRef.Name, metav1.GetOptions{}) - if err != nil { - return nil, err + // fail if the GVK does not use the generator group + if gvk.Group != genv1alpha1.Group { + return nil, nil, reconcile.TerminalError(fmt.Errorf("generatorRef may only reference the generators group, but got %s", gvk.Group)) } - jsonRes, err := res.MarshalJSON() - if err != nil { - return nil, err + // get a client Object from the GVK + t, exists := scheme.AllKnownTypes()[gvk] + if !exists { + return nil, nil, reconcile.TerminalError(fmt.Errorf("generatorRef references unknown GVK %s", gvk)) } - return &apiextensions.JSON{Raw: jsonRes}, nil -} + obj := reflect.New(t).Interface().(client.Object) -func extractGeneratorFromClusterGenerator( - ctx context.Context, - d *dynamic.DynamicClient, - mapping *meta.RESTMapping, - generatorRef *esv1beta1.GeneratorRef, -) (*apiextensions.JSON, error) { - res, err := d.Resource(mapping.Resource).Get(ctx, generatorRef.Name, metav1.GetOptions{}) - if err != nil { - return nil, err - } + // this interface provides the Generate() method used by the controller + // NOTE: all instances of a generator kind use the same instance of this interface + var generator genv1alpha1.Generator - spec, err := extractValue[map[string]any](res.Object, genv1alpha1.GeneratorSpecKey) - if err != nil { - return nil, err - } + // ClusterGenerator is a special case because it's a cluster-scoped resource + // to use it, we create a "virtual" namespaced generator for the current namespace, as if one existed in the API + if gvk.Kind == genv1alpha1.ClusterGeneratorKind { + clusterGenerator := obj.(*genv1alpha1.ClusterGenerator) - generator, err := extractValue[map[string]any](spec, genv1alpha1.GeneratorGeneratorKey) - if err != nil { - return nil, err - } + // get the cluster generator resource from the API + // NOTE: it's important that we use the structured client so we use the cache + err = cl.Get(ctx, client.ObjectKey{Name: generatorRef.Name}, clusterGenerator) + if err != nil { + return nil, nil, err + } - kind, err := extractValue[string](spec, genv1alpha1.GeneratorKindKey) - if err != nil { - return nil, err - } + // convert the cluster generator to a virtual namespaced generator object + obj, err = clusterGeneratorToVirtual(clusterGenerator) + if err != nil { + return nil, nil, reconcile.TerminalError(fmt.Errorf("invalid ClusterGenerator: %w", err)) + } - // find the first value and that's what we are going to take - // this will be the generator that has been set by the user - var result []byte - for _, v := range generator { - vMap, ok := v.(map[string]interface{}) + // get the generator interface + var ok bool + generator, ok = genv1alpha1.GetGeneratorByName(clusterGenerator.Spec.Kind) if !ok { - return nil, fmt.Errorf("kind was not of object type for cluster generator %T", v) + return nil, nil, reconcile.TerminalError(fmt.Errorf("ClusterGenerator has unknown kind %s", clusterGenerator.Spec.Kind)) } - - // Construct our generator object so it can be later unmarshalled into a valid Generator Spec. - object := map[string]interface{}{} - object["kind"] = kind - object["spec"] = vMap - result, err = json.Marshal(object) + } else { + // get the generator resource from the API + // NOTE: it's important that we use the structured client so we use the cache + err = cl.Get(ctx, types.NamespacedName{ + Name: generatorRef.Name, + Namespace: namespace, + }, obj) if err != nil { - return nil, err + return nil, nil, err } - return &apiextensions.JSON{Raw: result}, nil + // get the generator interface + var ok bool + generator, ok = genv1alpha1.GetGeneratorByName(gvk.Kind) + if !ok { + return nil, nil, reconcile.TerminalError(fmt.Errorf("generatorRef has unknown kind %s", gvk.Kind)) + } } - return nil, fmt.Errorf("no defined generators found for cluster generator spec: %v", spec) -} - -// extractValue fetches a specific key value that we are looking for in a map. -func extractValue[T any](m any, k string) (T, error) { - var result T - v, ok := m.(map[string]any) - if !ok { - return result, fmt.Errorf("value was not of type map[string]any but: %T", m) + // convert the generator to unstructured object + u := &unstructured.Unstructured{} + u.Object, err = runtime.DefaultUnstructuredConverter.ToUnstructured(obj) + if err != nil { + return nil, nil, err } - vv, ok := v[k] - if !ok { - return result, fmt.Errorf("key %s was not found in map", k) + // convert the unstructured object to JSON + // NOTE: we do this for backwards compatibility with how this API works, not because it's a good idea + // we should refactor the generator API to use the normal typed objects + jsonObj, err := u.MarshalJSON() + if err != nil { + return nil, nil, err } - vvv, ok := vv.(T) - if !ok { - return result, fmt.Errorf("value was not of type T but: %T", vvv) - } + return generator, &apiextensions.JSON{Raw: jsonObj}, nil +} - return vvv, nil +// clusterGeneratorToVirtual converts a ClusterGenerator to a "virtual" namespaced generator that doesn't actually exist in the API. +func clusterGeneratorToVirtual(gen *genv1alpha1.ClusterGenerator) (client.Object, error) { + switch gen.Spec.Kind { + case genv1alpha1.ACRAccessTokenKind: + if gen.Spec.Generator.ACRAccessTokenSpec == nil { + return nil, fmt.Errorf("when kind is %s, ACRAccessTokenSpec must be set", gen.Spec.Kind) + } + return &genv1alpha1.ACRAccessToken{ + Spec: *gen.Spec.Generator.ACRAccessTokenSpec, + }, nil + case genv1alpha1.ECRAuthorizationTokenKind: + if gen.Spec.Generator.ECRAuthorizationTokenSpec == nil { + return nil, fmt.Errorf("when kind is %s, ECRAuthorizationTokenSpec must be set", gen.Spec.Kind) + } + return &genv1alpha1.ECRAuthorizationToken{ + Spec: *gen.Spec.Generator.ECRAuthorizationTokenSpec, + }, nil + case genv1alpha1.FakeKind: + if gen.Spec.Generator.FakeSpec == nil { + return nil, fmt.Errorf("when kind is %s, FakeSpec must be set", gen.Spec.Kind) + } + return &genv1alpha1.Fake{ + Spec: *gen.Spec.Generator.FakeSpec, + }, nil + case genv1alpha1.GCRAccessTokenKind: + if gen.Spec.Generator.GCRAccessTokenSpec == nil { + return nil, fmt.Errorf("when kind is %s, GCRAccessTokenSpec must be set", gen.Spec.Kind) + } + return &genv1alpha1.GCRAccessToken{ + Spec: *gen.Spec.Generator.GCRAccessTokenSpec, + }, nil + case genv1alpha1.GithubAccessTokenKind: + if gen.Spec.Generator.GithubAccessTokenSpec == nil { + return nil, fmt.Errorf("when kind is %s, GithubAccessTokenSpec must be set", gen.Spec.Kind) + } + return &genv1alpha1.GithubAccessToken{ + Spec: *gen.Spec.Generator.GithubAccessTokenSpec, + }, nil + case genv1alpha1.PasswordKind: + if gen.Spec.Generator.PasswordSpec == nil { + return nil, fmt.Errorf("when kind is %s, PasswordSpec must be set", gen.Spec.Kind) + } + return &genv1alpha1.Password{ + Spec: *gen.Spec.Generator.PasswordSpec, + }, nil + case genv1alpha1.STSSessionTokenKind: + if gen.Spec.Generator.STSSessionTokenSpec == nil { + return nil, fmt.Errorf("when kind is %s, STSSessionTokenSpec must be set", gen.Spec.Kind) + } + return &genv1alpha1.STSSessionToken{ + Spec: *gen.Spec.Generator.STSSessionTokenSpec, + }, nil + case genv1alpha1.UUIDKind: + if gen.Spec.Generator.UUIDSpec == nil { + return nil, fmt.Errorf("when kind is %s, UUIDSpec must be set", gen.Spec.Kind) + } + return &genv1alpha1.UUID{ + Spec: *gen.Spec.Generator.UUIDSpec, + }, nil + case genv1alpha1.VaultDynamicSecretKind: + if gen.Spec.Generator.VaultDynamicSecretSpec == nil { + return nil, fmt.Errorf("when kind is %s, VaultDynamicSecretSpec must be set", gen.Spec.Kind) + } + return &genv1alpha1.VaultDynamicSecret{ + Spec: *gen.Spec.Generator.VaultDynamicSecretSpec, + }, nil + case genv1alpha1.WebhookKind: + if gen.Spec.Generator.WebhookSpec == nil { + return nil, fmt.Errorf("when kind is %s, WebhookSpec must be set", gen.Spec.Kind) + } + return &genv1alpha1.Webhook{ + Spec: *gen.Spec.Generator.WebhookSpec, + }, nil + default: + return nil, fmt.Errorf("unknown kind %s", gen.Spec.Kind) + } } From 2b5ba151633150dcb3c7e72d4ac11aac1fef9cc1 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Thu, 28 Nov 2024 09:36:20 +0100 Subject: [PATCH 444/517] fix: e2e test for AWS not setting name and namespace (#4157) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/e2e.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/e2e.yml b/.github/workflows/e2e.yml index b2436944f54..6c75701eac7 100644 --- a/.github/workflows/e2e.yml +++ b/.github/workflows/e2e.yml @@ -33,6 +33,8 @@ env: AWS_REGION: "eu-central-1" AWS_OIDC_ROLE_ARN: ${{ secrets.AWS_OIDC_ROLE_ARN }} + AWS_SA_NAME: ${{ secrets.AWS_SA_NAME }} + AWS_SA_NAMESPACE: ${{ secrets.AWS_SA_NAMESPACE }} TFC_AZURE_CLIENT_ID: ${{ secrets.TFC_AZURE_CLIENT_ID}} TFC_AZURE_CLIENT_SECRET: ${{ secrets.TFC_AZURE_CLIENT_SECRET }} From 08566af7c1a4a7b3679a3cdf4c424232ba686696 Mon Sep 17 00:00:00 2001 From: Dmytro Bondar Date: Thu, 28 Nov 2024 14:44:30 +0100 Subject: [PATCH 445/517] fix: handle managed identity ClientID or ResourceID in acr generator (#4150) * fix: use ClientID instead of ResourceID in acr generator Signed-off-by: Dmytro Bondar * Handle both cases: with ClientID and ResourceID Signed-off-by: Dmytro Bondar * Update ACR docs Signed-off-by: Dmytro Bondar --------- Signed-off-by: Dmytro Bondar --- docs/api/generator/acr.md | 10 ++++- .../generator-acr-argocd-helm-repo.yaml | 38 +++++++++++++++++++ docs/snippets/generator-acr.yaml | 6 +-- pkg/generator/acr/acr.go | 16 +++++--- 4 files changed, 61 insertions(+), 9 deletions(-) create mode 100644 docs/snippets/generator-acr-argocd-helm-repo.yaml diff --git a/docs/api/generator/acr.md b/docs/api/generator/acr.md index d5777ca7dc4..8a5aa7d7fa5 100644 --- a/docs/api/generator/acr.md +++ b/docs/api/generator/acr.md @@ -9,7 +9,6 @@ The token is generated for a particular ACR registry defined in `spec.registry`. | username | username for the `docker login` command | | password | password for the `docker login` command | - ## Authentication You must choose one out of three authentication mechanisms: @@ -21,6 +20,8 @@ You must choose one out of three authentication mechanisms: The generated token will inherit the permissions from the assigned policy. I.e. when you assign a read-only policy all generated tokens will be read-only. You **must** [assign a Azure RBAC role](https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-steps), such as `AcrPush` or `AcrPull` to the service principal or managed identity in order to be able to authenticate with the Azure container registry API. +You can also use a kubelet managed identity with the default `AcrPull` role to authenticate to the integrated Azure Container Registry. + You can scope tokens to a particular repository using `spec.scope`. ## Scope @@ -49,6 +50,13 @@ repository:my-repository:pull ``` Example `ExternalSecret` that references the ACR generator: + ```yaml {% include 'generator-acr-example.yaml' %} ``` + +Example using AKS kubelet managed identity to create [Argo CD helm chart repository](https://argo-cd.readthedocs.io/en/latest/operator-manual/declarative-setup/#helm-chart-repositories) secret: + +```yaml +{% include 'generator-acr-argocd-helm-repo.yaml' %} +``` diff --git a/docs/snippets/generator-acr-argocd-helm-repo.yaml b/docs/snippets/generator-acr-argocd-helm-repo.yaml new file mode 100644 index 00000000000..9fc7b9b4d02 --- /dev/null +++ b/docs/snippets/generator-acr-argocd-helm-repo.yaml @@ -0,0 +1,38 @@ +{% raw %} +apiVersion: generators.external-secrets.io/v1alpha1 +kind: ACRAccessToken +metadata: + name: azurecr +spec: + tenantId: 11111111-2222-3333-4444-111111111111 + registry: example.azurecr.io + auth: + managedIdentity: + identityId: 11111111-2222-3333-4444-111111111111 +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: azurecr-credentials +spec: + dataFrom: + - sourceRef: + generatorRef: + apiVersion: generators.external-secrets.io/v1alpha1 + kind: ACRAccessToken + name: azurecr + refreshInterval: 3h + target: + name: azurecr-credentials + template: + metadata: + labels: + argocd.argoproj.io/secret-type: repository + data: + name: "example.azurecr.io" + url: "example.azurecr.io" + username: "{{ .username }}" + password: "{{ .password }}" + enableOCI: "true" + type: "helm" +{% endraw %} diff --git a/docs/snippets/generator-acr.yaml b/docs/snippets/generator-acr.yaml index 49093480a45..13468e1e7f6 100644 --- a/docs/snippets/generator-acr.yaml +++ b/docs/snippets/generator-acr.yaml @@ -28,13 +28,13 @@ spec: name: az-secret key: clientid - # option 2: + # option 2: use a managed identity Client ID managedIdentity: - identityId: "xxxxx" + identityId: 11111111-2222-3333-4444-111111111111 # option 3: workloadIdentity: # note: you can reference service accounts across namespaces. serviceAccountRef: name: "my-service-account" - audiences: [] \ No newline at end of file + audiences: [] diff --git a/pkg/generator/acr/acr.go b/pkg/generator/acr/acr.go index 7f7ca48a247..fa6b0daa8ee 100644 --- a/pkg/generator/acr/acr.go +++ b/pkg/generator/acr/acr.go @@ -282,12 +282,18 @@ func accessTokenForWorkloadIdentity(ctx context.Context, crClient client.Client, } func accessTokenForManagedIdentity(ctx context.Context, envType v1beta1.AzureEnvironmentType, identityID string) (string, error) { - // handle workload identity - creds, err := azidentity.NewManagedIdentityCredential( - &azidentity.ManagedIdentityCredentialOptions{ + // handle managed identity + var opts *azidentity.ManagedIdentityCredentialOptions + if strings.Contains(identityID, "/") { + opts = &azidentity.ManagedIdentityCredentialOptions{ ID: azidentity.ResourceID(identityID), - }, - ) + } + } else { + opts = &azidentity.ManagedIdentityCredentialOptions{ + ID: azidentity.ClientID(identityID), + } + } + creds, err := azidentity.NewManagedIdentityCredential(opts) if err != nil { return "", err } From 1be7daedbc02ab7c56331185333b86ce1a977bb9 Mon Sep 17 00:00:00 2001 From: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Date: Thu, 28 Nov 2024 07:53:07 -0800 Subject: [PATCH 446/517] feat: add CRD validation for resource name/key fields (#4104) * Add CRD validation for name/key fields Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * add output of check-diff Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .../v1alpha1/externalsecret_types.go | 37 +- .../v1alpha1/pushsecret_types.go | 27 +- .../v1alpha1/secretstore_kubernetes_types.go | 5 +- .../v1alpha1/secretstore_vault_types.go | 11 +- .../v1alpha1/secretstore_webhook_types.go | 11 +- .../v1beta1/clusterexternalsecret_types.go | 9 +- .../v1beta1/externalsecret_types.go | 55 +- .../v1beta1/secretstore_kubernetes_types.go | 5 +- .../v1beta1/secretstore_types.go | 12 + .../v1beta1/secretstore_webhook_types.go | 11 +- apis/generators/v1alpha1/generator_webhook.go | 18 +- apis/meta/v1/types.go | 33 +- ...nal-secrets.io_clusterexternalsecrets.yaml | 87 +- ...ternal-secrets.io_clustersecretstores.yaml | 2058 +++++-- .../external-secrets.io_externalsecrets.yaml | 115 +- .../external-secrets.io_pushsecrets.yaml | 48 +- .../external-secrets.io_secretstores.yaml | 2058 +++++-- ...s.external-secrets.io_acraccesstokens.yaml | 44 +- ...external-secrets.io_clustergenerators.yaml | 508 +- ...nal-secrets.io_ecrauthorizationtokens.yaml | 61 +- ...s.external-secrets.io_gcraccesstokens.yaml | 27 +- ...xternal-secrets.io_githubaccesstokens.yaml | 19 +- ....external-secrets.io_stssessiontokens.yaml | 61 +- ...ternal-secrets.io_vaultdynamicsecrets.yaml | 277 +- ...nerators.external-secrets.io_webhooks.yaml | 19 +- deploy/crds/bundle.yaml | 5342 +++++++++++++---- docs/api/spec.md | 27 +- 27 files changed, 8515 insertions(+), 2470 deletions(-) diff --git a/apis/externalsecrets/v1alpha1/externalsecret_types.go b/apis/externalsecrets/v1alpha1/externalsecret_types.go index b6979619f63..4df1bc05512 100644 --- a/apis/externalsecrets/v1alpha1/externalsecret_types.go +++ b/apis/externalsecrets/v1alpha1/externalsecret_types.go @@ -22,11 +22,15 @@ import ( // SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. type SecretStoreRef struct { // Name of the SecretStore resource - Name string `json:"name"` + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + Name string `json:"name,omitempty"` // Kind of the SecretStore resource (SecretStore or ClusterSecretStore) // Defaults to `SecretStore` // +optional + // +kubebuilder:validation:Enum=SecretStore;ClusterSecretStore Kind string `json:"kind,omitempty"` } @@ -92,25 +96,37 @@ type TemplateFrom struct { } type TemplateRef struct { - Name string `json:"name"` + // The name of the ConfigMap/Secret resource + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + Name string `json:"name"` + + // A list of keys in the ConfigMap/Secret to use as templates for Secret data Items []TemplateRefItem `json:"items"` } type TemplateRefItem struct { + // A key in the ConfigMap/Secret + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ Key string `json:"key"` } // ExternalSecretTarget defines the Kubernetes Secret to be created // There can be only one target per ExternalSecret. type ExternalSecretTarget struct { - // Name defines the name of the Secret resource to be managed - // This field is immutable + // The name of the Secret resource to be managed. // Defaults to the .metadata.name of the ExternalSecret resource // +optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name,omitempty"` - // CreationPolicy defines rules on how to create the resulting Secret - // Defaults to 'Owner' + // CreationPolicy defines rules on how to create the resulting Secret. + // Defaults to "Owner" // +optional // +kubebuilder:default="Owner" CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"` @@ -126,6 +142,10 @@ type ExternalSecretTarget struct { // ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.) and the Provider data. type ExternalSecretData struct { + // The key in the Kubernetes Secret to store the value. + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ SecretKey string `json:"secretKey"` RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"` @@ -140,11 +160,12 @@ type ExternalSecretDataRemoteRef struct { // +optional Version string `json:"version,omitempty"` - // +optional // Used to select a specific property of the Provider value (if a map), if supported - Property string `json:"property,omitempty"` // +optional + Property string `json:"property,omitempty"` + // Used to define a conversion Strategy + // +optional // +kubebuilder:default="Default" ConversionStrategy ExternalSecretConversionStrategy `json:"conversionStrategy,omitempty"` } diff --git a/apis/externalsecrets/v1alpha1/pushsecret_types.go b/apis/externalsecrets/v1alpha1/pushsecret_types.go index 3888534a110..c30848aaa0d 100644 --- a/apis/externalsecrets/v1alpha1/pushsecret_types.go +++ b/apis/externalsecrets/v1alpha1/pushsecret_types.go @@ -30,14 +30,19 @@ const ( type PushSecretStoreRef struct { // Optionally, sync to the SecretStore of the given name // +optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name,omitempty"` + // Optionally, sync to secret stores with label selector // +optional LabelSelector *metav1.LabelSelector `json:"labelSelector,omitempty"` + // Kind of the SecretStore resource (SecretStore or ClusterSecretStore) - // Defaults to `SecretStore` - // +kubebuilder:default="SecretStore" // +optional + // +kubebuilder:default="SecretStore" + // +kubebuilder:validation:Enum=SecretStore;ClusterSecretStore Kind string `json:"kind,omitempty"` } @@ -68,27 +73,37 @@ const ( // PushSecretSpec configures the behavior of the PushSecret. type PushSecretSpec struct { // The Interval to which External Secrets will try to push a secret definition - RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"` + RefreshInterval *metav1.Duration `json:"refreshInterval,omitempty"` + SecretStoreRefs []PushSecretStoreRef `json:"secretStoreRefs"` - // UpdatePolicy to handle Secrets in the provider. Possible Values: "Replace/IfNotExists". Defaults to "Replace". + + // UpdatePolicy to handle Secrets in the provider. // +kubebuilder:default="Replace" // +optional UpdatePolicy PushSecretUpdatePolicy `json:"updatePolicy,omitempty"` - // Deletion Policy to handle Secrets in the provider. Possible Values: "Delete/None". Defaults to "None". + + // Deletion Policy to handle Secrets in the provider. // +kubebuilder:default="None" // +optional DeletionPolicy PushSecretDeletionPolicy `json:"deletionPolicy,omitempty"` + // The Secret Selector (k8s source) for the Push Secret Selector PushSecretSelector `json:"selector"` + // Secret Data that should be pushed to providers Data []PushSecretData `json:"data,omitempty"` + // Template defines a blueprint for the created Secret resource. // +optional Template *esv1beta1.ExternalSecretTemplate `json:"template,omitempty"` } type PushSecretSecret struct { - // Name of the Secret. The Secret must exist in the same namespace as the PushSecret manifest. + // Name of the Secret. + // The Secret must exist in the same namespace as the PushSecret manifest. + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name"` } diff --git a/apis/externalsecrets/v1alpha1/secretstore_kubernetes_types.go b/apis/externalsecrets/v1alpha1/secretstore_kubernetes_types.go index d9738909645..2bbe7f5c901 100644 --- a/apis/externalsecrets/v1alpha1/secretstore_kubernetes_types.go +++ b/apis/externalsecrets/v1alpha1/secretstore_kubernetes_types.go @@ -50,8 +50,11 @@ type KubernetesProvider struct { Auth KubernetesAuth `json:"auth"` // Remote namespace to fetch the secrets from - // +kubebuilder:default= default // +optional + // +kubebuilder:default=default + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=63 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ RemoteNamespace string `json:"remoteNamespace,omitempty"` } diff --git a/apis/externalsecrets/v1alpha1/secretstore_vault_types.go b/apis/externalsecrets/v1alpha1/secretstore_vault_types.go index 934359b4750..88b4c56d781 100644 --- a/apis/externalsecrets/v1alpha1/secretstore_vault_types.go +++ b/apis/externalsecrets/v1alpha1/secretstore_vault_types.go @@ -39,14 +39,23 @@ type CAProvider struct { Type CAProviderType `json:"type"` // The name of the object located at the provider type. + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name"` - // The key the value inside of the provider type to use, only used with "Secret" type + // The key where the CA certificate can be found in the Secret or ConfigMap. // +kubebuilder:validation:Optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ Key string `json:"key,omitempty"` // The namespace the Provider type is in. // +optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=63 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ Namespace *string `json:"namespace,omitempty"` } diff --git a/apis/externalsecrets/v1alpha1/secretstore_webhook_types.go b/apis/externalsecrets/v1alpha1/secretstore_webhook_types.go index 2c5e6150ce1..bf4e2b8b12f 100644 --- a/apis/externalsecrets/v1alpha1/secretstore_webhook_types.go +++ b/apis/externalsecrets/v1alpha1/secretstore_webhook_types.go @@ -75,14 +75,23 @@ type WebhookCAProvider struct { Type WebhookCAProviderType `json:"type"` // The name of the object located at the provider type. + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name"` - // The key the value inside of the provider type to use, only used with "Secret" type + // The key where the CA certificate can be found in the Secret or ConfigMap. // +kubebuilder:validation:Optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ Key string `json:"key,omitempty"` // The namespace the Provider type is in. // +optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=63 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ Namespace *string `json:"namespace,omitempty"` } diff --git a/apis/externalsecrets/v1beta1/clusterexternalsecret_types.go b/apis/externalsecrets/v1beta1/clusterexternalsecret_types.go index 81c962ff308..68c2a9a2b62 100644 --- a/apis/externalsecrets/v1beta1/clusterexternalsecret_types.go +++ b/apis/externalsecrets/v1beta1/clusterexternalsecret_types.go @@ -24,8 +24,12 @@ type ClusterExternalSecretSpec struct { // The spec for the ExternalSecrets to be created ExternalSecretSpec ExternalSecretSpec `json:"externalSecretSpec"` - // The name of the external secrets to be created defaults to the name of the ClusterExternalSecret + // The name of the external secrets to be created. + // Defaults to the name of the ClusterExternalSecret // +optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ ExternalSecretName string `json:"externalSecretName,omitempty"` // The metadata of the external secrets to be created @@ -43,6 +47,9 @@ type ClusterExternalSecretSpec struct { // Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing. // +optional + // +kubebuilder:validation:items:MinLength:=1 + // +kubebuilder:validation:items:MaxLength:=63 + // +kubebuilder:validation:items:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ Namespaces []string `json:"namespaces,omitempty"` // The time in which the controller should reconcile its objects and recheck namespaces for labels. diff --git a/apis/externalsecrets/v1beta1/externalsecret_types.go b/apis/externalsecrets/v1beta1/externalsecret_types.go index 9b3590205a2..69d01118494 100644 --- a/apis/externalsecrets/v1beta1/externalsecret_types.go +++ b/apis/externalsecrets/v1beta1/externalsecret_types.go @@ -22,11 +22,15 @@ import ( // SecretStoreRef defines which SecretStore to fetch the ExternalSecret data. type SecretStoreRef struct { // Name of the SecretStore resource - Name string `json:"name"` + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + Name string `json:"name,omitempty"` // Kind of the SecretStore resource (SecretStore or ClusterSecretStore) // Defaults to `SecretStore` // +optional + // +kubebuilder:validation:Enum=SecretStore;ClusterSecretStore Kind string `json:"kind,omitempty"` } @@ -92,12 +96,16 @@ type ExternalSecretTemplate struct { // template specified in .data and .templateFrom[]. // +kubebuilder:default="v2" EngineVersion TemplateEngineVersion `json:"engineVersion,omitempty"` + // +optional Metadata ExternalSecretTemplateMetadata `json:"metadata,omitempty"` + // +kubebuilder:default="Replace" MergePolicy TemplateMergePolicy `json:"mergePolicy,omitempty"` + // +optional Data map[string]string `json:"data,omitempty"` + // +optional TemplateFrom []TemplateFrom `json:"templateFrom,omitempty"` } @@ -121,10 +129,11 @@ const ( type TemplateFrom struct { ConfigMap *TemplateRef `json:"configMap,omitempty"` Secret *TemplateRef `json:"secret,omitempty"` - // +optional + // +optional // +kubebuilder:default="Data" Target TemplateTarget `json:"target,omitempty"` + // +optional Literal *string `json:"literal,omitempty"` } @@ -147,12 +156,23 @@ const ( ) type TemplateRef struct { - Name string `json:"name"` + // The name of the ConfigMap/Secret resource + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + Name string `json:"name"` + + // A list of keys in the ConfigMap/Secret to use as templates for Secret data Items []TemplateRefItem `json:"items"` } type TemplateRefItem struct { + // A key in the ConfigMap/Secret + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ Key string `json:"key"` + // +kubebuilder:default="Values" TemplateAs TemplateScope `json:"templateAs,omitempty"` } @@ -160,22 +180,26 @@ type TemplateRefItem struct { // ExternalSecretTarget defines the Kubernetes Secret to be created // There can be only one target per ExternalSecret. type ExternalSecretTarget struct { - // Name defines the name of the Secret resource to be managed - // This field is immutable + // The name of the Secret resource to be managed. // Defaults to the .metadata.name of the ExternalSecret resource // +optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name,omitempty"` - // CreationPolicy defines rules on how to create the resulting Secret - // Defaults to 'Owner' + // CreationPolicy defines rules on how to create the resulting Secret. + // Defaults to "Owner" // +optional // +kubebuilder:default="Owner" CreationPolicy ExternalSecretCreationPolicy `json:"creationPolicy,omitempty"` - // DeletionPolicy defines rules on how to delete the resulting Secret - // Defaults to 'Retain' + + // DeletionPolicy defines rules on how to delete the resulting Secret. + // Defaults to "Retain" // +optional // +kubebuilder:default="Retain" DeletionPolicy ExternalSecretDeletionPolicy `json:"deletionPolicy,omitempty"` + // Template defines a blueprint for the created Secret resource. // +optional Template *ExternalSecretTemplate `json:"template,omitempty"` @@ -187,8 +211,10 @@ type ExternalSecretTarget struct { // ExternalSecretData defines the connection between the Kubernetes Secret key (spec.data.) and the Provider data. type ExternalSecretData struct { - // SecretKey defines the key in which the controller stores - // the value. This is the key in the Kind=Secret + // The key in the Kubernetes Secret to store the value. + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ SecretKey string `json:"secretKey"` // RemoteRef points to the remote secret and defines @@ -196,7 +222,7 @@ type ExternalSecretData struct { RemoteRef ExternalSecretDataRemoteRef `json:"remoteRef"` // SourceRef allows you to override the source - // from which the value will pulled from. + // from which the value will be pulled. SourceRef *StoreSourceRef `json:"sourceRef,omitempty"` } @@ -338,6 +364,7 @@ type FindName struct { type ExternalSecretSpec struct { // +optional SecretStoreRef SecretStoreRef `json:"secretStoreRef,omitempty"` + // +kubebuilder:default={creationPolicy:Owner,deletionPolicy:Retain} // +optional Target ExternalSecretTarget `json:"target,omitempty"` @@ -395,7 +422,11 @@ type GeneratorRef struct { APIVersion string `json:"apiVersion,omitempty"` // Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc. Kind string `json:"kind"` + // Specify the name of the generator resource + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name"` } diff --git a/apis/externalsecrets/v1beta1/secretstore_kubernetes_types.go b/apis/externalsecrets/v1beta1/secretstore_kubernetes_types.go index 2dc83cabc70..a718a3be3c1 100644 --- a/apis/externalsecrets/v1beta1/secretstore_kubernetes_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_kubernetes_types.go @@ -49,8 +49,11 @@ type KubernetesProvider struct { AuthRef *esmeta.SecretKeySelector `json:"authRef,omitempty"` // Remote namespace to fetch the secrets from - // +kubebuilder:default= default // +optional + // +kubebuilder:default=default + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=63 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ RemoteNamespace string `json:"remoteNamespace,omitempty"` } diff --git a/apis/externalsecrets/v1beta1/secretstore_types.go b/apis/externalsecrets/v1beta1/secretstore_types.go index eacb9a65381..c5be4ca736f 100644 --- a/apis/externalsecrets/v1beta1/secretstore_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_types.go @@ -51,6 +51,9 @@ type ClusterSecretStoreCondition struct { // Choose namespaces by name // +optional + // +kubebuilder:validation:items:MinLength:=1 + // +kubebuilder:validation:items:MaxLength:=63 + // +kubebuilder:validation:items:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ Namespaces []string `json:"namespaces,omitempty"` // Choose namespaces by using regex matching @@ -211,15 +214,24 @@ type CAProvider struct { Type CAProviderType `json:"type"` // The name of the object located at the provider type. + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name"` // The key where the CA certificate can be found in the Secret or ConfigMap. // +kubebuilder:validation:Optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ Key string `json:"key,omitempty"` // The namespace the Provider type is in. // Can only be defined when used in a ClusterSecretStore. // +optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=63 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ Namespace *string `json:"namespace,omitempty"` } diff --git a/apis/externalsecrets/v1beta1/secretstore_webhook_types.go b/apis/externalsecrets/v1beta1/secretstore_webhook_types.go index d78050e919d..34cd6242dca 100644 --- a/apis/externalsecrets/v1beta1/secretstore_webhook_types.go +++ b/apis/externalsecrets/v1beta1/secretstore_webhook_types.go @@ -75,14 +75,23 @@ type WebhookCAProvider struct { Type WebhookCAProviderType `json:"type"` // The name of the object located at the provider type. + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name"` - // The key the value inside of the provider type to use, only used with "Secret" type + // The key where the CA certificate can be found in the Secret or ConfigMap. // +kubebuilder:validation:Optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ Key string `json:"key,omitempty"` // The namespace the Provider type is in. // +optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=63 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ Namespace *string `json:"namespace,omitempty"` } diff --git a/apis/generators/v1alpha1/generator_webhook.go b/apis/generators/v1alpha1/generator_webhook.go index dc52e8195db..3c2fc0cc710 100644 --- a/apis/generators/v1alpha1/generator_webhook.go +++ b/apis/generators/v1alpha1/generator_webhook.go @@ -73,14 +73,23 @@ type WebhookCAProvider struct { Type WebhookCAProviderType `json:"type"` // The name of the object located at the provider type. + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name"` - // The key the value inside of the provider type to use, only used with "Secret" type + // The key where the CA certificate can be found in the Secret or ConfigMap. // +kubebuilder:validation:Optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ Key string `json:"key,omitempty"` // The namespace the Provider type is in. // +optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=63 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ Namespace *string `json:"namespace,omitempty"` } @@ -100,8 +109,15 @@ type WebhookSecret struct { type SecretKeySelector struct { // The name of the Secret resource being referred to. + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name,omitempty"` + // The key where the token is found. + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ Key string `json:"key,omitempty"` } diff --git a/apis/meta/v1/types.go b/apis/meta/v1/types.go index 7ec5e35aafa..1134d0fd95b 100644 --- a/apis/meta/v1/types.go +++ b/apis/meta/v1/types.go @@ -14,29 +14,48 @@ limitations under the License. package v1 -// A reference to a specific 'key' within a Secret resource, +// A reference to a specific 'key' within a Secret resource. // In some instances, `key` is a required field. type SecretKeySelector struct { // The name of the Secret resource being referred to. + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name,omitempty"` - // Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - // to the namespace of the referent. + + // The namespace of the Secret resource being referred to. + // Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. // +optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=63 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ Namespace *string `json:"namespace,omitempty"` - // The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - // defaulted, in others it may be required. + + // A key in the referenced Secret. + // Some instances of this field may be defaulted, in others it may be required. // +optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[-._a-zA-Z0-9]+$ Key string `json:"key,omitempty"` } // A reference to a ServiceAccount resource. type ServiceAccountSelector struct { // The name of the ServiceAccount resource being referred to. + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=253 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ Name string `json:"name"` - // Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - // to the namespace of the referent. + + // Namespace of the resource being referred to. + // Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. // +optional + // +kubebuilder:validation:MinLength:=1 + // +kubebuilder:validation:MaxLength:=63 + // +kubebuilder:validation:Pattern:=^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ Namespace *string `json:"namespace,omitempty"` + // Audience specifies the `aud` claim for the service account token // If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity // then this audiences will be appended to the list diff --git a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml index 072ef756329..48ef50a038f 100644 --- a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml @@ -68,8 +68,12 @@ spec: type: object type: object externalSecretName: - description: The name of the external secrets to be created defaults - to the name of the ClusterExternalSecret + description: |- + The name of the external secrets to be created. + Defaults to the name of the ClusterExternalSecret + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string externalSecretSpec: description: The spec for the ExternalSecrets to be created @@ -127,14 +131,16 @@ spec: - key type: object secretKey: - description: |- - SecretKey defines the key in which the controller stores - the value. This is the key in the Kind=Secret + description: The key in the Kubernetes Secret to store the + value. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string sourceRef: description: |- SourceRef allows you to override the source - from which the value will pulled from. + from which the value will be pulled. maxProperties: 1 properties: generatorRef: @@ -155,6 +161,9 @@ spec: type: string name: description: Specify the name of the generator resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - kind @@ -168,12 +177,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object type: object required: @@ -331,6 +344,9 @@ spec: type: string name: description: Specify the name of the generator resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - kind @@ -344,12 +360,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object type: object type: object @@ -371,12 +391,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object target: default: @@ -389,8 +413,8 @@ spec: creationPolicy: default: Owner description: |- - CreationPolicy defines rules on how to create the resulting Secret - Defaults to 'Owner' + CreationPolicy defines rules on how to create the resulting Secret. + Defaults to "Owner" enum: - Owner - Orphan @@ -400,8 +424,8 @@ spec: deletionPolicy: default: Retain description: |- - DeletionPolicy defines rules on how to delete the resulting Secret - Defaults to 'Retain' + DeletionPolicy defines rules on how to delete the resulting Secret. + Defaults to "Retain" enum: - Delete - Merge @@ -413,9 +437,11 @@ spec: type: boolean name: description: |- - Name defines the name of the Secret resource to be managed - This field is immutable + The name of the Secret resource to be managed. Defaults to the .metadata.name of the ExternalSecret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string template: description: Template defines a blueprint for the created @@ -460,9 +486,15 @@ spec: configMap: properties: items: + description: A list of keys in the ConfigMap/Secret + to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values @@ -475,6 +507,11 @@ spec: type: object type: array name: + description: The name of the ConfigMap/Secret + resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -485,9 +522,15 @@ spec: secret: properties: items: + description: A list of keys in the ConfigMap/Secret + to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values @@ -500,6 +543,11 @@ spec: type: object type: array name: + description: The name of the ConfigMap/Secret + resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -624,6 +672,9 @@ spec: description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing. items: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: array refreshTime: diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index 33f6d5cc53b..f31b8c12230 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -97,17 +97,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -128,11 +137,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -151,57 +166,84 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessType: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessTypeParam: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -218,15 +260,24 @@ spec: Akeyless Gateway certificate. properties: key: - description: The key the value inside of the provider - type to use, only used with "Secret" type + description: The key where the CA certificate can be found + in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -276,17 +327,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessKeySecretSecretRef: @@ -294,17 +354,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -347,11 +416,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -367,17 +442,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -385,17 +469,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -432,17 +525,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -451,17 +553,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -497,11 +608,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -555,17 +672,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -591,11 +717,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -625,17 +757,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -668,17 +809,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -707,42 +857,60 @@ spec: properties: clientCert: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientKey: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -764,11 +932,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -779,22 +953,31 @@ spec: properties: bearerToken: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -802,6 +985,9 @@ spec: remoteNamespace: default: default description: Remote namespace to fetch the secrets from + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string server: description: configures the Kubernetes server Address. @@ -814,15 +1000,24 @@ spec: description: 'see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider' properties: key: - description: The key the value inside of the provider - type to use, only used with "Secret" type + description: The key where the CA certificate can + be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -862,17 +1057,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privatekey: @@ -881,17 +1085,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -950,11 +1163,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -982,17 +1201,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1043,17 +1271,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -1073,17 +1310,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -1093,17 +1339,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1148,11 +1403,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1178,17 +1439,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -1219,17 +1489,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -1250,11 +1529,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1282,17 +1567,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -1310,17 +1604,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1337,15 +1640,24 @@ spec: Vault server certificate. properties: key: - description: The key the value inside of the provider - type to use, only used with "Secret" type + description: The key where the CA certificate can be found + in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -1422,15 +1734,24 @@ spec: webhook server certificate. properties: key: - description: The key the value inside of the provider - type to use, only used with "Secret" type + description: The key where the CA certificate can be found + in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -1472,17 +1793,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -1516,17 +1846,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1536,22 +1875,31 @@ spec: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1700,6 +2048,9 @@ spec: namespaces: description: Choose namespaces by name items: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: array type: object @@ -1748,17 +2099,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -1779,11 +2139,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1802,57 +2168,84 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessType: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessTypeParam: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1871,15 +2264,24 @@ spec: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -1929,17 +2331,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessKeySecretSecretRef: @@ -1947,17 +2358,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2007,11 +2427,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -2027,17 +2453,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -2045,17 +2480,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -2066,17 +2510,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2160,17 +2613,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientId: @@ -2179,17 +2641,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -2198,17 +2669,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object tenantId: @@ -2217,17 +2697,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2276,11 +2765,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -2315,17 +2810,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2343,17 +2847,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2371,17 +2884,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2398,17 +2920,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2425,17 +2956,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2493,17 +3033,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2525,15 +3074,24 @@ spec: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -2579,17 +3137,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2623,42 +3190,60 @@ spec: type: string apiKeyRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2682,17 +3267,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -2711,11 +3305,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -2739,15 +3339,24 @@ spec: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -2780,17 +3389,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2807,17 +3425,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2858,17 +3485,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2900,17 +3536,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2990,17 +3635,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3023,17 +3677,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3059,11 +3722,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -3097,17 +3766,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3174,17 +3852,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3208,42 +3895,60 @@ spec: properties: clientId: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3280,22 +3985,31 @@ spec: properties: authRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object folderID: @@ -3319,42 +4033,60 @@ spec: properties: clientCert: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientKey: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3373,11 +4105,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -3387,22 +4125,31 @@ spec: properties: bearerToken: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3413,22 +4160,34 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object remoteNamespace: default: default description: Remote namespace to fetch the secrets from + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string server: description: configures the Kubernetes server Address. @@ -3443,15 +4202,24 @@ spec: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -3490,17 +4258,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object passcodeRef: @@ -3509,17 +4286,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3560,17 +4346,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3612,17 +4407,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privatekey: @@ -3631,17 +4435,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3700,11 +4513,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -3725,42 +4544,60 @@ spec: properties: passwordSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privateKeySecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3789,17 +4626,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3833,17 +4679,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3869,17 +4724,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3921,17 +4785,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -3959,17 +4832,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -3997,17 +4879,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -4029,17 +4920,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -4063,22 +4963,31 @@ spec: type: string clientSecretSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4135,17 +5044,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -4157,17 +5075,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4186,17 +5113,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -4206,17 +5142,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4245,11 +5190,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -4274,17 +5225,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -4292,17 +5252,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -4313,17 +5282,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4385,11 +5363,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -4415,17 +5399,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4456,17 +5449,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -4487,11 +5489,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -4519,17 +5527,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -4555,17 +5572,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userPass: @@ -4586,17 +5612,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -4624,15 +5659,24 @@ spec: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -4697,17 +5741,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object keySecretRef: @@ -4718,17 +5771,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4765,15 +5827,24 @@ spec: webhook server certificate. properties: key: - description: The key the value inside of the provider - type to use, only used with "Secret" type + description: The key where the CA certificate can be found + in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -4815,17 +5886,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4859,17 +5939,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4879,22 +5968,31 @@ spec: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4917,17 +6015,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4937,22 +6044,31 @@ spec: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index fa8e101af19..62860c548f7 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -88,6 +88,10 @@ spec: - key type: object secretKey: + description: The key in the Kubernetes Secret to store the value. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string required: - remoteRef @@ -138,12 +142,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object target: description: |- @@ -153,8 +161,8 @@ spec: creationPolicy: default: Owner description: |- - CreationPolicy defines rules on how to create the resulting Secret - Defaults to 'Owner' + CreationPolicy defines rules on how to create the resulting Secret. + Defaults to "Owner" enum: - Owner - Merge @@ -165,9 +173,11 @@ spec: type: boolean name: description: |- - Name defines the name of the Secret resource to be managed - This field is immutable + The name of the Secret resource to be managed. Defaults to the .metadata.name of the ExternalSecret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string template: description: Template defines a blueprint for the created Secret @@ -208,15 +218,25 @@ spec: configMap: properties: items: + description: A list of keys in the ConfigMap/Secret + to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string required: - key type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -225,15 +245,25 @@ spec: secret: properties: items: + description: A list of keys in the ConfigMap/Secret + to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string required: - key type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -392,14 +422,15 @@ spec: - key type: object secretKey: - description: |- - SecretKey defines the key in which the controller stores - the value. This is the key in the Kind=Secret + description: The key in the Kubernetes Secret to store the value. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string sourceRef: description: |- SourceRef allows you to override the source - from which the value will pulled from. + from which the value will be pulled. maxProperties: 1 properties: generatorRef: @@ -420,6 +451,9 @@ spec: type: string name: description: Specify the name of the generator resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - kind @@ -433,12 +467,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object type: object required: @@ -595,6 +633,9 @@ spec: type: string name: description: Specify the name of the generator resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - kind @@ -608,12 +649,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object type: object type: object @@ -635,12 +680,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object target: default: @@ -653,8 +702,8 @@ spec: creationPolicy: default: Owner description: |- - CreationPolicy defines rules on how to create the resulting Secret - Defaults to 'Owner' + CreationPolicy defines rules on how to create the resulting Secret. + Defaults to "Owner" enum: - Owner - Orphan @@ -664,8 +713,8 @@ spec: deletionPolicy: default: Retain description: |- - DeletionPolicy defines rules on how to delete the resulting Secret - Defaults to 'Retain' + DeletionPolicy defines rules on how to delete the resulting Secret. + Defaults to "Retain" enum: - Delete - Merge @@ -676,9 +725,11 @@ spec: type: boolean name: description: |- - Name defines the name of the Secret resource to be managed - This field is immutable + The name of the Secret resource to be managed. Defaults to the .metadata.name of the ExternalSecret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string template: description: Template defines a blueprint for the created Secret @@ -723,9 +774,15 @@ spec: configMap: properties: items: + description: A list of keys in the ConfigMap/Secret + to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values @@ -738,6 +795,10 @@ spec: type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -748,9 +809,15 @@ spec: secret: properties: items: + description: A list of keys in the ConfigMap/Secret + to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values @@ -763,6 +830,10 @@ spec: type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items diff --git a/config/crds/bases/external-secrets.io_pushsecrets.yaml b/config/crds/bases/external-secrets.io_pushsecrets.yaml index 0e5d78217cd..029e2752713 100644 --- a/config/crds/bases/external-secrets.io_pushsecrets.yaml +++ b/config/crds/bases/external-secrets.io_pushsecrets.yaml @@ -92,8 +92,7 @@ spec: type: array deletionPolicy: default: None - description: 'Deletion Policy to handle Secrets in the provider. Possible - Values: "Delete/None". Defaults to "None".' + description: Deletion Policy to handle Secrets in the provider. enum: - Delete - None @@ -107,9 +106,11 @@ spec: properties: kind: default: SecretStore - description: |- - Kind of the SecretStore resource (SecretStore or ClusterSecretStore) - Defaults to `SecretStore` + description: Kind of the SecretStore resource (SecretStore or + ClusterSecretStore) + enum: + - SecretStore + - ClusterSecretStore type: string labelSelector: description: Optionally, sync to secret stores with label selector @@ -160,6 +161,9 @@ spec: name: description: Optionally, sync to the SecretStore of the given name + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string type: object type: array @@ -181,6 +185,9 @@ spec: type: string name: description: Specify the name of the generator resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - kind @@ -190,8 +197,12 @@ spec: description: Select a Secret to Push. properties: name: - description: Name of the Secret. The Secret must exist in - the same namespace as the PushSecret manifest. + description: |- + Name of the Secret. + The Secret must exist in the same namespace as the PushSecret manifest. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - name @@ -239,9 +250,15 @@ spec: configMap: properties: items: + description: A list of keys in the ConfigMap/Secret + to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values @@ -254,6 +271,10 @@ spec: type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -264,9 +285,15 @@ spec: secret: properties: items: + description: A list of keys in the ConfigMap/Secret + to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values @@ -279,6 +306,10 @@ spec: type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -298,8 +329,7 @@ spec: type: object updatePolicy: default: Replace - description: 'UpdatePolicy to handle Secrets in the provider. Possible - Values: "Replace/IfNotExists". Defaults to "Replace".' + description: UpdatePolicy to handle Secrets in the provider. enum: - Replace - IfNotExists diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index f8576921c74..47d87cc9b66 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -97,17 +97,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -128,11 +137,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -151,57 +166,84 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessType: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessTypeParam: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -218,15 +260,24 @@ spec: Akeyless Gateway certificate. properties: key: - description: The key the value inside of the provider - type to use, only used with "Secret" type + description: The key where the CA certificate can be found + in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -276,17 +327,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessKeySecretSecretRef: @@ -294,17 +354,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -347,11 +416,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -367,17 +442,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -385,17 +469,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -432,17 +525,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -451,17 +553,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -497,11 +608,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -555,17 +672,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -591,11 +717,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -625,17 +757,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -668,17 +809,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -707,42 +857,60 @@ spec: properties: clientCert: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientKey: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -764,11 +932,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -779,22 +953,31 @@ spec: properties: bearerToken: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -802,6 +985,9 @@ spec: remoteNamespace: default: default description: Remote namespace to fetch the secrets from + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string server: description: configures the Kubernetes server Address. @@ -814,15 +1000,24 @@ spec: description: 'see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider' properties: key: - description: The key the value inside of the provider - type to use, only used with "Secret" type + description: The key where the CA certificate can + be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -862,17 +1057,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privatekey: @@ -881,17 +1085,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -950,11 +1163,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -982,17 +1201,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1043,17 +1271,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -1073,17 +1310,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -1093,17 +1339,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1148,11 +1403,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1178,17 +1439,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -1219,17 +1489,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -1250,11 +1529,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1282,17 +1567,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -1310,17 +1604,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1337,15 +1640,24 @@ spec: Vault server certificate. properties: key: - description: The key the value inside of the provider - type to use, only used with "Secret" type + description: The key where the CA certificate can be found + in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -1422,15 +1734,24 @@ spec: webhook server certificate. properties: key: - description: The key the value inside of the provider - type to use, only used with "Secret" type + description: The key where the CA certificate can be found + in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -1472,17 +1793,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -1516,17 +1846,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1536,22 +1875,31 @@ spec: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1700,6 +2048,9 @@ spec: namespaces: description: Choose namespaces by name items: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: array type: object @@ -1748,17 +2099,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -1779,11 +2139,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1802,57 +2168,84 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessType: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessTypeParam: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1871,15 +2264,24 @@ spec: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -1929,17 +2331,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessKeySecretSecretRef: @@ -1947,17 +2358,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2007,11 +2427,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -2027,17 +2453,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -2045,17 +2480,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -2066,17 +2510,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2160,17 +2613,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientId: @@ -2179,17 +2641,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -2198,17 +2669,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object tenantId: @@ -2217,17 +2697,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2276,11 +2765,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -2315,17 +2810,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2343,17 +2847,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2371,17 +2884,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2398,17 +2920,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2425,17 +2956,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2493,17 +3033,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2525,15 +3074,24 @@ spec: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -2579,17 +3137,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2623,42 +3190,60 @@ spec: type: string apiKeyRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2682,17 +3267,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -2711,11 +3305,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -2739,15 +3339,24 @@ spec: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -2780,17 +3389,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2807,17 +3425,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2858,17 +3485,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2900,17 +3536,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2990,17 +3635,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3023,17 +3677,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3059,11 +3722,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -3097,17 +3766,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3174,17 +3852,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3208,42 +3895,60 @@ spec: properties: clientId: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3280,22 +3985,31 @@ spec: properties: authRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object folderID: @@ -3319,42 +4033,60 @@ spec: properties: clientCert: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientKey: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3373,11 +4105,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -3387,22 +4125,31 @@ spec: properties: bearerToken: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3413,22 +4160,34 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object remoteNamespace: default: default description: Remote namespace to fetch the secrets from + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string server: description: configures the Kubernetes server Address. @@ -3443,15 +4202,24 @@ spec: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -3490,17 +4258,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object passcodeRef: @@ -3509,17 +4286,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3560,17 +4346,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3612,17 +4407,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privatekey: @@ -3631,17 +4435,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3700,11 +4513,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -3725,42 +4544,60 @@ spec: properties: passwordSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privateKeySecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3789,17 +4626,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3833,17 +4679,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3869,17 +4724,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3921,17 +4785,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -3959,17 +4832,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -3997,17 +4879,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -4029,17 +4920,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -4063,22 +4963,31 @@ spec: type: string clientSecretSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4135,17 +5044,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -4157,17 +5075,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4186,17 +5113,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -4206,17 +5142,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4245,11 +5190,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -4274,17 +5225,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -4292,17 +5252,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -4313,17 +5282,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4385,11 +5363,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -4415,17 +5399,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4456,17 +5449,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -4487,11 +5489,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -4519,17 +5527,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -4555,17 +5572,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userPass: @@ -4586,17 +5612,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -4624,15 +5659,24 @@ spec: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -4697,17 +5741,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object keySecretRef: @@ -4718,17 +5771,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4765,15 +5827,24 @@ spec: webhook server certificate. properties: key: - description: The key the value inside of the provider - type to use, only used with "Secret" type + description: The key where the CA certificate can be found + in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -4815,17 +5886,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4859,17 +5939,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4879,22 +5968,31 @@ spec: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4917,17 +6015,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4937,22 +6044,31 @@ spec: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object diff --git a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml index bd4bbd6377e..d5adc12b410 100644 --- a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml @@ -82,17 +82,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -101,17 +110,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -138,11 +156,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name diff --git a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml index 91bf1211ae0..dfd0fce0e1a 100644 --- a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml +++ b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml @@ -79,17 +79,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -98,17 +107,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -135,11 +153,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -207,11 +231,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -227,17 +257,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -245,17 +284,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -266,17 +314,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -321,17 +378,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -357,11 +423,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -392,22 +464,31 @@ spec: properties: secretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -501,11 +582,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -521,17 +608,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -539,17 +635,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -560,17 +665,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -661,17 +775,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -683,17 +806,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -712,17 +844,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -732,17 +873,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -774,11 +924,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -803,17 +959,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -822,17 +987,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -843,17 +1017,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -915,11 +1098,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -945,17 +1134,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -986,17 +1184,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -1017,11 +1224,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1049,17 +1262,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -1085,17 +1307,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userPass: @@ -1116,17 +1347,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -1154,15 +1394,24 @@ spec: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -1227,17 +1476,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object keySecretRef: @@ -1248,17 +1506,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1321,15 +1588,24 @@ spec: webhook server certificate. properties: key: - description: The key the value inside of the provider - type to use, only used with "Secret" type + description: The key where the CA certificate can be found + in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -1371,10 +1647,16 @@ spec: properties: key: description: The key where the token is found. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string type: object required: diff --git a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml index 47ccaf2e2b4..12d1d760564 100644 --- a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml @@ -70,11 +70,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -90,17 +96,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -108,17 +123,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -129,17 +153,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object diff --git a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml index 6b2e764199d..2c54287d8b9 100644 --- a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml @@ -56,17 +56,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -92,11 +101,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name diff --git a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml index 691e171375f..9b9c0302c0c 100644 --- a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml @@ -53,22 +53,31 @@ spec: properties: secretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: diff --git a/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml b/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml index 41d31666985..f52be89bd3a 100644 --- a/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml @@ -68,11 +68,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -88,17 +94,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -106,17 +121,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -127,17 +151,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object diff --git a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml index 23a27620f49..3922806b3a8 100644 --- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml +++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml @@ -89,17 +89,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -111,17 +120,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -140,17 +158,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -160,17 +187,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -199,11 +235,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -228,17 +270,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -246,17 +297,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -267,17 +327,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -338,11 +407,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -368,17 +443,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -409,17 +493,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -440,11 +533,17 @@ spec: name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -472,17 +571,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -508,17 +616,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userPass: @@ -539,17 +656,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -577,15 +703,24 @@ spec: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", @@ -650,17 +785,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object keySecretRef: @@ -671,17 +815,26 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object diff --git a/config/crds/bases/generators.external-secrets.io_webhooks.yaml b/config/crds/bases/generators.external-secrets.io_webhooks.yaml index 59ef26adb63..265531a91a3 100644 --- a/config/crds/bases/generators.external-secrets.io_webhooks.yaml +++ b/config/crds/bases/generators.external-secrets.io_webhooks.yaml @@ -67,14 +67,23 @@ spec: server certificate. properties: key: - description: The key the value inside of the provider type to - use, only used with "Secret" type + description: The key where the CA certificate can be found in + the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or @@ -116,10 +125,16 @@ spec: properties: key: description: The key where the token is found. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string type: object required: diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 79e37f52949..3374039e681 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -67,7 +67,12 @@ spec: type: object type: object externalSecretName: - description: The name of the external secrets to be created defaults to the name of the ClusterExternalSecret + description: |- + The name of the external secrets to be created. + Defaults to the name of the ClusterExternalSecret + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string externalSecretSpec: description: The spec for the ExternalSecrets to be created @@ -118,14 +123,15 @@ spec: - key type: object secretKey: - description: |- - SecretKey defines the key in which the controller stores - the value. This is the key in the Kind=Secret + description: The key in the Kubernetes Secret to store the value. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string sourceRef: description: |- SourceRef allows you to override the source - from which the value will pulled from. + from which the value will be pulled. maxProperties: 1 properties: generatorRef: @@ -144,6 +150,9 @@ spec: type: string name: description: Specify the name of the generator resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - kind @@ -156,12 +165,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object type: object required: @@ -310,6 +323,9 @@ spec: type: string name: description: Specify the name of the generator resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - kind @@ -322,12 +338,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object type: object type: object @@ -348,12 +368,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object target: default: @@ -366,8 +390,8 @@ spec: creationPolicy: default: Owner description: |- - CreationPolicy defines rules on how to create the resulting Secret - Defaults to 'Owner' + CreationPolicy defines rules on how to create the resulting Secret. + Defaults to "Owner" enum: - Owner - Orphan @@ -377,8 +401,8 @@ spec: deletionPolicy: default: Retain description: |- - DeletionPolicy defines rules on how to delete the resulting Secret - Defaults to 'Retain' + DeletionPolicy defines rules on how to delete the resulting Secret. + Defaults to "Retain" enum: - Delete - Merge @@ -389,9 +413,11 @@ spec: type: boolean name: description: |- - Name defines the name of the Secret resource to be managed - This field is immutable + The name of the Secret resource to be managed. Defaults to the .metadata.name of the ExternalSecret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string template: description: Template defines a blueprint for the created Secret resource. @@ -434,9 +460,14 @@ spec: configMap: properties: items: + description: A list of keys in the ConfigMap/Secret to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values @@ -449,6 +480,10 @@ spec: type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -459,9 +494,14 @@ spec: secret: properties: items: + description: A list of keys in the ConfigMap/Secret to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values @@ -474,6 +514,10 @@ spec: type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -592,6 +636,9 @@ spec: namespaces: description: Choose namespaces by name. This field is ORed with anything that NamespaceSelectors ends up choosing. items: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: array refreshTime: @@ -750,16 +797,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -779,11 +835,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -802,54 +864,81 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessType: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessTypeParam: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -865,13 +954,22 @@ spec: description: The provider for the CA bundle to use to validate Akeyless Gateway certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -918,16 +1016,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessKeySecretSecretRef: @@ -935,16 +1042,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -984,11 +1100,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1004,16 +1126,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -1021,16 +1152,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1062,16 +1202,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -1079,16 +1228,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1122,11 +1280,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1176,16 +1340,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1210,11 +1383,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1242,16 +1421,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1280,16 +1468,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1315,40 +1512,58 @@ spec: properties: clientCert: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientKey: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1368,11 +1583,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1383,21 +1604,30 @@ spec: properties: bearerToken: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1405,6 +1635,9 @@ spec: remoteNamespace: default: default description: Remote namespace to fetch the secrets from + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string server: description: configures the Kubernetes server Address. @@ -1417,13 +1650,22 @@ spec: description: 'see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider' properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -1460,16 +1702,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privatekey: @@ -1477,16 +1728,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -1543,11 +1803,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1572,16 +1838,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1630,16 +1905,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -1659,16 +1943,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -1678,16 +1971,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1730,11 +2032,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1760,16 +2068,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -1800,16 +2117,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -1829,11 +2155,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1861,16 +2193,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -1887,16 +2228,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1912,13 +2262,22 @@ spec: description: The provider for the CA bundle to use to validate Vault server certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -1991,13 +2350,22 @@ spec: description: The provider for the CA bundle to use to validate webhook server certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -2038,16 +2406,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2079,16 +2456,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2097,21 +2483,30 @@ spec: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2256,6 +2651,9 @@ spec: namespaces: description: Choose namespaces by name items: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: array type: object @@ -2299,16 +2697,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -2328,11 +2735,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -2351,54 +2764,81 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessType: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessTypeParam: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2415,14 +2855,23 @@ spec: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -2469,16 +2918,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessKeySecretSecretRef: @@ -2486,16 +2944,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2540,11 +3007,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -2560,16 +3033,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -2577,16 +3059,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -2597,16 +3088,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2683,16 +3183,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientId: @@ -2700,16 +3209,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -2717,16 +3235,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object tenantId: @@ -2734,16 +3261,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2790,11 +3326,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -2822,16 +3364,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2846,16 +3397,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2870,16 +3430,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2894,16 +3463,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2918,16 +3496,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2977,16 +3564,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3007,14 +3603,23 @@ spec: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -3053,16 +3658,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3093,40 +3707,58 @@ spec: type: string apiKeyRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3150,16 +3782,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -3177,11 +3818,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -3204,14 +3851,23 @@ spec: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -3242,16 +3898,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -3266,16 +3931,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -3313,16 +3987,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3352,16 +4035,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3433,16 +4125,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3463,16 +4164,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3497,11 +4207,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -3532,16 +4248,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3597,16 +4322,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3627,40 +4361,58 @@ spec: properties: clientId: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3696,21 +4448,30 @@ spec: properties: authRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object folderID: @@ -3732,40 +4493,58 @@ spec: properties: clientCert: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientKey: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3782,11 +4561,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -3796,21 +4581,30 @@ spec: properties: bearerToken: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3820,21 +4614,33 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object remoteNamespace: default: default description: Remote namespace to fetch the secrets from + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string server: description: configures the Kubernetes server Address. @@ -3848,14 +4654,23 @@ spec: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -3890,16 +4705,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object passcodeRef: @@ -3907,16 +4731,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3951,16 +4784,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3998,16 +4840,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privatekey: @@ -4015,16 +4866,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4081,11 +4941,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -4104,40 +4970,58 @@ spec: properties: passwordSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privateKeySecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4164,16 +5048,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4205,16 +5098,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4237,16 +5139,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4286,16 +5197,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -4319,16 +5239,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -4354,16 +5283,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -4383,16 +5321,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -4414,21 +5361,30 @@ spec: type: string clientSecretSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4481,16 +5437,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -4502,16 +5467,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4530,16 +5504,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -4549,16 +5532,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4586,11 +5578,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -4613,16 +5611,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -4630,16 +5637,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -4650,16 +5666,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4713,11 +5738,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -4743,16 +5774,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4783,16 +5823,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -4812,11 +5861,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -4844,16 +5899,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -4878,16 +5942,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userPass: @@ -4907,16 +5980,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -4942,14 +6024,23 @@ spec: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -5012,16 +6103,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object keySecretRef: @@ -5032,16 +6132,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -5076,13 +6185,22 @@ spec: description: The provider for the CA bundle to use to validate webhook server certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -5123,16 +6241,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -5164,16 +6291,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -5182,21 +6318,30 @@ spec: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -5217,16 +6362,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -5235,21 +6389,30 @@ spec: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -5399,6 +6562,10 @@ spec: - key type: object secretKey: + description: The key in the Kubernetes Secret to store the value. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string required: - remoteRef @@ -5446,12 +6613,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object target: description: |- @@ -5461,8 +6632,8 @@ spec: creationPolicy: default: Owner description: |- - CreationPolicy defines rules on how to create the resulting Secret - Defaults to 'Owner' + CreationPolicy defines rules on how to create the resulting Secret. + Defaults to "Owner" enum: - Owner - Merge @@ -5473,9 +6644,11 @@ spec: type: boolean name: description: |- - Name defines the name of the Secret resource to be managed - This field is immutable + The name of the Secret resource to be managed. Defaults to the .metadata.name of the ExternalSecret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string template: description: Template defines a blueprint for the created Secret resource. @@ -5514,15 +6687,24 @@ spec: configMap: properties: items: + description: A list of keys in the ConfigMap/Secret to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string required: - key type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -5531,15 +6713,24 @@ spec: secret: properties: items: + description: A list of keys in the ConfigMap/Secret to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string required: - key type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -5690,14 +6881,15 @@ spec: - key type: object secretKey: - description: |- - SecretKey defines the key in which the controller stores - the value. This is the key in the Kind=Secret + description: The key in the Kubernetes Secret to store the value. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string sourceRef: description: |- SourceRef allows you to override the source - from which the value will pulled from. + from which the value will be pulled. maxProperties: 1 properties: generatorRef: @@ -5716,6 +6908,9 @@ spec: type: string name: description: Specify the name of the generator resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - kind @@ -5728,12 +6923,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object type: object required: @@ -5882,6 +7081,9 @@ spec: type: string name: description: Specify the name of the generator resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - kind @@ -5894,12 +7096,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object type: object type: object @@ -5920,12 +7126,16 @@ spec: description: |- Kind of the SecretStore resource (SecretStore or ClusterSecretStore) Defaults to `SecretStore` + enum: + - SecretStore + - ClusterSecretStore type: string name: description: Name of the SecretStore resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string - required: - - name type: object target: default: @@ -5938,8 +7148,8 @@ spec: creationPolicy: default: Owner description: |- - CreationPolicy defines rules on how to create the resulting Secret - Defaults to 'Owner' + CreationPolicy defines rules on how to create the resulting Secret. + Defaults to "Owner" enum: - Owner - Orphan @@ -5949,8 +7159,8 @@ spec: deletionPolicy: default: Retain description: |- - DeletionPolicy defines rules on how to delete the resulting Secret - Defaults to 'Retain' + DeletionPolicy defines rules on how to delete the resulting Secret. + Defaults to "Retain" enum: - Delete - Merge @@ -5961,9 +7171,11 @@ spec: type: boolean name: description: |- - Name defines the name of the Secret resource to be managed - This field is immutable + The name of the Secret resource to be managed. Defaults to the .metadata.name of the ExternalSecret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string template: description: Template defines a blueprint for the created Secret resource. @@ -6006,9 +7218,14 @@ spec: configMap: properties: items: + description: A list of keys in the ConfigMap/Secret to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values @@ -6021,6 +7238,10 @@ spec: type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -6031,9 +7252,14 @@ spec: secret: properties: items: + description: A list of keys in the ConfigMap/Secret to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values @@ -6046,6 +7272,10 @@ spec: type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -6220,7 +7450,7 @@ spec: type: array deletionPolicy: default: None - description: 'Deletion Policy to handle Secrets in the provider. Possible Values: "Delete/None". Defaults to "None".' + description: Deletion Policy to handle Secrets in the provider. enum: - Delete - None @@ -6233,9 +7463,10 @@ spec: properties: kind: default: SecretStore - description: |- - Kind of the SecretStore resource (SecretStore or ClusterSecretStore) - Defaults to `SecretStore` + description: Kind of the SecretStore resource (SecretStore or ClusterSecretStore) + enum: + - SecretStore + - ClusterSecretStore type: string labelSelector: description: Optionally, sync to secret stores with label selector @@ -6283,6 +7514,9 @@ spec: x-kubernetes-map-type: atomic name: description: Optionally, sync to the SecretStore of the given name + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string type: object type: array @@ -6303,6 +7537,9 @@ spec: type: string name: description: Specify the name of the generator resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - kind @@ -6312,7 +7549,12 @@ spec: description: Select a Secret to Push. properties: name: - description: Name of the Secret. The Secret must exist in the same namespace as the PushSecret manifest. + description: |- + Name of the Secret. + The Secret must exist in the same namespace as the PushSecret manifest. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - name @@ -6359,9 +7601,14 @@ spec: configMap: properties: items: + description: A list of keys in the ConfigMap/Secret to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values @@ -6374,6 +7621,10 @@ spec: type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -6384,9 +7635,14 @@ spec: secret: properties: items: + description: A list of keys in the ConfigMap/Secret to use as templates for Secret data items: properties: key: + description: A key in the ConfigMap/Secret + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string templateAs: default: Values @@ -6399,6 +7655,10 @@ spec: type: object type: array name: + description: The name of the ConfigMap/Secret resource + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string required: - items @@ -6418,7 +7678,7 @@ spec: type: object updatePolicy: default: Replace - description: 'UpdatePolicy to handle Secrets in the provider. Possible Values: "Replace/IfNotExists". Defaults to "Replace".' + description: UpdatePolicy to handle Secrets in the provider. enum: - Replace - IfNotExists @@ -6616,16 +7876,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -6645,11 +7914,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -6668,54 +7943,81 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessType: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessTypeParam: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -6731,13 +8033,22 @@ spec: description: The provider for the CA bundle to use to validate Akeyless Gateway certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -6784,16 +8095,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessKeySecretSecretRef: @@ -6801,16 +8121,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -6850,11 +8179,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -6870,16 +8205,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -6887,16 +8231,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -6928,16 +8281,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -6945,16 +8307,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -6988,11 +8359,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -7042,16 +8419,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -7076,11 +8462,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -7108,16 +8500,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -7146,16 +8547,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -7181,40 +8591,58 @@ spec: properties: clientCert: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientKey: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -7234,11 +8662,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -7249,21 +8683,30 @@ spec: properties: bearerToken: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -7271,6 +8714,9 @@ spec: remoteNamespace: default: default description: Remote namespace to fetch the secrets from + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string server: description: configures the Kubernetes server Address. @@ -7283,13 +8729,22 @@ spec: description: 'see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider' properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -7326,16 +8781,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privatekey: @@ -7343,16 +8807,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -7409,11 +8882,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -7438,16 +8917,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -7496,16 +8984,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -7525,16 +9022,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -7544,16 +9050,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -7596,11 +9111,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -7626,16 +9147,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -7666,16 +9196,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -7695,11 +9234,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -7727,16 +9272,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -7753,16 +9307,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -7778,13 +9341,22 @@ spec: description: The provider for the CA bundle to use to validate Vault server certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -7857,13 +9429,22 @@ spec: description: The provider for the CA bundle to use to validate webhook server certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -7904,16 +9485,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -7945,16 +9535,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -7963,21 +9562,30 @@ spec: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -8122,6 +9730,9 @@ spec: namespaces: description: Choose namespaces by name items: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: array type: object @@ -8165,16 +9776,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -8194,11 +9814,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -8217,54 +9843,81 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessType: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessTypeParam: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -8281,14 +9934,23 @@ spec: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -8335,16 +9997,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessKeySecretSecretRef: @@ -8352,16 +10023,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -8406,11 +10086,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -8426,16 +10112,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -8443,16 +10138,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -8463,16 +10167,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -8549,16 +10262,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientId: @@ -8566,16 +10288,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -8583,16 +10314,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object tenantId: @@ -8600,16 +10340,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -8656,11 +10405,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -8688,16 +10443,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -8712,16 +10476,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -8736,16 +10509,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -8760,16 +10542,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -8784,16 +10575,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -8843,16 +10643,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -8873,14 +10682,23 @@ spec: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -8919,16 +10737,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -8959,40 +10786,58 @@ spec: type: string apiKeyRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -9016,16 +10861,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -9043,11 +10897,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -9070,14 +10930,23 @@ spec: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -9108,16 +10977,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -9132,16 +11010,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -9179,16 +11066,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -9218,16 +11114,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -9299,16 +11204,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -9329,16 +11243,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -9363,11 +11286,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -9398,16 +11327,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -9463,16 +11401,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -9493,40 +11440,58 @@ spec: properties: clientId: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -9562,21 +11527,30 @@ spec: properties: authRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object folderID: @@ -9598,40 +11572,58 @@ spec: properties: clientCert: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientKey: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -9648,11 +11640,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -9662,21 +11660,30 @@ spec: properties: bearerToken: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -9686,21 +11693,33 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object remoteNamespace: default: default description: Remote namespace to fetch the secrets from + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string server: description: configures the Kubernetes server Address. @@ -9714,14 +11733,23 @@ spec: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -9756,16 +11784,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object passcodeRef: @@ -9773,16 +11810,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -9817,16 +11863,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -9864,16 +11919,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privatekey: @@ -9881,16 +11945,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -9947,11 +12020,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -9970,40 +12049,58 @@ spec: properties: passwordSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privateKeySecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -10030,16 +12127,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -10071,16 +12177,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -10103,16 +12218,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -10152,16 +12276,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -10185,16 +12318,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -10220,16 +12362,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -10249,16 +12400,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -10280,21 +12440,30 @@ spec: type: string clientSecretSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -10347,16 +12516,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -10368,16 +12546,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -10396,16 +12583,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -10415,16 +12611,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -10452,11 +12657,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -10479,16 +12690,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -10496,16 +12716,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -10516,16 +12745,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -10579,11 +12817,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -10609,16 +12853,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -10649,16 +12902,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -10678,11 +12940,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -10710,16 +12978,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -10744,16 +13021,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userPass: @@ -10773,16 +13059,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -10808,14 +13103,23 @@ spec: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -10878,16 +13182,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object keySecretRef: @@ -10898,16 +13211,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -10942,13 +13264,22 @@ spec: description: The provider for the CA bundle to use to validate webhook server certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -10989,16 +13320,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -11030,16 +13370,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -11048,21 +13397,30 @@ spec: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -11083,16 +13441,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -11101,21 +13468,30 @@ spec: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -11260,16 +13636,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -11277,16 +13662,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -11311,11 +13705,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -11451,16 +13851,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -11468,16 +13877,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -11502,11 +13920,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -11571,11 +13995,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -11591,16 +14021,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -11608,16 +14047,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -11628,16 +14076,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -11681,16 +14138,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -11715,11 +14181,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -11748,21 +14220,30 @@ spec: properties: secretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -11851,11 +14332,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -11871,16 +14358,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -11888,16 +14384,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -11908,16 +14413,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -12004,16 +14518,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -12025,16 +14548,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -12053,16 +14585,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -12072,16 +14613,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -12109,11 +14659,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -12136,16 +14692,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -12153,16 +14718,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -12173,16 +14747,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -12236,11 +14819,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -12266,16 +14855,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -12306,16 +14904,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -12335,11 +14942,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -12367,16 +14980,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -12401,16 +15023,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userPass: @@ -12430,16 +15061,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -12465,14 +15105,23 @@ spec: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -12535,16 +15184,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object keySecretRef: @@ -12555,16 +15213,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -12624,13 +15291,22 @@ spec: description: The provider for the CA bundle to use to validate webhook server certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -12671,9 +15347,15 @@ spec: properties: key: description: The key where the token is found. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string type: object required: @@ -12787,11 +15469,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -12807,16 +15495,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -12824,16 +15521,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -12844,16 +15550,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -13021,16 +15736,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -13055,11 +15779,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -13148,21 +15878,30 @@ spec: properties: secretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -13378,11 +16117,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -13398,16 +16143,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -13415,16 +16169,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -13435,16 +16198,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -13650,16 +16422,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -13671,16 +16452,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -13699,16 +16489,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -13718,16 +16517,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -13755,11 +16563,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -13782,16 +16596,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -13799,16 +16622,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -13819,16 +16651,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -13882,11 +16723,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -13912,16 +16759,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -13952,16 +16808,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -13981,11 +16846,17 @@ spec: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -14013,16 +16884,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -14047,16 +16927,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userPass: @@ -14076,16 +16965,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -14111,14 +17009,23 @@ spec: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -14181,16 +17088,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object keySecretRef: @@ -14201,16 +17117,25 @@ spec: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -14334,13 +17259,22 @@ spec: description: The provider for the CA bundle to use to validate webhook server certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -14381,9 +17315,15 @@ spec: properties: key: description: The key where the token is found. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string type: object required: diff --git a/docs/api/spec.md b/docs/api/spec.md index c68aae94f4c..f99b374c291 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -1747,7 +1747,8 @@ string (Optional) -

    The name of the external secrets to be created defaults to the name of the ClusterExternalSecret

    +

    The name of the external secrets to be created. +Defaults to the name of the ClusterExternalSecret

    @@ -1935,7 +1936,8 @@ string (Optional) -

    The name of the external secrets to be created defaults to the name of the ClusterExternalSecret

    +

    The name of the external secrets to be created. +Defaults to the name of the ClusterExternalSecret

    @@ -3156,8 +3158,7 @@ string -

    SecretKey defines the key in which the controller stores -the value. This is the key in the Kind=Secret

    +

    The key in the Kubernetes Secret to store the value.

    @@ -3185,7 +3186,7 @@ StoreSourceRef

    SourceRef allows you to override the source -from which the value will pulled from.

    +from which the value will be pulled.

    @@ -3958,8 +3959,7 @@ string (Optional) -

    Name defines the name of the Secret resource to be managed -This field is immutable +

    The name of the Secret resource to be managed. Defaults to the .metadata.name of the ExternalSecret resource

    @@ -3974,8 +3974,8 @@ ExternalSecretCreationPolicy (Optional) -

    CreationPolicy defines rules on how to create the resulting Secret -Defaults to ‘Owner’

    +

    CreationPolicy defines rules on how to create the resulting Secret. +Defaults to “Owner”

    @@ -3989,8 +3989,8 @@ ExternalSecretDeletionPolicy (Optional) -

    DeletionPolicy defines rules on how to delete the resulting Secret -Defaults to ‘Retain’

    +

    DeletionPolicy defines rules on how to delete the resulting Secret. +Defaults to “Retain”

    @@ -7827,6 +7827,7 @@ string +

    The name of the ConfigMap/Secret resource

    @@ -7839,6 +7840,7 @@ string +

    A list of keys in the ConfigMap/Secret to use as templates for Secret data

    @@ -7867,6 +7869,7 @@ string +

    A key in the ConfigMap/Secret

    @@ -9187,7 +9190,7 @@ string -

    The key the value inside of the provider type to use, only used with “Secret” type

    +

    The key where the CA certificate can be found in the Secret or ConfigMap.

    From 0656bf33c5bde3b54afe6c5d21e246e58fb19be7 Mon Sep 17 00:00:00 2001 From: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Date: Sat, 30 Nov 2024 23:52:39 -0800 Subject: [PATCH 447/517] fix: issues with generators (#4163) * fix: issues with generators Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * fix generator RBAC permissions for controller Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * fix docs for UUID generator Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * update tilt to 0.33.10 Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * explicitly specify generator RBAC roles Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> * update helm test with new entries Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- Makefile | 2 +- .../v1beta1/externalsecret_types.go | 6 +- .../{generator.go => generator_interfaces.go} | 2 + apis/generators/v1alpha1/generator_types.go | 61 - apis/generators/v1alpha1/register.go | 25 +- .../{generator_acr.go => types_acr.go} | 2 +- apis/generators/v1alpha1/types_cluster.go | 81 + .../{generator_ecr.go => types_ecr.go} | 2 +- .../{generator_fake.go => types_fake.go} | 2 +- .../{generator_gcr.go => types_gcr.go} | 2 +- .../{generator_github.go => types_github.go} | 2 +- ...enerator_password.go => types_password.go} | 2 +- .../{generator_sts.go => types_sts.go} | 2 +- .../{generator_uuid.go => types_uuid.go} | 4 +- .../{generator_vault.go => types_vault.go} | 2 +- ...{generator_webhook.go => types_webhook.go} | 2 +- .../v1alpha1/zz_generated.deepcopy.go | 18 +- ...nal-secrets.io_clusterexternalsecrets.yaml | 32 +- .../external-secrets.io_externalsecrets.yaml | 32 +- .../external-secrets.io_pushsecrets.yaml | 15 +- ...s.external-secrets.io_acraccesstokens.yaml | 2 - ...external-secrets.io_clustergenerators.yaml | 20 +- ...nal-secrets.io_ecrauthorizationtokens.yaml | 2 - .../generators.external-secrets.io_fakes.yaml | 2 - ...s.external-secrets.io_gcraccesstokens.yaml | 2 - ...xternal-secrets.io_githubaccesstokens.yaml | 2 - ...erators.external-secrets.io_passwords.yaml | 2 - ....external-secrets.io_stssessiontokens.yaml | 2 - .../generators.external-secrets.io_uuids.yaml | 2 - ...ternal-secrets.io_vaultdynamicsecrets.yaml | 2 - ...nerators.external-secrets.io_webhooks.yaml | 2 - .../external-secrets/templates/rbac.yaml | 2 + .../tests/__snapshot__/crds_test.yaml.snap | 2071 +++++++++++++---- deploy/crds/bundle.yaml | 113 +- docs/api/spec.md | 2 +- docs/snippets/generator-uuid-example.yaml | 2 +- docs/snippets/generator-uuid.yaml | 2 +- pkg/generator/register/register.go | 2 + pkg/generator/sts/sts.go | 2 +- pkg/utils/resolvers/generator.go | 22 +- 40 files changed, 1915 insertions(+), 639 deletions(-) rename apis/generators/v1alpha1/{generator.go => generator_interfaces.go} (89%) rename apis/generators/v1alpha1/{generator_acr.go => types_acr.go} (98%) create mode 100644 apis/generators/v1alpha1/types_cluster.go rename apis/generators/v1alpha1/{generator_ecr.go => types_ecr.go} (98%) rename apis/generators/v1alpha1/{generator_fake.go => types_fake.go} (97%) rename apis/generators/v1alpha1/{generator_gcr.go => types_gcr.go} (97%) rename apis/generators/v1alpha1/{generator_github.go => types_github.go} (97%) rename apis/generators/v1alpha1/{generator_password.go => types_password.go} (97%) rename apis/generators/v1alpha1/{generator_sts.go => types_sts.go} (98%) rename apis/generators/v1alpha1/{generator_uuid.go => types_uuid.go} (93%) rename apis/generators/v1alpha1/{generator_vault.go => types_vault.go} (97%) rename apis/generators/v1alpha1/{generator_webhook.go => types_webhook.go} (98%) diff --git a/Makefile b/Makefile index 22b34874aa0..6e019d7e0b6 100644 --- a/Makefile +++ b/Makefile @@ -334,7 +334,7 @@ GOLANGCI_LINT ?= $(LOCALBIN)/golangci-lint ## Tool Versions GOLANGCI_VERSION := 1.61.0 KUBERNETES_VERSION := 1.30.x -TILT_VERSION := 0.33.10 +TILT_VERSION := 0.33.21 .PHONY: envtest envtest: $(ENVTEST) ## Download envtest-setup locally if necessary. diff --git a/apis/externalsecrets/v1beta1/externalsecret_types.go b/apis/externalsecrets/v1beta1/externalsecret_types.go index 69d01118494..54e37e5b2ac 100644 --- a/apis/externalsecrets/v1beta1/externalsecret_types.go +++ b/apis/externalsecrets/v1beta1/externalsecret_types.go @@ -391,6 +391,7 @@ type ExternalSecretSpec struct { // from which the secret will be pulled from. // You can define at maximum one property. // +kubebuilder:validation:MaxProperties=1 +// +kubebuilder:validation:MinProperties=1 type StoreSourceRef struct { // +optional SecretStoreRef SecretStoreRef `json:"storeRef,omitempty"` @@ -406,6 +407,7 @@ type StoreSourceRef struct { // from which the secret will be pulled from. // You can define at maximum one property. // +kubebuilder:validation:MaxProperties=1 +// +kubebuilder:validation:MinProperties=1 type StoreGeneratorSourceRef struct { // +optional SecretStoreRef *SecretStoreRef `json:"storeRef,omitempty"` @@ -420,7 +422,9 @@ type GeneratorRef struct { // Specify the apiVersion of the generator resource // +kubebuilder:default="generators.external-secrets.io/v1alpha1" APIVersion string `json:"apiVersion,omitempty"` - // Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc. + + // Specify the Kind of the generator resource + // +kubebuilder:validation:Enum=ACRAccessToken;ClusterGenerator;ECRAuthorizationToken;Fake;GCRAccessToken;GithubAccessToken;Password;STSSessionToken;UUID;VaultDynamicSecret;Webhook Kind string `json:"kind"` // Specify the name of the generator resource diff --git a/apis/generators/v1alpha1/generator.go b/apis/generators/v1alpha1/generator_interfaces.go similarity index 89% rename from apis/generators/v1alpha1/generator.go rename to apis/generators/v1alpha1/generator_interfaces.go index 57283adec0c..64af15bbeda 100644 --- a/apis/generators/v1alpha1/generator.go +++ b/apis/generators/v1alpha1/generator_interfaces.go @@ -25,6 +25,8 @@ import ( // +kubebuilder:object:generate:false // +k8s:deepcopy-gen:interfaces=nil // +k8s:deepcopy-gen=nil + +// Generator is the common interface for all generators that is actually used to generate whatever is needed. type Generator interface { Generate( ctx context.Context, diff --git a/apis/generators/v1alpha1/generator_types.go b/apis/generators/v1alpha1/generator_types.go index d5de79d3ad1..6d7ac9d4242 100644 --- a/apis/generators/v1alpha1/generator_types.go +++ b/apis/generators/v1alpha1/generator_types.go @@ -14,69 +14,8 @@ limitations under the License. package v1alpha1 -import ( - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" -) - -// A couple of constants to define the generator's keys for accessing via Resource map values. -const ( - GeneratorGeneratorKey = "generator" - GeneratorKindKey = "kind" - GeneratorSpecKey = "spec" -) - type ControllerClassResource struct { Spec struct { ControllerClass string `json:"controller"` } `json:"spec"` } - -type GeneratorSpec struct { - // NOTE: when adding new supported generators, make sure to also update - // clusterGeneratorToVirtual() function in pkg/utils/resolvers/generator.go - // so they can be unpacked correctly. - - ACRAccessTokenSpec *ACRAccessTokenSpec `json:"acrAccessTokenSpec,omitempty"` - ECRAuthorizationTokenSpec *ECRAuthorizationTokenSpec `json:"ecrRAuthorizationTokenSpec,omitempty"` - FakeSpec *FakeSpec `json:"fakeSpec,omitempty"` - GCRAccessTokenSpec *GCRAccessTokenSpec `json:"gcrAccessTokenSpec,omitempty"` - GithubAccessTokenSpec *GithubAccessTokenSpec `json:"githubAccessTokenSpec,omitempty"` - PasswordSpec *PasswordSpec `json:"passwordSpec,omitempty"` - STSSessionTokenSpec *STSSessionTokenSpec `json:"stsSessionTokenSpec,omitempty"` - UUIDSpec *UUIDSpec `json:"uuidSpec,omitempty"` - VaultDynamicSecretSpec *VaultDynamicSecretSpec `json:"vaultDynamicSecretSpec,omitempty"` - WebhookSpec *WebhookSpec `json:"webhookSpec,omitempty"` -} - -type ClusterGeneratorSpec struct { - Kind string `json:"kind"` - Generator GeneratorSpec `json:"generator"` -} - -type ClusterGeneratorStatus struct{} - -// +kubebuilder:object:root=true -// +kubebuilder:storageversion - -// ClusterGenerator represents a cluster-wide generator which can be referenced as part of `generatorRef` fields. -// +kubebuilder:object:root=true -// +kubebuilder:storageversion -// +kubebuilder:subresource:status -// +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Cluster,categories={external-secrets, external-secrets-generators},shortName=cg -type ClusterGenerator struct { - metav1.TypeMeta `json:",inline"` - metav1.ObjectMeta `json:"metadata,omitempty"` - - Spec ClusterGeneratorSpec `json:"spec,omitempty"` - Status ClusterGeneratorStatus `json:"status,omitempty"` -} - -// +kubebuilder:object:root=true - -// ClusterGeneratorList contains a list of ClusterGenerator resources. -type ClusterGeneratorList struct { - metav1.TypeMeta `json:",inline"` - metav1.ListMeta `json:"metadata,omitempty"` - Items []ClusterGenerator `json:"items"` -} diff --git a/apis/generators/v1alpha1/register.go b/apis/generators/v1alpha1/register.go index beebc86f3ba..1b63c52b468 100644 --- a/apis/generators/v1alpha1/register.go +++ b/apis/generators/v1alpha1/register.go @@ -125,13 +125,30 @@ var ( ) func init() { + /* + =============================================================================== + NOTE: when adding support for new kinds of generators: + 1. register the struct types in `SchemeBuilder` (right below this note) + 2. update the `kubebuilder:validation:Enum` annotation for GeneratorRef.Kind (apis/externalsecrets/v1beta1/externalsecret_types.go) + 3. add it to the imports of (pkg/generator/register/register.go) + 4. add it to the ClusterRole called "*-controller" (deploy/charts/external-secrets/templates/rbac.yaml) + 5. support it in ClusterGenerator: + - add a new GeneratorKind enum value (apis/generators/v1alpha1/types_cluster.go) + - update the `kubebuilder:validation:Enum` annotation for the GeneratorKind enum + - add a spec field to GeneratorSpec (apis/generators/v1alpha1/types_cluster.go) + - update the clusterGeneratorToVirtual() function (pkg/utils/resolvers/generator.go) + =============================================================================== + */ + + SchemeBuilder.Register(&ACRAccessToken{}, &ACRAccessTokenList{}) + SchemeBuilder.Register(&ClusterGenerator{}, &ClusterGeneratorList{}) SchemeBuilder.Register(&ECRAuthorizationToken{}, &ECRAuthorizationTokenList{}) + SchemeBuilder.Register(&Fake{}, &FakeList{}) SchemeBuilder.Register(&GCRAccessToken{}, &GCRAccessTokenList{}) SchemeBuilder.Register(&GithubAccessToken{}, &GithubAccessTokenList{}) - SchemeBuilder.Register(&ACRAccessToken{}, &ACRAccessTokenList{}) - SchemeBuilder.Register(&Fake{}, &FakeList{}) - SchemeBuilder.Register(&VaultDynamicSecret{}, &VaultDynamicSecretList{}) SchemeBuilder.Register(&Password{}, &PasswordList{}) + SchemeBuilder.Register(&STSSessionToken{}, &STSSessionTokenList{}) + SchemeBuilder.Register(&UUID{}, &UUIDList{}) + SchemeBuilder.Register(&VaultDynamicSecret{}, &VaultDynamicSecretList{}) SchemeBuilder.Register(&Webhook{}, &WebhookList{}) - SchemeBuilder.Register(&ClusterGenerator{}, &ClusterGeneratorList{}) } diff --git a/apis/generators/v1alpha1/generator_acr.go b/apis/generators/v1alpha1/types_acr.go similarity index 98% rename from apis/generators/v1alpha1/generator_acr.go rename to apis/generators/v1alpha1/types_acr.go index c1b19d368bd..2b940c660f8 100644 --- a/apis/generators/v1alpha1/generator_acr.go +++ b/apis/generators/v1alpha1/types_acr.go @@ -105,7 +105,7 @@ type AzureACRServicePrincipalAuthSecretRef struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=acraccesstoken +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators} type ACRAccessToken struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/types_cluster.go b/apis/generators/v1alpha1/types_cluster.go new file mode 100644 index 00000000000..04928580c74 --- /dev/null +++ b/apis/generators/v1alpha1/types_cluster.go @@ -0,0 +1,81 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +type ClusterGeneratorSpec struct { + // Kind the kind of this generator. + Kind GeneratorKind `json:"kind"` + + // Generator the spec for this generator, must match the kind. + Generator GeneratorSpec `json:"generator"` +} + +// GeneratorKind represents a kind of generator. +// +kubebuilder:validation:Enum=ACRAccessToken;ECRAuthorizationToken;Fake;GCRAccessToken;GithubAccessToken;Password;STSSessionToken;UUID;VaultDynamicSecret;Webhook +type GeneratorKind string + +const ( + GeneratorKindACRAccessToken GeneratorKind = "ACRAccessToken" + GeneratorKindECRAuthorizationToken GeneratorKind = "ECRAuthorizationToken" + GeneratorKindFake GeneratorKind = "Fake" + GeneratorKindGCRAccessToken GeneratorKind = "GCRAccessToken" + GeneratorKindGithubAccessToken GeneratorKind = "GithubAccessToken" + GeneratorKindPassword GeneratorKind = "Password" + GeneratorKindSTSSessionToken GeneratorKind = "STSSessionToken" + GeneratorKindUUID GeneratorKind = "UUID" + GeneratorKindVaultDynamicSecret GeneratorKind = "VaultDynamicSecret" + GeneratorKindWebhook GeneratorKind = "Webhook" +) + +// +kubebuilder:validation:MaxProperties=1 +// +kubebuilder:validation:MinProperties=1 +type GeneratorSpec struct { + ACRAccessTokenSpec *ACRAccessTokenSpec `json:"acrAccessTokenSpec,omitempty"` + ECRAuthorizationTokenSpec *ECRAuthorizationTokenSpec `json:"ecrRAuthorizationTokenSpec,omitempty"` + FakeSpec *FakeSpec `json:"fakeSpec,omitempty"` + GCRAccessTokenSpec *GCRAccessTokenSpec `json:"gcrAccessTokenSpec,omitempty"` + GithubAccessTokenSpec *GithubAccessTokenSpec `json:"githubAccessTokenSpec,omitempty"` + PasswordSpec *PasswordSpec `json:"passwordSpec,omitempty"` + STSSessionTokenSpec *STSSessionTokenSpec `json:"stsSessionTokenSpec,omitempty"` + UUIDSpec *UUIDSpec `json:"uuidSpec,omitempty"` + VaultDynamicSecretSpec *VaultDynamicSecretSpec `json:"vaultDynamicSecretSpec,omitempty"` + WebhookSpec *WebhookSpec `json:"webhookSpec,omitempty"` +} + +// ClusterGenerator represents a cluster-wide generator which can be referenced as part of `generatorRef` fields. +// +kubebuilder:object:root=true +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" +// +kubebuilder:resource:scope=Cluster,categories={external-secrets, external-secrets-generators} +type ClusterGenerator struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec ClusterGeneratorSpec `json:"spec,omitempty"` +} + +// +kubebuilder:object:root=true + +// ClusterGeneratorList contains a list of ClusterGenerator resources. +type ClusterGeneratorList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []ClusterGenerator `json:"items"` +} diff --git a/apis/generators/v1alpha1/generator_ecr.go b/apis/generators/v1alpha1/types_ecr.go similarity index 98% rename from apis/generators/v1alpha1/generator_ecr.go rename to apis/generators/v1alpha1/types_ecr.go index 30e2fbe7414..b66a7f3b254 100644 --- a/apis/generators/v1alpha1/generator_ecr.go +++ b/apis/generators/v1alpha1/types_ecr.go @@ -75,7 +75,7 @@ type AWSJWTAuth struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=ecrauthorizationtoken +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators} type ECRAuthorizationToken struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_fake.go b/apis/generators/v1alpha1/types_fake.go similarity index 97% rename from apis/generators/v1alpha1/generator_fake.go rename to apis/generators/v1alpha1/types_fake.go index d62bbd5f41f..cebf116c83c 100644 --- a/apis/generators/v1alpha1/generator_fake.go +++ b/apis/generators/v1alpha1/types_fake.go @@ -36,7 +36,7 @@ type FakeSpec struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=fake +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators} type Fake struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_gcr.go b/apis/generators/v1alpha1/types_gcr.go similarity index 97% rename from apis/generators/v1alpha1/generator_gcr.go rename to apis/generators/v1alpha1/types_gcr.go index 08c67571315..6c973fb9109 100644 --- a/apis/generators/v1alpha1/generator_gcr.go +++ b/apis/generators/v1alpha1/types_gcr.go @@ -53,7 +53,7 @@ type GCPWorkloadIdentity struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=gcraccesstoken +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators} type GCRAccessToken struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_github.go b/apis/generators/v1alpha1/types_github.go similarity index 97% rename from apis/generators/v1alpha1/generator_github.go rename to apis/generators/v1alpha1/types_github.go index d22608875ac..cbb0f22a62f 100644 --- a/apis/generators/v1alpha1/generator_github.go +++ b/apis/generators/v1alpha1/types_github.go @@ -47,7 +47,7 @@ type GithubSecretRef struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=githubaccesstoken +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators} type GithubAccessToken struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_password.go b/apis/generators/v1alpha1/types_password.go similarity index 97% rename from apis/generators/v1alpha1/generator_password.go rename to apis/generators/v1alpha1/types_password.go index 1eff0be8c51..56e833c9cfe 100644 --- a/apis/generators/v1alpha1/generator_password.go +++ b/apis/generators/v1alpha1/types_password.go @@ -53,7 +53,7 @@ type PasswordSpec struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=password +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators} type Password struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_sts.go b/apis/generators/v1alpha1/types_sts.go similarity index 98% rename from apis/generators/v1alpha1/generator_sts.go rename to apis/generators/v1alpha1/types_sts.go index 61aeba4df33..3b8c4113b1f 100644 --- a/apis/generators/v1alpha1/generator_sts.go +++ b/apis/generators/v1alpha1/types_sts.go @@ -62,7 +62,7 @@ type STSSessionTokenSpec struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=stssessiontoken +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators} type STSSessionToken struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_uuid.go b/apis/generators/v1alpha1/types_uuid.go similarity index 93% rename from apis/generators/v1alpha1/generator_uuid.go rename to apis/generators/v1alpha1/types_uuid.go index 5059d84cb61..dfeff408394 100644 --- a/apis/generators/v1alpha1/generator_uuid.go +++ b/apis/generators/v1alpha1/types_uuid.go @@ -26,7 +26,7 @@ type UUIDSpec struct{} // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=uuids +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators} type UUID struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` @@ -40,5 +40,5 @@ type UUID struct { type UUIDList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` - Items []Password `json:"items"` + Items []UUID `json:"items"` } diff --git a/apis/generators/v1alpha1/generator_vault.go b/apis/generators/v1alpha1/types_vault.go similarity index 97% rename from apis/generators/v1alpha1/generator_vault.go rename to apis/generators/v1alpha1/types_vault.go index 9c4634d18a5..571682646a4 100644 --- a/apis/generators/v1alpha1/generator_vault.go +++ b/apis/generators/v1alpha1/types_vault.go @@ -64,7 +64,7 @@ const ( // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=vaultdynamicsecret +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators} type VaultDynamicSecret struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/generator_webhook.go b/apis/generators/v1alpha1/types_webhook.go similarity index 98% rename from apis/generators/v1alpha1/generator_webhook.go rename to apis/generators/v1alpha1/types_webhook.go index 3c2fc0cc710..c4fa8b4d02c 100644 --- a/apis/generators/v1alpha1/generator_webhook.go +++ b/apis/generators/v1alpha1/types_webhook.go @@ -129,7 +129,7 @@ type SecretKeySelector struct { // +kubebuilder:storageversion // +kubebuilder:subresource:status // +kubebuilder:metadata:labels="external-secrets.io/component=controller" -// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators},shortName=webhookl +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators} type Webhook struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` diff --git a/apis/generators/v1alpha1/zz_generated.deepcopy.go b/apis/generators/v1alpha1/zz_generated.deepcopy.go index 5eea441bc4c..32ec9812138 100644 --- a/apis/generators/v1alpha1/zz_generated.deepcopy.go +++ b/apis/generators/v1alpha1/zz_generated.deepcopy.go @@ -271,7 +271,6 @@ func (in *ClusterGenerator) DeepCopyInto(out *ClusterGenerator) { out.TypeMeta = in.TypeMeta in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) in.Spec.DeepCopyInto(&out.Spec) - out.Status = in.Status } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGenerator. @@ -340,21 +339,6 @@ func (in *ClusterGeneratorSpec) DeepCopy() *ClusterGeneratorSpec { return out } -// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *ClusterGeneratorStatus) DeepCopyInto(out *ClusterGeneratorStatus) { - *out = *in -} - -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClusterGeneratorStatus. -func (in *ClusterGeneratorStatus) DeepCopy() *ClusterGeneratorStatus { - if in == nil { - return nil - } - out := new(ClusterGeneratorStatus) - in.DeepCopyInto(out) - return out -} - // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ControllerClassResource) DeepCopyInto(out *ControllerClassResource) { *out = *in @@ -1084,7 +1068,7 @@ func (in *UUIDList) DeepCopyInto(out *UUIDList) { in.ListMeta.DeepCopyInto(&out.ListMeta) if in.Items != nil { in, out := &in.Items, &out.Items - *out = make([]Password, len(*in)) + *out = make([]UUID, len(*in)) for i := range *in { (*in)[i].DeepCopyInto(&(*out)[i]) } diff --git a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml index 48ef50a038f..666d872d165 100644 --- a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml @@ -142,6 +142,7 @@ spec: SourceRef allows you to override the source from which the value will be pulled. maxProperties: 1 + minProperties: 1 properties: generatorRef: description: |- @@ -156,8 +157,19 @@ spec: resource type: string kind: - description: Specify the Kind of the resource, e.g. - Password, ACRAccessToken, ClusterGenerator etc. + description: Specify the Kind of the generator resource + enum: + - ACRAccessToken + - ClusterGenerator + - ECRAuthorizationToken + - Fake + - GCRAccessToken + - GithubAccessToken + - Password + - STSSessionToken + - UUID + - VaultDynamicSecret + - Webhook type: string name: description: Specify the name of the generator resource @@ -328,6 +340,7 @@ spec: When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values maxProperties: 1 + minProperties: 1 properties: generatorRef: description: GeneratorRef points to a generator custom @@ -339,8 +352,19 @@ spec: resource type: string kind: - description: Specify the Kind of the resource, e.g. - Password, ACRAccessToken, ClusterGenerator etc. + description: Specify the Kind of the generator resource + enum: + - ACRAccessToken + - ClusterGenerator + - ECRAuthorizationToken + - Fake + - GCRAccessToken + - GithubAccessToken + - Password + - STSSessionToken + - UUID + - VaultDynamicSecret + - Webhook type: string name: description: Specify the name of the generator resource diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index 62860c548f7..943e0ee1ec4 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -432,6 +432,7 @@ spec: SourceRef allows you to override the source from which the value will be pulled. maxProperties: 1 + minProperties: 1 properties: generatorRef: description: |- @@ -446,8 +447,19 @@ spec: resource type: string kind: - description: Specify the Kind of the resource, e.g. - Password, ACRAccessToken, ClusterGenerator etc. + description: Specify the Kind of the generator resource + enum: + - ACRAccessToken + - ClusterGenerator + - ECRAuthorizationToken + - Fake + - GCRAccessToken + - GithubAccessToken + - Password + - STSSessionToken + - UUID + - VaultDynamicSecret + - Webhook type: string name: description: Specify the name of the generator resource @@ -618,6 +630,7 @@ spec: When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values maxProperties: 1 + minProperties: 1 properties: generatorRef: description: GeneratorRef points to a generator custom resource. @@ -628,8 +641,19 @@ spec: resource type: string kind: - description: Specify the Kind of the resource, e.g. - Password, ACRAccessToken, ClusterGenerator etc. + description: Specify the Kind of the generator resource + enum: + - ACRAccessToken + - ClusterGenerator + - ECRAuthorizationToken + - Fake + - GCRAccessToken + - GithubAccessToken + - Password + - STSSessionToken + - UUID + - VaultDynamicSecret + - Webhook type: string name: description: Specify the name of the generator resource diff --git a/config/crds/bases/external-secrets.io_pushsecrets.yaml b/config/crds/bases/external-secrets.io_pushsecrets.yaml index 029e2752713..e433d5738dd 100644 --- a/config/crds/bases/external-secrets.io_pushsecrets.yaml +++ b/config/crds/bases/external-secrets.io_pushsecrets.yaml @@ -180,8 +180,19 @@ spec: description: Specify the apiVersion of the generator resource type: string kind: - description: Specify the Kind of the resource, e.g. Password, - ACRAccessToken, ClusterGenerator etc. + description: Specify the Kind of the generator resource + enum: + - ACRAccessToken + - ClusterGenerator + - ECRAuthorizationToken + - Fake + - GCRAccessToken + - GithubAccessToken + - Password + - STSSessionToken + - UUID + - VaultDynamicSecret + - Webhook type: string name: description: Specify the name of the generator resource diff --git a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml index d5adc12b410..c23b626c376 100644 --- a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml @@ -15,8 +15,6 @@ spec: kind: ACRAccessToken listKind: ACRAccessTokenList plural: acraccesstokens - shortNames: - - acraccesstoken singular: acraccesstoken scope: Namespaced versions: diff --git a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml index dfd0fce0e1a..a4bf5a1a5cf 100644 --- a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml +++ b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml @@ -15,8 +15,6 @@ spec: kind: ClusterGenerator listKind: ClusterGeneratorList plural: clustergenerators - shortNames: - - cg singular: clustergenerator scope: Cluster versions: @@ -46,6 +44,10 @@ spec: spec: properties: generator: + description: Generator the spec for this generator, must match the + kind. + maxProperties: 1 + minProperties: 1 properties: acrAccessTokenSpec: description: |- @@ -1676,13 +1678,23 @@ spec: type: object type: object kind: + description: Kind the kind of this generator. + enum: + - ACRAccessToken + - ECRAuthorizationToken + - Fake + - GCRAccessToken + - GithubAccessToken + - Password + - STSSessionToken + - UUID + - VaultDynamicSecret + - Webhook type: string required: - generator - kind type: object - status: - type: object type: object served: true storage: true diff --git a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml index 12d1d760564..292bee76447 100644 --- a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml @@ -15,8 +15,6 @@ spec: kind: ECRAuthorizationToken listKind: ECRAuthorizationTokenList plural: ecrauthorizationtokens - shortNames: - - ecrauthorizationtoken singular: ecrauthorizationtoken scope: Namespaced versions: diff --git a/config/crds/bases/generators.external-secrets.io_fakes.yaml b/config/crds/bases/generators.external-secrets.io_fakes.yaml index c28d6f529c0..b24f3fc73fe 100644 --- a/config/crds/bases/generators.external-secrets.io_fakes.yaml +++ b/config/crds/bases/generators.external-secrets.io_fakes.yaml @@ -15,8 +15,6 @@ spec: kind: Fake listKind: FakeList plural: fakes - shortNames: - - fake singular: fake scope: Namespaced versions: diff --git a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml index 2c54287d8b9..56c86748ed0 100644 --- a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml @@ -15,8 +15,6 @@ spec: kind: GCRAccessToken listKind: GCRAccessTokenList plural: gcraccesstokens - shortNames: - - gcraccesstoken singular: gcraccesstoken scope: Namespaced versions: diff --git a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml index 9b9c0302c0c..facd3502f3e 100644 --- a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml @@ -15,8 +15,6 @@ spec: kind: GithubAccessToken listKind: GithubAccessTokenList plural: githubaccesstokens - shortNames: - - githubaccesstoken singular: githubaccesstoken scope: Namespaced versions: diff --git a/config/crds/bases/generators.external-secrets.io_passwords.yaml b/config/crds/bases/generators.external-secrets.io_passwords.yaml index 985791e05bb..a4d06263f95 100644 --- a/config/crds/bases/generators.external-secrets.io_passwords.yaml +++ b/config/crds/bases/generators.external-secrets.io_passwords.yaml @@ -15,8 +15,6 @@ spec: kind: Password listKind: PasswordList plural: passwords - shortNames: - - password singular: password scope: Namespaced versions: diff --git a/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml b/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml index f52be89bd3a..62e1e976fbe 100644 --- a/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml @@ -15,8 +15,6 @@ spec: kind: STSSessionToken listKind: STSSessionTokenList plural: stssessiontokens - shortNames: - - stssessiontoken singular: stssessiontoken scope: Namespaced versions: diff --git a/config/crds/bases/generators.external-secrets.io_uuids.yaml b/config/crds/bases/generators.external-secrets.io_uuids.yaml index 736e1372d18..345bc0b1380 100644 --- a/config/crds/bases/generators.external-secrets.io_uuids.yaml +++ b/config/crds/bases/generators.external-secrets.io_uuids.yaml @@ -15,8 +15,6 @@ spec: kind: UUID listKind: UUIDList plural: uuids - shortNames: - - uuids singular: uuid scope: Namespaced versions: diff --git a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml index 3922806b3a8..277c2340102 100644 --- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml +++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml @@ -15,8 +15,6 @@ spec: kind: VaultDynamicSecret listKind: VaultDynamicSecretList plural: vaultdynamicsecrets - shortNames: - - vaultdynamicsecret singular: vaultdynamicsecret scope: Namespaced versions: diff --git a/config/crds/bases/generators.external-secrets.io_webhooks.yaml b/config/crds/bases/generators.external-secrets.io_webhooks.yaml index 265531a91a3..c681e7d0306 100644 --- a/config/crds/bases/generators.external-secrets.io_webhooks.yaml +++ b/config/crds/bases/generators.external-secrets.io_webhooks.yaml @@ -15,8 +15,6 @@ spec: kind: Webhook listKind: WebhookList plural: webhooks - shortNames: - - webhookl singular: webhook scope: Namespaced versions: diff --git a/deploy/charts/external-secrets/templates/rbac.yaml b/deploy/charts/external-secrets/templates/rbac.yaml index f39beb0d24e..cfb3d4bff15 100644 --- a/deploy/charts/external-secrets/templates/rbac.yaml +++ b/deploy/charts/external-secrets/templates/rbac.yaml @@ -57,6 +57,8 @@ rules: - "gcraccesstokens" - "githubaccesstokens" - "passwords" + - "stssessiontokens" + - "uuids" - "vaultdynamicsecrets" - "webhooks" verbs: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap index 76ab27f3567..4e2ffb32751 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/crds_test.yaml.snap @@ -103,16 +103,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -132,11 +141,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -155,54 +170,81 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessType: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessTypeParam: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -218,13 +260,22 @@ should match snapshot of default values: description: The provider for the CA bundle to use to validate Akeyless Gateway certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -271,16 +322,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessKeySecretSecretRef: @@ -288,16 +348,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -337,11 +406,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -357,16 +432,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -374,16 +458,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -415,16 +508,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -432,16 +534,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -475,11 +586,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -529,16 +646,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -563,11 +689,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -595,16 +727,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -633,16 +774,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -668,40 +818,58 @@ should match snapshot of default values: properties: clientCert: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientKey: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -721,11 +889,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -736,21 +910,30 @@ should match snapshot of default values: properties: bearerToken: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -758,6 +941,9 @@ should match snapshot of default values: remoteNamespace: default: default description: Remote namespace to fetch the secrets from + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string server: description: configures the Kubernetes server Address. @@ -770,13 +956,22 @@ should match snapshot of default values: description: 'see: https://external-secrets.io/v0.4.1/spec/#external-secrets.io/v1alpha1.CAProvider' properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -813,16 +1008,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privatekey: @@ -830,16 +1034,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -896,11 +1109,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -925,16 +1144,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -983,16 +1211,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -1012,16 +1249,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -1031,16 +1277,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1083,11 +1338,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1113,16 +1374,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -1153,16 +1423,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -1182,11 +1461,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1214,16 +1499,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -1240,16 +1534,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1265,13 +1568,22 @@ should match snapshot of default values: description: The provider for the CA bundle to use to validate Vault server certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -1344,13 +1656,22 @@ should match snapshot of default values: description: The provider for the CA bundle to use to validate webhook server certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -1391,16 +1712,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -1432,16 +1762,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1450,21 +1789,30 @@ should match snapshot of default values: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1609,6 +1957,9 @@ should match snapshot of default values: namespaces: description: Choose namespaces by name items: + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: array type: object @@ -1652,16 +2003,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -1681,11 +2041,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1704,54 +2070,81 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessType: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessTypeParam: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -1768,14 +2161,23 @@ should match snapshot of default values: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -1822,16 +2224,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object accessKeySecretSecretRef: @@ -1839,16 +2250,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -1893,11 +2313,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -1913,16 +2339,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -1930,16 +2365,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -1950,16 +2394,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2036,16 +2489,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientId: @@ -2053,16 +2515,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: @@ -2070,16 +2541,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object tenantId: @@ -2087,16 +2567,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2143,11 +2632,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -2167,24 +2662,66 @@ should match snapshot of default values: auth: description: Auth configures how the operator authenticates with Beyondtrust. properties: + apiKey: + description: APIKey If not provided then ClientID/ClientSecret become required. + properties: + secretRef: + description: SecretRef references a key in a secret that will be used as value. + properties: + key: + description: |- + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ + type: string + name: + description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + type: object + value: + description: Value can be specified directly to set a value without using a secret. + type: string + type: object certificate: - description: Content of the certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. + description: Certificate (cert.pem) for use when authenticating with an OAuth client Id using a Client Certificate. properties: secretRef: description: SecretRef references a key in a secret that will be used as value. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2199,16 +2736,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2216,22 +2762,32 @@ should match snapshot of default values: type: string type: object clientId: + description: ClientID is the API OAuth Client ID. properties: secretRef: description: SecretRef references a key in a secret that will be used as value. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2239,31 +2795,38 @@ should match snapshot of default values: type: string type: object clientSecret: + description: ClientSecret is the API OAuth Client Secret. properties: secretRef: description: SecretRef references a key in a secret that will be used as value. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: description: Value can be specified directly to set a value without using a secret. type: string type: object - required: - - clientId - - clientSecret type: object server: description: Auth configures how API server works. @@ -2307,16 +2870,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2337,14 +2909,23 @@ should match snapshot of default values: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -2383,16 +2964,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2423,40 +3013,58 @@ should match snapshot of default values: type: string apiKeyRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2480,16 +3088,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -2507,11 +3124,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -2534,14 +3157,23 @@ should match snapshot of default values: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -2572,16 +3204,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2596,16 +3237,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -2643,16 +3293,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2682,16 +3341,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -2763,16 +3431,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2793,16 +3470,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2827,11 +3513,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -2862,16 +3554,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2927,16 +3628,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -2957,40 +3667,58 @@ should match snapshot of default values: properties: clientId: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientSecret: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3026,21 +3754,30 @@ should match snapshot of default values: properties: authRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object folderID: @@ -3062,40 +3799,58 @@ should match snapshot of default values: properties: clientCert: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object clientKey: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3112,11 +3867,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -3126,21 +3887,30 @@ should match snapshot of default values: properties: bearerToken: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3150,21 +3920,33 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object remoteNamespace: default: default description: Remote namespace to fetch the secrets from + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string server: description: configures the Kubernetes server Address. @@ -3178,14 +3960,23 @@ should match snapshot of default values: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -3220,16 +4011,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object passcodeRef: @@ -3237,16 +4037,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3281,16 +4090,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3328,16 +4146,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privatekey: @@ -3345,16 +4172,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3411,11 +4247,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -3434,40 +4276,58 @@ should match snapshot of default values: properties: passwordSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object privateKeySecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3494,16 +4354,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3535,16 +4404,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3567,16 +4445,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3616,16 +4503,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -3649,16 +4545,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -3684,16 +4589,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -3713,16 +4627,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object value: @@ -3744,21 +4667,30 @@ should match snapshot of default values: type: string clientSecretSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3811,16 +4743,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -3832,16 +4773,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -3860,16 +4810,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretRef: @@ -3879,16 +4838,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -3916,11 +4884,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -3943,16 +4917,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object secretAccessKeySecretRef: @@ -3960,16 +4943,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object sessionTokenSecretRef: @@ -3980,16 +4972,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4043,11 +5044,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -4073,16 +5080,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4113,16 +5129,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object serviceAccountRef: @@ -4142,11 +5167,17 @@ should match snapshot of default values: type: array name: description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string required: - name @@ -4174,16 +5205,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -4208,16 +5248,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object userPass: @@ -4237,16 +5286,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object username: @@ -4272,14 +5330,23 @@ should match snapshot of default values: properties: key: description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -4342,16 +5409,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object keySecretRef: @@ -4362,16 +5438,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4406,13 +5491,22 @@ should match snapshot of default values: description: The provider for the CA bundle to use to validate webhook server certificate. properties: key: - description: The key the value inside of the provider type to use, only used with "Secret" type + description: The key where the CA certificate can be found in the Secret or ConfigMap. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the object located at the provider type. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: The namespace the Provider type is in. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: description: The type of provider to use such as "Secret", or "ConfigMap". @@ -4453,16 +5547,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object required: @@ -4494,16 +5597,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4512,21 +5624,30 @@ should match snapshot of default values: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4547,16 +5668,25 @@ should match snapshot of default values: properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object @@ -4565,21 +5695,30 @@ should match snapshot of default values: properties: certSecretRef: description: |- - A reference to a specific 'key' within a Secret resource, + A reference to a specific 'key' within a Secret resource. In some instances, `key` is a required field. properties: key: description: |- - The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be - defaulted, in others it may be required. + A key in the referenced Secret. + Some instances of this field may be defaulted, in others it may be required. + maxLength: 253 + minLength: 1 + pattern: ^[-._a-zA-Z0-9]+$ type: string name: description: The name of the Secret resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ type: string namespace: description: |- - Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults - to the namespace of the referent. + The namespace of the Secret resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ type: string type: object type: object diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 3374039e681..85d24bc2b17 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -133,6 +133,7 @@ spec: SourceRef allows you to override the source from which the value will be pulled. maxProperties: 1 + minProperties: 1 properties: generatorRef: description: |- @@ -146,7 +147,19 @@ spec: description: Specify the apiVersion of the generator resource type: string kind: - description: Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc. + description: Specify the Kind of the generator resource + enum: + - ACRAccessToken + - ClusterGenerator + - ECRAuthorizationToken + - Fake + - GCRAccessToken + - GithubAccessToken + - Password + - STSSessionToken + - UUID + - VaultDynamicSecret + - Webhook type: string name: description: Specify the name of the generator resource @@ -310,6 +323,7 @@ spec: When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values maxProperties: 1 + minProperties: 1 properties: generatorRef: description: GeneratorRef points to a generator custom resource. @@ -319,7 +333,19 @@ spec: description: Specify the apiVersion of the generator resource type: string kind: - description: Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc. + description: Specify the Kind of the generator resource + enum: + - ACRAccessToken + - ClusterGenerator + - ECRAuthorizationToken + - Fake + - GCRAccessToken + - GithubAccessToken + - Password + - STSSessionToken + - UUID + - VaultDynamicSecret + - Webhook type: string name: description: Specify the name of the generator resource @@ -6891,6 +6917,7 @@ spec: SourceRef allows you to override the source from which the value will be pulled. maxProperties: 1 + minProperties: 1 properties: generatorRef: description: |- @@ -6904,7 +6931,19 @@ spec: description: Specify the apiVersion of the generator resource type: string kind: - description: Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc. + description: Specify the Kind of the generator resource + enum: + - ACRAccessToken + - ClusterGenerator + - ECRAuthorizationToken + - Fake + - GCRAccessToken + - GithubAccessToken + - Password + - STSSessionToken + - UUID + - VaultDynamicSecret + - Webhook type: string name: description: Specify the name of the generator resource @@ -7068,6 +7107,7 @@ spec: When sourceRef points to a generator Extract or Find is not supported. The generator returns a static map of values maxProperties: 1 + minProperties: 1 properties: generatorRef: description: GeneratorRef points to a generator custom resource. @@ -7077,7 +7117,19 @@ spec: description: Specify the apiVersion of the generator resource type: string kind: - description: Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc. + description: Specify the Kind of the generator resource + enum: + - ACRAccessToken + - ClusterGenerator + - ECRAuthorizationToken + - Fake + - GCRAccessToken + - GithubAccessToken + - Password + - STSSessionToken + - UUID + - VaultDynamicSecret + - Webhook type: string name: description: Specify the name of the generator resource @@ -7533,7 +7585,19 @@ spec: description: Specify the apiVersion of the generator resource type: string kind: - description: Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc. + description: Specify the Kind of the generator resource + enum: + - ACRAccessToken + - ClusterGenerator + - ECRAuthorizationToken + - Fake + - GCRAccessToken + - GithubAccessToken + - Password + - STSSessionToken + - UUID + - VaultDynamicSecret + - Webhook type: string name: description: Specify the name of the generator resource @@ -13573,8 +13637,6 @@ spec: kind: ACRAccessToken listKind: ACRAccessTokenList plural: acraccesstokens - shortNames: - - acraccesstoken singular: acraccesstoken scope: Namespaced versions: @@ -13792,8 +13854,6 @@ spec: kind: ClusterGenerator listKind: ClusterGeneratorList plural: clustergenerators - shortNames: - - cg singular: clustergenerator scope: Cluster versions: @@ -13822,6 +13882,9 @@ spec: spec: properties: generator: + description: Generator the spec for this generator, must match the kind. + maxProperties: 1 + minProperties: 1 properties: acrAccessTokenSpec: description: |- @@ -15375,13 +15438,23 @@ spec: type: object type: object kind: + description: Kind the kind of this generator. + enum: + - ACRAccessToken + - ECRAuthorizationToken + - Fake + - GCRAccessToken + - GithubAccessToken + - Password + - STSSessionToken + - UUID + - VaultDynamicSecret + - Webhook type: string required: - generator - kind type: object - status: - type: object type: object served: true storage: true @@ -15415,8 +15488,6 @@ spec: kind: ECRAuthorizationToken listKind: ECRAuthorizationTokenList plural: ecrauthorizationtokens - shortNames: - - ecrauthorizationtoken singular: ecrauthorizationtoken scope: Namespaced versions: @@ -15617,8 +15688,6 @@ spec: kind: Fake listKind: FakeList plural: fakes - shortNames: - - fake singular: fake scope: Namespaced versions: @@ -15695,8 +15764,6 @@ spec: kind: GCRAccessToken listKind: GCRAccessTokenList plural: gcraccesstokens - shortNames: - - gcraccesstoken singular: gcraccesstoken scope: Namespaced versions: @@ -15840,8 +15907,6 @@ spec: kind: GithubAccessToken listKind: GithubAccessTokenList plural: githubaccesstokens - shortNames: - - githubaccesstoken singular: githubaccesstoken scope: Namespaced versions: @@ -15965,8 +16030,6 @@ spec: kind: Password listKind: PasswordList plural: passwords - shortNames: - - password singular: password scope: Namespaced versions: @@ -16065,8 +16128,6 @@ spec: kind: STSSessionToken listKind: STSSessionTokenList plural: stssessiontokens - shortNames: - - stssessiontoken singular: stssessiontoken scope: Namespaced versions: @@ -16286,8 +16347,6 @@ spec: kind: UUID listKind: UUIDList plural: uuids - shortNames: - - uuids singular: uuid scope: Namespaced versions: @@ -16349,8 +16408,6 @@ spec: kind: VaultDynamicSecret listKind: VaultDynamicSecretList plural: vaultdynamicsecrets - shortNames: - - vaultdynamicsecret singular: vaultdynamicsecret scope: Namespaced versions: @@ -17210,8 +17267,6 @@ spec: kind: Webhook listKind: WebhookList plural: webhooks - shortNames: - - webhookl singular: webhook scope: Namespaced versions: diff --git a/docs/api/spec.md b/docs/api/spec.md index f99b374c291..2b2ccca1bbb 100644 --- a/docs/api/spec.md +++ b/docs/api/spec.md @@ -4584,7 +4584,7 @@ string -

    Specify the Kind of the resource, e.g. Password, ACRAccessToken, ClusterGenerator etc.

    +

    Specify the Kind of the generator resource

    diff --git a/docs/snippets/generator-uuid-example.yaml b/docs/snippets/generator-uuid-example.yaml index ffee45d60f4..a5cfa07e2af 100644 --- a/docs/snippets/generator-uuid-example.yaml +++ b/docs/snippets/generator-uuid-example.yaml @@ -10,5 +10,5 @@ spec: - sourceRef: generatorRef: apiVersion: generators.external-secrets.io/v1alpha1 - kind: Uuid + kind: UUID name: "my-uuid" diff --git a/docs/snippets/generator-uuid.yaml b/docs/snippets/generator-uuid.yaml index d7528b20a5b..98d384511f2 100644 --- a/docs/snippets/generator-uuid.yaml +++ b/docs/snippets/generator-uuid.yaml @@ -1,5 +1,5 @@ apiVersion: generators.external-secrets.io/v1alpha1 -kind: Uuid +kind: UUID metadata: name: my-uuid spec: {} diff --git a/pkg/generator/register/register.go b/pkg/generator/register/register.go index 876c4578b10..ae247af225f 100644 --- a/pkg/generator/register/register.go +++ b/pkg/generator/register/register.go @@ -23,6 +23,8 @@ import ( _ "github.com/external-secrets/external-secrets/pkg/generator/gcr" _ "github.com/external-secrets/external-secrets/pkg/generator/github" _ "github.com/external-secrets/external-secrets/pkg/generator/password" + _ "github.com/external-secrets/external-secrets/pkg/generator/sts" + _ "github.com/external-secrets/external-secrets/pkg/generator/uuid" _ "github.com/external-secrets/external-secrets/pkg/generator/vault" _ "github.com/external-secrets/external-secrets/pkg/generator/webhook" ) diff --git a/pkg/generator/sts/sts.go b/pkg/generator/sts/sts.go index d79e2efc3c6..0645b023d1e 100644 --- a/pkg/generator/sts/sts.go +++ b/pkg/generator/sts/sts.go @@ -110,5 +110,5 @@ func parseSpec(data []byte) (*genv1alpha1.STSSessionToken, error) { } func init() { - genv1alpha1.Register(genv1alpha1.STSSessionTokenGroupKind, &Generator{}) + genv1alpha1.Register(genv1alpha1.STSSessionTokenKind, &Generator{}) } diff --git a/pkg/utils/resolvers/generator.go b/pkg/utils/resolvers/generator.go index 73eb1b06317..470edaae778 100644 --- a/pkg/utils/resolvers/generator.go +++ b/pkg/utils/resolvers/generator.go @@ -94,7 +94,7 @@ func getGenerator(ctx context.Context, cl client.Client, scheme *runtime.Scheme, // get the generator interface var ok bool - generator, ok = genv1alpha1.GetGeneratorByName(clusterGenerator.Spec.Kind) + generator, ok = genv1alpha1.GetGeneratorByName(string(clusterGenerator.Spec.Kind)) if !ok { return nil, nil, reconcile.TerminalError(fmt.Errorf("ClusterGenerator has unknown kind %s", clusterGenerator.Spec.Kind)) } @@ -138,70 +138,70 @@ func getGenerator(ctx context.Context, cl client.Client, scheme *runtime.Scheme, // clusterGeneratorToVirtual converts a ClusterGenerator to a "virtual" namespaced generator that doesn't actually exist in the API. func clusterGeneratorToVirtual(gen *genv1alpha1.ClusterGenerator) (client.Object, error) { switch gen.Spec.Kind { - case genv1alpha1.ACRAccessTokenKind: + case genv1alpha1.GeneratorKindACRAccessToken: if gen.Spec.Generator.ACRAccessTokenSpec == nil { return nil, fmt.Errorf("when kind is %s, ACRAccessTokenSpec must be set", gen.Spec.Kind) } return &genv1alpha1.ACRAccessToken{ Spec: *gen.Spec.Generator.ACRAccessTokenSpec, }, nil - case genv1alpha1.ECRAuthorizationTokenKind: + case genv1alpha1.GeneratorKindECRAuthorizationToken: if gen.Spec.Generator.ECRAuthorizationTokenSpec == nil { return nil, fmt.Errorf("when kind is %s, ECRAuthorizationTokenSpec must be set", gen.Spec.Kind) } return &genv1alpha1.ECRAuthorizationToken{ Spec: *gen.Spec.Generator.ECRAuthorizationTokenSpec, }, nil - case genv1alpha1.FakeKind: + case genv1alpha1.GeneratorKindFake: if gen.Spec.Generator.FakeSpec == nil { return nil, fmt.Errorf("when kind is %s, FakeSpec must be set", gen.Spec.Kind) } return &genv1alpha1.Fake{ Spec: *gen.Spec.Generator.FakeSpec, }, nil - case genv1alpha1.GCRAccessTokenKind: + case genv1alpha1.GeneratorKindGCRAccessToken: if gen.Spec.Generator.GCRAccessTokenSpec == nil { return nil, fmt.Errorf("when kind is %s, GCRAccessTokenSpec must be set", gen.Spec.Kind) } return &genv1alpha1.GCRAccessToken{ Spec: *gen.Spec.Generator.GCRAccessTokenSpec, }, nil - case genv1alpha1.GithubAccessTokenKind: + case genv1alpha1.GeneratorKindGithubAccessToken: if gen.Spec.Generator.GithubAccessTokenSpec == nil { return nil, fmt.Errorf("when kind is %s, GithubAccessTokenSpec must be set", gen.Spec.Kind) } return &genv1alpha1.GithubAccessToken{ Spec: *gen.Spec.Generator.GithubAccessTokenSpec, }, nil - case genv1alpha1.PasswordKind: + case genv1alpha1.GeneratorKindPassword: if gen.Spec.Generator.PasswordSpec == nil { return nil, fmt.Errorf("when kind is %s, PasswordSpec must be set", gen.Spec.Kind) } return &genv1alpha1.Password{ Spec: *gen.Spec.Generator.PasswordSpec, }, nil - case genv1alpha1.STSSessionTokenKind: + case genv1alpha1.GeneratorKindSTSSessionToken: if gen.Spec.Generator.STSSessionTokenSpec == nil { return nil, fmt.Errorf("when kind is %s, STSSessionTokenSpec must be set", gen.Spec.Kind) } return &genv1alpha1.STSSessionToken{ Spec: *gen.Spec.Generator.STSSessionTokenSpec, }, nil - case genv1alpha1.UUIDKind: + case genv1alpha1.GeneratorKindUUID: if gen.Spec.Generator.UUIDSpec == nil { return nil, fmt.Errorf("when kind is %s, UUIDSpec must be set", gen.Spec.Kind) } return &genv1alpha1.UUID{ Spec: *gen.Spec.Generator.UUIDSpec, }, nil - case genv1alpha1.VaultDynamicSecretKind: + case genv1alpha1.GeneratorKindVaultDynamicSecret: if gen.Spec.Generator.VaultDynamicSecretSpec == nil { return nil, fmt.Errorf("when kind is %s, VaultDynamicSecretSpec must be set", gen.Spec.Kind) } return &genv1alpha1.VaultDynamicSecret{ Spec: *gen.Spec.Generator.VaultDynamicSecretSpec, }, nil - case genv1alpha1.WebhookKind: + case genv1alpha1.GeneratorKindWebhook: if gen.Spec.Generator.WebhookSpec == nil { return nil, fmt.Errorf("when kind is %s, WebhookSpec must be set", gen.Spec.Kind) } From 522a41daaf734908596edac9fb8c1881aeb2f99c Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 2 Dec 2024 11:20:34 +0100 Subject: [PATCH 448/517] chore: bump helm chart version v0.11.0 (#4166) --- deploy/charts/external-secrets/Chart.yaml | 4 ++-- deploy/charts/external-secrets/README.md | 2 +- .../__snapshot__/cert_controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/webhook_test.yaml.snap | 14 +++++++------- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index b10162ae2ac..b9714dd1372 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.10.7" -appVersion: "v0.10.7" +version: "0.11.0" +appVersion: "v0.11.0" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index e360660b52f..93bfc228cc1 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.10.7](https://img.shields.io/badge/Version-0.10.7-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 1ffd677e9d8..7137e955f05 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.7 - helm.sh/chart: external-secrets-0.10.7 + app.kubernetes.io/version: v0.11.0 + helm.sh/chart: external-secrets-0.11.0 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.10.7 - helm.sh/chart: external-secrets-0.10.7 + app.kubernetes.io/version: v0.11.0 + helm.sh/chart: external-secrets-0.11.0 spec: automountServiceAccountToken: true containers: @@ -41,7 +41,7 @@ should match snapshot of default values: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.7 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.11.0 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index d1a67d1511b..784cf350112 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.7 - helm.sh/chart: external-secrets-0.10.7 + app.kubernetes.io/version: v0.11.0 + helm.sh/chart: external-secrets-0.11.0 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.10.7 - helm.sh/chart: external-secrets-0.10.7 + app.kubernetes.io/version: v0.11.0 + helm.sh/chart: external-secrets-0.11.0 spec: automountServiceAccountToken: true containers: @@ -34,7 +34,7 @@ should match snapshot of default values: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.7 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.11.0 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 95f20d0b649..57a81688e61 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.7 - helm.sh/chart: external-secrets-0.10.7 + app.kubernetes.io/version: v0.11.0 + helm.sh/chart: external-secrets-0.11.0 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.7 - helm.sh/chart: external-secrets-0.10.7 + app.kubernetes.io/version: v0.11.0 + helm.sh/chart: external-secrets-0.11.0 spec: automountServiceAccountToken: true containers: @@ -39,7 +39,7 @@ should match snapshot of default values: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.10.7 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.11.0 imagePullPolicy: IfNotPresent name: webhook ports: @@ -83,8 +83,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.10.7 + app.kubernetes.io/version: v0.11.0 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.10.7 + helm.sh/chart: external-secrets-0.11.0 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From f762fd89c581cc0423a95e3a6f811d75085dcb5d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 13:05:52 +0100 Subject: [PATCH 449/517] chore(deps): bump mkdocs-material in /hack/api-docs (#4165) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.45 to 9.5.47. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.45...9.5.47) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 4faf501b844..5955efa35c3 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 mkdocs-macros-plugin==1.3.7 -mkdocs-material==9.5.45 +mkdocs-material==9.5.47 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.2 From c00c491a0e7a6bc9deea5a7d8ea20312eaf24740 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 13:07:16 +0100 Subject: [PATCH 450/517] update dependencies (#4169) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator Co-authored-by: Moritz Johner --- e2e/go.mod | 8 ++++---- e2e/go.sum | 16 ++++++++-------- go.mod | 14 +++++++------- go.sum | 28 ++++++++++++++-------------- 4 files changed, 33 insertions(+), 33 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 9445578939a..b258623f03b 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -122,13 +122,13 @@ require ( github.com/gofrs/flock v0.12.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v5 v5.2.1 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/protobuf v1.5.4 // indirect - github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/gnostic-models v0.6.9 // indirect github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b // indirect + github.com/google/pprof v0.0.0-20241128161848-dc51965c6481 // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect @@ -213,7 +213,7 @@ require ( gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f // indirect + k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.3 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index 46c17b89144..1fcbf2327ef 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -233,8 +233,8 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfU github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= @@ -264,8 +264,8 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= +github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -300,8 +300,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b h1:SXO0REt4iu865upYCk8aKBBJQ4BqoE0ReP23ClMu60s= -github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241128161848-dc51965c6481 h1:yudKIrXagAOl99WQzrP1gbz5HLB9UjhcOFnPzdd6Qec= +github.com/google/pprof v0.0.0-20241128161848-dc51965c6481/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -964,8 +964,8 @@ k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= -k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f h1:nLHvOvs1CZ+FAEwR4EqLeRLfbtWQNlIu5g393Hq/1UM= +k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f/go.mod h1:iZjdMQzunI7O/sUrf/5WRX1gvaAIam32lKx9+paoLbU= k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno= k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/go.mod b/go.mod index c18e2bf4b34..aee2a3f6448 100644 --- a/go.mod +++ b/go.mod @@ -65,7 +65,7 @@ require ( dario.cat/mergo v1.0.1 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 - github.com/BeyondTrust/go-client-library-passwordsafe v0.9.1 + github.com/BeyondTrust/go-client-library-passwordsafe v0.12.0 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/DelineaXPM/tss-sdk-go/v2 v2.0.3 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d @@ -95,7 +95,7 @@ require ( github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f + k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.5.0 ) @@ -107,7 +107,7 @@ require ( cloud.google.com/go/compute/metadata v0.5.2 // indirect github.com/ProtonMail/go-crypto v1.1.3 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect - github.com/ProtonMail/gopenpgp/v2 v2.8.0 // indirect + github.com/ProtonMail/gopenpgp/v2 v2.8.1 // indirect github.com/alibabacloud-go/alibabacloud-gateway-pop v0.0.6 // indirect github.com/alibabacloud-go/alibabacloud-gateway-spi v0.0.5 // indirect github.com/alibabacloud-go/darabonba-array v0.1.0 // indirect @@ -131,7 +131,7 @@ require ( github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.12.1 // indirect - github.com/google/gnostic-models v0.6.8 // indirect + github.com/google/gnostic-models v0.6.9 // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/hashicorp/go-secure-stdlib/awsutil v0.3.0 // indirect github.com/hashicorp/go-uuid v1.0.3 // indirect @@ -166,7 +166,7 @@ require ( github.com/Azure/go-autorest/logger v0.2.1 // indirect github.com/Azure/go-autorest/tracing v0.6.0 // indirect github.com/Masterminds/semver/v3 v3.3.1 // indirect - github.com/PaesslerAG/gval v1.2.3 // indirect + github.com/PaesslerAG/gval v1.2.4 // indirect github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect @@ -191,11 +191,11 @@ require ( github.com/goccy/go-json v0.10.3 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.1 // indirect - github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect + github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b // indirect + github.com/google/pprof v0.0.0-20241128161848-dc51965c6481 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect diff --git a/go.sum b/go.sum index 6934ee444b3..227c62b7d27 100644 --- a/go.sum +++ b/go.sum @@ -102,8 +102,8 @@ github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mo github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 h1:kYRSnvJju5gYVyhkij+RTJ/VR6QIUaCfWeaFm2ycsjQ= github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= -github.com/BeyondTrust/go-client-library-passwordsafe v0.9.1 h1:4mDFg59G33h74UrvXln2oAz2ojXsKVoEI6XUMtOkBXw= -github.com/BeyondTrust/go-client-library-passwordsafe v0.9.1/go.mod h1:TnbBwWYg9rtfDxQGF7pmD0gCPcbWgCUQIqum3dFMRTk= +github.com/BeyondTrust/go-client-library-passwordsafe v0.12.0 h1:t/lx00FMS5Glr2MSeytQR7MJc2FOdFEhoCplCeuShoA= +github.com/BeyondTrust/go-client-library-passwordsafe v0.12.0/go.mod h1:72FMrpiz1fUSiIIIAXiCzQ55Y83spsu2jl5n/Stzfks= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= @@ -124,8 +124,8 @@ github.com/Masterminds/semver/v3 v3.3.1/go.mod h1:4V+yj/TJE1HU9XfppCwVMZq3I84lpr github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d h1:V7xPdg5XgCcUJgL57zfZSNOIvrDPWA4SpWuRJ0UVwKs= github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d/go.mod h1:WI6HYqD62DSW+C0gMS0zHe/vXhZVCUg2ecVosnglPNc= github.com/PaesslerAG/gval v1.0.0/go.mod h1:y/nm5yEyTeX6av0OfKJNp9rBNj2XrGhAf5+v24IBN1I= -github.com/PaesslerAG/gval v1.2.3 h1:Z3B/zLyWvqxjUtkIOEkFauqLnQn8Q37F1Q+uAjLXgMw= -github.com/PaesslerAG/gval v1.2.3/go.mod h1:XRFLwvmkTEdYziLdaCeCa5ImcGVrfQbeNUbVR+C6xac= +github.com/PaesslerAG/gval v1.2.4 h1:rhX7MpjJlcxYwL2eTTYIOBUyEKZ+A96T9vQySWkVUiU= +github.com/PaesslerAG/gval v1.2.4/go.mod h1:XRFLwvmkTEdYziLdaCeCa5ImcGVrfQbeNUbVR+C6xac= github.com/PaesslerAG/jsonpath v0.1.0/go.mod h1:4BzmtoM/PI8fPO4aQGIusjGxGir2BzcV0grWtFzq1Y8= github.com/PaesslerAG/jsonpath v0.1.1 h1:c1/AToHQMVsduPAa4Vh6xp2U0evy4t8SWp8imEsylIk= github.com/PaesslerAG/jsonpath v0.1.1/go.mod h1:lVboNxFGal/VwW6d9JzIy56bUsYAP6tH/x80vjnCseY= @@ -133,8 +133,8 @@ github.com/ProtonMail/go-crypto v1.1.3 h1:nRBOetoydLeUb4nHajyO2bKqMLfWQ/ZPwkXqXx github.com/ProtonMail/go-crypto v1.1.3/go.mod h1:rA3QumHc/FZ8pAHreoekgiAbzpNsfQAosU5td4SnOrE= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f h1:tCbYj7/299ekTTXpdwKYF8eBlsYsDVoggDAuAjoK66k= github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f/go.mod h1:gcr0kNtGBqin9zDW9GOHcVntrwnjrK+qdJ06mWYBybw= -github.com/ProtonMail/gopenpgp/v2 v2.8.0 h1:WvMv3CMcFsqKSM4/Qf8sf3tgyQkzDqQmoSE49bnBuP4= -github.com/ProtonMail/gopenpgp/v2 v2.8.0/go.mod h1:qb2GUSnmA9ipBW5GVtCtEhkummSlqs2A8Ar3S0HBgSY= +github.com/ProtonMail/gopenpgp/v2 v2.8.1 h1:WGE1THOhOnLurL0+N4BOlLkIhjEO7YVZgmpgyDHN56A= +github.com/ProtonMail/gopenpgp/v2 v2.8.1/go.mod h1:4PUgqGSQjd7HldUbAgMmC69+Gv6DO8NomCNi0y8+BTc= github.com/ahmetb/gen-crd-api-reference-docs v0.3.0 h1:+XfOU14S4bGuwyvCijJwhhBIjYN+YXS18jrCY2EzJaY= github.com/ahmetb/gen-crd-api-reference-docs v0.3.0/go.mod h1:TdjdkYhlOifCQWPs1UdTma97kQQMozf5h26hTuG70u8= github.com/akeylesslabs/akeyless-go-cloud-id v0.3.5 h1:ly0WKARATneFzwBlTZ2lUyjtLqoOEYqt1vOlf89za/4= @@ -337,8 +337,8 @@ github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfU github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= -github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 h1:f+oWsMOmNPc8JmEHVZIycC7hBoQxHH9pNKQORJNozsQ= +github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8/go.mod h1:wcDNUvekVysuuOpQKo3191zZyTpiI6se1N1ULghS0sw= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y= @@ -368,8 +368,8 @@ github.com/golang/protobuf v1.5.4 h1:i7eJL8qZTpSEXOPTxNKhASYpMn+8e5Q6AdndVa1dWek github.com/golang/protobuf v1.5.4/go.mod h1:lnTiLA8Wa4RWRcIUkrtSVa5nRhsEGBg48fD6rSs7xps= github.com/google/btree v0.0.0-20180813153112-4030bb1f1f0c/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= github.com/google/btree v1.0.0/go.mod h1:lNA+9X1NB3Zf8V7Ke586lFgjr2dZNuvo3lPJSGZ5JPQ= -github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I= -github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U= +github.com/google/gnostic-models v0.6.9 h1:MU/8wDLif2qCXZmzncUQ/BOfxWfthHi63KqpoNbWqVw= +github.com/google/gnostic-models v0.6.9/go.mod h1:CiWsm0s6BSQd1hRn8/QmxqB6BesYcbSZxsz9b0KuDBw= github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M= github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= @@ -405,8 +405,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b h1:SXO0REt4iu865upYCk8aKBBJQ4BqoE0ReP23ClMu60s= -github.com/google/pprof v0.0.0-20241122213907-cbe949e5a41b/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241128161848-dc51965c6481 h1:yudKIrXagAOl99WQzrP1gbz5HLB9UjhcOFnPzdd6Qec= +github.com/google/pprof v0.0.0-20241128161848-dc51965c6481/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -1192,8 +1192,8 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f h1:GA7//TjRY9yWGy1poLzYYJJ4JRdzg3+O6e8I+e+8T5Y= -k8s.io/kube-openapi v0.0.0-20241105132330-32ad38e42d3f/go.mod h1:R/HEjbvWI0qdfb8viZUeVZm0X6IZnxAydC7YU42CMw4= +k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f h1:nLHvOvs1CZ+FAEwR4EqLeRLfbtWQNlIu5g393Hq/1UM= +k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f/go.mod h1:iZjdMQzunI7O/sUrf/5WRX1gvaAIam32lKx9+paoLbU= k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno= k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= From 71e44c929f42fa0a62beab309f59281a9df17fc2 Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Mon, 2 Dec 2024 10:44:58 -0300 Subject: [PATCH 451/517] Gc/fix clusterexternalsecret metrics (#4170) * fix: not ready metrics for some edge case conditions on ces Signed-off-by: Gustavo Carvalho * fix: failure conditions with no metrics Signed-off-by: Gustavo Carvalho --------- Signed-off-by: Gustavo Carvalho Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .../clusterexternalsecret_controller.go | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go b/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go index 961952f965a..891ecba714b 100644 --- a/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go +++ b/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go @@ -102,18 +102,33 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu } if prevName := clusterExternalSecret.Status.ExternalSecretName; prevName != esName { // ExternalSecretName has changed, so remove the old ones + failedNamespaces := map[string]error{} for _, ns := range clusterExternalSecret.Status.ProvisionedNamespaces { if err := r.deleteExternalSecret(ctx, prevName, clusterExternalSecret.Name, ns); err != nil { log.Error(err, "could not delete ExternalSecret") - return ctrl.Result{}, err + failedNamespaces[ns] = err } } + if len(failedNamespaces) > 0 { + condition := NewClusterExternalSecretCondition(failedNamespaces) + SetClusterExternalSecretCondition(&clusterExternalSecret, *condition) + clusterExternalSecret.Status.FailedNamespaces = toNamespaceFailures(failedNamespaces) + return ctrl.Result{}, err + } } clusterExternalSecret.Status.ExternalSecretName = esName namespaces, err := r.getTargetNamespaces(ctx, &clusterExternalSecret) if err != nil { log.Error(err, "failed to get target Namespaces") + failedNamespaces := map[string]error{ + "unknown": err, + } + condition := NewClusterExternalSecretCondition(failedNamespaces) + SetClusterExternalSecretCondition(&clusterExternalSecret, *condition) + + clusterExternalSecret.Status.FailedNamespaces = toNamespaceFailures(failedNamespaces) + return ctrl.Result{}, err } From fdf85f49843e8c028f3ea44a00993c6debdbcdf0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 2 Dec 2024 15:34:59 +0100 Subject: [PATCH 452/517] chore(deps): bump distroless/static from `f4a57e8` to `5c7e2b4` (#4164) Bumps distroless/static from `f4a57e8` to `5c7e2b4`. --- updated-dependencies: - dependency-name: distroless/static dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner --- Dockerfile | 2 +- Dockerfile.standalone | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index add05e3ec9d..2e5fb40c557 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM gcr.io/distroless/static@sha256:f4a57e8ffd7ba407bdd0eb315bb54ef1f21a2100a7f032e9102e4da34fe7c196 +FROM gcr.io/distroless/static@sha256:5c7e2b465ac6a2a4e5f4f7f722ce43b147dabe87cb21ac6c4007ae5178a1fa58 ARG TARGETOS ARG TARGETARCH COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets diff --git a/Dockerfile.standalone b/Dockerfile.standalone index 92136039b72..b456925b19c 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -12,7 +12,7 @@ COPY . /app/ RUN go build -o external-secrets main.go -FROM gcr.io/distroless/static@sha256:f4a57e8ffd7ba407bdd0eb315bb54ef1f21a2100a7f032e9102e4da34fe7c196 AS app +FROM gcr.io/distroless/static@sha256:5c7e2b465ac6a2a4e5f4f7f722ce43b147dabe87cb21ac6c4007ae5178a1fa58 AS app COPY --from=builder /app/external-secrets /bin/external-secrets # Run as UID for nobody From bd3511601c2b058b4fc3b923d33da4c6fb37b04f Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Wed, 4 Dec 2024 13:48:31 -0300 Subject: [PATCH 453/517] chore: deprecate olm proposal (#4175) * chore: deprecate olm proposal Signed-off-by: Gustavo Carvalho * fix: mark as approved on community meeting Signed-off-by: Gustavo Carvalho --------- Signed-off-by: Gustavo Carvalho --- design/011-deprecate-olm.md | 43 +++++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 design/011-deprecate-olm.md diff --git a/design/011-deprecate-olm.md b/design/011-deprecate-olm.md new file mode 100644 index 00000000000..dc470c22363 --- /dev/null +++ b/design/011-deprecate-olm.md @@ -0,0 +1,43 @@ +```yaml +--- +title: Deprecaation of OLM Builds +authors: @gusfcarvalho +creation-date: 2024-12-04 +status: approved +--- +``` +This Proposal was approved on community meeting of 4th december 2024 (meeting notes: https://hackmd.io/GSGEpTVdRZCP6LDxV3FHJA?both) + +# Deprecaation of OLM Builds + +## Introduction + +As part of our Release process, we currently build & maintain several docker images, helm releases, bundle manifests for users, and OLM builds via a community effort based on olm helm operator. + +However, OLM helm operator itself would require a better support and constant maintenance, and its process when building OLM builds is already not automated anymore. +## Summary +Stpo building OLM Releases + +## Motivation +Make maintenance lives easier for a project that is struggling to get maintainers together :) + +### Goals +Remove OLM builds as part of our build assets + +## Proposal +Archive repository & communicate on next release within the release notes. + +### API +None + +### Behavior +None + +### Drawbacks +Users might complain - but then they can fork the archived repository to build their own OLM builds locally. + +## Alternatives +Find community members to handle the maintanence aspect of it. Have a new dedicated OLM repository in/out of the org. Make this be maintained by other parties than external-secrets maintainers. + +Do not use the current olm helm operator anymore as anyways this is not really supported. + From 5350b03308569a6b778d4b074aa54d973074d795 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Thu, 5 Dec 2024 15:12:34 +0100 Subject: [PATCH 454/517] fix: error handling for gitlab variable fetch (#4177) --- pkg/provider/gitlab/gitlab.go | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/pkg/provider/gitlab/gitlab.go b/pkg/provider/gitlab/gitlab.go index 4e1158ea756..272fa39c95e 100644 --- a/pkg/provider/gitlab/gitlab.go +++ b/pkg/provider/gitlab/gitlab.go @@ -225,21 +225,16 @@ func (g *gitlabBase) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDa data, resp, err := g.projectVariablesClient.GetVariable(g.store.ProjectID, ref.Key, vopts) metrics.ObserveAPICall(constants.ProviderGitLab, constants.CallGitLabProjectVariableGet, err) if err != nil { - return nil, err - } - - if resp == nil { - return nil, errors.New("gitlab response is nil") - } - - if !isEmptyOrWildcard(g.store.Environment) && resp.StatusCode == http.StatusNotFound { - vopts.Filter.EnvironmentScope = "*" - data, resp, err = g.projectVariablesClient.GetVariable(g.store.ProjectID, ref.Key, vopts) - metrics.ObserveAPICall(constants.ProviderGitLab, constants.CallGitLabProjectVariableGet, err) - } - - if resp.StatusCode >= 400 && resp.StatusCode != http.StatusNotFound { - return nil, fmt.Errorf("gitlab response status code was not OK: %d", resp.StatusCode) + if resp != nil && resp.StatusCode == http.StatusNotFound && !isEmptyOrWildcard(g.store.Environment) { + vopts.Filter.EnvironmentScope = "*" + data, resp, err = g.projectVariablesClient.GetVariable(g.store.ProjectID, ref.Key, vopts) + metrics.ObserveAPICall(constants.ProviderGitLab, constants.CallGitLabProjectVariableGet, err) + if err != nil || resp == nil { + return nil, fmt.Errorf("error getting variable %s from GitLab: %w", ref.Key, err) + } + } else { + return nil, err + } } err = g.ResolveGroupIds() From 2d5829b790b8bfa6dababa95654c798ac553e331 Mon Sep 17 00:00:00 2001 From: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Date: Fri, 6 Dec 2024 13:22:59 -0800 Subject: [PATCH 455/517] fix: v1 templates with metadata + always cleanup orphaned secrets (#4174) Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .../v1beta1/externalsecret_types.go | 11 +- docs/guides/templating-v1.md | 6 +- .../pkcs12-template-v1-external-secret.yaml | 1 + .../externalsecret_controller.go | 74 +++++++----- .../externalsecret_controller_secret.go | 110 ++++++++++++------ .../externalsecret_controller_template.go | 11 +- pkg/template/engine.go | 7 +- pkg/template/v1/template.go | 26 +++-- pkg/utils/utils.go | 22 ++-- 9 files changed, 176 insertions(+), 92 deletions(-) diff --git a/apis/externalsecrets/v1beta1/externalsecret_types.go b/apis/externalsecrets/v1beta1/externalsecret_types.go index 54e37e5b2ac..f97689f0e11 100644 --- a/apis/externalsecrets/v1beta1/externalsecret_types.go +++ b/apis/externalsecrets/v1beta1/externalsecret_types.go @@ -465,11 +465,12 @@ const ( // ConditionReasonSecretMissing indicates that the secret is missing. ConditionReasonSecretMissing = "SecretMissing" - ReasonUpdateFailed = "UpdateFailed" - ReasonDeprecated = "ParameterDeprecated" - ReasonCreated = "Created" - ReasonUpdated = "Updated" - ReasonDeleted = "Deleted" + ReasonUpdateFailed = "UpdateFailed" + ReasonDeprecated = "ParameterDeprecated" + ReasonCreated = "Created" + ReasonUpdated = "Updated" + ReasonDeleted = "Deleted" + ReasonMissingProviderSecret = "MissingProviderSecret" ) type ExternalSecretStatus struct { diff --git a/docs/guides/templating-v1.md b/docs/guides/templating-v1.md index b08246305e5..23798214233 100644 --- a/docs/guides/templating-v1.md +++ b/docs/guides/templating-v1.md @@ -4,6 +4,10 @@ Templating Engine v1 is **deprecated** and will be removed in the future. Please migrate to engine v2 and take a look at our [upgrade guide](templating.md#migrating-from-v1) for changes. +!!! note + + Templating Engine v1 does NOT support templating the `spec.target.template.metadata` fields, or the keys of the `spec.target.template.data` map, it will treat them as plain strings. + To use templates in annotations/labels/data-keys, please use Templating Engine v2. With External Secrets Operator you can transform the data from the external secret provider before it is stored as `Kind=Secret`. You can do this with the `Spec.Target.Template`. @@ -18,7 +22,7 @@ You can use templates to inject your secrets into a configuration file that you You can also use pre-defined functions to extract data from your secrets. Here: extract key/cert from a pkcs12 archive and store it as PEM. ``` yaml -{% include 'pkcs12-template-v2-external-secret.yaml' %} +{% include 'pkcs12-template-v1-external-secret.yaml' %} ``` ### TemplateFrom diff --git a/docs/snippets/pkcs12-template-v1-external-secret.yaml b/docs/snippets/pkcs12-template-v1-external-secret.yaml index 04dbf2fa539..7d45400cff1 100644 --- a/docs/snippets/pkcs12-template-v1-external-secret.yaml +++ b/docs/snippets/pkcs12-template-v1-external-secret.yaml @@ -13,6 +13,7 @@ spec: # this is how the Kind=Secret will look like template: type: kubernetes.io/tls + engineVersion: v1 data: tls.crt: "{{ .mysecret | pkcs12cert | pemCertificate }}" tls.key: "{{ .mysecret | pkcs12key | pemPrivateKey }}" diff --git a/pkg/controllers/externalsecret/externalsecret_controller.go b/pkg/controllers/externalsecret/externalsecret_controller.go index b9a94897622..d18e1a4b87a 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller.go +++ b/pkg/controllers/externalsecret/externalsecret_controller.go @@ -93,11 +93,11 @@ const ( logErrorUnmanagedStore = "unable to determine if store is managed" // error formats. - errConvert = "could not apply conversion strategy to keys: %v" - errDecode = "could not apply decoding strategy to %v[%d]: %v" - errGenerate = "could not generate [%d]: %w" - errRewrite = "could not rewrite spec.dataFrom[%d]: %v" - errInvalidKeys = "secret keys from spec.dataFrom.%v[%d] can only have alphanumeric, '-', '_' or '.' characters. Convert them using rewrite (https://external-secrets.io/latest/guides/datafrom-rewrite/)" + errConvert = "error applying conversion strategy %s to keys: %w" + errRewrite = "error applying rewrite to keys: %w" + errDecode = "error applying decoding strategy %s to data: %w" + errGenerate = "error using generator: %w" + errInvalidKeys = "invalid secret keys (TIP: use rewrite or conversionStrategy to change keys): %w" errFetchTplFrom = "error fetching templateFrom data: %w" errApplyTemplate = "could not apply template: %w" errExecTpl = "could not execute template: %w" @@ -106,6 +106,14 @@ const ( errUpdateNotFound = "unable to update secret %s: not found" errDeleteCreatePolicy = "unable to delete secret %s: creationPolicy=%s is not Owner" errSecretCachesNotSynced = "controller caches for secret %s are not in sync" + + // event messages. + eventCreated = "secret created" + eventUpdated = "secret updated" + eventDeleted = "secret deleted due to DeletionPolicy=Delete" + eventDeletedOrphaned = "secret deleted because it was orphaned" + eventMissingProviderSecret = "secret does not exist at provider using spec.dataFrom[%d]" + eventMissingProviderSecretKey = "secret does not exist at provider using spec.dataFrom[%d] (key=%s)" ) // these errors are explicitly defined so we can detect them with `errors.Is()`. @@ -333,17 +341,19 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ct // NOTE: this error cant be fixed by retrying so we don't return an error (which would requeue immediately) creationPolicy := externalSecret.Spec.Target.CreationPolicy if creationPolicy != esv1beta1.CreatePolicyOwner { - err := fmt.Errorf(errDeleteCreatePolicy, secretName, creationPolicy) + err = fmt.Errorf(errDeleteCreatePolicy, secretName, creationPolicy) r.markAsFailed(msgErrorDeleteSecret, err, externalSecret, syncCallsError.With(resourceLabels)) return ctrl.Result{}, nil } // delete the secret, if it exists if existingSecret.UID != "" { - if err := r.Delete(ctx, existingSecret); err != nil && !apierrors.IsNotFound(err) { + err = r.Delete(ctx, existingSecret) + if err != nil && !apierrors.IsNotFound(err) { r.markAsFailed(msgErrorDeleteSecret, err, externalSecret, syncCallsError.With(resourceLabels)) return ctrl.Result{}, err } + r.recorder.Event(externalSecret, v1.EventTypeNormal, esv1beta1.ReasonDeleted, eventDeleted) } r.markAsDone(externalSecret, start, log, esv1beta1.ConditionReasonSecretDeleted, msgDeleted) @@ -446,7 +456,10 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ct return nil } - switch externalSecret.Spec.Target.CreationPolicy { //nolint:exhaustive + switch externalSecret.Spec.Target.CreationPolicy { + case esv1beta1.CreatePolicyNone: + log.V(1).Info("secret creation skipped due to CreationPolicy=None") + err = nil case esv1beta1.CreatePolicyMerge: // update the secret, if it exists if existingSecret.UID != "" { @@ -457,25 +470,28 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (result ct r.markAsDone(externalSecret, start, log, esv1beta1.ConditionReasonSecretMissing, msgMissing) return r.getRequeueResult(externalSecret), nil } - case esv1beta1.CreatePolicyNone: - log.V(1).Info("secret creation skipped due to creationPolicy=None") - err = nil - default: + case esv1beta1.CreatePolicyOrphan: // create the secret, if it does not exist if existingSecret.UID == "" { err = r.createSecret(ctx, mutationFunc, externalSecret, secretName) + } else { + // if the secret exists, we should update it + err = r.updateSecret(ctx, existingSecret, mutationFunc, externalSecret, secretName) + } + case esv1beta1.CreatePolicyOwner: + // we may have orphaned secrets to clean up, + // for example, if the target secret name was changed + err = r.deleteOrphanedSecrets(ctx, externalSecret, secretName) + if err != nil { + r.markAsFailed(msgErrorDeleteOrphaned, err, externalSecret, syncCallsError.With(resourceLabels)) + return ctrl.Result{}, err + } - // we may have orphaned secrets to clean up, - // for example, if the target secret name was changed - if err == nil { - delErr := deleteOrphanedSecrets(ctx, r.Client, externalSecret, secretName) - if delErr != nil { - r.markAsFailed(msgErrorDeleteOrphaned, delErr, externalSecret, syncCallsError.With(resourceLabels)) - return ctrl.Result{}, delErr - } - } + // create the secret, if it does not exist + if existingSecret.UID == "" { + err = r.createSecret(ctx, mutationFunc, externalSecret, secretName) } else { - // update the secret, if it exists + // if the secret exists, we should update it err = r.updateSecret(ctx, existingSecret, mutationFunc, externalSecret, secretName) } } @@ -581,9 +597,11 @@ func (r *Reconciler) markAsFailed(msg string, err error, externalSecret *esv1bet counter.Inc() } -func deleteOrphanedSecrets(ctx context.Context, cl client.Client, externalSecret *esv1beta1.ExternalSecret, secretName string) error { +func (r *Reconciler) deleteOrphanedSecrets(ctx context.Context, externalSecret *esv1beta1.ExternalSecret, secretName string) error { ownerLabel := utils.ObjectHash(fmt.Sprintf("%v/%v", externalSecret.Namespace, externalSecret.Name)) + // we use a PartialObjectMetadataList to avoid loading the full secret objects + // and because the Secrets partials are always cached due to WatchesMetadata() in SetupWithManager() secretListPartial := &metav1.PartialObjectMetadataList{} secretListPartial.SetGroupVersionKind(v1.SchemeGroupVersion.WithKind("SecretList")) listOpts := &client.ListOptions{ @@ -592,16 +610,18 @@ func deleteOrphanedSecrets(ctx context.Context, cl client.Client, externalSecret }), Namespace: externalSecret.Namespace, } - if err := cl.List(ctx, secretListPartial, listOpts); err != nil { + if err := r.List(ctx, secretListPartial, listOpts); err != nil { return err } // delete all secrets that are not the target secret for _, secretPartial := range secretListPartial.Items { if secretPartial.GetName() != secretName { - if err := cl.Delete(ctx, &secretPartial); err != nil { + err := r.Delete(ctx, &secretPartial) + if err != nil && !apierrors.IsNotFound(err) { return err } + r.recorder.Event(externalSecret, v1.EventTypeNormal, esv1beta1.ReasonDeleted, eventDeletedOrphaned) } } @@ -633,7 +653,7 @@ func (r *Reconciler) createSecret(ctx context.Context, mutationFunc func(secret // https://github.com/external-secrets/external-secrets/pull/2263 es.Status.Binding = v1.LocalObjectReference{Name: newSecret.Name} - r.recorder.Event(es, v1.EventTypeNormal, esv1beta1.ReasonCreated, "Created Secret") + r.recorder.Event(es, v1.EventTypeNormal, esv1beta1.ReasonCreated, eventCreated) return nil } @@ -709,7 +729,7 @@ func (r *Reconciler) updateSecret(ctx context.Context, existingSecret *v1.Secret return fmt.Errorf(errUpdate, updatedSecret.Name, err) } - r.recorder.Event(es, v1.EventTypeNormal, esv1beta1.ReasonUpdated, "Updated Secret") + r.recorder.Event(es, v1.EventTypeNormal, esv1beta1.ReasonUpdated, eventUpdated) return nil } diff --git a/pkg/controllers/externalsecret/externalsecret_controller_secret.go b/pkg/controllers/externalsecret/externalsecret_controller_secret.go index 00c99bf71be..ff9ccf8a114 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_secret.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_secret.go @@ -49,55 +49,68 @@ func (r *Reconciler) getProviderSecretData(ctx context.Context, externalSecret * var err error if remoteRef.Find != nil { - secretMap, err = r.handleFindAllSecrets(ctx, externalSecret, remoteRef, mgr, i) + secretMap, err = r.handleFindAllSecrets(ctx, externalSecret, remoteRef, mgr) + if err != nil { + err = fmt.Errorf("error processing spec.dataFrom[%d].find, err: %w", i, err) + } } else if remoteRef.Extract != nil { - secretMap, err = r.handleExtractSecrets(ctx, externalSecret, remoteRef, mgr, i) + secretMap, err = r.handleExtractSecrets(ctx, externalSecret, remoteRef, mgr) + if err != nil { + err = fmt.Errorf("error processing spec.dataFrom[%d].extract, err: %w", i, err) + } } else if remoteRef.SourceRef != nil && remoteRef.SourceRef.GeneratorRef != nil { - secretMap, err = r.handleGenerateSecrets(ctx, externalSecret.Namespace, remoteRef, i) + secretMap, err = r.handleGenerateSecrets(ctx, externalSecret.Namespace, remoteRef) + if err != nil { + err = fmt.Errorf("error processing spec.dataFrom[%d].sourceRef.generatorRef, err: %w", i, err) + } } + if errors.Is(err, esv1beta1.NoSecretErr) && externalSecret.Spec.Target.DeletionPolicy != esv1beta1.DeletionPolicyRetain { - r.recorder.Event( - externalSecret, - v1.EventTypeNormal, - esv1beta1.ReasonDeleted, - fmt.Sprintf("secret does not exist at provider using .dataFrom[%d]", i), - ) + r.recorder.Eventf(externalSecret, v1.EventTypeNormal, esv1beta1.ReasonMissingProviderSecret, eventMissingProviderSecret, i) continue } if err != nil { return nil, err } + providerData = utils.MergeByteMap(providerData, secretMap) } for i, secretRef := range externalSecret.Spec.Data { - err := r.handleSecretData(ctx, i, *externalSecret, secretRef, providerData, mgr) + err := r.handleSecretData(ctx, *externalSecret, secretRef, providerData, mgr) if errors.Is(err, esv1beta1.NoSecretErr) && externalSecret.Spec.Target.DeletionPolicy != esv1beta1.DeletionPolicyRetain { - r.recorder.Event(externalSecret, v1.EventTypeNormal, esv1beta1.ReasonDeleted, fmt.Sprintf("secret does not exist at provider using .data[%d] key=%s", i, secretRef.RemoteRef.Key)) + r.recorder.Eventf(externalSecret, v1.EventTypeNormal, esv1beta1.ReasonMissingProviderSecret, eventMissingProviderSecretKey, i, secretRef.RemoteRef.Key) continue } if err != nil { - return nil, fmt.Errorf("error retrieving secret at .data[%d], key: %s, err: %w", i, secretRef.RemoteRef.Key, err) + return nil, fmt.Errorf("error processing spec.data[%d] (key: %s), err: %w", i, secretRef.RemoteRef.Key, err) } } return providerData, nil } -func (r *Reconciler) handleSecretData(ctx context.Context, i int, externalSecret esv1beta1.ExternalSecret, secretRef esv1beta1.ExternalSecretData, providerData map[string][]byte, cmgr *secretstore.Manager) error { +func (r *Reconciler) handleSecretData(ctx context.Context, externalSecret esv1beta1.ExternalSecret, secretRef esv1beta1.ExternalSecretData, providerData map[string][]byte, cmgr *secretstore.Manager) error { client, err := cmgr.Get(ctx, externalSecret.Spec.SecretStoreRef, externalSecret.Namespace, toStoreGenSourceRef(secretRef.SourceRef)) if err != nil { return err } + + // get a single secret from the store secretData, err := client.GetSecret(ctx, secretRef.RemoteRef) if err != nil { return err } + + // decode the secret if needed secretData, err = utils.Decode(secretRef.RemoteRef.DecodingStrategy, secretData) if err != nil { - return fmt.Errorf(errDecode, "spec.data", i, err) + return fmt.Errorf(errDecode, secretRef.RemoteRef.DecodingStrategy, err) } + + // store the secret data providerData[secretRef.SecretKey] = secretData + return nil } @@ -110,83 +123,108 @@ func toStoreGenSourceRef(ref *esv1beta1.StoreSourceRef) *esv1beta1.StoreGenerato } } -func (r *Reconciler) handleGenerateSecrets(ctx context.Context, namespace string, remoteRef esv1beta1.ExternalSecretDataFromRemoteRef, i int) (map[string][]byte, error) { +func (r *Reconciler) handleGenerateSecrets(ctx context.Context, namespace string, remoteRef esv1beta1.ExternalSecretDataFromRemoteRef) (map[string][]byte, error) { gen, obj, err := resolvers.GeneratorRef(ctx, r.Client, r.Scheme, namespace, remoteRef.SourceRef.GeneratorRef) if err != nil { - return nil, fmt.Errorf("unable to resolve generator: %w", err) + return nil, err } - // We still pass the namespace to the generate function because it needs to create - // namespace based objects. + + // use the generator secretMap, err := gen.Generate(ctx, obj, r.Client, namespace) if err != nil { - return nil, fmt.Errorf(errGenerate, i, err) + return nil, fmt.Errorf(errGenerate, err) } + + // rewrite the keys if needed secretMap, err = utils.RewriteMap(remoteRef.Rewrite, secretMap) if err != nil { - return nil, fmt.Errorf(errRewrite, i, err) + return nil, fmt.Errorf(errRewrite, err) } - if !utils.ValidateKeys(secretMap) { - return nil, fmt.Errorf(errInvalidKeys, "generator", i) + + // validate the keys + err = utils.ValidateKeys(secretMap) + if err != nil { + return nil, fmt.Errorf(errInvalidKeys, err) } + return secretMap, err } -func (r *Reconciler) handleExtractSecrets(ctx context.Context, externalSecret *esv1beta1.ExternalSecret, remoteRef esv1beta1.ExternalSecretDataFromRemoteRef, cmgr *secretstore.Manager, i int) (map[string][]byte, error) { +//nolint:dupl +func (r *Reconciler) handleExtractSecrets(ctx context.Context, externalSecret *esv1beta1.ExternalSecret, remoteRef esv1beta1.ExternalSecretDataFromRemoteRef, cmgr *secretstore.Manager) (map[string][]byte, error) { client, err := cmgr.Get(ctx, externalSecret.Spec.SecretStoreRef, externalSecret.Namespace, remoteRef.SourceRef) if err != nil { return nil, err } + + // get multiple secrets from the store secretMap, err := client.GetSecretMap(ctx, *remoteRef.Extract) if err != nil { return nil, err } + + // rewrite the keys if needed secretMap, err = utils.RewriteMap(remoteRef.Rewrite, secretMap) if err != nil { - return nil, fmt.Errorf(errRewrite, i, err) + return nil, fmt.Errorf(errRewrite, err) } if len(remoteRef.Rewrite) == 0 { secretMap, err = utils.ConvertKeys(remoteRef.Extract.ConversionStrategy, secretMap) if err != nil { - return nil, fmt.Errorf(errConvert, err) + return nil, fmt.Errorf(errConvert, remoteRef.Extract.ConversionStrategy, err) } } - if !utils.ValidateKeys(secretMap) { - return nil, fmt.Errorf(errInvalidKeys, "extract", i) + + // validate the keys + err = utils.ValidateKeys(secretMap) + if err != nil { + return nil, fmt.Errorf(errInvalidKeys, err) } + + // decode the secrets if needed secretMap, err = utils.DecodeMap(remoteRef.Extract.DecodingStrategy, secretMap) if err != nil { - return nil, fmt.Errorf(errDecode, "spec.dataFrom", i, err) + return nil, fmt.Errorf(errDecode, remoteRef.Extract.DecodingStrategy, err) } + return secretMap, err } -func (r *Reconciler) handleFindAllSecrets(ctx context.Context, externalSecret *esv1beta1.ExternalSecret, remoteRef esv1beta1.ExternalSecretDataFromRemoteRef, cmgr *secretstore.Manager, i int) (map[string][]byte, error) { +//nolint:dupl +func (r *Reconciler) handleFindAllSecrets(ctx context.Context, externalSecret *esv1beta1.ExternalSecret, remoteRef esv1beta1.ExternalSecretDataFromRemoteRef, cmgr *secretstore.Manager) (map[string][]byte, error) { client, err := cmgr.Get(ctx, externalSecret.Spec.SecretStoreRef, externalSecret.Namespace, remoteRef.SourceRef) if err != nil { return nil, err } + + // get all secrets from the store that match the selector secretMap, err := client.GetAllSecrets(ctx, *remoteRef.Find) if err != nil { return nil, err } + + // rewrite the keys if needed secretMap, err = utils.RewriteMap(remoteRef.Rewrite, secretMap) if err != nil { - return nil, fmt.Errorf(errRewrite, i, err) + return nil, fmt.Errorf(errRewrite, err) } if len(remoteRef.Rewrite) == 0 { - // ConversionStrategy is deprecated. Use RewriteMap instead. - r.recorder.Event(externalSecret, v1.EventTypeWarning, esv1beta1.ReasonDeprecated, fmt.Sprintf("dataFrom[%d].find.conversionStrategy=%v is deprecated and will be removed in further releases. Use dataFrom.rewrite instead", i, remoteRef.Find.ConversionStrategy)) secretMap, err = utils.ConvertKeys(remoteRef.Find.ConversionStrategy, secretMap) if err != nil { - return nil, fmt.Errorf(errConvert, err) + return nil, fmt.Errorf(errConvert, remoteRef.Find.ConversionStrategy, err) } } - if !utils.ValidateKeys(secretMap) { - return nil, fmt.Errorf(errInvalidKeys, "find", i) + + // validate the keys + err = utils.ValidateKeys(secretMap) + if err != nil { + return nil, fmt.Errorf(errInvalidKeys, err) } + + // decode the secrets if needed secretMap, err = utils.DecodeMap(remoteRef.Find.DecodingStrategy, secretMap) if err != nil { - return nil, fmt.Errorf(errDecode, "spec.dataFrom", i, err) + return nil, fmt.Errorf(errDecode, remoteRef.Find.DecodingStrategy, err) } return secretMap, err } diff --git a/pkg/controllers/externalsecret/externalsecret_controller_template.go b/pkg/controllers/externalsecret/externalsecret_controller_template.go index 19eb8c48a9b..cbbbf28547d 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_template.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_template.go @@ -79,18 +79,23 @@ func (r *Reconciler) applyTemplate(ctx context.Context, es *esv1beta1.ExternalSe if err != nil { return fmt.Errorf(errFetchTplFrom, err) } - // explicitly defined template.Data takes precedence over templateFrom + + // apply data templates + // NOTE: explicitly defined template.data templates take precedence over templateFrom err = p.MergeMap(es.Spec.Target.Template.Data, esv1beta1.TemplateTargetData) if err != nil { return fmt.Errorf(errExecTpl, err) } - // get template data for labels + // apply templates for labels + // NOTE: this only works for v2 templates err = p.MergeMap(es.Spec.Target.Template.Metadata.Labels, esv1beta1.TemplateTargetLabels) if err != nil { return fmt.Errorf(errExecTpl, err) } - // get template data for annotations + + // apply template for annotations + // NOTE: this only works for v2 templates err = p.MergeMap(es.Spec.Target.Template.Metadata.Annotations, esv1beta1.TemplateTargetAnnotations) if err != nil { return fmt.Errorf(errExecTpl, err) diff --git a/pkg/template/engine.go b/pkg/template/engine.go index b406a962b9a..be7298fb077 100644 --- a/pkg/template/engine.go +++ b/pkg/template/engine.go @@ -14,6 +14,8 @@ limitations under the License. package template import ( + "fmt" + corev1 "k8s.io/api/core/v1" esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" @@ -30,8 +32,5 @@ func EngineForVersion(version esapi.TemplateEngineVersion) (ExecFunc, error) { case esapi.TemplateEngineV2: return v2.Execute, nil } - - // in case we run with a old v1alpha1 CRD - // we must return v1 as default - return v1.Execute, nil + return nil, fmt.Errorf("unsupported template engine version: %s", version) } diff --git a/pkg/template/v1/template.go b/pkg/template/v1/template.go index df49cbf7b21..f703147b9a6 100644 --- a/pkg/template/v1/template.go +++ b/pkg/template/v1/template.go @@ -73,16 +73,28 @@ const ( ) // Execute renders the secret data as template. If an error occurs processing is stopped immediately. -func Execute(tpl, data map[string][]byte, _ esapi.TemplateScope, _ esapi.TemplateTarget, secret *corev1.Secret) error { - if tpl == nil { +func Execute(tpl, data map[string][]byte, scope esapi.TemplateScope, target esapi.TemplateTarget, secret *corev1.Secret) error { + if len(tpl) == 0 { return nil } - for k, v := range tpl { - val, err := execute(k, string(v), data) - if err != nil { - return fmt.Errorf(errExecute, k, err) + + if scope != "" && scope != esapi.TemplateScopeValues { + return fmt.Errorf("template scope %s is not supported in v1 templates, please only use Values", scope) + } + + switch target { + case esapi.TemplateTargetAnnotations: + // Annotations are not supported in v1 templates + case esapi.TemplateTargetLabels: + // Labels are not supported in v1 templates + case esapi.TemplateTargetData, "": + for k, v := range tpl { + val, err := execute(k, string(v), data) + if err != nil { + return fmt.Errorf(errExecute, k, err) + } + secret.Data[k] = val } - secret.Data[k] = val } return nil } diff --git a/pkg/utils/utils.go b/pkg/utils/utils.go index 7a6485931cd..7af21c1fc51 100644 --- a/pkg/utils/utils.go +++ b/pkg/utils/utils.go @@ -192,19 +192,23 @@ func Decode(strategy esv1beta1.ExternalSecretDecodingStrategy, in []byte) ([]byt } } -func ValidateKeys(in map[string][]byte) bool { +// ValidateKeys checks if the keys in the secret map are valid keys for a Kubernetes secret. +func ValidateKeys(in map[string][]byte) error { for key := range in { - for _, v := range key { - if !unicode.IsNumber(v) && - !unicode.IsLetter(v) && - v != '-' && - v != '.' && - v != '_' { - return false + keyLength := len(key) + if keyLength == 0 { + return fmt.Errorf("found empty key") + } + if keyLength > 253 { + return fmt.Errorf("key has length %d but max is 253: (following is truncated): %s", keyLength, key[:253]) + } + for _, c := range key { + if !unicode.IsLetter(c) && !unicode.IsNumber(c) && c != '-' && c != '.' && c != '_' { + return fmt.Errorf("key has invalid character %c, only alphanumeric, '-', '.' and '_' are allowed: %s", c, key) } } } - return true + return nil } // ConvertKeys converts a secret map into a valid key. From bece0ec257309001139cd26ac41eb8e697092fe7 Mon Sep 17 00:00:00 2001 From: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Date: Fri, 6 Dec 2024 23:59:10 -0800 Subject: [PATCH 456/517] fix: handle empty template engine version (#4182) --- pkg/template/engine.go | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/pkg/template/engine.go b/pkg/template/engine.go index be7298fb077..3f1c22f3108 100644 --- a/pkg/template/engine.go +++ b/pkg/template/engine.go @@ -27,7 +27,10 @@ type ExecFunc func(tpl, data map[string][]byte, scope esapi.TemplateScope, targe func EngineForVersion(version esapi.TemplateEngineVersion) (ExecFunc, error) { switch version { - case esapi.TemplateEngineV1: + // NOTE: the version can be empty if the ExternalSecret was created with version 0.4.3 or earlier, + // all versions after this will default to "v1" (for v1alpha1 ES) or "v2" (for v1beta1 ES). + // so if we encounter an empty version, we must default to the v1 engine. + case esapi.TemplateEngineV1, "": return v1.Execute, nil case esapi.TemplateEngineV2: return v2.Execute, nil From 2644dc5fe38fca732776756f03ee53cfb2e8a7a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 10:29:37 +0100 Subject: [PATCH 457/517] chore(deps): bump actions/cache from 4.1.2 to 4.2.0 (#4190) Bumps [actions/cache](https://github.com/actions/cache) from 4.1.2 to 4.2.0. - [Release notes](https://github.com/actions/cache/releases) - [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md) - [Commits](https://github.com/actions/cache/compare/6849a6489940f00c2f30c0fb92c6274307ccb58a...1bd1e32a3bdc45362d1e726936510720a7c30a57) --- updated-dependencies: - dependency-name: actions/cache dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b864297e63e..b28126030fb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -116,7 +116,7 @@ jobs: run: go mod download - name: Cache envtest binaries - uses: actions/cache@6849a6489940f00c2f30c0fb92c6274307ccb58a # v4.1.2 + uses: actions/cache@1bd1e32a3bdc45362d1e726936510720a7c30a57 # v4.2.0 with: path: bin/k8s key: ${{ runner.os }}-envtest-${{env.KUBERNETES_VERSION}} From 70a2661bf19e0b2cd57cd4e6051ada37bae7ab9f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 10:41:02 +0100 Subject: [PATCH 458/517] chore(deps): bump actions/attest-build-provenance from 1.4.4 to 2.0.1 (#4189) Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 1.4.4 to 2.0.1. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/ef244123eb79f2f7a7e75d99086184180e6d0018...c4fbc648846ca6f503a13a2281a5e7b98aa57202) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/helm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index c10ee656ead..235a9b5035b 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -157,7 +157,7 @@ jobs: done - name: Generate provenance attestation and push to OCI registry - uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4 + uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1 with: push-to-registry: true subject-name: ${{ steps.push_chart.outputs.registry }}/${{ steps.push_chart.outputs.chart_name }} From 0b39872efa255ff0e28a075d05df1fb1ae5edad7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 10:52:42 +0100 Subject: [PATCH 459/517] chore(deps): bump github/codeql-action from 3.27.5 to 3.27.6 (#4188) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.5 to 3.27.6. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/f09c1c0a94de965c15400f5634aa42fac8fb8f88...aa578102511db1f4524ed59b8cc2bae4f6e88195) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index d22d4749c16..c1ab489fc16 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5 + uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 with: sarif_file: results.sarif From f348cf92d03f1422ba96157635791532220d4f99 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 11:47:00 +0100 Subject: [PATCH 460/517] update dependencies (#4196) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator --- e2e/go.mod | 37 +++++++++++------------ e2e/go.sum | 78 +++++++++++++++++++++++------------------------ go.mod | 44 +++++++++++++-------------- go.sum | 88 +++++++++++++++++++++++++++--------------------------- 4 files changed, 122 insertions(+), 125 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index b258623f03b..b9b2b3dd497 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -62,23 +62,23 @@ require ( github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 github.com/xanzy/go-gitlab v0.114.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.209.0 + google.golang.org/api v0.210.0 k8s.io/api v0.31.3 k8s.io/apiextensions-apiserver v0.31.3 k8s.io/apimachinery v0.31.3 k8s.io/client-go v1.5.2 k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 - sigs.k8s.io/controller-runtime v0.19.2 + sigs.k8s.io/controller-runtime v0.19.3 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.5.0 ) require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.11.0 // indirect + cloud.google.com/go/auth v0.12.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect - cloud.google.com/go/iam v1.2.2 // indirect + cloud.google.com/go/iam v1.3.0 // indirect dario.cat/mergo v1.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 // indirect @@ -108,7 +108,6 @@ require ( github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fluxcd/pkg/apis/acl v0.1.0 // indirect github.com/fluxcd/pkg/apis/kustomize v1.2.0 // indirect - github.com/fsnotify/fsnotify v1.8.0 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/logr v1.4.2 // indirect @@ -128,7 +127,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241128161848-dc51965c6481 // indirect + github.com/google/pprof v0.0.0-20241206021119-61a79c692802 // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect @@ -171,7 +170,7 @@ require ( github.com/pkg/errors v0.9.1 // indirect github.com/prometheus/client_golang v1.20.5 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.60.1 // indirect + github.com/prometheus/common v0.61.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect github.com/segmentio/asm v1.2.0 // indirect @@ -192,20 +191,20 @@ require ( go.opentelemetry.io/otel v1.32.0 // indirect go.opentelemetry.io/otel/metric v1.32.0 // indirect go.opentelemetry.io/otel/trace v1.32.0 // indirect - golang.org/x/crypto v0.29.0 // indirect - golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect - golang.org/x/net v0.31.0 // indirect - golang.org/x/sync v0.9.0 // indirect - golang.org/x/sys v0.27.0 // indirect - golang.org/x/term v0.26.0 // indirect - golang.org/x/text v0.20.0 // indirect + golang.org/x/crypto v0.30.0 // indirect + golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d // indirect + golang.org/x/net v0.32.0 // indirect + golang.org/x/sync v0.10.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/term v0.27.0 // indirect + golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.8.0 // indirect - golang.org/x/tools v0.27.0 // indirect + golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect - google.golang.org/grpc v1.68.0 // indirect + google.golang.org/genproto v0.0.0-20241206012308-a4fef0638583 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241206012308-a4fef0638583 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect + google.golang.org/grpc v1.68.1 // indirect google.golang.org/protobuf v1.35.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 1fcbf2327ef..723981970c0 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -22,8 +22,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.11.0 h1:Ic5SZz2lsvbYcWT5dfjNWgw6tTlGi2Wc8hyQSC9BstA= -cloud.google.com/go/auth v0.11.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth v0.12.0 h1:ARAD8r0lkiHw2go7kEnmviF6TOYhzLM+yDGcDt9mP68= +cloud.google.com/go/auth v0.12.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -37,8 +37,8 @@ cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixA cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= -cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= +cloud.google.com/go/iam v1.3.0 h1:4Wo2qTaGKFtajbLpF6I4mywg900u3TLlHDb6mriLDPU= +cloud.google.com/go/iam v1.3.0/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -185,8 +185,6 @@ github.com/fluxcd/source-controller/api v1.2.3 h1:71mXv3Qg9HEhcpqOq1ObmoE+P/HuZN github.com/fluxcd/source-controller/api v1.2.3/go.mod h1:5gaIVVH7hgb8p3HKFp8P6hGmZEC8fKSt4EcrG3g5vZI= github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8= github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0= -github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/8M= -github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU= @@ -300,8 +298,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20241128161848-dc51965c6481 h1:yudKIrXagAOl99WQzrP1gbz5HLB9UjhcOFnPzdd6Qec= -github.com/google/pprof v0.0.0-20241128161848-dc51965c6481/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241206021119-61a79c692802 h1:US08AXzP0bLurpzFUV3Poa9ZijrRdd1zAIOVtoHEiS8= +github.com/google/pprof v0.0.0-20241206021119-61a79c692802/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -443,8 +441,8 @@ github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/j github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc= -github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= +github.com/prometheus/common v0.61.0 h1:3gv/GThfX0cV2lpO7gkTUwZru38mxevy90Bj8YFSRQQ= +github.com/prometheus/common v0.61.0/go.mod h1:zr29OCN/2BsJRaFwG8QOBr41D6kkchKbpeNH7pAjb/s= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= @@ -487,8 +485,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY= github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= @@ -557,8 +555,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= -golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= +golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= +golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -569,8 +567,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo= -golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak= +golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d h1:0olWaB5pg3+oychR51GUVCEsGkeCU/2JxjBgIo4f3M0= +golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -639,8 +637,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= -golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= +golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= +golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -669,8 +667,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= -golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -720,8 +718,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -730,8 +728,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= -golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -746,8 +744,8 @@ golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -803,8 +801,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= -golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -833,8 +831,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.209.0 h1:Ja2OXNlyRlWCWu8o+GgI4yUn/wz9h/5ZfFbKz+dQX+w= -google.golang.org/api v0.209.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM= +google.golang.org/api v0.210.0 h1:HMNffZ57OoZCRYSbdWVRoqOa8V8NIHLL0CzdBPLztWk= +google.golang.org/api v0.210.0/go.mod h1:B9XDZGnx2NtyjzVkOVTGrFSAVZgPcbedzKg/gTLwqBs= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -882,12 +880,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= -google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= -google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ= -google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/genproto v0.0.0-20241206012308-a4fef0638583 h1:pjPnE7Rv3PAwHISLRJhA3HQTnM2uu5qcnroxTkRb5G8= +google.golang.org/genproto v0.0.0-20241206012308-a4fef0638583/go.mod h1:dW27OyXi0Ph+N43jeCWMFC86aTT5VgdeQtOSf0Hehdw= +google.golang.org/genproto/googleapis/api v0.0.0-20241206012308-a4fef0638583 h1:v+j+5gpj0FopU0KKLDGfDo9ZRRpKdi5UBrCP0f76kuY= +google.golang.org/genproto/googleapis/api v0.0.0-20241206012308-a4fef0638583/go.mod h1:jehYqy3+AhJU9ve55aNOaSml7wUXjF9x6z2LcCfpAhY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -907,8 +905,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= -google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= +google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0= +google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -971,8 +969,8 @@ k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.19.2 h1:3sPrF58XQEPzbE8T81TN6selQIMGbtYwuaJ6eDssDF8= -sigs.k8s.io/controller-runtime v0.19.2/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw= +sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/structured-merge-diff/v4 v4.4.3 h1:sCP7Vv3xx/CWIuTPVN38lUPx0uw0lcLfzaiDa8Ja01A= diff --git a/go.mod b/go.mod index aee2a3f6448..64e85b164d2 100644 --- a/go.mod +++ b/go.mod @@ -5,7 +5,7 @@ go 1.23.1 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 require ( - cloud.google.com/go/iam v1.2.2 + cloud.google.com/go/iam v1.3.0 cloud.google.com/go/secretmanager v1.14.2 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 @@ -36,18 +36,18 @@ require ( github.com/prometheus/client_golang v1.20.5 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 - github.com/stretchr/testify v1.9.0 + github.com/stretchr/testify v1.10.0 github.com/tidwall/gjson v1.18.0 github.com/xanzy/go-gitlab v0.114.0 - github.com/yandex-cloud/go-genproto v0.0.0-20241125092406-f84a9a79c742 - github.com/yandex-cloud/go-sdk v0.0.0-20241125093903-abc9da85b811 + github.com/yandex-cloud/go-genproto v0.0.0-20241206133605-07e4a676108b + github.com/yandex-cloud/go-sdk v0.0.0-20241206142255-6c3760d17eea github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.29.0 + golang.org/x/crypto v0.30.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.209.0 - google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 - google.golang.org/grpc v1.68.0 + google.golang.org/api v0.210.0 + google.golang.org/genproto v0.0.0-20241206012308-a4fef0638583 + google.golang.org/grpc v1.68.1 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 k8s.io/api v0.31.3 @@ -55,7 +55,7 @@ require ( k8s.io/apimachinery v0.31.3 k8s.io/client-go v0.31.3 k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 - sigs.k8s.io/controller-runtime v0.19.2 + sigs.k8s.io/controller-runtime v0.19.3 sigs.k8s.io/controller-tools v0.16.5 ) @@ -90,7 +90,7 @@ require ( github.com/maxbrunsfeld/counterfeiter/v6 v6.10.0 github.com/passbolt/go-passbolt v0.7.1 github.com/previder/vault-cli v0.1.2 - github.com/pulumi/esc-sdk/sdk v0.10.3 + github.com/pulumi/esc-sdk/sdk v0.10.4 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 @@ -102,7 +102,7 @@ require ( require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.11.0 // indirect + cloud.google.com/go/auth v0.12.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect cloud.google.com/go/compute/metadata v0.5.2 // indirect github.com/ProtonMail/go-crypto v1.1.3 // indirect @@ -148,9 +148,9 @@ require ( go.opentelemetry.io/otel v1.32.0 // indirect go.opentelemetry.io/otel/metric v1.32.0 // indirect go.opentelemetry.io/otel/trace v1.32.0 // indirect - golang.org/x/sync v0.9.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 // indirect + golang.org/x/sync v0.10.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241206012308-a4fef0638583 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.3 // indirect @@ -195,7 +195,7 @@ require ( github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241128161848-dc51965c6481 // indirect + github.com/google/pprof v0.0.0-20241206021119-61a79c692802 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -233,7 +233,7 @@ require ( github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c // indirect github.com/pkg/errors v0.9.1 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/common v0.60.1 // indirect + github.com/prometheus/common v0.61.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/russross/blackfriday/v2 v2.1.0 // indirect github.com/ryanuber/go-glob v1.0.0 // indirect @@ -248,14 +248,14 @@ require ( go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f // indirect + golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d // indirect golang.org/x/mod v0.22.0 // indirect - golang.org/x/net v0.31.0 // indirect - golang.org/x/sys v0.27.0 // indirect - golang.org/x/term v0.26.0 // indirect - golang.org/x/text v0.20.0 // indirect + golang.org/x/net v0.32.0 // indirect + golang.org/x/sys v0.28.0 // indirect + golang.org/x/term v0.27.0 // indirect + golang.org/x/text v0.21.0 // indirect golang.org/x/time v0.8.0 // indirect - golang.org/x/tools v0.27.0 // indirect + golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/protobuf v1.35.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect diff --git a/go.sum b/go.sum index 227c62b7d27..3b5a0bda3b9 100644 --- a/go.sum +++ b/go.sum @@ -22,8 +22,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.11.0 h1:Ic5SZz2lsvbYcWT5dfjNWgw6tTlGi2Wc8hyQSC9BstA= -cloud.google.com/go/auth v0.11.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth v0.12.0 h1:ARAD8r0lkiHw2go7kEnmviF6TOYhzLM+yDGcDt9mP68= +cloud.google.com/go/auth v0.12.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -37,8 +37,8 @@ cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixA cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.2.2 h1:ozUSofHUGf/F4tCNy/mu9tHLTaxZFLOUiKzjcgWHGIA= -cloud.google.com/go/iam v1.2.2/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= +cloud.google.com/go/iam v1.3.0 h1:4Wo2qTaGKFtajbLpF6I4mywg900u3TLlHDb6mriLDPU= +cloud.google.com/go/iam v1.3.0/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -405,8 +405,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20241128161848-dc51965c6481 h1:yudKIrXagAOl99WQzrP1gbz5HLB9UjhcOFnPzdd6Qec= -github.com/google/pprof v0.0.0-20241128161848-dc51965c6481/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241206021119-61a79c692802 h1:US08AXzP0bLurpzFUV3Poa9ZijrRdd1zAIOVtoHEiS8= +github.com/google/pprof v0.0.0-20241206021119-61a79c692802/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -592,12 +592,12 @@ github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/j github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.60.1 h1:FUas6GcOw66yB/73KC+BOZoFJmbo/1pojoILArPAaSc= -github.com/prometheus/common v0.60.1/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= +github.com/prometheus/common v0.61.0 h1:3gv/GThfX0cV2lpO7gkTUwZru38mxevy90Bj8YFSRQQ= +github.com/prometheus/common v0.61.0/go.mod h1:zr29OCN/2BsJRaFwG8QOBr41D6kkchKbpeNH7pAjb/s= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/pulumi/esc-sdk/sdk v0.10.3 h1:4B8lw5GUqL/XQJJysrh1ViHmAuhTyKC8VBRMdRc1chk= -github.com/pulumi/esc-sdk/sdk v0.10.3/go.mod h1:J6+8bCUJyLXvYOmTAc90/EhU1iUPr1Koo3NUnFzY78k= +github.com/pulumi/esc-sdk/sdk v0.10.4 h1:YOR61Kcvcml6j6gfPWNQaPxIxMb5xMwYsdGgep+6PZQ= +github.com/pulumi/esc-sdk/sdk v0.10.4/go.mod h1:J6+8bCUJyLXvYOmTAc90/EhU1iUPr1Koo3NUnFzY78k= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= @@ -657,8 +657,8 @@ github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= -github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= +github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= github.com/tidwall/gjson v1.14.2/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= github.com/tidwall/gjson v1.18.0 h1:FIDeeyB800efLX89e5a8Y0BNH+LOngJyGrIWxG2FKQY= github.com/tidwall/gjson v1.18.0/go.mod h1:/wbyibRr2FHMks5tjHJ5F8dMZh3AcwJEMf5vlfC0lxk= @@ -680,10 +680,10 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= github.com/xanzy/go-gitlab v0.114.0 h1:0wQr/KBckwrZPfEMjRqpUz0HmsKKON9UhCYv9KDy19M= github.com/xanzy/go-gitlab v0.114.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= -github.com/yandex-cloud/go-genproto v0.0.0-20241125092406-f84a9a79c742 h1:W/UYKPy8e+rTODsmsbxxBNOV+5Ps3mUCPB0sa/MD49U= -github.com/yandex-cloud/go-genproto v0.0.0-20241125092406-f84a9a79c742/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= -github.com/yandex-cloud/go-sdk v0.0.0-20241125093903-abc9da85b811 h1:3iS3N3jZArMR0nAvX2e8+kXHFBJM14Mh0suliUjGYmU= -github.com/yandex-cloud/go-sdk v0.0.0-20241125093903-abc9da85b811/go.mod h1:NTyXTgu30+aHAisiaPxzMu502MFTC7EORix3gdziNV8= +github.com/yandex-cloud/go-genproto v0.0.0-20241206133605-07e4a676108b h1:+xsB23dmxN3hBSGZLAiyLsUADnqr6ASOiZJmLd8++nk= +github.com/yandex-cloud/go-genproto v0.0.0-20241206133605-07e4a676108b/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= +github.com/yandex-cloud/go-sdk v0.0.0-20241206142255-6c3760d17eea h1:XvnMWpD249l3rhJjDWEAGOQmYZ3Rw0XjEwREDzm9wDs= +github.com/yandex-cloud/go-sdk v0.0.0-20241206142255-6c3760d17eea/go.mod h1:6JH4ZTrHlyTtKwf1VoEGfbHl+or8NFdOyxwYzID0UdI= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -745,8 +745,8 @@ golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.29.0 h1:L5SG1JTTXupVV3n6sUqMTeWbjAyfPwoda2DLX8J8FrQ= -golang.org/x/crypto v0.29.0/go.mod h1:+F4F4N5hv6v38hfeYwTdx20oUvLLc+QfrE9Ax9HtgRg= +golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= +golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -757,8 +757,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f h1:XdNn9LlyWAhLVp6P/i8QYBW+hlyhrhei9uErw2B5GJo= -golang.org/x/exp v0.0.0-20241108190413-2d47ceb2692f/go.mod h1:D5SMRVC3C2/4+F/DB1wZsLRnSNimn2Sp/NPsCrsv8ak= +golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d h1:0olWaB5pg3+oychR51GUVCEsGkeCU/2JxjBgIo4f3M0= +golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -834,8 +834,8 @@ golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.31.0 h1:68CPQngjLL0r2AlUKiSxtQFKvzRVbnzLwMUn5SzcLHo= -golang.org/x/net v0.31.0/go.mod h1:P4fl1q7dY2hnZFxEk4pPSkDHF+QqjitcnDjUQyMM+pM= +golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= +golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -864,8 +864,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.9.0 h1:fEo0HyrW1GIgZdpbhCRO0PkJajUS5H9IFUztCgEo2jQ= -golang.org/x/sync v0.9.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.10.0 h1:3NQrjDixjgGwUOCaF8w2+VYHv0Ve/vGYSbdkTa98gmQ= +golang.org/x/sync v0.10.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190312061237-fead79001313/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= @@ -927,8 +927,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.27.0 h1:wBqf8DvsY9Y/2P8gAfPDEYNuS30J4lPHJxXSb/nJZ+s= -golang.org/x/sys v0.27.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= +golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -941,8 +941,8 @@ golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.26.0 h1:WEQa6V3Gja/BhNxg540hBip/kkaYtRg3cxg4oXSw4AU= -golang.org/x/term v0.26.0/go.mod h1:Si5m1o57C5nBNQo5z1iq+XDijt21BDBDp2bK0QI8e3E= +golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= +golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -959,8 +959,8 @@ golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.10.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.20.0 h1:gK/Kv2otX8gz+wn7Rmb3vT96ZwuoxnQlY+HlJVj7Qug= -golang.org/x/text v0.20.0/go.mod h1:D4IsuqiFMhST5bX19pQ9ikHC2GsaKyk/oF+pn3ducp4= +golang.org/x/text v0.21.0 h1:zyQAAkrwaneQ066sspRyJaG9VNi/YJ1NfzcGB3hZ/qo= +golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= @@ -1019,8 +1019,8 @@ golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4f golang.org/x/tools v0.1.0/go.mod h1:xkSsbof2nBLbhDlRMhhhyNLN/zl3eTqcnHD5viDpcZ0= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU= -golang.org/x/tools v0.27.0 h1:qEKojBykQkQ4EynWy4S8Weg69NumxKdn40Fce3uc/8o= -golang.org/x/tools v0.27.0/go.mod h1:sUi0ZgbwW9ZPAq26Ekut+weQPR5eIM6GQLQ1Yjm1H0Q= +golang.org/x/tools v0.28.0 h1:WuB6qZ4RPCQo5aP3WdKZS7i595EdWqWR8vqJTlwTVK8= +golang.org/x/tools v0.28.0/go.mod h1:dcIOrVd3mfQKTgrDVQHqCPMWy6lnhfhtX3hLXYVLfRw= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -1049,8 +1049,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.209.0 h1:Ja2OXNlyRlWCWu8o+GgI4yUn/wz9h/5ZfFbKz+dQX+w= -google.golang.org/api v0.209.0/go.mod h1:I53S168Yr/PNDNMi5yPnDc0/LGRZO6o7PoEbl/HY3CM= +google.golang.org/api v0.210.0 h1:HMNffZ57OoZCRYSbdWVRoqOa8V8NIHLL0CzdBPLztWk= +google.golang.org/api v0.210.0/go.mod h1:B9XDZGnx2NtyjzVkOVTGrFSAVZgPcbedzKg/gTLwqBs= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1098,12 +1098,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 h1:ToEetK57OidYuqD4Q5w+vfEnPvPpuTwedCNVohYJfNk= -google.golang.org/genproto v0.0.0-20241118233622-e639e219e697/go.mod h1:JJrvXBWRZaFMxBufik1a4RpFw4HhgVtBBWQeQgUj2cc= -google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697 h1:pgr/4QbFyktUv9CtQ/Fq4gzEE6/Xs7iCXbktaGzLHbQ= -google.golang.org/genproto/googleapis/api v0.0.0-20241118233622-e639e219e697/go.mod h1:+D9ySVjN8nY8YCVjc5O7PZDIdZporIDY3KaGfJunh88= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697 h1:LWZqQOEjDyONlF1H6afSWpAL/znlREo2tHfLoe+8LMA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241118233622-e639e219e697/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/genproto v0.0.0-20241206012308-a4fef0638583 h1:pjPnE7Rv3PAwHISLRJhA3HQTnM2uu5qcnroxTkRb5G8= +google.golang.org/genproto v0.0.0-20241206012308-a4fef0638583/go.mod h1:dW27OyXi0Ph+N43jeCWMFC86aTT5VgdeQtOSf0Hehdw= +google.golang.org/genproto/googleapis/api v0.0.0-20241206012308-a4fef0638583 h1:v+j+5gpj0FopU0KKLDGfDo9ZRRpKdi5UBrCP0f76kuY= +google.golang.org/genproto/googleapis/api v0.0.0-20241206012308-a4fef0638583/go.mod h1:jehYqy3+AhJU9ve55aNOaSml7wUXjF9x6z2LcCfpAhY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1123,8 +1123,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.68.0 h1:aHQeeJbo8zAkAa3pRzrVjZlbz6uSfeOXlJNQM0RAbz0= -google.golang.org/grpc v1.68.0/go.mod h1:fmSPC5AsjSBCK54MyHRx48kpOti1/jRfOlwEWywNjWA= +google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0= +google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1199,8 +1199,8 @@ k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= -sigs.k8s.io/controller-runtime v0.19.2 h1:3sPrF58XQEPzbE8T81TN6selQIMGbtYwuaJ6eDssDF8= -sigs.k8s.io/controller-runtime v0.19.2/go.mod h1:iRmWllt8IlaLjvTTDLhRBXIEtkCK6hwVBJJsYS9Ajf4= +sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw= +sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM= sigs.k8s.io/controller-tools v0.16.5 h1:5k9FNRqziBPwqr17AMEPPV/En39ZBplLAdOwwQHruP4= sigs.k8s.io/controller-tools v0.16.5/go.mod h1:8vztuRVzs8IuuJqKqbXCSlXcw+lkAv/M2sTpg55qjMY= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= From 3f3b69f07e0a73bc31a676b4ea3c69e368b6e71a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 11:48:48 +0100 Subject: [PATCH 461/517] chore(deps): bump codecov/codecov-action from 5.0.7 to 5.1.1 (#4187) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.0.7 to 5.1.1. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/015f24e6818733317a2da2edd6290ab26238649a...7f8b4b4bde536c465e797be725718b88c5d95e0e) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Moritz Johner --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index b28126030fb..4722e8a8085 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -126,7 +126,7 @@ jobs: make test - name: Publish Unit Test Coverage - uses: codecov/codecov-action@015f24e6818733317a2da2edd6290ab26238649a # v5.0.7 + uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: From ac97349ee56e87d835900720d946c5d09f95c322 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 18:20:59 +0100 Subject: [PATCH 462/517] chore(deps): bump alpine from 3.20.3 to 3.21.0 in /e2e (#4184) Bumps alpine from 3.20.3 to 3.21.0. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index c7b6e9189db..cddec73b555 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -16,7 +16,7 @@ COPY . . WORKDIR /usr/src/app/e2e RUN make e2e-bin -FROM alpine:3.20.3@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a +FROM alpine:3.21.0@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 RUN apk add -U --no-cache \ ca-certificates \ bash \ From 5e765bc80b39c5b1fd990c1338d700af86a98d26 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 18:22:52 +0100 Subject: [PATCH 463/517] chore(deps): bump golang from 1.23.3-bookworm to 1.23.4-bookworm in /e2e (#4185) Bumps golang from 1.23.3-bookworm to 1.23.4-bookworm. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index cddec73b555..d5f0859d42c 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3-bookworm@sha256:3f3b9daa3de608f3e869cd2ff8baf21555cf0fca9fd34251b8f340f9b7c30ec5 as builder +FROM golang:1.23.4-bookworm@sha256:ef30001eeadd12890c7737c26f3be5b3a8479ccdcdc553b999c84879875a27ce as builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From 242f79ee71a66d48ac63abaa20a3a8b1f8631d46 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 18:23:54 +0100 Subject: [PATCH 464/517] chore(deps): bump alpine from 3.20 to 3.21 in /hack/api-docs (#4186) Bumps alpine from 3.20 to 3.21. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/Dockerfile b/hack/api-docs/Dockerfile index b433c0ef250..e0ebe56ac85 100644 --- a/hack/api-docs/Dockerfile +++ b/hack/api-docs/Dockerfile @@ -11,7 +11,7 @@ # See the License for the specific language governing permissions and # limitations under the License. -FROM alpine:3.20@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a +FROM alpine:3.21@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 RUN apk add -U --no-cache \ python3 \ python3-dev \ From 08c92bea2fb60ed97ef513b0de995b9fb936d928 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 18:26:16 +0100 Subject: [PATCH 465/517] chore(deps): bump alpine from `1e42bbe` to `21dc606` (#4191) Bumps alpine from `1e42bbe` to `21dc606`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- tilt.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.dockerfile b/tilt.dockerfile index 209cb778b2d..61647a6d6db 100644 --- a/tilt.dockerfile +++ b/tilt.dockerfile @@ -1,4 +1,4 @@ -FROM alpine@sha256:1e42bbe2508154c9126d48c2b8a75420c3544343bf86fd041fb7527e017a4b4a +FROM alpine@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 WORKDIR / COPY ./bin/external-secrets /external-secrets From 0004892aa78561ea20d116bcfeb953fe4db9e626 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 18:28:49 +0100 Subject: [PATCH 466/517] chore(deps): bump golang from 1.23.3 to 1.23.4 (#4192) Bumps golang from 1.23.3 to 1.23.4. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- Dockerfile.standalone | 2 +- tilt.debug.dockerfile | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Dockerfile.standalone b/Dockerfile.standalone index b456925b19c..e8149e16091 100644 --- a/Dockerfile.standalone +++ b/Dockerfile.standalone @@ -1,6 +1,6 @@ # This version of Dockerfile is for building without external dependencies. # Build a multi-platform image e.g. `docker buildx build --push --platform linux/arm64,linux/amd64 --tag external-secrets:dev --file Dockerfile.standalone .` -FROM golang:1.23.3-alpine@sha256:c694a4d291a13a9f9d94933395673494fc2cc9d4777b85df3a7e70b3492d3574 AS builder +FROM golang:1.23.4-alpine@sha256:6c5c9590f169f77c8046e45c611d3b28fe477789acd8d3762d23d4744de69812 AS builder ARG TARGETOS ARG TARGETARCH ENV CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 5d58c6c5e1b..941042b53fd 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.3@sha256:73f06be4578c9987ce560087e2e2ea6485fb605e3910542cadd8fa09fc5f3e31 +FROM golang:1.23.4@sha256:574185e5c6b9d09873f455a7c205ea0514bfd99738c5dc7750196403a44ed4b7 WORKDIR / COPY ./bin/external-secrets /external-secrets From b2aa7900397af24fdab4186127b9a4a028841b26 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 18:30:00 +0100 Subject: [PATCH 467/517] chore(deps): bump six from 1.16.0 to 1.17.0 in /hack/api-docs (#4193) Bumps [six](https://github.com/benjaminp/six) from 1.16.0 to 1.17.0. - [Changelog](https://github.com/benjaminp/six/blob/main/CHANGES) - [Commits](https://github.com/benjaminp/six/compare/1.16.0...1.17.0) --- updated-dependencies: - dependency-name: six dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 5955efa35c3..d63ae3b03dc 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -33,7 +33,7 @@ PyYAML==6.0.2 pyyaml_env_tag==0.1 regex==2024.11.6 requests==2.32.3 -six==1.16.0 +six==1.17.0 termcolor==2.5.0 tornado==6.4.2 urllib3==2.2.3 From 867185fe4e9fcdee70299d99a9c0e2c3691cde9b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 18:30:28 +0100 Subject: [PATCH 468/517] chore(deps): bump mkdocs-material in /hack/api-docs (#4194) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.47 to 9.5.48. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.47...9.5.48) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index d63ae3b03dc..877ce34057b 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 mkdocs-macros-plugin==1.3.7 -mkdocs-material==9.5.47 +mkdocs-material==9.5.48 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.2 From 34f526f134109039558ee692ce2c71e7489056c5 Mon Sep 17 00:00:00 2001 From: Dariusch Ochlast Date: Tue, 10 Dec 2024 08:53:36 +0100 Subject: [PATCH 469/517] feat: 1password add support for tags and configurable PushSecret vault (#4173) --- docs/provider/1password-automation.md | 33 +++++++ docs/snippets/1password-push-secret.yaml | 32 +++++++ docs/snippets/1password-secret-store.yaml | 2 +- pkg/provider/onepassword/onepassword.go | 60 ++++++++++--- pkg/provider/onepassword/onepassword_test.go | 91 +++++++++++++++++++- 5 files changed, 204 insertions(+), 14 deletions(-) create mode 100644 docs/snippets/1password-push-secret.yaml diff --git a/docs/provider/1password-automation.md b/docs/provider/1password-automation.md index 4da28886bdf..833f47539ca 100644 --- a/docs/provider/1password-automation.md +++ b/docs/provider/1password-automation.md @@ -3,9 +3,11 @@ External Secrets Operator integrates with [1Password Secrets Automation](https://1password.com/products/secrets/) for secret management. ### Important note about this documentation + _**The 1Password API calls the entries in vaults 'Items'. These docs use the same term.**_ ### Behavior + * How an Item is equated to an ExternalSecret: * `remoteRef.key` is equated to an Item's Title * `remoteRef.property` is equated to: @@ -28,6 +30,7 @@ _**The 1Password API calls the entries in vaults 'Items'. These docs use the sam * `find.tags` are not supported at this time. ### Prerequisites + * 1Password requires running a 1Password Connect Server to which the API requests will be made. * External Secrets does not run this server. See [Deploy a Connect Server](#deploy-a-connect-server). * One Connect Server is needed per 1Password Automation Environment. @@ -35,6 +38,7 @@ _**The 1Password API calls the entries in vaults 'Items'. These docs use the sam * 1Password Connect Server version 1.5.6 or higher. ### Setup Authentication + _Authentication requires a `1password-credentials.json` file provided to the Connect Server, and a related 'Access Token' for the client in this provider to authenticate to that Connect Server. Both of these are generated by 1Password._ 1. Setup an Automation Environment [at 1Password.com](https://support.1password.com/secrets-automation/), or [via the op CLI](https://github.com/1Password/connect/blob/a0a5f3d92e68497098d9314721335a7bb68a3b2d/README.md#create-server-and-access-token). @@ -58,6 +62,7 @@ _Authentication requires a `1password-credentials.json` file provided to the Con ``` ### Deploy a Connect Server + * Follow the remaining instructions in the [Quick Start guide](https://github.com/1Password/connect/blob/a0a5f3d92e68497098d9314721335a7bb68a3b2d/README.md#quick-start). * Deploy at minimum a Deployment and Service for a Connect Server, to go along with the Secret for the Server created in the [Setup Authentication section](#setup-authentication). * The Service's name will be referenced in SecretStores/ClusterSecretStores. @@ -65,15 +70,20 @@ _Authentication requires a `1password-credentials.json` file provided to the Con * Unencrypted secret values are passed over the connection between the Operator and the Connect Server. **Encrypting the connection is recommended.** ### Creating Compatible 1Password Items + _Also see [examples below](#examples) for matching SecretStore and ExternalSecret specs._ + #### Manually (Password type) + 1. Click the plus button to create a new Password type Item. 1. Change the title to what you want `remoteRef.key` to be. 1. Set what you want `remoteRef.property` to be in the field sections where is says 'label', and values where it says 'new field'. 1. Click the 'Save' button. ![create-password-screenshot](../pictures/screenshot_1password_create_password.png) + #### Manually (Document type) + * Click the plus button to create a new Document type Item. * Choose the file to upload and upload it. * Change the title to match `remoteRef.key` @@ -81,7 +91,9 @@ _Also see [examples below](#examples) for matching SecretStore and ExternalSecre * Click the 'Save' button. ![create-document-screenshot](../pictures/screenshot_1password_create_document.png) + #### Scripting (Password type with op [CLI](https://developer.1password.com/docs/cli/v1/get-started/)) + * Create `file.json` with the following contents, swapping in your keys and values. Note: `section.name`'s and `section.title`'s values are ignored by the Operator, but cannot be empty for the `op` CLI ```json { @@ -126,10 +138,13 @@ _Also see [examples below](#examples) for matching SecretStore and ExternalSecre } ``` * Run `op item create --template file.json` + #### Scripting (Document type) + * Unfortunately the `op` CLI doesn't seem to support uploading multiple files to the same Item, and the current Go lib has a [bug](https://github.com/1Password/connect-sdk-go/issues/45). `op` can be used to create a Document type Item with one file in it, but for now it's necessary to add multiple files to the same Document via the GUI. #### In-built field labeled `password` on Password type Items + * TL;DR if you need a field labeled `password`, use the in-built one rather than the one in a fields Section. ![password-field-example](../pictures/screenshot_1password_password_field.png) @@ -139,6 +154,7 @@ _Also see [examples below](#examples) for matching SecretStore and ExternalSecre * The in-built `password` field is not otherwise special for the purposes of ExternalSecrets. It can be ignored when not in use. ### Examples + Examples of using the `my-env-config` and `my-cert` Items [seen above](#manually-password-type). * Note: with this configuration a 1Password Item titled `my-env-config` is correlated to a ExternalSecret named `my-env-config` that results in a Kubernetes secret named `my-env-config`, all with matching names for the key/value pairs. This is a way to increase comprehensibility. @@ -153,10 +169,13 @@ Examples of using the `my-env-config` and `my-cert` Items [seen above](#manually ``` ### Additional Notes + #### General + * It's intuitive to use Document type Items for Kubernetes secrets mounted as files, and Password type Items for ones that will be mounted as environment variables, but either can be used for either. It comes down to what's more convenient. #### Why no version history + * 1Password only supports version history on their in-built `password` field. Therefore, implementing version history in this provider would require one Item in 1Password per `remoteRef` in an ExternalSecret. Additionally `remoteRef.property` would be pointless/unusable. * For example, a Kubernetes secret with 15 keys (say, used in `envFrom`,) would require 15 Items in the 1Password vault, instead of 15 Fields in 1 Item. This would quickly get untenable for more than a few secrets, because: * All Items would have to have unique names which means `secretKey` couldn't match the Item name the `remoteRef` is targeting. @@ -165,11 +184,13 @@ Examples of using the `my-env-config` and `my-cert` Items [seen above](#manually * To support new and old versions of a secret value at the same time, create a new Item in 1Password with the new value, and point some ExternalSecrets at a time to the new Item. #### Keeping misconfiguration from working + * One instance of the ExternalSecrets Operator _can_ work with many Connect Server instances, but it may not be the best approach. * With one Operator instance per Connect Server instance, namespaces and RBAC can be used to improve security posture, and perhaps just as importantly, it's harder to misconfigure something and have it work (supply env A's secret values to env B for example.) * You can run as many 1Password Connect Servers as you need security boundaries to help protect against accidental misconfiguration. #### Patching ExternalSecrets with Kustomize + * An overlay can provide a SecretStore specific to that overlay, and then use JSON6902 to patch all the ExternalSecrets coming from base to point to that SecretStore. Here's an example `overlays/staging/kustomization.yaml`: ```yaml --- @@ -189,3 +210,15 @@ Examples of using the `my-env-config` and `my-cert` Items [seen above](#manually path: /spec/secretStoreRef/name value: staging ``` + +### Push Secret + +To push a secret from Kubernetes cluster and create it as a secret in 1Password, a `Kind=PushSecret` resource is needed. + +Updating the vault on an existing PushSecret is currently not supported. To update the vault, create a new PushSecret with the updated vault. + +```yaml +{% include '1password-push-secret.yaml' %} +``` + +Then it will create an item in onepassword `op://staging/1pw-secret-name/password` equal to `my-secret`. diff --git a/docs/snippets/1password-push-secret.yaml b/docs/snippets/1password-push-secret.yaml new file mode 100644 index 00000000000..8097421d9ce --- /dev/null +++ b/docs/snippets/1password-push-secret.yaml @@ -0,0 +1,32 @@ +apiVersion: v1 +kind: Secret +metadata: + name: source-secret +stringData: + source-key: "my-secret" +--- +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: pushsecret-example # Customisable +spec: + deletionPolicy: Delete + refreshInterval: 1h + secretStoreRefs: + - name: 1password + kind: ClusterSecretStore + selector: + secret: + name: source-secret # Source Kubernetes secret + data: + - match: + secretKey: source-key # Source Kubernetes secret key to be pushed + remoteRef: + remoteKey: 1pw-secret-name # 1Password item/secret name + property: password # (Optional) 1Password field type, default password + metadata: + apiVersion: kubernetes.external-secrets.io/v1alpha1 + kind: PushSecretMetadata + spec: + vault: staging # Optional the vault the secret is going to be pushed to, defaults to the first defined vault in the (Cluster)SecretStore + tags: ["tag1", "tag2"] # Optional metadata to be pushed with the secret diff --git a/docs/snippets/1password-secret-store.yaml b/docs/snippets/1password-secret-store.yaml index 3de4aadfd3a..64d35812e79 100644 --- a/docs/snippets/1password-secret-store.yaml +++ b/docs/snippets/1password-secret-store.yaml @@ -6,7 +6,7 @@ metadata: spec: provider: onepassword: - connectHost: https://onepassword-connect-staging + connectHost: https://onepassword-connect-staging:8080 vaults: staging: 1 # look in this vault first shared: 2 # next look in here. error if not found diff --git a/pkg/provider/onepassword/onepassword.go b/pkg/provider/onepassword/onepassword.go index e74e5392fec..467773f4f57 100644 --- a/pkg/provider/onepassword/onepassword.go +++ b/pkg/provider/onepassword/onepassword.go @@ -32,6 +32,7 @@ import ( esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" "github.com/external-secrets/external-secrets/pkg/find" "github.com/external-secrets/external-secrets/pkg/utils" + "github.com/external-secrets/external-secrets/pkg/utils/metadata" "github.com/external-secrets/external-secrets/pkg/utils/resolvers" ) @@ -57,11 +58,12 @@ const ( errCreateItem = "error creating 1Password Item: %w" errDeleteItem = "error deleting 1Password Item: %w" // custom error messages. - errKeyNotFoundMsg = "key not found in 1Password Vaults" - errNoVaultsMsg = "no vaults found" - errExpectedOneItemMsg = "expected one 1Password Item matching" - errExpectedOneFieldMsg = "expected one 1Password ItemField matching" - errExpectedOneFieldMsgF = "%w: '%s' in '%s', got %d" + errKeyNotFoundMsg = "key not found in 1Password Vaults" + errNoVaultsMsg = "no vaults found" + errMetadataVaultNotinProvider = "metadata vault '%s' not in provider vaults" + errExpectedOneItemMsg = "expected one 1Password Item matching" + errExpectedOneFieldMsg = "expected one 1Password ItemField matching" + errExpectedOneFieldMsgF = "%w: '%s' in '%s', got %d" documentCategory = "DOCUMENT" fieldPrefix = "field" @@ -87,6 +89,11 @@ type ProviderOnePassword struct { client connect.Client } +type PushSecretMetadataSpec struct { + Tags []string `json:"tags,omitempty"` + Vault string `json:"vault,omitempty"` +} + // https://github.com/external-secrets/external-secrets/issues/644 var ( _ esv1beta1.SecretsClient = &ProviderOnePassword{} @@ -222,18 +229,40 @@ const ( // createItem creates a new item in the first vault. If no vaults exist, it returns an error. func (provider *ProviderOnePassword) createItem(val []byte, ref esv1beta1.PushSecretData) error { - // Get the first vault - sortedVaults := sortVaults(provider.vaults) - if len(sortedVaults) == 0 { - return ErrNoVaults + // Get the metadata + metadata, err := metadata.ParseMetadataParameters[PushSecretMetadataSpec](ref.GetMetadata()) + if err != nil { + return fmt.Errorf("failed to parse push secret metadata: %w", err) + } + + // Check if there is a vault is specified in the metadata + vaultID := "" + if metadata != nil && metadata.Spec.Vault != "" { + // check if metadata.Spec.Vault is in provider.vaults + if _, ok := provider.vaults[metadata.Spec.Vault]; !ok { + return fmt.Errorf(errMetadataVaultNotinProvider, metadata.Spec.Vault) + } + vaultID = metadata.Spec.Vault + } else { + // Get the first vault from the provider + sortedVaults := sortVaults(provider.vaults) + if len(sortedVaults) == 0 { + return ErrNoVaults + } + vaultID = sortedVaults[0] } - vaultID := sortedVaults[0] + // Get the label label := ref.GetProperty() if label == "" { label = passwordLabel } + var tags []string + if metadata != nil && metadata.Spec.Tags != nil { + tags = metadata.Spec.Tags + } + // Create the item item := &onepassword.Item{ Title: ref.GetRemoteKey(), @@ -244,9 +273,10 @@ func (provider *ProviderOnePassword) createItem(val []byte, ref esv1beta1.PushSe Fields: []*onepassword.ItemField{ generateNewItemField(label, string(val)), }, + Tags: tags, } - _, err := provider.client.CreateItem(item, vaultID) + _, err = provider.client.CreateItem(item, vaultID) return err } @@ -317,6 +347,14 @@ func (provider *ProviderOnePassword) PushSecret(ctx context.Context, secret *cor label = passwordLabel } + metadata, err := metadata.ParseMetadataParameters[PushSecretMetadataSpec](ref.GetMetadata()) + if err != nil { + return fmt.Errorf("failed to parse push secret metadata: %w", err) + } + if metadata != nil && metadata.Spec.Tags != nil { + providerItem.Tags = metadata.Spec.Tags + } + providerItem.Fields, err = updateFieldValue(providerItem.Fields, label, string(val)) if err != nil { return fmt.Errorf(errUpdateItem, err) diff --git a/pkg/provider/onepassword/onepassword_test.go b/pkg/provider/onepassword/onepassword_test.go index 37abe9d2b16..77c2d92545b 100644 --- a/pkg/provider/onepassword/onepassword_test.go +++ b/pkg/provider/onepassword/onepassword_test.go @@ -16,6 +16,7 @@ package onepassword import ( "context" + "encoding/json" "errors" "fmt" "reflect" @@ -30,6 +31,7 @@ import ( esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" "github.com/external-secrets/external-secrets/pkg/provider/onepassword/fake" + "github.com/external-secrets/external-secrets/pkg/utils/metadata" ) const ( @@ -1539,6 +1541,7 @@ type fakeRef struct { key string prop string secretKey string + metadata *apiextensionsv1.JSON } func (f fakeRef) GetRemoteKey() string { @@ -1554,7 +1557,7 @@ func (f fakeRef) GetSecretKey() string { } func (f fakeRef) GetMetadata() *apiextensionsv1.JSON { - return nil + return f.metadata } func validateItem(t *testing.T, expectedItem, actualItem *onepassword.Item) { @@ -1574,9 +1577,20 @@ func TestProviderOnePasswordCreateItem(t *testing.T) { ref esv1beta1.PushSecretData } const vaultName = "vault1" + const fallbackVaultName = "vault2" thridPartyErr := errors.New("third party error") + metadata := &metadata.PushSecretMetadata[PushSecretMetadataSpec]{ + APIVersion: metadata.APIVersion, + Kind: metadata.Kind, + Spec: PushSecretMetadataSpec{ + Tags: []string{"tag1", "tag2"}, + Vault: fallbackVaultName, + }, + } + metadataRaw, _ := json.Marshal(metadata) + testCases := []testCase{ { setupNote: "standard create", @@ -1587,7 +1601,8 @@ func TestProviderOnePasswordCreateItem(t *testing.T) { }, expectedErr: nil, vaults: map[string]int{ - vaultName: 1, + vaultName: 1, + fallbackVaultName: 2, }, createValidateFunc: func(t *testing.T, item *onepassword.Item, s string) (*onepassword.Item, error) { validateItem(t, &onepassword.Item{ @@ -1666,6 +1681,36 @@ func TestProviderOnePasswordCreateItem(t *testing.T) { return nil, thridPartyErr }, }, + { + setupNote: "valid metadata overrides", + val: []byte("testing"), + ref: fakeRef{ + key: "another", + prop: "property", + metadata: &apiextensionsv1.JSON{ + Raw: metadataRaw, + }, + }, + vaults: map[string]int{ + vaultName: 1, + fallbackVaultName: 2, + }, + expectedErr: nil, + createValidateFunc: func(t *testing.T, item *onepassword.Item, s string) (*onepassword.Item, error) { + validateItem(t, &onepassword.Item{ + Title: "another", + Category: onepassword.Server, + Vault: onepassword.ItemVault{ + ID: fallbackVaultName, + }, + Fields: []*onepassword.ItemField{ + generateNewItemField("property", "testing"), + }, + Tags: []string{"tag1", "tag2"}, + }, item) + return item, nil + }, + }, } provider := &ProviderOnePassword{} for _, tc := range testCases { @@ -2050,6 +2095,16 @@ func TestProviderOnePasswordPushSecret(t *testing.T) { ID: vaultName, } ) + + metadata := &metadata.PushSecretMetadata[PushSecretMetadataSpec]{ + APIVersion: metadata.APIVersion, + Kind: metadata.Kind, + Spec: PushSecretMetadataSpec{ + Tags: []string{"tag1", "tag2"}, + }, + } + metadataRaw, _ := json.Marshal(metadata) + testCases := []testCase{ { vaults: map[string]int{ @@ -2198,6 +2253,38 @@ func TestProviderOnePasswordPushSecret(t *testing.T) { }, }, }, + { + setupNote: "create item with metadata overwrites success", + expectedErr: nil, + val: &corev1.Secret{Data: map[string][]byte{ + key1: []byte("testing"), + }}, + ref: fakeRef{ + key: key1, + prop: "prop", + secretKey: key1, + metadata: &apiextensionsv1.JSON{ + Raw: metadataRaw, + }, + }, + vaults: map[string]int{ + vaultName: 1, + }, + createValidateFunc: func(item *onepassword.Item, s string) (*onepassword.Item, error) { + validateItem(t, &onepassword.Item{ + Title: key1, + Category: onepassword.Server, + Vault: onepassword.ItemVault{ + ID: vaultName, + }, + Fields: []*onepassword.ItemField{ + generateNewItemField("prop", "testing"), + }, + Tags: []string{"tag1", "tag2"}, + }, item) + return item, nil + }, + }, } provider := &ProviderOnePassword{} for _, tc := range testCases { From 388158a4d47bf07969092c7ee4c5c49fd43ee98b Mon Sep 17 00:00:00 2001 From: Craig Newton Date: Wed, 11 Dec 2024 06:51:30 +0100 Subject: [PATCH 470/517] =?UTF-8?q?fix:=20ensure=20existing=20labels=20are?= =?UTF-8?q?=20retained=20for=20secrets=20in=20GCP=20secrets=20m=E2=80=A6?= =?UTF-8?q?=20(#4160)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix: ensure existing labels are retained for secrets in GCP secrets manager for existing secrets (#4016) Signed-off-by: Craig Newton * fix: ensure existing labels are retained for secrets in GCP secrets manager for existing secrets (#4016) Signed-off-by: Craig Newton * fix: add missing header to push_secret_test.go Signed-off-by: Craig Newton --------- Signed-off-by: Craig Newton --- docs/provider/google-secrets-manager.md | 41 +++++++ pkg/provider/gcp/secretmanager/push_secret.go | 26 ++++- .../gcp/secretmanager/push_secret_test.go | 104 ++++++++++++++++++ 3 files changed, 166 insertions(+), 5 deletions(-) create mode 100644 pkg/provider/gcp/secretmanager/push_secret_test.go diff --git a/docs/provider/google-secrets-manager.md b/docs/provider/google-secrets-manager.md index 7e523f1a738..6a349deb189 100644 --- a/docs/provider/google-secrets-manager.md +++ b/docs/provider/google-secrets-manager.md @@ -111,3 +111,44 @@ The operator will fetch the GCP Secret Manager secret and inject it as a `Kind=S ``` kubectl get secret secret-to-be-created -n -o jsonpath='{.data.dev-secret-test}' | base64 -d ``` + +### PushSecret owning an existing Google Secret Manager Secret + +There are some use cases where you want to use PushSecret for an existing Google Secret Manager Secret that already has labels defined. For example when the creation of the secret is managed by another controller like Kubernetes Config Connector (KCC) and the updating of the secret is managed by ESO. + +To allow ESO to take ownership of the existing Google Secret Manager Secret, you need to add the label `"managed-by": "external-secrets"`. + +By default, the PushSecret spec will replace any existing labels on the existing GCP Secret Manager Secret. To prevent this, a new field was added to the `spec.data.metadata` object called `mergePolicy` which defaults to `Replace` to ensure that there are no breaking changes and is backward compatible. The other option for this field is `Merge` which will merge the existing labels on the Google Secret Manager Secret with the labels defined in the PushSecret spec. This ensures that the existing labels defined on the Google Secret Manager Secret are retained. + +Example of using the `mergePolicy` field: + +```yaml +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: pushsecret-example + namespace: default +spec: + updatePolicy: Replace + deletionPolicy: None + refreshInterval: 1h + secretStoreRefs: + - name: gcp-secretstore + kind: SecretStore + selector: + secret: + name: bestpokemon + template: + data: + bestpokemon: "{{ .bestpokemon }}" + data: + - conversionStrategy: None + metadata: + mergePolicy: Merge + labels: + anotherLabel: anotherValue + match: + secretKey: bestpokemon + remoteRef: + remoteKey: best-pokemon +``` diff --git a/pkg/provider/gcp/secretmanager/push_secret.go b/pkg/provider/gcp/secretmanager/push_secret.go index e68020ef701..55b3ff4a34a 100644 --- a/pkg/provider/gcp/secretmanager/push_secret.go +++ b/pkg/provider/gcp/secretmanager/push_secret.go @@ -19,6 +19,7 @@ import ( "encoding/json" "errors" "fmt" + "maps" "cloud.google.com/go/secretmanager/apiv1/secretmanagerpb" "github.com/tidwall/sjson" @@ -26,10 +27,18 @@ import ( esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" ) +type PushSecretMetadataMergePolicy string + +const ( + PushSecretMetadataMergePolicyReplace PushSecretMetadataMergePolicy = "Replace" + PushSecretMetadataMergePolicyMerge PushSecretMetadataMergePolicy = "Merge" +) + type Metadata struct { - Annotations map[string]string `json:"annotations"` - Labels map[string]string `json:"labels"` - Topics []string `json:"topics,omitempty"` + Annotations map[string]string `json:"annotations"` + Labels map[string]string `json:"labels"` + Topics []string `json:"topics,omitempty"` + MergePolicy PushSecretMetadataMergePolicy `json:"mergePolicy,omitempty"` } func newPushSecretBuilder(payload []byte, data esv1beta1.PushSecretData) (pushSecretBuilder, error) { @@ -75,11 +84,18 @@ func (b *psBuilder) buildMetadata(_, labels map[string]string, _ []*secretmanage if err := decoder.Decode(&metadata); err != nil { return nil, nil, nil, fmt.Errorf("failed to decode PushSecret metadata: %w", err) } + + if metadata.MergePolicy == "" { + // Set default MergePolicy to be Replace + metadata.MergePolicy = PushSecretMetadataMergePolicyReplace + } } newLabels := map[string]string{} - if metadata.Labels != nil { - newLabels = metadata.Labels + maps.Copy(newLabels, metadata.Labels) + if metadata.MergePolicy == PushSecretMetadataMergePolicyMerge { + // Keep labels from the existing GCP Secret Manager Secret + maps.Copy(newLabels, labels) } newLabels[managedByKey] = managedByValue diff --git a/pkg/provider/gcp/secretmanager/push_secret_test.go b/pkg/provider/gcp/secretmanager/push_secret_test.go new file mode 100644 index 00000000000..fb0082ef25e --- /dev/null +++ b/pkg/provider/gcp/secretmanager/push_secret_test.go @@ -0,0 +1,104 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package secretmanager + +import ( + "testing" + + "github.com/stretchr/testify/assert" + apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + + testingfake "github.com/external-secrets/external-secrets/pkg/provider/testing/fake" +) + +func TestBuildMetadata(t *testing.T) { + tests := []struct { + name string + labels map[string]string + metadata *apiextensionsv1.JSON + expectedError bool + expectedLabels map[string]string + expectedAnnotations map[string]string + expectedTopics []string + }{ + { + name: "secret not managed by external secrets", + labels: map[string]string{ + "someKey": "someValue", + }, + expectedError: true, + }, + { + name: "metadata with default MergePolicy of Replace", + labels: map[string]string{ + managedByKey: managedByValue, + "someOtherKey": "someOtherValue", + }, + metadata: &apiextensionsv1.JSON{ + Raw: []byte(`{"annotations":{"key1":"value1"},"labels":{"key2":"value2"}}`), + }, + expectedError: false, + expectedLabels: map[string]string{ + managedByKey: managedByValue, + "key2": "value2", + }, + expectedAnnotations: map[string]string{ + "key1": "value1", + }, + expectedTopics: nil, + }, + { + name: "metadata with merge policy", + labels: map[string]string{ + managedByKey: managedByValue, + "existingKey": "existingValue", + }, + metadata: &apiextensionsv1.JSON{ + Raw: []byte(`{"annotations":{"key1":"value1"},"labels":{"key2":"value2"},"mergePolicy":"Merge"}`), + }, + expectedError: false, + expectedLabels: map[string]string{ + managedByKey: managedByValue, + "existingKey": "existingValue", + "key2": "value2", + }, + expectedAnnotations: map[string]string{ + "key1": "value1", + }, + expectedTopics: nil, + }, + } + + for _, tt := range tests { + t.Run(tt.name, func(t *testing.T) { + psData := testingfake.PushSecretData{ + Metadata: tt.metadata, + } + builder := &psBuilder{ + pushSecretData: psData, + } + + annotations, labels, topics, err := builder.buildMetadata(nil, tt.labels, nil) + if tt.expectedError { + assert.Error(t, err) + } else { + assert.NoError(t, err) + assert.Equal(t, tt.expectedLabels, labels) + assert.Equal(t, tt.expectedAnnotations, annotations) + assert.Equal(t, tt.expectedTopics, topics) + } + }) + } +} From fa8941a52633108511fac562021262aff564f729 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Thu, 12 Dec 2024 13:56:44 +0100 Subject: [PATCH 471/517] fix: return not found error when there is no secret for vault provider (#4183) * feat: add option to ignore not found secrets on a path Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * return not found instead of ignoring it Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/vault/client_get_all_secrets.go | 2 +- .../vault/client_get_all_secrets_test.go | 18 ++++++++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/pkg/provider/vault/client_get_all_secrets.go b/pkg/provider/vault/client_get_all_secrets.go index 7540348d218..b8575414120 100644 --- a/pkg/provider/vault/client_get_all_secrets.go +++ b/pkg/provider/vault/client_get_all_secrets.go @@ -118,7 +118,7 @@ func (c *client) listSecrets(ctx context.Context, path string) ([]string, error) return nil, fmt.Errorf(errReadSecret, err) } if secret == nil { - return nil, fmt.Errorf("provided path %v does not contain any secrets", url) + return nil, esv1beta1.NoSecretError{} } t, ok := secret.Data["keys"] if !ok { diff --git a/pkg/provider/vault/client_get_all_secrets_test.go b/pkg/provider/vault/client_get_all_secrets_test.go index 34ccf3ba615..1ae4ad854f8 100644 --- a/pkg/provider/vault/client_get_all_secrets_test.go +++ b/pkg/provider/vault/client_get_all_secrets_test.go @@ -283,6 +283,24 @@ func TestGetAllSecrets(t *testing.T) { }, }, }, + "FilterByPathReturnsNotFound": { + reason: "should return a not found error if there are no more secrets on the path", + args: args{ + store: makeValidSecretStoreWithVersion(esv1beta1.VaultKVStoreV2).Spec.Provider.Vault, + vLogical: &fake.Logical{ + ListWithContextFn: func(ctx context.Context, path string) (*vault.Secret, error) { + return nil, nil + }, + ReadWithDataWithContextFn: newReadtWithContextFn(map[string]any{}), + }, + data: esv1beta1.ExternalSecretFind{ + Path: &path, + }, + }, + want: want{ + err: esv1beta1.NoSecretError{}, + }, + }, "FilterByPathKv1": { reason: "should filter secrets based on path for kv1", args: args{ From 325cc52790aa10312c6a8ed701d9e2f7d7cabee9 Mon Sep 17 00:00:00 2001 From: Engin Diri Date: Fri, 13 Dec 2024 17:01:39 +0100 Subject: [PATCH 472/517] fix: error in order of function call UpdateEnvironment (#4201) Signed-off-by: Engin Diri Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- pkg/provider/pulumi/pulumi.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pkg/provider/pulumi/pulumi.go b/pkg/provider/pulumi/pulumi.go index d69b9df39fc..15d9a3e709c 100644 --- a/pkg/provider/pulumi/pulumi.go +++ b/pkg/provider/pulumi/pulumi.go @@ -105,7 +105,7 @@ func (c *client) PushSecret(_ context.Context, secret *corev1.Secret, data esv1b if err := mergo.Merge(&updatePayload.Values.AdditionalProperties, oldValues); err != nil { return fmt.Errorf(errPushSecrets, err) } - _, err = c.escClient.UpdateEnvironment(c.authCtx, c.organization, c.environment, c.project, updatePayload) + _, err = c.escClient.UpdateEnvironment(c.authCtx, c.organization, c.project, c.environment, updatePayload) if err != nil { return fmt.Errorf(errPushSecrets, err) } From 2e528ffa858d25b2c38135782d624bce44eebae9 Mon Sep 17 00:00:00 2001 From: Jan Lauber Date: Sun, 15 Dec 2024 11:51:08 +0100 Subject: [PATCH 473/517] BREAKING: Standardize GCP Secret Manager PushSecret metadata format and add CMEK support (#4210) * feat: add support for customer-managed encryption (CMEK) in GCP Secret Manager Signed-off-by: Jan Lauber * refactor: enhance Docker build command and update API documentation Signed-off-by: Jan Lauber * refactor: run make reviewable Signed-off-by: Jan Lauber * refactor: remove CMEKKeyName field from GCPSMProvider and related CRDs Signed-off-by: Jan Lauber * refactor: replace hardcoded region strings with constants in GCP Secret Manager tests Signed-off-by: Jan Lauber * refactor: update GCP Secret Manager tests to use consistent region naming and enhance metadata handling Signed-off-by: Jan Lauber * refactor: enhance PushSecret metadata handling and update related tests Signed-off-by: Jan Lauber * revert: back to previous Docker build command in Makefile Signed-off-by: Jan Lauber * revert: back to make ProjectID and Location fields optional Signed-off-by: Jan Lauber * Update pkg/provider/gcp/secretmanager/client.go Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Jan Lauber * fix: update KmsKeyName assignment in PushSecret to use CMEKKeyName from metadata Signed-off-by: Jan Lauber * docs: add migration guide for PushSecret metadata format from v0.11.x to v0.12.0 Signed-off-by: Jan Lauber * chore: update golang.org/x/crypto dependency to v0.31.0 in go.mod and go.sum files Signed-off-by: Jan Lauber --------- Signed-off-by: Jan Lauber Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/provider/google-secrets-manager.md | 109 +++++++++++++++++- e2e/go.mod | 2 +- e2e/go.sum | 4 +- go.mod | 2 +- go.sum | 4 +- pkg/provider/gcp/secretmanager/client.go | 22 +++- pkg/provider/gcp/secretmanager/client_test.go | 37 ++++-- pkg/provider/gcp/secretmanager/push_secret.go | 35 +++--- .../gcp/secretmanager/push_secret_test.go | 44 ++++++- 9 files changed, 220 insertions(+), 39 deletions(-) diff --git a/docs/provider/google-secrets-manager.md b/docs/provider/google-secrets-manager.md index 6a349deb189..6181d2329d3 100644 --- a/docs/provider/google-secrets-manager.md +++ b/docs/provider/google-secrets-manager.md @@ -146,9 +146,116 @@ spec: metadata: mergePolicy: Merge labels: - anotherLabel: anotherValue + anotherLabel: anotherValue match: secretKey: bestpokemon remoteRef: remoteKey: best-pokemon ``` + +### Secret Replication and Encryption Configuration + +#### Location and Replication + +By default, secrets are automatically replicated across multiple regions. You can specify a single location for your secrets by setting the `location` field: + +```yaml +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: gcp-secret-store +spec: + provider: + gcpsm: + projectID: my-project + location: us-east1 # Specify a single location +``` + +#### Customer-Managed Encryption Keys (CMEK) + +You can use your own encryption keys to encrypt secrets at rest. To use Customer-Managed Encryption Keys (CMEK), you need to: + +1. Create a Cloud KMS key +2. Grant the service account the `roles/cloudkms.cryptoKeyEncrypterDecrypter` role on the key +3. Specify the key in the PushSecret metadata + +```yaml +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +metadata: + name: pushsecret-example +spec: + # ... other fields ... + data: + - match: + secretKey: mykey + remoteRef: + remoteKey: my-secret + metadata: + apiVersion: kubernetes.external-secrets.io/v1alpha1 + kind: PushSecretMetadata + spec: + cmekKeyName: "projects/my-project/locations/us-east1/keyRings/my-keyring/cryptoKeys/my-key" +``` + +Note: When using CMEK, you must specify a location in the SecretStore as customer-managed encryption keys are region-specific. + +```yaml +apiVersion: external-secrets.io/v1beta1 +kind: SecretStore +metadata: + name: gcp-secret-store +spec: + provider: + gcpsm: + projectID: my-project + location: us-east1 # Required when using CMEK +``` + +### Migration Guide: PushSecret Metadata Format (v0.11.x to v0.12.0) + +In version 0.12.0, the metadata format for PushSecrets has been standardized to use a structured format. If you're upgrading from v0.11.x, you'll need to update your PushSecret specifications. + +#### Old Format (v0.11.x) +```yaml +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +spec: + data: + - match: + secretKey: mykey + remoteRef: + remoteKey: my-secret + metadata: + annotations: + key1: "value1" + labels: + key2: "value2" + topics: + - "topic1" + - "topic2" +``` + +#### New Format (v0.12.0+) +```yaml +apiVersion: external-secrets.io/v1alpha1 +kind: PushSecret +spec: + data: + - match: + secretKey: mykey + remoteRef: + remoteKey: my-secret + metadata: + apiVersion: kubernetes.external-secrets.io/v1alpha1 + kind: PushSecretMetadata + spec: + annotations: + key1: "value1" + labels: + key2: "value2" + topics: + - "topic1" + - "topic2" + cmekKeyName: "projects/my-project/locations/us-east1/keyRings/my-keyring/cryptoKeys/my-key" # Optional: for CMEK +``` diff --git a/e2e/go.mod b/e2e/go.mod index b9b2b3dd497..94e50ebcf3a 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -191,7 +191,7 @@ require ( go.opentelemetry.io/otel v1.32.0 // indirect go.opentelemetry.io/otel/metric v1.32.0 // indirect go.opentelemetry.io/otel/trace v1.32.0 // indirect - golang.org/x/crypto v0.30.0 // indirect + golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d // indirect golang.org/x/net v0.32.0 // indirect golang.org/x/sync v0.10.0 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 723981970c0..b71b254d79b 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -555,8 +555,8 @@ golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliY golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= -golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= -golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= diff --git a/go.mod b/go.mod index 64e85b164d2..ad3a361c5de 100644 --- a/go.mod +++ b/go.mod @@ -43,7 +43,7 @@ require ( github.com/yandex-cloud/go-sdk v0.0.0-20241206142255-6c3760d17eea github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.30.0 + golang.org/x/crypto v0.31.0 golang.org/x/oauth2 v0.24.0 google.golang.org/api v0.210.0 google.golang.org/genproto v0.0.0-20241206012308-a4fef0638583 diff --git a/go.sum b/go.sum index 3b5a0bda3b9..51bf8d56430 100644 --- a/go.sum +++ b/go.sum @@ -745,8 +745,8 @@ golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq golang.org/x/crypto v0.18.0/go.mod h1:R0j02AL6hcrfOiy9T4ZYp/rcWeMxM3L6QYxlOuEG1mg= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= -golang.org/x/crypto v0.30.0 h1:RwoQn3GkWiMkzlX562cLB7OxWvjH1L8xutO2WoJcRoY= -golang.org/x/crypto v0.30.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= +golang.org/x/crypto v0.31.0 h1:ihbySMvVjLAeSH1IbfcRTkD/iNscyz8rGzjF/E5hV6U= +golang.org/x/crypto v0.31.0/go.mod h1:kDsLvtWBEx7MV9tJOj9bnXsPbxwJQ6csT/x4KIN4Ssk= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= diff --git a/pkg/provider/gcp/secretmanager/client.go b/pkg/provider/gcp/secretmanager/client.go index aa859df68ed..ae244da1288 100644 --- a/pkg/provider/gcp/secretmanager/client.go +++ b/pkg/provider/gcp/secretmanager/client.go @@ -43,6 +43,7 @@ import ( "github.com/external-secrets/external-secrets/pkg/metrics" "github.com/external-secrets/external-secrets/pkg/provider/util/locks" "github.com/external-secrets/external-secrets/pkg/utils" + "github.com/external-secrets/external-secrets/pkg/utils/metadata" ) const ( @@ -183,13 +184,28 @@ func (c *Client) PushSecret(ctx context.Context, secret *corev1.Secret, pushSecr } if c.store.Location != "" { + replica := &secretmanagerpb.Replication_UserManaged_Replica{ + Location: c.store.Location, + } + + if pushSecretData.GetMetadata() != nil { + var err error + meta, err := metadata.ParseMetadataParameters[PushSecretMetadataSpec](pushSecretData.GetMetadata()) + if err != nil { + return fmt.Errorf("failed to parse PushSecret metadata: %w", err) + } + if meta != nil && meta.Spec.CMEKKeyName != "" { + replica.CustomerManagedEncryption = &secretmanagerpb.CustomerManagedEncryption{ + KmsKeyName: meta.Spec.CMEKKeyName, + } + } + } + replication = &secretmanagerpb.Replication{ Replication: &secretmanagerpb.Replication_UserManaged_{ UserManaged: &secretmanagerpb.Replication_UserManaged{ Replicas: []*secretmanagerpb.Replication_UserManaged_Replica{ - { - Location: c.store.Location, - }, + replica, }, }, }, diff --git a/pkg/provider/gcp/secretmanager/client_test.go b/pkg/provider/gcp/secretmanager/client_test.go index f5edf565654..d4b11fb46d1 100644 --- a/pkg/provider/gcp/secretmanager/client_test.go +++ b/pkg/provider/gcp/secretmanager/client_test.go @@ -40,6 +40,12 @@ import ( testingfake "github.com/external-secrets/external-secrets/pkg/provider/testing/fake" ) +const ( + errCallNotFoundAtIndex0 = "index 0 for call not found in the list of calls" + usEast1 = "us-east1" + errInvalidReplicationType = "req.Secret.Replication.Replication was not of type *secretmanagerpb.Replication_UserManaged_ but: %T" +) + type secretManagerTestCase struct { mockClient *fakesm.MockSMClient apiInput *secretmanagerpb.AccessSecretVersionRequest @@ -636,7 +642,14 @@ func TestPushSecret(t *testing.T) { store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, mock: smtc.mockClient, Metadata: &apiextensionsv1.JSON{ - Raw: []byte(`{"annotations":{"annotation-key1":"annotation-value1"},"labels":{"label-key1":"label-value1"}}`), + Raw: []byte(`{ + "apiVersion": "kubernetes.external-secrets.io/v1alpha1", + "kind": "PushSecretMetadata", + "spec": { + "annotations": {"annotation-key1":"annotation-value1"}, + "labels": {"label-key1":"label-value1"} + } + }`), }, GetSecretMockReturn: fakesm.SecretMockReturn{Secret: &secret, Err: nil}, UpdateSecretReturn: fakesm.SecretMockReturn{Secret: &secretmanagerpb.Secret{ @@ -663,7 +676,7 @@ func TestPushSecret(t *testing.T) { { desc: "successfully pushes a secret with defined region", args: args{ - store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID, Location: "us-east-1"}, + store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID, Location: usEast1}, mock: smtc.mockClient, GetSecretMockReturn: fakesm.SecretMockReturn{Secret: nil, Err: notFoundError}, CreateSecretMockReturn: fakesm.SecretMockReturn{Secret: &secretmanagerpb.Secret{ @@ -673,7 +686,7 @@ func TestPushSecret(t *testing.T) { UserManaged: &secretmanagerpb.Replication_UserManaged{ Replicas: []*secretmanagerpb.Replication_UserManaged_Replica{ { - Location: "us-east-1", + Location: usEast1, }, }, }, @@ -694,19 +707,19 @@ func TestPushSecret(t *testing.T) { req: func(m *fakesm.MockSMClient) error { req, ok := m.CreateSecretCalledWithN[0] if !ok { - return errors.New("index 0 for call not found in the list of calls") + return errors.New(errCallNotFoundAtIndex0) } user, ok := req.Secret.Replication.Replication.(*secretmanagerpb.Replication_UserManaged_) if !ok { - return fmt.Errorf("req.Secret.Replication.Replication was not of type *secretmanagerpb.Replication_UserManaged_ but: %T", req.Secret.Replication.Replication) + return fmt.Errorf(errInvalidReplicationType, req.Secret.Replication.Replication) } if len(user.UserManaged.Replicas) < 1 { return errors.New("req.Secret.Replication.Replication.Replicas was not empty") } - if user.UserManaged.Replicas[0].Location != "us-east-1" { + if user.UserManaged.Replicas[0].Location != usEast1 { return fmt.Errorf("req.Secret.Replication.Replicas[0].Location was not equal to us-east-1 but was %s", user.UserManaged.Replicas[0].Location) } @@ -718,7 +731,13 @@ func TestPushSecret(t *testing.T) { desc: "SetSecret successfully pushes a secret with topics", args: args{ Metadata: &apiextensionsv1.JSON{ - Raw: []byte(`{"topics":["topic1", "topic2"]}`), + Raw: []byte(`{ + "apiVersion": "kubernetes.external-secrets.io/v1alpha1", + "kind": "PushSecretMetadata", + "spec": { + "topics": ["topic1", "topic2"] + } + }`), }, store: &esv1beta1.GCPSMProvider{ProjectID: smtc.projectID}, mock: &fakesm.MockSMClient{}, // the mock should NOT be shared between test cases @@ -731,7 +750,7 @@ func TestPushSecret(t *testing.T) { req: func(m *fakesm.MockSMClient) error { scrt, ok := m.CreateSecretCalledWithN[0] if !ok { - return errors.New("index 0 for call not found in the list of calls") + return errors.New(errCallNotFoundAtIndex0) } if scrt.Secret == nil { @@ -1182,7 +1201,7 @@ func TestPushSecret_Property(t *testing.T) { } if !strings.Contains(err.Error(), tc.expectedErr) { - t.Fatalf("PushSecret returns unexpected error: %q is supposed to contain %q", err, tc.expectedErr) + t.Fatalf("PushSecret returns unexpected error: %q should have contained %s", err, tc.expectedErr) } return diff --git a/pkg/provider/gcp/secretmanager/push_secret.go b/pkg/provider/gcp/secretmanager/push_secret.go index 55b3ff4a34a..f1560f1f6f2 100644 --- a/pkg/provider/gcp/secretmanager/push_secret.go +++ b/pkg/provider/gcp/secretmanager/push_secret.go @@ -16,7 +16,6 @@ package secretmanager import ( "bytes" - "encoding/json" "errors" "fmt" "maps" @@ -25,6 +24,7 @@ import ( "github.com/tidwall/sjson" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + "github.com/external-secrets/external-secrets/pkg/utils/metadata" ) type PushSecretMetadataMergePolicy string @@ -34,11 +34,12 @@ const ( PushSecretMetadataMergePolicyMerge PushSecretMetadataMergePolicy = "Merge" ) -type Metadata struct { - Annotations map[string]string `json:"annotations"` - Labels map[string]string `json:"labels"` +type PushSecretMetadataSpec struct { + Annotations map[string]string `json:"annotations,omitempty"` + Labels map[string]string `json:"labels,omitempty"` Topics []string `json:"topics,omitempty"` MergePolicy PushSecretMetadataMergePolicy `json:"mergePolicy,omitempty"` + CMEKKeyName string `json:"cmekKeyName,omitempty"` } func newPushSecretBuilder(payload []byte, data esv1beta1.PushSecretData) (pushSecretBuilder, error) { @@ -75,31 +76,29 @@ func (b *psBuilder) buildMetadata(_, labels map[string]string, _ []*secretmanage return nil, nil, nil, fmt.Errorf("secret %v is not managed by external secrets", b.pushSecretData.GetRemoteKey()) } - var metadata Metadata + var meta *metadata.PushSecretMetadata[PushSecretMetadataSpec] if b.pushSecretData.GetMetadata() != nil { - decoder := json.NewDecoder(bytes.NewReader(b.pushSecretData.GetMetadata().Raw)) - // Want to return an error if unknown fields exist - decoder.DisallowUnknownFields() - - if err := decoder.Decode(&metadata); err != nil { - return nil, nil, nil, fmt.Errorf("failed to decode PushSecret metadata: %w", err) + var err error + meta, err = metadata.ParseMetadataParameters[PushSecretMetadataSpec](b.pushSecretData.GetMetadata()) + if err != nil { + return nil, nil, nil, fmt.Errorf("failed to parse PushSecret metadata: %w", err) } + } - if metadata.MergePolicy == "" { - // Set default MergePolicy to be Replace - metadata.MergePolicy = PushSecretMetadataMergePolicyReplace - } + var spec PushSecretMetadataSpec + if meta != nil { + spec = meta.Spec } newLabels := map[string]string{} - maps.Copy(newLabels, metadata.Labels) - if metadata.MergePolicy == PushSecretMetadataMergePolicyMerge { + maps.Copy(newLabels, spec.Labels) + if spec.MergePolicy == PushSecretMetadataMergePolicyMerge { // Keep labels from the existing GCP Secret Manager Secret maps.Copy(newLabels, labels) } newLabels[managedByKey] = managedByValue - return metadata.Annotations, newLabels, metadata.Topics, nil + return spec.Annotations, newLabels, spec.Topics, nil } func (b *psBuilder) needUpdate(original []byte) bool { diff --git a/pkg/provider/gcp/secretmanager/push_secret_test.go b/pkg/provider/gcp/secretmanager/push_secret_test.go index fb0082ef25e..12e3eee65c2 100644 --- a/pkg/provider/gcp/secretmanager/push_secret_test.go +++ b/pkg/provider/gcp/secretmanager/push_secret_test.go @@ -47,7 +47,14 @@ func TestBuildMetadata(t *testing.T) { "someOtherKey": "someOtherValue", }, metadata: &apiextensionsv1.JSON{ - Raw: []byte(`{"annotations":{"key1":"value1"},"labels":{"key2":"value2"}}`), + Raw: []byte(`{ + "apiVersion": "kubernetes.external-secrets.io/v1alpha1", + "kind": "PushSecretMetadata", + "spec": { + "annotations": {"key1":"value1"}, + "labels": {"key2":"value2"} + } + }`), }, expectedError: false, expectedLabels: map[string]string{ @@ -66,7 +73,15 @@ func TestBuildMetadata(t *testing.T) { "existingKey": "existingValue", }, metadata: &apiextensionsv1.JSON{ - Raw: []byte(`{"annotations":{"key1":"value1"},"labels":{"key2":"value2"},"mergePolicy":"Merge"}`), + Raw: []byte(`{ + "apiVersion": "kubernetes.external-secrets.io/v1alpha1", + "kind": "PushSecretMetadata", + "spec": { + "annotations": {"key1":"value1"}, + "labels": {"key2":"value2"}, + "mergePolicy": "Merge" + } + }`), }, expectedError: false, expectedLabels: map[string]string{ @@ -79,6 +94,31 @@ func TestBuildMetadata(t *testing.T) { }, expectedTopics: nil, }, + { + name: "metadata with CMEK key name", + labels: map[string]string{ + managedByKey: managedByValue, + }, + metadata: &apiextensionsv1.JSON{ + Raw: []byte(`{ + "apiVersion": "kubernetes.external-secrets.io/v1alpha1", + "kind": "PushSecretMetadata", + "spec": { + "annotations": {"key1":"value1"}, + "labels": {"key2":"value2"}, + "cmekKeyName": "projects/my-project/locations/us-east1/keyRings/my-keyring/cryptoKeys/my-key" + } + }`), + }, + expectedError: false, + expectedLabels: map[string]string{ + managedByKey: managedByValue, + "key2": "value2", + }, + expectedAnnotations: map[string]string{ + "key1": "value1", + }, + }, } for _, tt := range tests { From 768fb476227d8f5e10ac0f94ac6361655bb3b186 Mon Sep 17 00:00:00 2001 From: Jan Lauber Date: Sun, 15 Dec 2024 12:18:11 +0100 Subject: [PATCH 474/517] docs: add raw markdown tags to PushSecret example in Google Secrets Manager documentation (#4213) Signed-off-by: Jan Lauber --- docs/provider/google-secrets-manager.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/provider/google-secrets-manager.md b/docs/provider/google-secrets-manager.md index 6181d2329d3..c51e768aadc 100644 --- a/docs/provider/google-secrets-manager.md +++ b/docs/provider/google-secrets-manager.md @@ -123,6 +123,7 @@ By default, the PushSecret spec will replace any existing labels on the existing Example of using the `mergePolicy` field: ```yaml +{% raw %} apiVersion: external-secrets.io/v1alpha1 kind: PushSecret metadata: @@ -151,6 +152,7 @@ spec: secretKey: bestpokemon remoteRef: remoteKey: best-pokemon +{% endraw %} ``` ### Secret Replication and Encryption Configuration From eebeef896616dd80b3165da647218b5f62ced28b Mon Sep 17 00:00:00 2001 From: Gustavo Fernandes de Carvalho <17139678+gusfcarvalho@users.noreply.github.com> Date: Mon, 16 Dec 2024 09:59:38 -0300 Subject: [PATCH 475/517] Design/target custom resources (#3449) * Design: Add proposal for Custom Resource targetting Signed-off-by: Gustavo Carvalho * bump previous design status Signed-off-by: Gustavo Carvalho * Update design/010-sync-to-custom-resource.md Co-authored-by: Moritz Johner Signed-off-by: Gustavo Fernandes de Carvalho * chore: approved Signed-off-by: Gustavo Carvalho --------- Signed-off-by: Gustavo Carvalho Signed-off-by: Gustavo Fernandes de Carvalho Co-authored-by: Moritz Johner Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- design/001-design-crd-v1beta1.md | 2 +- design/002-pushsecret.md | 2 +- design/003-cluster-external-secret-spec.md | 2 +- design/004-datafrom-key-rewrite.md | 2 +- design/005-secret-generator-group.md | 2 +- design/007-provider-versioning-strategy.md | 2 +- design/008-pushsecret-update-policy.md | 2 +- design/009-pushsecret-generator.md | 2 +- design/012-sync-to-custom-resource.md | 114 +++++++++++++++++++++ 9 files changed, 122 insertions(+), 8 deletions(-) create mode 100644 design/012-sync-to-custom-resource.md diff --git a/design/001-design-crd-v1beta1.md b/design/001-design-crd-v1beta1.md index 3077a96eb47..38996549fc5 100644 --- a/design/001-design-crd-v1beta1.md +++ b/design/001-design-crd-v1beta1.md @@ -4,7 +4,7 @@ title: External Secrets CRD promotion version: v1beta1 authors: all of us creation-date: 2022-feb-08 -status: approved +status: implemented --- ``` diff --git a/design/002-pushsecret.md b/design/002-pushsecret.md index acf85bf0bc9..508d416f513 100644 --- a/design/002-pushsecret.md +++ b/design/002-pushsecret.md @@ -4,7 +4,7 @@ title: PushSecret version: v1alpha1 authors: creation-date: 2022-01-25 -status: draft +status: implemented --- ``` diff --git a/design/003-cluster-external-secret-spec.md b/design/003-cluster-external-secret-spec.md index 3e22f83c9eb..867f4e7838e 100644 --- a/design/003-cluster-external-secret-spec.md +++ b/design/003-cluster-external-secret-spec.md @@ -4,7 +4,7 @@ title: Adding Cluster External Secrets version: v1alpha1 authors: Daniel "ADustyOldMuffin" Hix creation-date: 2020-09-01 -status: draft +status: implemented --- ``` diff --git a/design/004-datafrom-key-rewrite.md b/design/004-datafrom-key-rewrite.md index fa9967a1882..c0bbf2371ed 100644 --- a/design/004-datafrom-key-rewrite.md +++ b/design/004-datafrom-key-rewrite.md @@ -4,7 +4,7 @@ title: dataFrom key rewrite version: v1alpha1 authors: creation-date: 2022-05-25 -status: draft +status: implemented --- ``` diff --git a/design/005-secret-generator-group.md b/design/005-secret-generator-group.md index c788eba45a4..f9bcf2b5c8b 100644 --- a/design/005-secret-generator-group.md +++ b/design/005-secret-generator-group.md @@ -4,7 +4,7 @@ title: Secret Generators version: v1alpha1 authors: Christian Hünig, Jan Steffen, Moritz Johner creation-date: 2022-07-08 -status: draft +status: implemented --- ``` diff --git a/design/007-provider-versioning-strategy.md b/design/007-provider-versioning-strategy.md index f5f5c60cda9..e516f324126 100644 --- a/design/007-provider-versioning-strategy.md +++ b/design/007-provider-versioning-strategy.md @@ -5,7 +5,7 @@ title: Provider Separation on specific CRDs version: v1alpha1 authors: Gustavo Carvalho creation-date: 2023-08-25 -status: draft +status: approved --- ``` diff --git a/design/008-pushsecret-update-policy.md b/design/008-pushsecret-update-policy.md index aa86d9d16de..ea5ca7f6ed2 100644 --- a/design/008-pushsecret-update-policy.md +++ b/design/008-pushsecret-update-policy.md @@ -4,7 +4,7 @@ title: PushSecret Update Policy version: v1alpha1 authors: Moritz Johner creation-date: 2023-08-25 -status: draft +status: partially implemented --- ``` diff --git a/design/009-pushsecret-generator.md b/design/009-pushsecret-generator.md index 196412c07c7..f25ab3ddaf8 100644 --- a/design/009-pushsecret-generator.md +++ b/design/009-pushsecret-generator.md @@ -4,7 +4,7 @@ title: PushSecret generator integration version: v1alpha1 authors: Moritz Johner creation-date: 2023-08-25 -status: draft +status: approved --- ``` diff --git a/design/012-sync-to-custom-resource.md b/design/012-sync-to-custom-resource.md new file mode 100644 index 00000000000..51a43c0cdb9 --- /dev/null +++ b/design/012-sync-to-custom-resource.md @@ -0,0 +1,114 @@ +```yaml +--- +title: Sync to Custom Resources +version: v1alpha1 +authors: Gustavo Carvalho +creation-date: 2024-05-03 +status: approved +--- +``` + +# Sync to Custom Resources Design + +## Table of Contents + + +// autogen please + + +## Summary + +This design document describes how `ExternalSecrets` can leverage templates to generate non-kubernetes `Secret` resource as the target. This allows to push Sensitive information to specific CRs, `ConfiMaps`, etc. + +## Motivation + +Currently, several "semi-sensitive" information needs to be provisioned directly into CRs and ConfigMaps (such as OIDC Client IDs). While these information are not strictly speaking a secret, several regulated environments must treat them as such, causing several operational overhead to deal with this information - specially on a GitOps setup. + +## Proposal + +To simplify the workflow and enhance user experience, the proposal is to integrate a functionality to template the whole manifest. this would be additional logic to the existing `target: Manifest` directly into the `templateFrom.[].target` resource. This will allow users to specify a template to render any type of manifest, instead of the original Secret object. + +Problems with this proposal is that the whole reconciliation logic reads from a secret - this would need to be updated if templates using Manifests are set. In that case, we should query for that specific resource as specified on the target. + +```yaml +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +spec: + target: + name: target-custom-resource + manifest: # Information as to find it afterwards during reconcile cycle + APIVersion: my.custom.api/v1alpha1 + Kind: CustomResource + template: + templateFrom: + - target: Spec #Additional target at root level (instead of data, metadata and annotations level). + # Other option would be to allow a gjson path such as target:'.spec' where . is the indicator of this type of expression for backwards compatibility. + literal: | + customSpecField1: {{ .fromSecretStore }} + field2: + couldBeNested: + - {{ .fromSecretStore }} + ## Name: is obtained from spec.target.name +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +spec: + target: + name: target-configmap + manifest: # Information as to find it afterwards during reconcile cycle + APIVersion: v1 + Kind: ConfigMap + template: + templateFrom: + - target: Data + literal: | + {{ .field1 }}: {{ .value1 }} +--- +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +spec: + target: + name: target-configmap + manifest: # Information as to find it afterwards during reconcile cycle + APIVersion: v1 + Kind: ConfigMap # should render with no need of templates - as `.data` is the default Secret target. +``` + +Only one `templateFrom` entry can be set if its type is `target: Manifest`. + +## Consequences + +* **First Class support for GitOps tools**: GitOps tools often need configmap information considered as sensitive. This allows better integration with such tools + +* **Increased Complexity**: Instead of getting a single secret to start reconciling process, we would need to first verify if `target.manifest` is set - and use the manifest information to get the appropriate resource (defaulting to a kubernetes secret). Templateing Logic would only be increased to some extend, as we would need to change the `Secret` type to a runtime.Object + +* **Better Extensibility**: This feature allows ESO to not only be used by operators but also better integrated to systems. + +* **Backwards Compatible**: This feature would not change how `target` and `template` are currently used by existing installations. + +* **API and Documentation Update**: The API changes need to be well-documented to ensure users understand how to utilize the new feature effectively. + + +## Acceptance Criteria + +* behavior: + * Reconciliation logic should not change when `target!= Secret` + * `creationPolicy`, `updatePolicy`, and `deletionPolicy` must be compatible when `target != Secret` + * One of the two must be implemented: + * a feature flag `--unsafe-allow-non-secret-targets` must be set to allow this feature. If not set, `template.manifest` should cause error to the reconciliation. + * Feature is always eniabled - but Warnings must be emited whenever `target.manifest` is used pointing to the use of sensitive information on open manifests. + * Warnings should be disabled with feature flags +* deployment: + * Extra RBAC options must be available on helm values (to allow the usage of this feature) + * Helm values must allow the installation of this new feature (setting up the appropriate feature flags, etc) +* tests: + * controller unit tests for `target.manifest` behavior and `target.template.target` behavior + * controller regression tests for `target.manifest` and `target.template.target` focused on different `creationPolicy` and `deletionPolicy` + * e2e test for `target.manifest` targeting a ConfigMap (first class support for ArgoCD and Flux) + * e2e test for `target.manifest` targeting a custom resource + +* the API changes need to be documented + * API/CRD spec inline documentation + * ExternalSecrets API documentation + * Guides section for `ExternalSecret` 'Creating Non-Secret Resources'. + * Warnings on the feature as non-Secret manifests are not meant to contain sensitive information. From 966a7388b177a3899bafd39bfd232d536baab246 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 17:53:24 +0100 Subject: [PATCH 476/517] chore(deps): bump github/codeql-action from 3.27.6 to 3.27.9 (#4215) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.6 to 3.27.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/aa578102511db1f4524ed59b8cc2bae4f6e88195...df409f7d9260372bd5f19e5b04e83cb3c43714ae) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index c1ab489fc16..775b92e51ed 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6 + uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 with: sarif_file: results.sarif From c3a27b4bb68db1282515b0687bfea22152b1633c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 16 Dec 2024 20:05:34 +0100 Subject: [PATCH 477/517] chore(deps): bump actions/attest-build-provenance from 2.0.1 to 2.1.0 (#4216) Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 2.0.1 to 2.1.0. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](https://github.com/actions/attest-build-provenance/compare/c4fbc648846ca6f503a13a2281a5e7b98aa57202...7668571508540a607bdfd90a87a560489fe372eb) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/helm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 235a9b5035b..e135f9bb238 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -157,7 +157,7 @@ jobs: done - name: Generate provenance attestation and push to OCI registry - uses: actions/attest-build-provenance@c4fbc648846ca6f503a13a2281a5e7b98aa57202 # v2.0.1 + uses: actions/attest-build-provenance@7668571508540a607bdfd90a87a560489fe372eb # v2.1.0 with: push-to-registry: true subject-name: ${{ steps.push_chart.outputs.registry }}/${{ steps.push_chart.outputs.chart_name }} From c684e8c3600ef1cbe3787cdbc8d79b23bd093daa Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 16 Dec 2024 20:24:52 +0100 Subject: [PATCH 478/517] feat: update to use Batch value get instead of List and Fetch all secrets for AWS provider (#4181) * feat: update to use Batch value get instead of List and Fetch all secrets for AWS provider Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * update the documentation and point to the right blog post Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * update to fall back to ListSecrets in case path is not defined Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/provider/aws-secrets-manager.md | 8 ++ .../aws/secretsmanager/secretsmanager.go | 7 +- pkg/constants/constants.go | 1 + .../externalsecret_controller_secret.go | 4 +- pkg/provider/aws/secretsmanager/fake/fake.go | 22 +++-- .../aws/secretsmanager/secretsmanager.go | 74 +++++++++++------ .../aws/secretsmanager/secretsmanager_test.go | 82 ++++++++++--------- 7 files changed, 117 insertions(+), 81 deletions(-) diff --git a/docs/provider/aws-secrets-manager.md b/docs/provider/aws-secrets-manager.md index 97b4aa563db..040ae0c5844 100644 --- a/docs/provider/aws-secrets-manager.md +++ b/docs/provider/aws-secrets-manager.md @@ -12,10 +12,17 @@ way users of the `SecretStore` can only access the secrets necessary. {% include 'aws-sm-store.yaml' %} ``` **NOTE:** In case of a `ClusterSecretStore`, Be sure to provide `namespace` in `accessKeyIDSecretRef` and `secretAccessKeySecretRef` with the namespaces where the secrets reside. + +**NOTE:** When using `dataFrom` without a `path` defined, the provider will fall back to using `ListSecrets`. `ListSecrets` +then proceeds to fetch each individual secret in turn. To use `BatchGetSecretValue` and avoid excessive API calls define +a `path` prefix or use `Tags` filter. + ### IAM Policy Create a IAM Policy to pin down access to secrets matching `dev-*`. +For Batch permissions read the following post https://aws.amazon.com/about-aws/whats-new/2023/11/aws-secrets-manager-batch-retrieval-secrets/. + ``` json { "Version": "2012-10-17", @@ -27,6 +34,7 @@ Create a IAM Policy to pin down access to secrets matching `dev-*`. "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:ListSecretVersionIds" + "secretsmanager:BatchGetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:us-west-2:111122223333:secret:dev-*" diff --git a/e2e/suites/provider/cases/aws/secretsmanager/secretsmanager.go b/e2e/suites/provider/cases/aws/secretsmanager/secretsmanager.go index 67930ba06e1..cedaac83cd0 100644 --- a/e2e/suites/provider/cases/aws/secretsmanager/secretsmanager.go +++ b/e2e/suites/provider/cases/aws/secretsmanager/secretsmanager.go @@ -26,10 +26,9 @@ import ( ) const ( - withStaticAuth = "with static auth" - withExtID = "with externalID" - withSessionTags = "with session tags" - withReferentStaticAuth = "with static referent auth" + withStaticAuth = "with static auth" + withExtID = "with externalID" + withSessionTags = "with session tags" ) var _ = Describe("[aws] ", Label("aws", "secretsmanager"), func() { diff --git a/pkg/constants/constants.go b/pkg/constants/constants.go index c7b26b1d2b0..00e38ef96c9 100644 --- a/pkg/constants/constants.go +++ b/pkg/constants/constants.go @@ -23,6 +23,7 @@ const ( CallAWSSMCreateSecret = "CreateSecret" CallAWSSMPutSecretValue = "PutSecretValue" CallAWSSMListSecrets = "ListSecrets" + CallAWSSMBatchGetSecretValue = "BatchGetSecretValue" ProviderAWSPS = "AWS/ParameterStore" CallAWSPSGetParameter = "GetParameter" diff --git a/pkg/controllers/externalsecret/externalsecret_controller_secret.go b/pkg/controllers/externalsecret/externalsecret_controller_secret.go index ff9ccf8a114..1fb31c8abb1 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_secret.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_secret.go @@ -150,7 +150,6 @@ func (r *Reconciler) handleGenerateSecrets(ctx context.Context, namespace string return secretMap, err } -//nolint:dupl func (r *Reconciler) handleExtractSecrets(ctx context.Context, externalSecret *esv1beta1.ExternalSecret, remoteRef esv1beta1.ExternalSecretDataFromRemoteRef, cmgr *secretstore.Manager) (map[string][]byte, error) { client, err := cmgr.Get(ctx, externalSecret.Spec.SecretStoreRef, externalSecret.Namespace, remoteRef.SourceRef) if err != nil { @@ -190,7 +189,6 @@ func (r *Reconciler) handleExtractSecrets(ctx context.Context, externalSecret *e return secretMap, err } -//nolint:dupl func (r *Reconciler) handleFindAllSecrets(ctx context.Context, externalSecret *esv1beta1.ExternalSecret, remoteRef esv1beta1.ExternalSecretDataFromRemoteRef, cmgr *secretstore.Manager) (map[string][]byte, error) { client, err := cmgr.Get(ctx, externalSecret.Spec.SecretStoreRef, externalSecret.Namespace, remoteRef.SourceRef) if err != nil { @@ -200,7 +198,7 @@ func (r *Reconciler) handleFindAllSecrets(ctx context.Context, externalSecret *e // get all secrets from the store that match the selector secretMap, err := client.GetAllSecrets(ctx, *remoteRef.Find) if err != nil { - return nil, err + return nil, fmt.Errorf("error getting all secrets: %w", err) } // rewrite the keys if needed diff --git a/pkg/provider/aws/secretsmanager/fake/fake.go b/pkg/provider/aws/secretsmanager/fake/fake.go index 9fba686a24c..4794478635f 100644 --- a/pkg/provider/aws/secretsmanager/fake/fake.go +++ b/pkg/provider/aws/secretsmanager/fake/fake.go @@ -28,14 +28,15 @@ import ( // Client implements the aws secretsmanager interface. type Client struct { - ExecutionCounter int - valFn map[string]func(*awssm.GetSecretValueInput) (*awssm.GetSecretValueOutput, error) - CreateSecretWithContextFn CreateSecretWithContextFn - GetSecretValueWithContextFn GetSecretValueWithContextFn - PutSecretValueWithContextFn PutSecretValueWithContextFn - DescribeSecretWithContextFn DescribeSecretWithContextFn - DeleteSecretWithContextFn DeleteSecretWithContextFn - ListSecretsFn ListSecretsFn + ExecutionCounter int + valFn map[string]func(*awssm.GetSecretValueInput) (*awssm.GetSecretValueOutput, error) + CreateSecretWithContextFn CreateSecretWithContextFn + GetSecretValueWithContextFn GetSecretValueWithContextFn + PutSecretValueWithContextFn PutSecretValueWithContextFn + DescribeSecretWithContextFn DescribeSecretWithContextFn + DeleteSecretWithContextFn DeleteSecretWithContextFn + ListSecretsFn ListSecretsFn + BatchGetSecretValueWithContextFn BatchGetSecretValueWithContextFn } type CreateSecretWithContextFn func(aws.Context, *awssm.CreateSecretInput, ...request.Option) (*awssm.CreateSecretOutput, error) @@ -44,6 +45,7 @@ type PutSecretValueWithContextFn func(aws.Context, *awssm.PutSecretValueInput, . type DescribeSecretWithContextFn func(aws.Context, *awssm.DescribeSecretInput, ...request.Option) (*awssm.DescribeSecretOutput, error) type DeleteSecretWithContextFn func(ctx aws.Context, input *awssm.DeleteSecretInput, opts ...request.Option) (*awssm.DeleteSecretOutput, error) type ListSecretsFn func(ctx aws.Context, input *awssm.ListSecretsInput, opts ...request.Option) (*awssm.ListSecretsOutput, error) +type BatchGetSecretValueWithContextFn func(aws.Context, *awssm.BatchGetSecretValueInput, ...request.Option) (*awssm.BatchGetSecretValueOutput, error) func (sm Client) CreateSecretWithContext(ctx aws.Context, input *awssm.CreateSecretInput, options ...request.Option) (*awssm.CreateSecretOutput, error) { return sm.CreateSecretWithContextFn(ctx, input, options...) @@ -164,6 +166,10 @@ func (sm *Client) ListSecrets(input *awssm.ListSecretsInput) (*awssm.ListSecrets return sm.ListSecretsFn(nil, input) } +func (sm *Client) BatchGetSecretValueWithContext(_ aws.Context, in *awssm.BatchGetSecretValueInput, _ ...request.Option) (*awssm.BatchGetSecretValueOutput, error) { + return sm.BatchGetSecretValueWithContextFn(nil, in) +} + func (sm *Client) cacheKeyForInput(in *awssm.GetSecretValueInput) string { var secretID, versionID string if in.SecretId != nil { diff --git a/pkg/provider/aws/secretsmanager/secretsmanager.go b/pkg/provider/aws/secretsmanager/secretsmanager.go index b313b3b4cd0..559bd326c85 100644 --- a/pkg/provider/aws/secretsmanager/secretsmanager.go +++ b/pkg/provider/aws/secretsmanager/secretsmanager.go @@ -65,6 +65,7 @@ type SecretsManager struct { // SMInterface is a subset of the smiface api. // see: https://docs.aws.amazon.com/sdk-for-go/api/service/secretsmanager/secretsmanageriface/ type SMInterface interface { + BatchGetSecretValueWithContext(aws.Context, *awssm.BatchGetSecretValueInput, ...request.Option) (*awssm.BatchGetSecretValueOutput, error) ListSecrets(*awssm.ListSecretsInput) (*awssm.ListSecretsOutput, error) GetSecretValue(*awssm.GetSecretValueInput) (*awssm.GetSecretValueOutput, error) CreateSecretWithContext(aws.Context, *awssm.CreateSecretInput, ...request.Option) (*awssm.CreateSecretOutput, error) @@ -348,12 +349,16 @@ func (sm *SecretsManager) findByName(ctx context.Context, ref esv1beta1.External ref.Path, }, }) + + return sm.fetchWithBatch(ctx, filters, matcher) } data := make(map[string][]byte) var nextToken *string for { + // I put this into the for loop on purpose. + log.V(0).Info("using ListSecret to fetch all secrets; this is a costly operations, please use batching by defining a _path_") it, err := sm.client.ListSecrets(&awssm.ListSecretsInput{ Filters: filters, NextToken: nextToken, @@ -368,8 +373,7 @@ func (sm *SecretsManager) findByName(ctx context.Context, ref esv1beta1.External continue } log.V(1).Info("aws sm findByName matches", "name", *secret.Name) - err = sm.fetchAndSet(ctx, data, *secret.Name) - if err != nil { + if err := sm.fetchAndSet(ctx, data, *secret.Name); err != nil { return nil, err } } @@ -406,31 +410,7 @@ func (sm *SecretsManager) findByTags(ctx context.Context, ref esv1beta1.External }) } - data := make(map[string][]byte) - var nextToken *string - for { - log.V(1).Info("aws sm findByTag", "nextToken", nextToken) - it, err := sm.client.ListSecrets(&awssm.ListSecretsInput{ - Filters: filters, - NextToken: nextToken, - }) - metrics.ObserveAPICall(constants.ProviderAWSSM, constants.CallAWSSMListSecrets, err) - if err != nil { - return nil, err - } - log.V(1).Info("aws sm findByTag found", "secrets", len(it.SecretList)) - for _, secret := range it.SecretList { - err = sm.fetchAndSet(ctx, data, *secret.Name) - if err != nil { - return nil, err - } - } - nextToken = it.NextToken - if nextToken == nil { - break - } - } - return data, nil + return sm.fetchWithBatch(ctx, filters, nil) } func (sm *SecretsManager) fetchAndSet(ctx context.Context, data map[string][]byte, name string) error { @@ -614,3 +594,43 @@ func (sm *SecretsManager) putSecretValueWithContext(ctx context.Context, secretI return err } + +func (sm *SecretsManager) fetchWithBatch(ctx context.Context, filters []*awssm.Filter, matcher *find.Matcher) (map[string][]byte, error) { + data := make(map[string][]byte) + var nextToken *string + + for { + it, err := sm.client.BatchGetSecretValueWithContext(ctx, &awssm.BatchGetSecretValueInput{ + Filters: filters, + NextToken: nextToken, + }) + metrics.ObserveAPICall(constants.ProviderAWSSM, constants.CallAWSSMBatchGetSecretValue, err) + if err != nil { + return nil, err + } + log.V(1).Info("aws sm findByName found", "secrets", len(it.SecretValues)) + for _, secret := range it.SecretValues { + if matcher != nil && !matcher.MatchName(*secret.Name) { + continue + } + log.V(1).Info("aws sm findByName matches", "name", *secret.Name) + + sm.setSecretValues(secret, data) + } + nextToken = it.NextToken + if nextToken == nil { + break + } + } + + return data, nil +} + +func (sm *SecretsManager) setSecretValues(secret *awssm.SecretValueEntry, data map[string][]byte) { + if secret.SecretString != nil { + data[*secret.Name] = []byte(*secret.SecretString) + } + if secret.SecretBinary != nil { + data[*secret.Name] = secret.SecretBinary + } +} diff --git a/pkg/provider/aws/secretsmanager/secretsmanager_test.go b/pkg/provider/aws/secretsmanager/secretsmanager_test.go index ee82b35dca2..71cfcc7c770 100644 --- a/pkg/provider/aws/secretsmanager/secretsmanager_test.go +++ b/pkg/provider/aws/secretsmanager/secretsmanager_test.go @@ -1064,17 +1064,15 @@ func TestSecretsManagerGetAllSecrets(t *testing.T) { } // Test cases testCases := []struct { - name string - ref esv1beta1.ExternalSecretFind - - secretName string - secretVersion string - secretValue string - fetchError error - listSecretsFn func(ctx context.Context, input *awssm.ListSecretsInput, opts ...request.Option) (*awssm.ListSecretsOutput, error) - - expectedData map[string][]byte - expectedError string + name string + ref esv1beta1.ExternalSecretFind + secretName string + secretVersion string + secretValue string + batchGetSecretValueWithContextFn func(aws.Context, *awssm.BatchGetSecretValueInput, ...request.Option) (*awssm.BatchGetSecretValueOutput, error) + listSecretsFn func(ctx context.Context, input *awssm.ListSecretsInput, opts ...request.Option) (*awssm.ListSecretsOutput, error) + expectedData map[string][]byte + expectedError string }{ { name: "Matching secrets found", @@ -1087,14 +1085,16 @@ func TestSecretsManagerGetAllSecrets(t *testing.T) { secretName: secretName, secretVersion: secretVersion, secretValue: secretValue, - listSecretsFn: func(ctx context.Context, input *awssm.ListSecretsInput, opts ...request.Option) (*awssm.ListSecretsOutput, error) { + batchGetSecretValueWithContextFn: func(_ aws.Context, input *awssm.BatchGetSecretValueInput, _ ...request.Option) (*awssm.BatchGetSecretValueOutput, error) { assert.Len(t, input.Filters, 1) assert.Equal(t, "name", *input.Filters[0].Key) assert.Equal(t, secretPath, *input.Filters[0].Values[0]) - return &awssm.ListSecretsOutput{ - SecretList: []*awssm.SecretListEntry{ + return &awssm.BatchGetSecretValueOutput{ + SecretValues: []*awssm.SecretValueEntry{ { - Name: ptr.To(secretName), + Name: ptr.To(secretName), + VersionStages: []*string{ptr.To(secretVersion)}, + SecretBinary: []byte(secretValue), }, }, }, nil @@ -1115,15 +1115,14 @@ func TestSecretsManagerGetAllSecrets(t *testing.T) { secretName: secretName, secretVersion: secretVersion, secretValue: secretValue, - fetchError: errBoom, - listSecretsFn: func(ctx context.Context, input *awssm.ListSecretsInput, opts ...request.Option) (*awssm.ListSecretsOutput, error) { - return &awssm.ListSecretsOutput{ - SecretList: []*awssm.SecretListEntry{ + batchGetSecretValueWithContextFn: func(aws.Context, *awssm.BatchGetSecretValueInput, ...request.Option) (*awssm.BatchGetSecretValueOutput, error) { + return &awssm.BatchGetSecretValueOutput{ + SecretValues: []*awssm.SecretValueEntry{ { Name: ptr.To(secretName), }, }, - }, nil + }, errBoom }, expectedData: nil, expectedError: errBoom.Error(), @@ -1157,6 +1156,15 @@ func TestSecretsManagerGetAllSecrets(t *testing.T) { }, }, nil }, + batchGetSecretValueWithContextFn: func(aws.Context, *awssm.BatchGetSecretValueInput, ...request.Option) (*awssm.BatchGetSecretValueOutput, error) { + return &awssm.BatchGetSecretValueOutput{ + SecretValues: []*awssm.SecretValueEntry{ + { + Name: ptr.To("other-secret"), + }, + }, + }, nil + }, expectedData: make(map[string][]byte), expectedError: "", }, @@ -1179,16 +1187,18 @@ func TestSecretsManagerGetAllSecrets(t *testing.T) { secretName: secretName, secretVersion: secretVersion, secretValue: secretValue, - listSecretsFn: func(ctx context.Context, input *awssm.ListSecretsInput, opts ...request.Option) (*awssm.ListSecretsOutput, error) { + batchGetSecretValueWithContextFn: func(_ aws.Context, input *awssm.BatchGetSecretValueInput, _ ...request.Option) (*awssm.BatchGetSecretValueOutput, error) { assert.Len(t, input.Filters, 2) assert.Equal(t, "tag-key", *input.Filters[0].Key) assert.Equal(t, "foo", *input.Filters[0].Values[0]) assert.Equal(t, "tag-value", *input.Filters[1].Key) assert.Equal(t, "bar", *input.Filters[1].Values[0]) - return &awssm.ListSecretsOutput{ - SecretList: []*awssm.SecretListEntry{ + return &awssm.BatchGetSecretValueOutput{ + SecretValues: []*awssm.SecretValueEntry{ { - Name: ptr.To(secretName), + Name: ptr.To(secretName), + VersionStages: []*string{ptr.To(secretVersion)}, + SecretBinary: []byte(secretValue), }, }, }, nil @@ -1206,15 +1216,16 @@ func TestSecretsManagerGetAllSecrets(t *testing.T) { secretName: secretName, secretVersion: secretVersion, secretValue: secretValue, - fetchError: errBoom, - listSecretsFn: func(ctx context.Context, input *awssm.ListSecretsInput, opts ...request.Option) (*awssm.ListSecretsOutput, error) { - return &awssm.ListSecretsOutput{ - SecretList: []*awssm.SecretListEntry{ + batchGetSecretValueWithContextFn: func(aws.Context, *awssm.BatchGetSecretValueInput, ...request.Option) (*awssm.BatchGetSecretValueOutput, error) { + return &awssm.BatchGetSecretValueOutput{ + SecretValues: []*awssm.SecretValueEntry{ { - Name: ptr.To(secretName), + Name: ptr.To(secretName), + VersionStages: []*string{ptr.To(secretVersion)}, + SecretBinary: []byte(secretValue), }, }, - }, nil + }, errBoom }, expectedData: nil, expectedError: errBoom.Error(), @@ -1224,7 +1235,7 @@ func TestSecretsManagerGetAllSecrets(t *testing.T) { ref: esv1beta1.ExternalSecretFind{ Tags: secretTags, }, - listSecretsFn: func(ctx context.Context, input *awssm.ListSecretsInput, opts ...request.Option) (*awssm.ListSecretsOutput, error) { + batchGetSecretValueWithContextFn: func(aws.Context, *awssm.BatchGetSecretValueInput, ...request.Option) (*awssm.BatchGetSecretValueOutput, error) { return nil, errBoom }, expectedData: nil, @@ -1235,15 +1246,8 @@ func TestSecretsManagerGetAllSecrets(t *testing.T) { for _, tc := range testCases { t.Run(tc.name, func(t *testing.T) { fc := fakesm.NewClient() + fc.BatchGetSecretValueWithContextFn = tc.batchGetSecretValueWithContextFn fc.ListSecretsFn = tc.listSecretsFn - fc.WithValue(&awssm.GetSecretValueInput{ - SecretId: ptr.To(tc.secretName), - VersionStage: ptr.To(tc.secretVersion), - }, &awssm.GetSecretValueOutput{ - Name: ptr.To(tc.secretName), - VersionStages: []*string{ptr.To(tc.secretVersion)}, - SecretBinary: []byte(tc.secretValue), - }, tc.fetchError) sm := SecretsManager{ client: fc, cache: make(map[string]*awssm.GetSecretValueOutput), From 31c52b675500d346fb8a61107fe3656c3ee88bb2 Mon Sep 17 00:00:00 2001 From: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Date: Mon, 16 Dec 2024 13:46:46 -0800 Subject: [PATCH 479/517] fix: increase default QPS/Burst to 50/100 (#4202) Signed-off-by: Mathew Wicks <5735406+thesuperzapper@users.noreply.github.com> Co-authored-by: Moritz Johner --- cmd/root.go | 4 ++-- docs/api/controller-options.md | 44 +++++++++++++++++----------------- 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/cmd/root.go b/cmd/root.go index cc2cca9dce9..3b6c99d2bd0 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -290,8 +290,8 @@ func init() { "Enable leader election for controller manager. "+ "Enabling this will ensure there is only one active controller manager.") rootCmd.Flags().IntVar(&concurrent, "concurrent", 1, "The number of concurrent reconciles.") - rootCmd.Flags().Float32Var(&clientQPS, "client-qps", 0, "QPS configuration to be passed to rest.Client") - rootCmd.Flags().IntVar(&clientBurst, "client-burst", 0, "Maximum Burst allowed to be passed to rest.Client") + rootCmd.Flags().Float32Var(&clientQPS, "client-qps", 50, "QPS configuration to be passed to rest.Client") + rootCmd.Flags().IntVar(&clientBurst, "client-burst", 100, "Maximum Burst allowed to be passed to rest.Client") rootCmd.Flags().StringVar(&loglevel, "loglevel", "info", "loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal") rootCmd.Flags().StringVar(&zapTimeEncoding, "zap-time-encoding", "epoch", "Zap time encoding (one of 'epoch', 'millis', 'nano', 'iso8601', 'rfc3339' or 'rfc3339nano')") rootCmd.Flags().StringVar(&namespace, "namespace", "", "watch external secrets scoped in the provided namespace only. ClusterSecretStore can be used but only work if it doesn't reference resources from other namespaces") diff --git a/docs/api/controller-options.md b/docs/api/controller-options.md index 5911f6a1b4c..7fbcd6a2338 100644 --- a/docs/api/controller-options.md +++ b/docs/api/controller-options.md @@ -11,28 +11,28 @@ The external-secrets binary includes three components: `core controller`, `certc The core controller is invoked without a subcommand and can be configured with the following flags: -| Name | Type | Default | Description | -|-----------------------------------------------|----------|-------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `--client-burst` | int | uses rest client default (10) | Maximum Burst allowed to be passed to rest.Client | -| `--client-qps` | float32 | uses rest client default (5) | QPS configuration to be passed to rest.Client | -| `--concurrent` | int | 1 | The number of concurrent reconciles. | -| `--controller-class` | string | default | The controller is instantiated with a specific controller name and filters ES based on this property | -| `--enable-cluster-external-secret-reconciler` | boolean | true | Enables the cluster external secret reconciler. | -| `--enable-cluster-store-reconciler` | boolean | true | Enables the cluster store reconciler. | -| `--enable-push-secret-reconciler` | boolean | true | Enables the push secret reconciler. | -| `--enable-secrets-caching` | boolean | false | Enable secrets caching for ALL secrets in the cluster (WARNING: can increase memory usage). | -| `--enable-configmaps-caching` | boolean | false | Enable configmaps caching for ALL configmaps in the cluster (WARNING: can increase memory usage). | -| `--enable-managed-secrets-caching` | boolean | true | Enable secrets caching for secrets managed by an ExternalSecret. | -| `--enable-flood-gate` | boolean | true | Enable flood gate. External secret will be reconciled only if the ClusterStore or Store have an healthy or unknown state. | -| `--enable-extended-metric-labels` | boolean | true | Enable recommended kubernetes annotations as labels in metrics. | -| `--enable-leader-election` | boolean | false | Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. | -| `--experimental-enable-aws-session-cache` | boolean | false | Enable experimental AWS session cache. External secret will reuse the AWS session without creating a new one on each request. | -| `--help` | | | help for external-secrets | -| `--loglevel` | string | info | loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal | -| `--zap-time-encoding` | string | epoch | loglevel to use, one of: epoch, millis, nano, iso8601, rfc3339, rfc3339nano | -| `--metrics-addr` | string | :8080 | The address the metric endpoint binds to. | -| `--namespace` | string | - | watch external secrets scoped in the provided namespace only. ClusterSecretStore can be used but only work if it doesn't reference resources from other namespaces | -| `--store-requeue-interval` | duration | 5m0s | Default Time duration between reconciling (Cluster)SecretStores | +| Name | Type | Default | Description | +|-----------------------------------------------|----------|---------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| `--client-burst` | int | 100 | Maximum Burst allowed to be passed to rest.Client | +| `--client-qps` | float32 | 50 | QPS configuration to be passed to rest.Client | +| `--concurrent` | int | 1 | The number of concurrent reconciles. | +| `--controller-class` | string | default | The controller is instantiated with a specific controller name and filters ES based on this property | +| `--enable-cluster-external-secret-reconciler` | boolean | true | Enables the cluster external secret reconciler. | +| `--enable-cluster-store-reconciler` | boolean | true | Enables the cluster store reconciler. | +| `--enable-push-secret-reconciler` | boolean | true | Enables the push secret reconciler. | +| `--enable-secrets-caching` | boolean | false | Enable secrets caching for ALL secrets in the cluster (WARNING: can increase memory usage). | +| `--enable-configmaps-caching` | boolean | false | Enable configmaps caching for ALL configmaps in the cluster (WARNING: can increase memory usage). | +| `--enable-managed-secrets-caching` | boolean | true | Enable secrets caching for secrets managed by an ExternalSecret. | +| `--enable-flood-gate` | boolean | true | Enable flood gate. External secret will be reconciled only if the ClusterStore or Store have an healthy or unknown state. | +| `--enable-extended-metric-labels` | boolean | true | Enable recommended kubernetes annotations as labels in metrics. | +| `--enable-leader-election` | boolean | false | Enable leader election for controller manager. Enabling this will ensure there is only one active controller manager. | +| `--experimental-enable-aws-session-cache` | boolean | false | Enable experimental AWS session cache. External secret will reuse the AWS session without creating a new one on each request. | +| `--help` | | | help for external-secrets | +| `--loglevel` | string | info | loglevel to use, one of: debug, info, warn, error, dpanic, panic, fatal | +| `--zap-time-encoding` | string | epoch | loglevel to use, one of: epoch, millis, nano, iso8601, rfc3339, rfc3339nano | +| `--metrics-addr` | string | :8080 | The address the metric endpoint binds to. | +| `--namespace` | string | - | watch external secrets scoped in the provided namespace only. ClusterSecretStore can be used but only work if it doesn't reference resources from other namespaces | +| `--store-requeue-interval` | duration | 5m0s | Default Time duration between reconciling (Cluster)SecretStores | ## Cert Controller Flags From 78d28bd343773c23180fe8ba77ceca73bea072a1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 07:35:58 +0100 Subject: [PATCH 480/517] chore(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.0 (#4217) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/01570a1f39cb168c169c802c3bceb9e93fb10974...7b4da11513bf3f43f9999e90eabced41ab8bb048) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index bd220414a97..0dc962f9f77 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: ref: ${{ github.event.inputs.source_ref }} - name: Create Release - uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: tag_name: ${{ github.event.inputs.version }} target_commitish: ${{ github.event.inputs.source_ref }} @@ -113,7 +113,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Update Release - uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: tag_name: ${{ github.event.inputs.version }} files: | From 5d42c1c0f7293091d3d0f2b4b07a56d7e6194f63 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 07:43:01 +0100 Subject: [PATCH 481/517] chore(deps): bump actions/setup-go from 5.1.0 to 5.2.0 (#4218) Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.1.0 to 5.2.0. - [Release notes](https://github.com/actions/setup-go/releases) - [Commits](https://github.com/actions/setup-go/compare/41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed...3041bf56c941b39c61721a86cd11f3bb1338122a) --- updated-dependencies: - dependency-name: actions/setup-go dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 6 +++--- .github/workflows/docs.yml | 2 +- .github/workflows/publish.yml | 2 +- .github/workflows/release.yml | 2 +- .github/workflows/update-deps.yml | 2 +- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4722e8a8085..213e0e7ea11 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -49,7 +49,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 id: setup-go with: go-version-file: "go.mod" @@ -75,7 +75,7 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Setup Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 id: setup-go with: go-version-file: "go.mod" @@ -106,7 +106,7 @@ jobs: run: git fetch --prune --unshallow - name: Setup Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 id: setup-go with: go-version-file: "go.mod" diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index bad54ef3120..b254de6e0eb 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -20,7 +20,7 @@ jobs: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version-file: "go.mod" diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 9df7a4b4dfd..8757dc842ba 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -66,7 +66,7 @@ jobs: install: true - name: Setup Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 id: setup-go with: go-version-file: "go.mod" diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 0dc962f9f77..619d92a467e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -76,7 +76,7 @@ jobs: fetch-depth: 0 - name: Setup Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 id: setup-go with: go-version-file: "go.mod" diff --git a/.github/workflows/update-deps.yml b/.github/workflows/update-deps.yml index de58f8b71e3..078582f5324 100644 --- a/.github/workflows/update-deps.yml +++ b/.github/workflows/update-deps.yml @@ -40,7 +40,7 @@ jobs: branch: ${{ fromJson(needs.branches.outputs.branches) }} steps: - name: Setup Go - uses: actions/setup-go@41dfa10bad2bb2ae585af6ee5bb4d7d973ad74ed # v5.1.0 + uses: actions/setup-go@3041bf56c941b39c61721a86cd11f3bb1338122a # v5.2.0 with: go-version: "1.21" From 7d1403cfaf07a9ecc949011dec23e3874542e4d1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 08:49:50 +0100 Subject: [PATCH 482/517] chore(deps): bump certifi from 2024.8.30 to 2024.12.14 in /hack/api-docs (#4219) Bumps [certifi](https://github.com/certifi/python-certifi) from 2024.8.30 to 2024.12.14. - [Commits](https://github.com/certifi/python-certifi/compare/2024.08.30...2024.12.14) --- updated-dependencies: - dependency-name: certifi dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 877ce34057b..dc54f02ca9a 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -1,5 +1,5 @@ Babel==2.16.0 -certifi==2024.8.30 +certifi==2024.12.14 charset-normalizer==3.4.0 click==8.1.7 colorama==0.4.6 From 3efa4eb1188f2c86e407315aa4ebd00cdddb8376 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 09:50:53 +0100 Subject: [PATCH 483/517] chore(deps): bump golang from `6c5c959` to `6c5c959` (#4220) Bumps golang from `6c5c959` to `6c5c959`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tilt.debug.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 941042b53fd..4f11326bcd6 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.4@sha256:574185e5c6b9d09873f455a7c205ea0514bfd99738c5dc7750196403a44ed4b7 +FROM golang:1.23.4@sha256:70031844b8c225351d0bb63e2c383f80db85d92ba894e3da7e13bcf80efa9a37 WORKDIR / COPY ./bin/external-secrets /external-secrets From f5f31410a50459590ce450cec20b0617a3cd70bf Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Wed, 18 Dec 2024 08:58:46 +0100 Subject: [PATCH 484/517] chore: update dependencies (#4223) * update dependencies Signed-off-by: External Secrets Operator * removed deprecated module Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * remove xanzy from e2e end the tests Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: External Secrets Operator Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- e2e/go.mod | 58 ++++---- e2e/go.sum | 109 ++++++++------- e2e/suites/provider/cases/gitlab/provider.go | 2 +- go.mod | 67 +++++---- go.sum | 138 ++++++++++--------- pkg/provider/gitlab/fake/fake.go | 2 +- pkg/provider/gitlab/gitlab.go | 2 +- pkg/provider/gitlab/gitlab_test.go | 2 +- pkg/provider/gitlab/provider.go | 2 +- 9 files changed, 193 insertions(+), 189 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 94e50ebcf3a..c0d846c35b6 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -1,6 +1,6 @@ module github.com/external-secrets/external-secrets-e2e -go 1.23.1 +go 1.23.4 replace ( github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 @@ -49,7 +49,7 @@ require ( github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 github.com/aws/aws-sdk-go v1.55.5 - github.com/cyberark/conjur-api-go v0.12.7 + github.com/cyberark/conjur-api-go v0.12.9 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 github.com/fluxcd/pkg/apis/meta v1.2.0 @@ -57,17 +57,17 @@ require ( github.com/golang-jwt/jwt/v4 v4.5.1 github.com/hashicorp/vault/api v1.15.0 github.com/onsi/ginkgo/v2 v2.22.0 - github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.79.0 + github.com/onsi/gomega v1.35.1 + github.com/oracle/oci-go-sdk/v65 v65.80.0 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 - github.com/xanzy/go-gitlab v0.114.0 + gitlab.com/gitlab-org/api/client-go v0.117.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.210.0 - k8s.io/api v0.31.3 - k8s.io/apiextensions-apiserver v0.31.3 - k8s.io/apimachinery v0.31.3 + google.golang.org/api v0.211.0 + k8s.io/api v0.32.0 + k8s.io/apiextensions-apiserver v0.32.0 + k8s.io/apimachinery v0.32.0 k8s.io/client-go v1.5.2 - k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 + k8s.io/utils v0.0.0-20241210054802-24370beab758 sigs.k8s.io/controller-runtime v0.19.3 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.5.0 @@ -75,9 +75,9 @@ require ( require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.12.0 // indirect + cloud.google.com/go/auth v0.12.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect - cloud.google.com/go/compute/metadata v0.5.2 // indirect + cloud.google.com/go/compute/metadata v0.6.0 // indirect cloud.google.com/go/iam v1.3.0 // indirect dario.cat/mergo v1.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect @@ -116,7 +116,7 @@ require ( github.com/go-openapi/jsonreference v0.21.0 // indirect github.com/go-openapi/swag v0.23.0 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect - github.com/goccy/go-json v0.10.3 // indirect + github.com/goccy/go-json v0.10.4 // indirect github.com/godbus/dbus/v5 v5.1.0 // indirect github.com/gofrs/flock v0.12.1 // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -127,7 +127,7 @@ require ( github.com/google/go-cmp v0.6.0 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241206021119-61a79c692802 // indirect + github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect @@ -155,7 +155,7 @@ require ( github.com/lestrrat-go/iter v1.0.2 // indirect github.com/lestrrat-go/jwx/v2 v2.1.3 // indirect github.com/lestrrat-go/option v1.0.1 // indirect - github.com/mailru/easyjson v0.7.7 // indirect + github.com/mailru/easyjson v0.9.0 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/mapstructure v1.5.0 // indirect @@ -185,14 +185,14 @@ require ( github.com/tidwall/sjson v1.2.5 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/zalando/go-keyring v0.2.6 // indirect - go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect - go.opentelemetry.io/otel v1.32.0 // indirect - go.opentelemetry.io/otel/metric v1.32.0 // indirect - go.opentelemetry.io/otel/trace v1.32.0 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect + go.opentelemetry.io/otel v1.33.0 // indirect + go.opentelemetry.io/otel/metric v1.33.0 // indirect + go.opentelemetry.io/otel/trace v1.33.0 // indirect golang.org/x/crypto v0.31.0 // indirect - golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d // indirect + golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect golang.org/x/net v0.32.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.28.0 // indirect @@ -201,18 +201,18 @@ require ( golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20241206012308-a4fef0638583 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241206012308-a4fef0638583 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect - google.golang.org/grpc v1.68.1 // indirect - google.golang.org/protobuf v1.35.2 // indirect + google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/grpc v1.69.0 // indirect + google.golang.org/protobuf v1.36.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f // indirect + k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect ) diff --git a/e2e/go.sum b/e2e/go.sum index b71b254d79b..78757bdd177 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -22,8 +22,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.12.0 h1:ARAD8r0lkiHw2go7kEnmviF6TOYhzLM+yDGcDt9mP68= -cloud.google.com/go/auth v0.12.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth v0.12.1 h1:n2Bj25BUMM0nvE9D2XLTiImanwZhO3DkfWSYS/SAJP4= +cloud.google.com/go/auth v0.12.1/go.mod h1:BFMu+TNpF3DmvfBO9ClqTR/SiqVIm7LukKF9mbendF4= cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -33,8 +33,8 @@ cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUM cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= -cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= +cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= +cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/iam v1.3.0 h1:4Wo2qTaGKFtajbLpF6I4mywg900u3TLlHDb6mriLDPU= @@ -138,8 +138,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cyberark/conjur-api-go v0.12.7 h1:LxkiEeDolVoVR96Zfr+s2NhlEdyt/sIT2oFbtcYdlhk= -github.com/cyberark/conjur-api-go v0.12.7/go.mod h1:/lZcWpHodKrwJC85J8h6R8uCvt3TknQeUZMUxSinFGU= +github.com/cyberark/conjur-api-go v0.12.9 h1:EPd7p07Z3kEx7minaf4BUCwx57adzHg+FCeGav1p/Gg= +github.com/cyberark/conjur-api-go v0.12.9/go.mod h1:/lZcWpHodKrwJC85J8h6R8uCvt3TknQeUZMUxSinFGU= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -209,8 +209,8 @@ github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1v github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= -github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= -github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= +github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM= +github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= @@ -298,8 +298,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20241206021119-61a79c692802 h1:US08AXzP0bLurpzFUV3Poa9ZijrRdd1zAIOVtoHEiS8= -github.com/google/pprof v0.0.0-20241206021119-61a79c692802/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -390,8 +390,8 @@ github.com/lestrrat-go/jwx/v2 v2.1.3 h1:Ud4lb2QuxRClYAmRleF50KrbKIoM1TddXgBrneT5 github.com/lestrrat-go/jwx/v2 v2.1.3/go.mod h1:q6uFgbgZfEmQrfJfrCo90QcQOcXFMfbI/fO0NqRtvZo= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= +github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= github.com/mattn/go-colorable v0.1.13/go.mod h1:7S9/ev0klgBDR4GtXTXX8a3vIGJpMovkB8vQcUbaXHg= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= @@ -422,12 +422,12 @@ github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= -github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= +github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= +github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.79.0 h1:Tv9L1XTKWkdXtSViMbP+dA93WunquvW++/2s5pOvOgU= -github.com/oracle/oci-go-sdk/v65 v65.79.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.80.0 h1:Rr7QLMozd2DfDBKo6AB3DzLYQxAwuOG118+K5AAD5E8= +github.com/oracle/oci-go-sdk/v65 v65.80.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -448,8 +448,8 @@ github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoG github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/ryanuber/go-glob v1.0.0 h1:iQh3xXAumdQ+4Ufa5b25cRpC5TYKlno6hsv6Cb3pkBk= github.com/ryanuber/go-glob v1.0.0/go.mod h1:807d1WSdnB0XRJzKNil9Om6lcp/3a0v4qIHxIXzX/Yc= github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 h1:yoKAVkEVwAqbGbR8n87rHQ1dulL25rKloGadb3vm770= @@ -482,7 +482,6 @@ github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/ github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA= @@ -503,8 +502,6 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.114.0 h1:0wQr/KBckwrZPfEMjRqpUz0HmsKKON9UhCYv9KDy19M= -github.com/xanzy/go-gitlab v0.114.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.1.32/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -512,6 +509,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zalando/go-keyring v0.2.6 h1:r7Yc3+H+Ux0+M72zacZoItR3UDxeWfKTcabvkI8ua9s= github.com/zalando/go-keyring v0.2.6/go.mod h1:2TCrxYrbUNYfNS/Kgy/LSrkSQzZ5UPVH85RwfczwvcI= +gitlab.com/gitlab-org/api/client-go v0.117.0 h1:HsbKxlTjVgfYmyCU+NRQk2G42RlMOKs6gF+/o0DL+TI= +gitlab.com/gitlab-org/api/client-go v0.117.0/go.mod h1:E+X2dndIYDuUfKVP0C3jhkWvTSE00BkLbCsXTY3edDo= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -521,18 +520,22 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 h1:qtFISDHKolvIxzSs0gIaiPUPR0Cucb0F2coHC7ZLdps= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0/go.mod h1:Y+Pop1Q6hCOnETWTW4NROK/q1hv50hM7yDaUTjG8lp8= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 h1:DheMAlT6POBP+gh8RUH19EOTnQIor5QE0uSRPtzCpSw= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0/go.mod h1:wZcGmeVO9nzP67aYSLDqXNWK87EZWhi7JWj1v7ZXf94= -go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= -go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= -go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= -go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= -go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= -go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= -go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= -go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= +go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= +go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= +go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= +go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= +go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk= +go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0= +go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= +go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= +go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= +go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= go.uber.org/atomic v1.9.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= @@ -567,8 +570,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d h1:0olWaB5pg3+oychR51GUVCEsGkeCU/2JxjBgIo4f3M0= -golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= +golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e h1:4qufH0hlUYs6AO6XmZC3GqfDPGSXHVXUFR6OND+iJX4= +golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -831,8 +834,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.210.0 h1:HMNffZ57OoZCRYSbdWVRoqOa8V8NIHLL0CzdBPLztWk= -google.golang.org/api v0.210.0/go.mod h1:B9XDZGnx2NtyjzVkOVTGrFSAVZgPcbedzKg/gTLwqBs= +google.golang.org/api v0.211.0 h1:IUpLjq09jxBSV1lACO33CGY3jsRcbctfGzhj+ZSE/Bg= +google.golang.org/api v0.211.0/go.mod h1:XOloB4MXFH4UTlQSGuNUxw0UT74qdENK8d6JNsXKLi0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -880,12 +883,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241206012308-a4fef0638583 h1:pjPnE7Rv3PAwHISLRJhA3HQTnM2uu5qcnroxTkRb5G8= -google.golang.org/genproto v0.0.0-20241206012308-a4fef0638583/go.mod h1:dW27OyXi0Ph+N43jeCWMFC86aTT5VgdeQtOSf0Hehdw= -google.golang.org/genproto/googleapis/api v0.0.0-20241206012308-a4fef0638583 h1:v+j+5gpj0FopU0KKLDGfDo9ZRRpKdi5UBrCP0f76kuY= -google.golang.org/genproto/googleapis/api v0.0.0-20241206012308-a4fef0638583/go.mod h1:jehYqy3+AhJU9ve55aNOaSml7wUXjF9x6z2LcCfpAhY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576 h1:k48HcZ4FE6in0o8IflZCkc1lTc2u37nhGd8P+fo4r24= +google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576/go.mod h1:DV2u3tCn/AcVjjmGYZKt6HyvY4w4y3ipAdHkMbe/0i4= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -905,8 +908,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0= -google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw= +google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= +google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -920,8 +923,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= -google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= +google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -962,10 +965,10 @@ k8s.io/client-go v0.31.0 h1:QqEJzNjbN2Yv1H79SsS+SWnXkBgVu4Pj3CJQgbx0gI8= k8s.io/client-go v0.31.0/go.mod h1:Y9wvC76g4fLjmU0BA+rV+h2cncoadjvjjkkIGoTLcGU= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f h1:nLHvOvs1CZ+FAEwR4EqLeRLfbtWQNlIu5g393Hq/1UM= -k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f/go.mod h1:iZjdMQzunI7O/sUrf/5WRX1gvaAIam32lKx9+paoLbU= -k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno= -k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg= +k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas= +k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= +k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= @@ -973,8 +976,8 @@ sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8b sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/structured-merge-diff/v4 v4.4.3 h1:sCP7Vv3xx/CWIuTPVN38lUPx0uw0lcLfzaiDa8Ja01A= -sigs.k8s.io/structured-merge-diff/v4 v4.4.3/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk= +sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= software.sslmate.com/src/go-pkcs12 v0.5.0 h1:EC6R394xgENTpZ4RltKydeDUjtlM5drOYIG9c6TVj2M= diff --git a/e2e/suites/provider/cases/gitlab/provider.go b/e2e/suites/provider/cases/gitlab/provider.go index 094703f85fd..eca1903856b 100644 --- a/e2e/suites/provider/cases/gitlab/provider.go +++ b/e2e/suites/provider/cases/gitlab/provider.go @@ -21,10 +21,10 @@ import ( // nolint . "github.com/onsi/ginkgo/v2" + gitlab "gitlab.com/gitlab-org/api/client-go" // nolint . "github.com/onsi/gomega" - "github.com/xanzy/go-gitlab" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" diff --git a/go.mod b/go.mod index ad3a361c5de..1aa369e1fea 100644 --- a/go.mod +++ b/go.mod @@ -1,6 +1,6 @@ module github.com/external-secrets/external-secrets -go 1.23.1 +go 1.23.4 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 @@ -12,7 +12,7 @@ require ( github.com/Azure/go-autorest/autorest/adal v0.9.24 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 - github.com/IBM/go-sdk-core/v5 v5.18.1 + github.com/IBM/go-sdk-core/v5 v5.18.3 github.com/IBM/secrets-manager-go-sdk/v2 v2.0.8 github.com/Masterminds/goutils v1.1.1 // indirect github.com/Masterminds/sprig/v3 v3.3.0 @@ -31,30 +31,29 @@ require ( github.com/hashicorp/vault/api/auth/ldap v0.8.0 github.com/huandu/xstrings v1.5.0 // indirect github.com/onsi/ginkgo/v2 v2.22.0 - github.com/onsi/gomega v1.34.2 - github.com/oracle/oci-go-sdk/v65 v65.79.0 + github.com/onsi/gomega v1.35.1 + github.com/oracle/oci-go-sdk/v65 v65.80.0 github.com/prometheus/client_golang v1.20.5 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.10.0 github.com/tidwall/gjson v1.18.0 - github.com/xanzy/go-gitlab v0.114.0 github.com/yandex-cloud/go-genproto v0.0.0-20241206133605-07e4a676108b github.com/yandex-cloud/go-sdk v0.0.0-20241206142255-6c3760d17eea github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.31.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.210.0 - google.golang.org/genproto v0.0.0-20241206012308-a4fef0638583 - google.golang.org/grpc v1.68.1 + google.golang.org/api v0.211.0 + google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576 + google.golang.org/grpc v1.69.0 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 - k8s.io/api v0.31.3 - k8s.io/apiextensions-apiserver v0.31.3 - k8s.io/apimachinery v0.31.3 - k8s.io/client-go v0.31.3 - k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 + k8s.io/api v0.32.0 + k8s.io/apiextensions-apiserver v0.32.0 + k8s.io/apimachinery v0.32.0 + k8s.io/client-go v0.32.0 + k8s.io/utils v0.0.0-20241210054802-24370beab758 sigs.k8s.io/controller-runtime v0.19.3 sigs.k8s.io/controller-tools v0.16.5 ) @@ -65,7 +64,7 @@ require ( dario.cat/mergo v1.0.1 github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 - github.com/BeyondTrust/go-client-library-passwordsafe v0.12.0 + github.com/BeyondTrust/go-client-library-passwordsafe v0.13.0 github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 github.com/DelineaXPM/tss-sdk-go/v2 v2.0.3 github.com/Onboardbase/go-cryptojs-aes-decrypt v0.0.0-20230430095000-27c0d3a9016d @@ -78,7 +77,7 @@ require ( github.com/aliyun/credentials-go v1.4.3 github.com/avast/retry-go/v4 v4.6.0 github.com/cenkalti/backoff/v4 v4.3.0 - github.com/cyberark/conjur-api-go v0.12.7 + github.com/cyberark/conjur-api-go v0.12.9 github.com/fortanix/sdkms-client-go v0.4.0 github.com/go-openapi/strfmt v0.23.0 github.com/golang-jwt/jwt/v5 v5.2.1 @@ -90,21 +89,22 @@ require ( github.com/maxbrunsfeld/counterfeiter/v6 v6.10.0 github.com/passbolt/go-passbolt v0.7.1 github.com/previder/vault-cli v0.1.2 - github.com/pulumi/esc-sdk/sdk v0.10.4 + github.com/pulumi/esc-sdk/sdk v0.10.5 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f + gitlab.com/gitlab-org/api/client-go v0.117.0 + k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.5.0 ) require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.12.0 // indirect + cloud.google.com/go/auth v0.12.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect - cloud.google.com/go/compute/metadata v0.5.2 // indirect + cloud.google.com/go/compute/metadata v0.6.0 // indirect github.com/ProtonMail/go-crypto v1.1.3 // indirect github.com/ProtonMail/go-mime v0.0.0-20230322103455-7d82a3887f2f // indirect github.com/ProtonMail/gopenpgp/v2 v2.8.1 // indirect @@ -143,17 +143,18 @@ require ( github.com/tjfoc/gmsm v1.4.1 // indirect github.com/x448/float16 v0.8.4 // indirect github.com/zalando/go-keyring v0.2.6 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 // indirect - go.opentelemetry.io/otel v1.32.0 // indirect - go.opentelemetry.io/otel/metric v1.32.0 // indirect - go.opentelemetry.io/otel/trace v1.32.0 // indirect + go.opentelemetry.io/auto/sdk v1.1.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 // indirect + go.opentelemetry.io/otel v1.33.0 // indirect + go.opentelemetry.io/otel/metric v1.33.0 // indirect + go.opentelemetry.io/otel/trace v1.33.0 // indirect golang.org/x/sync v0.10.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241206012308-a4fef0638583 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.4.3 // indirect + sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect ) require ( @@ -188,14 +189,14 @@ require ( github.com/go-playground/locales v0.14.1 // indirect github.com/go-playground/universal-translator v0.18.1 // indirect github.com/gobuffalo/flect v1.0.3 // indirect - github.com/goccy/go-json v0.10.3 // indirect + github.com/goccy/go-json v0.10.4 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/golang-jwt/jwt/v4 v4.5.1 // indirect github.com/golang/groupcache v0.0.0-20241129210726-2c02b8208cf8 // indirect github.com/golang/protobuf v1.5.4 // indirect github.com/google/go-querystring v1.1.0 // indirect github.com/google/gofuzz v1.2.0 // indirect - github.com/google/pprof v0.0.0-20241206021119-61a79c692802 // indirect + github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -207,7 +208,6 @@ require ( github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect github.com/hashicorp/go-sockaddr v1.0.7 // indirect github.com/hashicorp/hcl v1.0.1-vault-7 // indirect - github.com/imdario/mergo v0.3.16 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -218,7 +218,7 @@ require ( github.com/lestrrat-go/httpcc v1.0.1 // indirect github.com/lestrrat-go/iter v1.0.2 // indirect github.com/lestrrat-go/option v1.0.1 // indirect - github.com/mailru/easyjson v0.7.7 // indirect + github.com/mailru/easyjson v0.9.0 // indirect github.com/mattn/go-colorable v0.1.13 // indirect github.com/mattn/go-isatty v0.0.20 // indirect github.com/mitchellh/copystructure v1.2.0 // indirect @@ -245,10 +245,9 @@ require ( github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect github.com/uber/jaeger-lib v2.4.1+incompatible // indirect go.mongodb.org/mongo-driver v1.17.1 // indirect - go.opencensus.io v0.24.0 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d // indirect + golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect golang.org/x/mod v0.22.0 // indirect golang.org/x/net v0.32.0 // indirect golang.org/x/sys v0.28.0 // indirect @@ -257,7 +256,7 @@ require ( golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/protobuf v1.35.2 // indirect + google.golang.org/protobuf v1.36.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 diff --git a/go.sum b/go.sum index 51bf8d56430..b2b2091b4bb 100644 --- a/go.sum +++ b/go.sum @@ -22,8 +22,8 @@ cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.12.0 h1:ARAD8r0lkiHw2go7kEnmviF6TOYhzLM+yDGcDt9mP68= -cloud.google.com/go/auth v0.12.0/go.mod h1:xxA5AqpDrvS+Gkmo9RqrGGRh6WSNKKOXhY3zNOr38tI= +cloud.google.com/go/auth v0.12.1 h1:n2Bj25BUMM0nvE9D2XLTiImanwZhO3DkfWSYS/SAJP4= +cloud.google.com/go/auth v0.12.1/go.mod h1:BFMu+TNpF3DmvfBO9ClqTR/SiqVIm7LukKF9mbendF4= cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -33,8 +33,8 @@ cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUM cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= cloud.google.com/go/compute/metadata v0.2.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= -cloud.google.com/go/compute/metadata v0.5.2 h1:UxK4uu/Tn+I3p2dYWTfiX4wva7aYlKixAHn3fyqngqo= -cloud.google.com/go/compute/metadata v0.5.2/go.mod h1:C66sj2AluDcIqakBq/M8lw8/ybHgOZqin2obFxa/E5k= +cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4j01OwKxG9I= +cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/iam v1.3.0 h1:4Wo2qTaGKFtajbLpF6I4mywg900u3TLlHDb6mriLDPU= @@ -102,8 +102,8 @@ github.com/AzureAD/microsoft-authentication-extensions-for-go/cache v0.1.1/go.mo github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2 h1:kYRSnvJju5gYVyhkij+RTJ/VR6QIUaCfWeaFm2ycsjQ= github.com/AzureAD/microsoft-authentication-library-for-go v1.3.2/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= -github.com/BeyondTrust/go-client-library-passwordsafe v0.12.0 h1:t/lx00FMS5Glr2MSeytQR7MJc2FOdFEhoCplCeuShoA= -github.com/BeyondTrust/go-client-library-passwordsafe v0.12.0/go.mod h1:72FMrpiz1fUSiIIIAXiCzQ55Y83spsu2jl5n/Stzfks= +github.com/BeyondTrust/go-client-library-passwordsafe v0.13.0 h1:6l+YprCDpUbDRQum94dLXFBH0KQtu51NcaVf+I0WKRQ= +github.com/BeyondTrust/go-client-library-passwordsafe v0.13.0/go.mod h1:72FMrpiz1fUSiIIIAXiCzQ55Y83spsu2jl5n/Stzfks= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802/go.mod h1:IVnqGOEym/WlBOVXweHU+Q+/VP0lqqI8lqeDx9IjBqo= github.com/DelineaXPM/dsv-sdk-go/v2 v2.1.2 h1:cmX2QC9s5kPqmghWLLZP8YRFO1ZD/C59BpNH2ujP99w= @@ -112,8 +112,8 @@ github.com/DelineaXPM/tss-sdk-go/v2 v2.0.3 h1:Yk8VZUIer8deRzi1Zx2Di2wEpw138IP09O github.com/DelineaXPM/tss-sdk-go/v2 v2.0.3/go.mod h1:xz6FXP2Do88Vc5Hx7OamZgZC1W45yfmLy4+iDKxlGXo= github.com/HdrHistogram/hdrhistogram-go v1.1.2 h1:5IcZpTvzydCQeHzK4Ef/D5rrSqwxob0t8PQPMybUNFM= github.com/HdrHistogram/hdrhistogram-go v1.1.2/go.mod h1:yDgFjdqOqDEKOvasDdhWNXYg9BVp4O+o5f6V/ehm6Oo= -github.com/IBM/go-sdk-core/v5 v5.18.1 h1:wdftQO8xejECTWTKF3FGXyW0McKxxDAopH7MKwA187c= -github.com/IBM/go-sdk-core/v5 v5.18.1/go.mod h1:3ywpylZ41WhWPusqtpJZWopYlt2brebcphV7mA2JncU= +github.com/IBM/go-sdk-core/v5 v5.18.3 h1:q6IDU3N2bHGwijK9pMnzKC5gqdaRII56NzB4ZNdSFvY= +github.com/IBM/go-sdk-core/v5 v5.18.3/go.mod h1:5kILxqEWOrwMhoD2b7J6Xv9Z2M6YIdT/6Oy+XRSsCGQ= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.8 h1:gWB2E3B3lyQt7I8eX6ov0PZXS7gSo2cRhW0RCD+E1Ug= github.com/IBM/secrets-manager-go-sdk/v2 v2.0.8/go.mod h1:RglK3v6CPe3T1myRtQCD6z+nBygXvNJwufAon0qcZok= github.com/Masterminds/goutils v1.1.1 h1:5nUrii3FMTL5diU80unEVvNevw1nH4+ZV4DSLVJLSYI= @@ -226,8 +226,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= github.com/ctdk/goiardi v0.11.10/go.mod h1:Pr6Cj6Wsahw45myttaOEZeZ0LE7p1qzWmzgsBISkrNI= -github.com/cyberark/conjur-api-go v0.12.7 h1:LxkiEeDolVoVR96Zfr+s2NhlEdyt/sIT2oFbtcYdlhk= -github.com/cyberark/conjur-api-go v0.12.7/go.mod h1:/lZcWpHodKrwJC85J8h6R8uCvt3TknQeUZMUxSinFGU= +github.com/cyberark/conjur-api-go v0.12.9 h1:EPd7p07Z3kEx7minaf4BUCwx57adzHg+FCeGav1p/Gg= +github.com/cyberark/conjur-api-go v0.12.9/go.mod h1:/lZcWpHodKrwJC85J8h6R8uCvt3TknQeUZMUxSinFGU= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -316,8 +316,8 @@ github.com/go-test/deep v1.0.4 h1:u2CU3YKy9I2pmu9pX0eq50wCgjfGIt539SqR7FbHiho= github.com/go-test/deep v1.0.4/go.mod h1:wGDj63lr65AM2AQyKZd/NYHGb0R+1RLqB8NKt3aSFNA= github.com/gobuffalo/flect v1.0.3 h1:xeWBM2nui+qnVvNM4S3foBhCAL2XgPU+a7FdpelbTq4= github.com/gobuffalo/flect v1.0.3/go.mod h1:A5msMlrHtLqh9umBSnvabjsMrCcCpAyzglnDvkbYKHs= -github.com/goccy/go-json v0.10.3 h1:KZ5WoDbxAIgm2HNbYckL0se1fHD6rz5j4ywS6ebzDqA= -github.com/goccy/go-json v0.10.3/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= +github.com/goccy/go-json v0.10.4 h1:JSwxQzIqKfmFX1swYPpUThQZp/Ka4wzJdK0LWVytLPM= +github.com/goccy/go-json v0.10.4/go.mod h1:oq7eo15ShAhp70Anwd5lgX2pLfOS3QCiwU/PULtXL6M= github.com/godbus/dbus/v5 v5.1.0 h1:4KLkAxT3aOY8Li4FRJe/KvhoNFFxo0m6fNuFUO8QJUk= github.com/godbus/dbus/v5 v5.1.0/go.mod h1:xhWf0FNVPg57R7Z0UbKHbJfkEywrmjJnf7w5xrFpKfA= github.com/gofrs/flock v0.8.1/go.mod h1:F1TvTiK9OcQqauNUHlbJvyl9Qa1QvF/gOUDKA14jxHU= @@ -405,8 +405,8 @@ github.com/google/pprof v0.0.0-20201023163331-3e6fc7fc9c4c/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20201203190320-1bf35d6f28c2/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210122040257-d980be63207e/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/pprof v0.0.0-20210226084205-cbba55b83ad5/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= -github.com/google/pprof v0.0.0-20241206021119-61a79c692802 h1:US08AXzP0bLurpzFUV3Poa9ZijrRdd1zAIOVtoHEiS8= -github.com/google/pprof v0.0.0-20241206021119-61a79c692802/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad h1:a6HEuzUHeKH6hwfN/ZoQgRgVIWFJljSWa/zetS2WTvg= +github.com/google/pprof v0.0.0-20241210010833-40e02aabc2ad/go.mod h1:vavhavw2zAxS5dIdcRluK6cSGGPlZynqzFM8NdvU144= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= github.com/google/s2a-go v0.1.8 h1:zZDs9gcbt9ZPLV0ndSyQk6Kacx2g/X+SKYovpnz3SMM= github.com/google/s2a-go v0.1.8/go.mod h1:6iNWHTpQ+nfNRN5E00MSdfDwVesa8hhS32PhPO8deJA= @@ -473,8 +473,6 @@ github.com/huandu/xstrings v1.5.0 h1:2ag3IFq9ZDANvthTwTiqSSZLjDc+BedvHPAp5tJy2TI github.com/huandu/xstrings v1.5.0/go.mod h1:y5/lhBue+AyNmUVz9RLU9xbLR0o4KIIExikq4ovT0aE= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= -github.com/imdario/mergo v0.3.16 h1:wwQJbIsHYGMUyLSPrEq1CT16AhnhNJQ51+4fdHUnCl4= -github.com/imdario/mergo v0.3.16/go.mod h1:WBLT9ZmE3lPoWsEzCh9LPo3TiwVN+ZKEjmz+hD27ysY= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= github.com/jmespath/go-jmespath v0.3.0/go.mod h1:9QtRXoHjLGCJ5IBSaohpXITPlowMeeYCZ7fLUTSywik= @@ -523,8 +521,8 @@ github.com/lestrrat-go/jwx/v2 v2.1.3 h1:Ud4lb2QuxRClYAmRleF50KrbKIoM1TddXgBrneT5 github.com/lestrrat-go/jwx/v2 v2.1.3/go.mod h1:q6uFgbgZfEmQrfJfrCo90QcQOcXFMfbI/fO0NqRtvZo= github.com/lestrrat-go/option v1.0.1 h1:oAzP2fvZGQKWkvHa1/SAcFolBEca1oN+mQ7eooNBEYU= github.com/lestrrat-go/option v1.0.1/go.mod h1:5ZHFbivi4xwXxhxY9XHDe2FHo6/Z7WWmtT7T5nBBp3I= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= +github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/mattn/go-colorable v0.1.9/go.mod h1:u6P/XSegPjTcexA+o6vUJrdnUu04hMope9wVRipJSqc= github.com/mattn/go-colorable v0.1.12/go.mod h1:u5H1YNBxpqRaxsYJYSkiCWKzEfiAb1Gb520KVy5xxl4= github.com/mattn/go-colorable v0.1.13 h1:fFA4WZxdEF4tXPZVKMLwD8oUnCTTo08duU7wxecdEvA= @@ -568,12 +566,12 @@ github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.34.2 h1:pNCwDkzrsv7MS9kpaQvVb1aVLahQXyJ/Tv5oAZMI3i8= -github.com/onsi/gomega v1.34.2/go.mod h1:v1xfxRgk0KIsG+QOdm7p8UosrOzPYRo60fd3B/1Dukc= +github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= +github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.79.0 h1:Tv9L1XTKWkdXtSViMbP+dA93WunquvW++/2s5pOvOgU= -github.com/oracle/oci-go-sdk/v65 v65.79.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.80.0 h1:Rr7QLMozd2DfDBKo6AB3DzLYQxAwuOG118+K5AAD5E8= +github.com/oracle/oci-go-sdk/v65 v65.80.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.1 h1:boNYHZmSnWl/3bKbUiaWgF/mELCtHfliGHzggf884GE= github.com/passbolt/go-passbolt v0.7.1/go.mod h1:if/jzzYYUjRtq/5h+l+J5Dka0f5dED67QM1lhpTx4pY= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -596,16 +594,16 @@ github.com/prometheus/common v0.61.0 h1:3gv/GThfX0cV2lpO7gkTUwZru38mxevy90Bj8YFS github.com/prometheus/common v0.61.0/go.mod h1:zr29OCN/2BsJRaFwG8QOBr41D6kkchKbpeNH7pAjb/s= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= -github.com/pulumi/esc-sdk/sdk v0.10.4 h1:YOR61Kcvcml6j6gfPWNQaPxIxMb5xMwYsdGgep+6PZQ= -github.com/pulumi/esc-sdk/sdk v0.10.4/go.mod h1:J6+8bCUJyLXvYOmTAc90/EhU1iUPr1Koo3NUnFzY78k= +github.com/pulumi/esc-sdk/sdk v0.10.5 h1:qahyiWNIklPcdK4XZqriMtGp4xUS7ODdCqRc+Lu5M3I= +github.com/pulumi/esc-sdk/sdk v0.10.5/go.mod h1:J6+8bCUJyLXvYOmTAc90/EhU1iUPr1Koo3NUnFzY78k= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a h1:2v4Ipjxa3sh+xn6GvtgrMub2ci4ZLQMvTaYIba2lfdc= github.com/r3labs/diff v0.0.0-20191120142937-b4ed99a31f5a/go.mod h1:ozniNEFS3j1qCwHKdvraMn1WJOsUxHd7lYfukEIS4cs= github.com/redis/go-redis/v9 v9.6.1 h1:HHDteefn6ZkTtY5fGUE8tj8uy85AHk6zP7CpzIAM0y4= github.com/redis/go-redis/v9 v9.6.1/go.mod h1:0C0c6ycQsdpVNQpxb1njEQIqkx5UcsM8FJCQLgE9+RA= github.com/rogpeppe/go-internal v1.3.0/go.mod h1:M8bDsm7K2OlrFYOpmOWEs/qY81heoFRclV5y23lUDJ4= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= -github.com/rogpeppe/go-internal v1.12.0 h1:exVL4IDcn6na9z1rAb56Vxr+CgyK3nn3O+epU5NdKM8= -github.com/rogpeppe/go-internal v1.12.0/go.mod h1:E+RYuTGaKKdloAfM02xzb0FW3Paa99yedzYV+kq4uf4= +github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= +github.com/rogpeppe/go-internal v1.13.1/go.mod h1:uMEvuHeurkdAXX61udpOXGD/AzZDWNMNyH2VO9fmH0o= github.com/russross/blackfriday/v2 v2.0.1/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= @@ -678,8 +676,6 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/xanzy/go-gitlab v0.114.0 h1:0wQr/KBckwrZPfEMjRqpUz0HmsKKON9UhCYv9KDy19M= -github.com/xanzy/go-gitlab v0.114.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/yandex-cloud/go-genproto v0.0.0-20241206133605-07e4a676108b h1:+xsB23dmxN3hBSGZLAiyLsUADnqr6ASOiZJmLd8++nk= github.com/yandex-cloud/go-genproto v0.0.0-20241206133605-07e4a676108b/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= github.com/yandex-cloud/go-sdk v0.0.0-20241206142255-6c3760d17eea h1:XvnMWpD249l3rhJjDWEAGOQmYZ3Rw0XjEwREDzm9wDs= @@ -694,6 +690,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zalando/go-keyring v0.2.6 h1:r7Yc3+H+Ux0+M72zacZoItR3UDxeWfKTcabvkI8ua9s= github.com/zalando/go-keyring v0.2.6/go.mod h1:2TCrxYrbUNYfNS/Kgy/LSrkSQzZ5UPVH85RwfczwvcI= +gitlab.com/gitlab-org/api/client-go v0.117.0 h1:HsbKxlTjVgfYmyCU+NRQk2G42RlMOKs6gF+/o0DL+TI= +gitlab.com/gitlab-org/api/client-go v0.117.0/go.mod h1:E+X2dndIYDuUfKVP0C3jhkWvTSE00BkLbCsXTY3edDo= go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM= go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -705,18 +703,22 @@ go.opencensus.io v0.22.5/go.mod h1:5pWMHQbX5EPX2/62yrJeAkowc+lfs/XD7Uxpq3pI6kk= go.opencensus.io v0.23.0/go.mod h1:XItmlyltB5F7CS4xOC1DcqMoFqwtC6OG2xF7mCv7P7E= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0 h1:qtFISDHKolvIxzSs0gIaiPUPR0Cucb0F2coHC7ZLdps= -go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.57.0/go.mod h1:Y+Pop1Q6hCOnETWTW4NROK/q1hv50hM7yDaUTjG8lp8= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0 h1:DheMAlT6POBP+gh8RUH19EOTnQIor5QE0uSRPtzCpSw= -go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.57.0/go.mod h1:wZcGmeVO9nzP67aYSLDqXNWK87EZWhi7JWj1v7ZXf94= -go.opentelemetry.io/otel v1.32.0 h1:WnBN+Xjcteh0zdk01SVqV55d/m62NJLJdIyb4y/WO5U= -go.opentelemetry.io/otel v1.32.0/go.mod h1:00DCVSB0RQcnzlwyTfqtxSm+DRr9hpYrHjNGiBHVQIg= -go.opentelemetry.io/otel/metric v1.32.0 h1:xV2umtmNcThh2/a/aCP+h64Xx5wsj8qqnkYZktzNa0M= -go.opentelemetry.io/otel/metric v1.32.0/go.mod h1:jH7CIbbK6SH2V2wE16W05BHCtIDzauciCRLoc/SyMv8= -go.opentelemetry.io/otel/sdk v1.29.0 h1:vkqKjk7gwhS8VaWb0POZKmIEDimRCMsopNYnriHyryo= -go.opentelemetry.io/otel/sdk v1.29.0/go.mod h1:pM8Dx5WKnvxLCb+8lG1PRNIDxu9g9b9g59Qr7hfAAok= -go.opentelemetry.io/otel/trace v1.32.0 h1:WIC9mYrXf8TmY/EXuULKc8hR17vE+Hjv2cssQDe03fM= -go.opentelemetry.io/otel/trace v1.32.0/go.mod h1:+i4rkvCraA+tG6AzwloGaCtkx53Fa+L+V8e9a7YvhT8= +go.opentelemetry.io/auto/sdk v1.1.0 h1:cH53jehLUN6UFLY71z+NDOiNJqDdPRaXzTel0sJySYA= +go.opentelemetry.io/auto/sdk v1.1.0/go.mod h1:3wSPjt5PWp2RhlCcmmOial7AvC4DQqZb7a7wCow3W8A= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0 h1:PS8wXpbyaDJQ2VDHHncMe9Vct0Zn1fEjpsjrLxGJoSc= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.58.0/go.mod h1:HDBUsEjOuRC0EzKZ1bSaRGZWUBAzo+MhAcUUORSr4D0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0 h1:yd02MEjBdJkG3uabWP9apV+OuWRIXGDuJEUJbOHmCFU= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.58.0/go.mod h1:umTcuxiv1n/s/S6/c2AT/g2CQ7u5C59sHDNmfSwgz7Q= +go.opentelemetry.io/otel v1.33.0 h1:/FerN9bax5LoK51X/sI0SVYrjSE0/yUL7DpxW4K3FWw= +go.opentelemetry.io/otel v1.33.0/go.mod h1:SUUkR6csvUQl+yjReHu5uM3EtVV7MBm5FHKRlNx4I8I= +go.opentelemetry.io/otel/metric v1.33.0 h1:r+JOocAyeRVXD8lZpjdQjzMadVZp2M4WmQ+5WtEnklQ= +go.opentelemetry.io/otel/metric v1.33.0/go.mod h1:L9+Fyctbp6HFTddIxClbQkjtubW6O9QS3Ann/M82u6M= +go.opentelemetry.io/otel/sdk v1.31.0 h1:xLY3abVHYZ5HSfOg3l2E5LUj2Cwva5Y7yGxnSW9H5Gk= +go.opentelemetry.io/otel/sdk v1.31.0/go.mod h1:TfRbMdhvxIIr/B2N2LQW2S5v9m3gOQ/08KsbbO5BPT0= +go.opentelemetry.io/otel/sdk/metric v1.31.0 h1:i9hxxLJF/9kkvfHppyLL55aW7iIJz4JjxTeYusH7zMc= +go.opentelemetry.io/otel/sdk/metric v1.31.0/go.mod h1:CRInTMVvNhUKgSAMbKyTMxqOBC0zgyxzW55lZzX43Y8= +go.opentelemetry.io/otel/trace v1.33.0 h1:cCJuF7LRjUFso9LPnEAHJDB2pqzp+hbO8eu1qqW2d/s= +go.opentelemetry.io/otel/trace v1.33.0/go.mod h1:uIcdVUZMpTAmz0tI1z04GoVSezK37CbGV4fr1f2nBck= go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE= go.uber.org/atomic v1.11.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.3.0 h1:2K3zAYmnTNqV73imy9J1T3WC+gmCePx2hEGkimedGto= @@ -757,8 +759,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d h1:0olWaB5pg3+oychR51GUVCEsGkeCU/2JxjBgIo4f3M0= -golang.org/x/exp v0.0.0-20241204233417-43b7b7cde48d/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= +golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e h1:4qufH0hlUYs6AO6XmZC3GqfDPGSXHVXUFR6OND+iJX4= +golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1049,8 +1051,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.210.0 h1:HMNffZ57OoZCRYSbdWVRoqOa8V8NIHLL0CzdBPLztWk= -google.golang.org/api v0.210.0/go.mod h1:B9XDZGnx2NtyjzVkOVTGrFSAVZgPcbedzKg/gTLwqBs= +google.golang.org/api v0.211.0 h1:IUpLjq09jxBSV1lACO33CGY3jsRcbctfGzhj+ZSE/Bg= +google.golang.org/api v0.211.0/go.mod h1:XOloB4MXFH4UTlQSGuNUxw0UT74qdENK8d6JNsXKLi0= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1098,12 +1100,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241206012308-a4fef0638583 h1:pjPnE7Rv3PAwHISLRJhA3HQTnM2uu5qcnroxTkRb5G8= -google.golang.org/genproto v0.0.0-20241206012308-a4fef0638583/go.mod h1:dW27OyXi0Ph+N43jeCWMFC86aTT5VgdeQtOSf0Hehdw= -google.golang.org/genproto/googleapis/api v0.0.0-20241206012308-a4fef0638583 h1:v+j+5gpj0FopU0KKLDGfDo9ZRRpKdi5UBrCP0f76kuY= -google.golang.org/genproto/googleapis/api v0.0.0-20241206012308-a4fef0638583/go.mod h1:jehYqy3+AhJU9ve55aNOaSml7wUXjF9x6z2LcCfpAhY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583 h1:IfdSdTcLFy4lqUQrQJLkLt1PB+AsqVz6lwkWPzWEz10= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241206012308-a4fef0638583/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576 h1:k48HcZ4FE6in0o8IflZCkc1lTc2u37nhGd8P+fo4r24= +google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576/go.mod h1:DV2u3tCn/AcVjjmGYZKt6HyvY4w4y3ipAdHkMbe/0i4= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= +google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1123,8 +1125,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.68.1 h1:oI5oTa11+ng8r8XMMN7jAOmWfPZWbYpCFaMUTACxkM0= -google.golang.org/grpc v1.68.1/go.mod h1:+q1XYFJjShcqn0QZHvCyeR4CXPA+llXIeUIfIe00waw= +google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= +google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -1138,8 +1140,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.35.2 h1:8Ar7bF+apOIoThw1EdZl0p1oWvMqTHmpA2fRTyZO8io= -google.golang.org/protobuf v1.35.2/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= +google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1175,14 +1177,14 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg= honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= -k8s.io/api v0.31.3 h1:umzm5o8lFbdN/hIXbrK9oRpOproJO62CV1zqxXrLgk8= -k8s.io/api v0.31.3/go.mod h1:UJrkIp9pnMOI9K2nlL6vwpxRzzEX5sWgn8kGQe92kCE= -k8s.io/apiextensions-apiserver v0.31.3 h1:+GFGj2qFiU7rGCsA5o+p/rul1OQIq6oYpQw4+u+nciE= -k8s.io/apiextensions-apiserver v0.31.3/go.mod h1:2DSpFhUZZJmn/cr/RweH1cEVVbzFw9YBu4T+U3mf1e4= -k8s.io/apimachinery v0.31.3 h1:6l0WhcYgasZ/wk9ktLq5vLaoXJJr5ts6lkaQzgeYPq4= -k8s.io/apimachinery v0.31.3/go.mod h1:rsPdaZJfTfLsNJSQzNHQvYoTmxhoOEofxtOsF3rtsMo= -k8s.io/client-go v0.31.3 h1:CAlZuM+PH2cm+86LOBemaJI/lQ5linJ6UFxKX/SoG+4= -k8s.io/client-go v0.31.3/go.mod h1:2CgjPUTpv3fE5dNygAr2NcM8nhHzXvxB8KL5gYc3kJs= +k8s.io/api v0.32.0 h1:OL9JpbvAU5ny9ga2fb24X8H6xQlVp+aJMFlgtQjR9CE= +k8s.io/api v0.32.0/go.mod h1:4LEwHZEf6Q/cG96F3dqR965sYOfmPM7rq81BLgsE0p0= +k8s.io/apiextensions-apiserver v0.32.0 h1:S0Xlqt51qzzqjKPxfgX1xh4HBZE+p8KKBq+k2SWNOE0= +k8s.io/apiextensions-apiserver v0.32.0/go.mod h1:86hblMvN5yxMvZrZFX2OhIHAuFIMJIZ19bTvzkP+Fmw= +k8s.io/apimachinery v0.32.0 h1:cFSE7N3rmEEtv4ei5X6DaJPHHX0C+upp+v5lVPiEwpg= +k8s.io/apimachinery v0.32.0/go.mod h1:GpHVgxoKlTxClKcteaeuF1Ul/lDVb74KpZcxcmLDElE= +k8s.io/client-go v0.32.0 h1:DimtMcnN/JIKZcrSrstiwvvZvLjG0aSxy8PxN8IChp8= +k8s.io/client-go v0.32.0/go.mod h1:boDWvdM1Drk4NJj/VddSLnx59X3OPgwrOo0vGbtq9+8= k8s.io/gengo v0.0.0-20201203183100-97869a43a9d9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/gengo v0.0.0-20240911193312-2b36238f13e9 h1:B0l8GxRsVc/tP/uCLBQdAjf2nBARx6u/r2OGuL/CyXQ= k8s.io/gengo v0.0.0-20240911193312-2b36238f13e9/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= @@ -1192,10 +1194,10 @@ k8s.io/klog v1.0.0/go.mod h1:4Bi6QPql/J/LkTDqv7R/cd3hPo4k2DG6Ptcz060Ez5I= k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f h1:nLHvOvs1CZ+FAEwR4EqLeRLfbtWQNlIu5g393Hq/1UM= -k8s.io/kube-openapi v0.0.0-20241127205056-99599406b04f/go.mod h1:iZjdMQzunI7O/sUrf/5WRX1gvaAIam32lKx9+paoLbU= -k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078 h1:jGnCPejIetjiy2gqaJ5V0NLwTpF4wbQ6cZIItJCSHno= -k8s.io/utils v0.0.0-20241104163129-6fe5fd82f078/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 h1:hcha5B1kVACrLujCKLbr8XWMxCxzQx42DY8QKYJrDLg= +k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7/go.mod h1:GewRfANuJ70iYzvn+i4lezLDAFzvjxZYK1gn1lWcfas= +k8s.io/utils v0.0.0-20241210054802-24370beab758 h1:sdbE21q2nlQtFh65saZY+rRM6x6aJJI8IUa1AmH/qa0= +k8s.io/utils v0.0.0-20241210054802-24370beab758/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= @@ -1205,8 +1207,8 @@ sigs.k8s.io/controller-tools v0.16.5 h1:5k9FNRqziBPwqr17AMEPPV/En39ZBplLAdOwwQHr sigs.k8s.io/controller-tools v0.16.5/go.mod h1:8vztuRVzs8IuuJqKqbXCSlXcw+lkAv/M2sTpg55qjMY= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= -sigs.k8s.io/structured-merge-diff/v4 v4.4.3 h1:sCP7Vv3xx/CWIuTPVN38lUPx0uw0lcLfzaiDa8Ja01A= -sigs.k8s.io/structured-merge-diff/v4 v4.4.3/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= +sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk= +sigs.k8s.io/structured-merge-diff/v4 v4.5.0/go.mod h1:N8f93tFZh9U6vpxwRArLiikrE5/2tiu1w1AGfACIGE4= sigs.k8s.io/yaml v1.2.0/go.mod h1:yfXDCHCao9+ENCvLSE62v9VSji2MKu5jeNfTrofGhJc= sigs.k8s.io/yaml v1.4.0 h1:Mk1wCc2gy/F0THH0TAp1QYyJNzRm2KCLy3o5ASXVI5E= sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY= diff --git a/pkg/provider/gitlab/fake/fake.go b/pkg/provider/gitlab/fake/fake.go index 41817cc41d2..22c6b0ebc80 100644 --- a/pkg/provider/gitlab/fake/fake.go +++ b/pkg/provider/gitlab/fake/fake.go @@ -17,7 +17,7 @@ package fake import ( "net/http" - "github.com/xanzy/go-gitlab" + gitlab "gitlab.com/gitlab-org/api/client-go" ) type APIResponse[O any] struct { diff --git a/pkg/provider/gitlab/gitlab.go b/pkg/provider/gitlab/gitlab.go index 272fa39c95e..921a2d3891e 100644 --- a/pkg/provider/gitlab/gitlab.go +++ b/pkg/provider/gitlab/gitlab.go @@ -25,7 +25,7 @@ import ( "strings" "github.com/tidwall/gjson" - "github.com/xanzy/go-gitlab" + gitlab "gitlab.com/gitlab-org/api/client-go" corev1 "k8s.io/api/core/v1" ctrl "sigs.k8s.io/controller-runtime" diff --git a/pkg/provider/gitlab/gitlab_test.go b/pkg/provider/gitlab/gitlab_test.go index 04a5e7921f5..4334a90f1ae 100644 --- a/pkg/provider/gitlab/gitlab_test.go +++ b/pkg/provider/gitlab/gitlab_test.go @@ -26,8 +26,8 @@ import ( "github.com/google/uuid" tassert "github.com/stretchr/testify/assert" - "github.com/xanzy/go-gitlab" "github.com/yandex-cloud/go-sdk/iamkey" + gitlab "gitlab.com/gitlab-org/api/client-go" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" k8sclient "sigs.k8s.io/controller-runtime/pkg/client" diff --git a/pkg/provider/gitlab/provider.go b/pkg/provider/gitlab/provider.go index fe06b22f38c..c147a00a444 100644 --- a/pkg/provider/gitlab/provider.go +++ b/pkg/provider/gitlab/provider.go @@ -18,7 +18,7 @@ import ( "context" "errors" - "github.com/xanzy/go-gitlab" + gitlab "gitlab.com/gitlab-org/api/client-go" kclient "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" From 4c6371d035c11f2686a8d0369fab653d9302b9b7 Mon Sep 17 00:00:00 2001 From: Paul McEnery Date: Thu, 19 Dec 2024 11:09:22 +0000 Subject: [PATCH 485/517] Add AWS ECR Public authorization token support (#4229) * Add AWS ECR Public authorization token support Signed-off-by: Paul McEnery * Update pkg/generator/ecr/ecr.go Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Signed-off-by: Paul McEnery * feat: Update helm workflow setup-python version Update from version 3.7 to 3.11 Signed-off-by: Paul McEnery --------- Signed-off-by: Paul McEnery Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/helm.yml | 2 +- apis/generators/v1alpha1/types_ecr.go | 5 ++ ...external-secrets.io_clustergenerators.yaml | 5 ++ ...nal-secrets.io_ecrauthorizationtokens.yaml | 5 ++ deploy/crds/bundle.yaml | 10 +++ pkg/generator/ecr/ecr.go | 62 +++++++++++++--- pkg/generator/ecr/ecr_test.go | 70 +++++++++++++++---- 7 files changed, 136 insertions(+), 23 deletions(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index e135f9bb238..3ace5744342 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -36,7 +36,7 @@ jobs: - uses: actions/setup-python@0b93645e9fea7318ecaed2b359559ac225c90a2b # v5.3.0 with: - python-version: 3.7 + python-version: 3.11 - name: Set up chart-testing uses: helm/chart-testing-action@e6669bcd63d7cb57cb4380c33043eebe5d111992 # v2.6.1 diff --git a/apis/generators/v1alpha1/types_ecr.go b/apis/generators/v1alpha1/types_ecr.go index b66a7f3b254..19e124b8683 100644 --- a/apis/generators/v1alpha1/types_ecr.go +++ b/apis/generators/v1alpha1/types_ecr.go @@ -32,6 +32,11 @@ type ECRAuthorizationTokenSpec struct { // desired AWS service. // +optional Role string `json:"role,omitempty"` + + // Scope specifies the ECR service scope. + // Valid options are private and public. + // +optional + Scope string `json:"scope,omitempty"` } // AWSAuth tells the controller how to do authentication with aws. diff --git a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml index a4bf5a1a5cf..c5bcaa0fa25 100644 --- a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml +++ b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml @@ -348,6 +348,11 @@ spec: You can assume a role before making calls to the desired AWS service. type: string + scope: + description: |- + Scope specifies the ECR service scope. + Valid options are private and public. + type: string required: - region type: object diff --git a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml index 292bee76447..9d10f672c98 100644 --- a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml @@ -183,6 +183,11 @@ spec: You can assume a role before making calls to the desired AWS service. type: string + scope: + description: |- + Scope specifies the ECR service scope. + Valid options are private and public. + type: string required: - region type: object diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 85d24bc2b17..68f23335830 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -14170,6 +14170,11 @@ spec: You can assume a role before making calls to the desired AWS service. type: string + scope: + description: |- + Scope specifies the ECR service scope. + Valid options are private and public. + type: string required: - region type: object @@ -15652,6 +15657,11 @@ spec: You can assume a role before making calls to the desired AWS service. type: string + scope: + description: |- + Scope specifies the ECR service scope. + Valid options are private and public. + type: string required: - region type: object diff --git a/pkg/generator/ecr/ecr.go b/pkg/generator/ecr/ecr.go index 257ea4bafc7..578b492d33d 100644 --- a/pkg/generator/ecr/ecr.go +++ b/pkg/generator/ecr/ecr.go @@ -25,6 +25,8 @@ import ( "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/ecr" "github.com/aws/aws-sdk-go/service/ecr/ecriface" + "github.com/aws/aws-sdk-go/service/ecrpublic" + "github.com/aws/aws-sdk-go/service/ecrpublic/ecrpubliciface" apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/yaml" @@ -37,14 +39,15 @@ import ( type Generator struct{} const ( - errNoSpec = "no config spec provided" - errParseSpec = "unable to parse spec: %w" - errCreateSess = "unable to create aws session: %w" - errGetToken = "unable to get authorization token: %w" + errNoSpec = "no config spec provided" + errParseSpec = "unable to parse spec: %w" + errCreateSess = "unable to create aws session: %w" + errGetPrivateToken = "unable to get authorization token: %w" + errGetPublicToken = "unable to get public authorization token: %w" ) func (g *Generator) Generate(ctx context.Context, jsonSpec *apiextensions.JSON, kube client.Client, namespace string) (map[string][]byte, error) { - return g.generate(ctx, jsonSpec, kube, namespace, ecrFactory) + return g.generate(ctx, jsonSpec, kube, namespace, ecrPrivateFactory, ecrPublicFactory) } func (g *Generator) generate( @@ -52,7 +55,8 @@ func (g *Generator) generate( jsonSpec *apiextensions.JSON, kube client.Client, namespace string, - ecrFunc ecrFactoryFunc, + ecrPrivateFunc ecrPrivateFactoryFunc, + ecrPublicFunc ecrPublicFactoryFunc, ) (map[string][]byte, error) { if jsonSpec == nil { return nil, errors.New(errNoSpec) @@ -76,10 +80,19 @@ func (g *Generator) generate( if err != nil { return nil, fmt.Errorf(errCreateSess, err) } - client := ecrFunc(sess) + + if res.Spec.Scope == "public" { + return fetchECRPublicToken(sess, ecrPublicFunc) + } + + return fetchECRPrivateToken(sess, ecrPrivateFunc) +} + +func fetchECRPrivateToken(sess *session.Session, ecrPrivateFunc ecrPrivateFactoryFunc) (map[string][]byte, error) { + client := ecrPrivateFunc(sess) out, err := client.GetAuthorizationToken(&ecr.GetAuthorizationTokenInput{}) if err != nil { - return nil, fmt.Errorf(errGetToken, err) + return nil, fmt.Errorf(errGetPrivateToken, err) } if len(out.AuthorizationData) != 1 { return nil, fmt.Errorf("unexpected number of authorization tokens. expected 1, found %d", len(out.AuthorizationData)) @@ -104,12 +117,41 @@ func (g *Generator) generate( }, nil } -type ecrFactoryFunc func(aws *session.Session) ecriface.ECRAPI +func fetchECRPublicToken(sess *session.Session, ecrPublicFunc ecrPublicFactoryFunc) (map[string][]byte, error) { + client := ecrPublicFunc(sess) + out, err := client.GetAuthorizationToken(&ecrpublic.GetAuthorizationTokenInput{}) + if err != nil { + return nil, fmt.Errorf(errGetPublicToken, err) + } + + decodedToken, err := base64.StdEncoding.DecodeString(*out.AuthorizationData.AuthorizationToken) + if err != nil { + return nil, err + } + parts := strings.Split(string(decodedToken), ":") + if len(parts) != 2 { + return nil, errors.New("unexpected token format") + } + + exp := out.AuthorizationData.ExpiresAt.UTC().Unix() + return map[string][]byte{ + "username": []byte(parts[0]), + "password": []byte(parts[1]), + "expires_at": []byte(strconv.FormatInt(exp, 10)), + }, nil +} + +type ecrPrivateFactoryFunc func(aws *session.Session) ecriface.ECRAPI +type ecrPublicFactoryFunc func(aws *session.Session) ecrpubliciface.ECRPublicAPI -func ecrFactory(aws *session.Session) ecriface.ECRAPI { +func ecrPrivateFactory(aws *session.Session) ecriface.ECRAPI { return ecr.New(aws) } +func ecrPublicFactory(aws *session.Session) ecrpubliciface.ECRPublicAPI { + return ecrpublic.New(aws) +} + func parseSpec(data []byte) (*genv1alpha1.ECRAuthorizationToken, error) { var spec genv1alpha1.ECRAuthorizationToken err := yaml.Unmarshal(data, &spec) diff --git a/pkg/generator/ecr/ecr_test.go b/pkg/generator/ecr/ecr_test.go index e16d7553bdd..1c9714db201 100644 --- a/pkg/generator/ecr/ecr_test.go +++ b/pkg/generator/ecr/ecr_test.go @@ -25,6 +25,8 @@ import ( "github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/service/ecr" "github.com/aws/aws-sdk-go/service/ecr/ecriface" + "github.com/aws/aws-sdk-go/service/ecrpublic" + "github.com/aws/aws-sdk-go/service/ecrpublic/ecrpubliciface" v1 "k8s.io/api/core/v1" apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -35,11 +37,12 @@ import ( func TestGenerate(t *testing.T) { type args struct { - ctx context.Context - jsonSpec *apiextensions.JSON - kube client.Client - namespace string - authTokenFunc func(*ecr.GetAuthorizationTokenInput) (*ecr.GetAuthorizationTokenOutput, error) + ctx context.Context + jsonSpec *apiextensions.JSON + kube client.Client + namespace string + authTokenPrivateFunc func(*ecr.GetAuthorizationTokenInput) (*ecr.GetAuthorizationTokenOutput, error) + authTokenPublicFunc func(*ecrpublic.GetAuthorizationTokenInput) (*ecrpublic.GetAuthorizationTokenOutput, error) } tests := []struct { name string @@ -58,7 +61,7 @@ func TestGenerate(t *testing.T) { { name: "invalid json", args: args{ - authTokenFunc: func(gati *ecr.GetAuthorizationTokenInput) (*ecr.GetAuthorizationTokenOutput, error) { + authTokenPrivateFunc: func(gati *ecr.GetAuthorizationTokenInput) (*ecr.GetAuthorizationTokenOutput, error) { return nil, errors.New("boom") }, jsonSpec: &apiextensions.JSON{ @@ -68,7 +71,7 @@ func TestGenerate(t *testing.T) { wantErr: true, }, { - name: "full spec", + name: "private ECR full spec", args: args{ namespace: "foobar", kube: clientfake.NewClientBuilder().WithObjects(&v1.Secret{ @@ -81,7 +84,7 @@ func TestGenerate(t *testing.T) { "access-secret": []byte("bar"), }, }).Build(), - authTokenFunc: func(in *ecr.GetAuthorizationTokenInput) (*ecr.GetAuthorizationTokenOutput, error) { + authTokenPrivateFunc: func(in *ecr.GetAuthorizationTokenInput) (*ecr.GetAuthorizationTokenOutput, error) { t := time.Unix(1234, 0) return &ecr.GetAuthorizationTokenOutput{ AuthorizationData: []*ecr.AuthorizationData{ @@ -99,6 +102,7 @@ kind: ECRAuthorizationToken spec: region: eu-west-1 role: "my-role" + scope: private auth: secretRef: accessKeyIDSecretRef: @@ -116,6 +120,34 @@ spec: "expires_at": []byte("1234"), }, }, + { + name: "public ECR full spec", + args: args{ + namespace: "foobar", + authTokenPublicFunc: func(in *ecrpublic.GetAuthorizationTokenInput) (*ecrpublic.GetAuthorizationTokenOutput, error) { + t := time.Unix(5678, 0) + return &ecrpublic.GetAuthorizationTokenOutput{ + AuthorizationData: &ecrpublic.AuthorizationData{ + AuthorizationToken: utilpointer.To(base64.StdEncoding.EncodeToString([]byte("pubuser:pubpass"))), + ExpiresAt: &t, + }, + }, nil + }, + jsonSpec: &apiextensions.JSON{ + Raw: []byte(`apiVersion: generators.external-secrets.io/v1alpha1 +kind: ECRAuthorizationToken +spec: + region: us-east-1 + role: "my-role" + scope: public`), + }, + }, + want: map[string][]byte{ + "username": []byte("pubuser"), + "password": []byte("pubpass"), + "expires_at": []byte("5678"), + }, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { @@ -126,8 +158,13 @@ spec: tt.args.kube, tt.args.namespace, func(aws *session.Session) ecriface.ECRAPI { - return &FakeECR{ - authTokenFunc: tt.args.authTokenFunc, + return &FakeECRPrivate{ + authTokenFunc: tt.args.authTokenPrivateFunc, + } + }, + func(aws *session.Session) ecrpubliciface.ECRPublicAPI { + return &FakeECRPublic{ + authTokenFunc: tt.args.authTokenPublicFunc, } }, ) @@ -142,11 +179,20 @@ spec: } } -type FakeECR struct { +type FakeECRPrivate struct { ecriface.ECRAPI authTokenFunc func(*ecr.GetAuthorizationTokenInput) (*ecr.GetAuthorizationTokenOutput, error) } -func (e *FakeECR) GetAuthorizationToken(in *ecr.GetAuthorizationTokenInput) (*ecr.GetAuthorizationTokenOutput, error) { +func (e *FakeECRPrivate) GetAuthorizationToken(in *ecr.GetAuthorizationTokenInput) (*ecr.GetAuthorizationTokenOutput, error) { + return e.authTokenFunc(in) +} + +type FakeECRPublic struct { + ecrpubliciface.ECRPublicAPI + authTokenFunc func(*ecrpublic.GetAuthorizationTokenInput) (*ecrpublic.GetAuthorizationTokenOutput, error) +} + +func (e *FakeECRPublic) GetAuthorizationToken(in *ecrpublic.GetAuthorizationTokenInput) (*ecrpublic.GetAuthorizationTokenOutput, error) { return e.authTokenFunc(in) } From b7d309424dc26e1ab53ef8a0687bba0d495d62cf Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Thu, 19 Dec 2024 14:06:03 +0100 Subject: [PATCH 486/517] fix: typo in the ecrAuthorizationTokenSpec json tag (#4212) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- apis/generators/v1alpha1/types_cluster.go | 2 +- .../bases/generators.external-secrets.io_clustergenerators.yaml | 2 +- deploy/crds/bundle.yaml | 2 +- docs/guides/generator.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/apis/generators/v1alpha1/types_cluster.go b/apis/generators/v1alpha1/types_cluster.go index 04928580c74..b1f6a724fb9 100644 --- a/apis/generators/v1alpha1/types_cluster.go +++ b/apis/generators/v1alpha1/types_cluster.go @@ -47,7 +47,7 @@ const ( // +kubebuilder:validation:MinProperties=1 type GeneratorSpec struct { ACRAccessTokenSpec *ACRAccessTokenSpec `json:"acrAccessTokenSpec,omitempty"` - ECRAuthorizationTokenSpec *ECRAuthorizationTokenSpec `json:"ecrRAuthorizationTokenSpec,omitempty"` + ECRAuthorizationTokenSpec *ECRAuthorizationTokenSpec `json:"ecrAuthorizationTokenSpec,omitempty"` FakeSpec *FakeSpec `json:"fakeSpec,omitempty"` GCRAccessTokenSpec *GCRAccessTokenSpec `json:"gcrAccessTokenSpec,omitempty"` GithubAccessTokenSpec *GithubAccessTokenSpec `json:"githubAccessTokenSpec,omitempty"` diff --git a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml index c5bcaa0fa25..00712429e28 100644 --- a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml +++ b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml @@ -210,7 +210,7 @@ spec: - auth - registry type: object - ecrRAuthorizationTokenSpec: + ecrAuthorizationTokenSpec: properties: auth: description: Auth defines how to authenticate with AWS diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 68f23335830..5a749380f1d 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -14037,7 +14037,7 @@ spec: - auth - registry type: object - ecrRAuthorizationTokenSpec: + ecrAuthorizationTokenSpec: properties: auth: description: Auth defines how to authenticate with AWS diff --git a/docs/guides/generator.md b/docs/guides/generator.md index 90d775894cf..398df4c19e8 100644 --- a/docs/guides/generator.md +++ b/docs/guides/generator.md @@ -56,7 +56,7 @@ exactly. The following Spec fields are available: ```go type GeneratorSpec struct { ACRAccessTokenSpec *ACRAccessTokenSpec `json:"acrAccessTokenSpec,omitempty"` - ECRAuthorizationTokenSpec *ECRAuthorizationTokenSpec `json:"ecrRAuthorizationTokenSpec,omitempty"` + ECRAuthorizationTokenSpec *ECRAuthorizationTokenSpec `json:"ecrAuthorizationTokenSpec,omitempty"` FakeSpec *FakeSpec `json:"fakeSpec,omitempty"` GCRAccessTokenSpec *GCRAccessTokenSpec `json:"gcrAccessTokenSpec,omitempty"` GithubAccessTokenSpec *GithubAccessTokenSpec `json:"githubAccessTokenSpec,omitempty"` From 05a1814b1be1dddbbf863b1a5e7c3a3f82b02d62 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Fri, 20 Dec 2024 10:31:27 +0100 Subject: [PATCH 487/517] feat: fix a bunch of Sonar issues (#4208) * feat: fix a bunch of Sonar issues Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix build issues and correct two more sonarcloud issues Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix the unit test and the bitwarden refactor and use an index in the loop Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * added even more changes and refactors Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * refactor fetchSecretData Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix the test typo Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix dockerfile and increase python version Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- Dockerfile.ubi | 9 +- .../externalsecret_conversion_test.go | 11 +- .../v1beta1/externalsecret_validator.go | 61 +++++++-- .../v1beta1/externalsecret_validator_test.go | 10 +- cmd/certcontroller.go | 18 ++- .../templates/deployment.yaml | 2 +- e2e/Dockerfile | 2 +- e2e/framework/addon/conjur.go | 3 +- e2e/framework/addon/eso.go | 11 +- e2e/suites/provider/cases/aws/common.go | 56 ++++---- .../cases/aws/parameterstore/provider.go | 4 +- .../cases/aws/secretsmanager/provider.go | 19 ++- hack/api-docs/Dockerfile | 16 +-- overrides/main.html | 2 +- .../clusterexternalsecret_controller.go | 84 ++++++++---- .../clusterexternalsecret_controller_test.go | 49 ++++--- pkg/controllers/crds/crds_controller.go | 20 ++- pkg/controllers/crds/suite_test.go | 10 +- .../externalsecret_controller_test.go | 45 ++++--- .../pushsecret/pushsecret_controller.go | 24 ++-- .../pushsecret/pushsecret_controller_test.go | 15 +-- .../clustersecretstore_controller.go | 7 +- pkg/controllers/secretstore/common.go | 22 ++-- .../secretstore/secretstore_controller.go | 7 +- pkg/controllers/webhookconfig/suite_test.go | 8 +- .../webhookconfig/webhookconfig.go | 22 ++-- pkg/generator/vault/vault.go | 45 ++++--- pkg/provider/akeyless/akeyless.go | 70 +++++----- pkg/provider/akeyless/akeyless_api.go | 57 ++++---- pkg/provider/akeyless/akeyless_test.go | 6 +- .../aws/parameterstore/parameterstore.go | 81 ++++++------ .../aws/secretsmanager/secretsmanager.go | 100 +++++++------- .../aws/secretsmanager/secretsmanager_test.go | 13 +- pkg/provider/azure/keyvault/keyvault.go | 13 +- pkg/provider/azure/keyvault/keyvault_test.go | 99 +++++++------- pkg/provider/bitwarden/bitwarden_sdk.go | 10 +- pkg/provider/bitwarden/bitwarden_sdk_test.go | 2 +- pkg/provider/bitwarden/client.go | 66 ++++++---- pkg/provider/bitwarden/client_test.go | 118 +++++++++-------- pkg/provider/gcp/secretmanager/client.go | 20 +-- pkg/provider/gcp/secretmanager/client_test.go | 57 ++++---- pkg/provider/gitlab/gitlab.go | 123 +++++++++++------- pkg/provider/gitlab/provider.go | 23 ++++ pkg/provider/ibm/provider.go | 45 +++---- pkg/provider/ibm/provider_test.go | 14 +- pkg/provider/kubernetes/auth_test.go | 21 +-- pkg/provider/oracle/oracle.go | 117 +++++++++++------ pkg/provider/oracle/oracle_test.go | 2 +- pkg/provider/passbolt/passbolt_test.go | 29 +++-- pkg/provider/vault/auth.go | 5 +- pkg/provider/vault/fake/vault.go | 10 +- tilt.debug.dockerfile | 4 +- 52 files changed, 988 insertions(+), 699 deletions(-) diff --git a/Dockerfile.ubi b/Dockerfile.ubi index aa3472cc056..0b03f1a5b83 100644 --- a/Dockerfile.ubi +++ b/Dockerfile.ubi @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi8/ubi as minimal-ubi +FROM registry.redhat.io/ubi8/ubi@sha256:17b8ee77f5c03bedf40bfe23557d35f2c2f67be11b78a8a7a6aec0db4d818a25 AS minimal-ubi ARG TARGETOS ARG TARGETARCH @@ -16,10 +16,7 @@ COPY ubi-build-files-${TARGETARCH}.txt /tmp # Copy all the required files from the base UBI image into the image directory # As the go binary is not statically compiled this includes everything needed for CGO to work, cacerts, tzdata and RH release files RUN tar cf /tmp/files.tar -T /tmp/ubi-build-files-${TARGETARCH}.txt && tar xf /tmp/files.tar -C /image/ \ - && strip --strip-unneeded /image/usr/lib64/*[0-9].so - -# Generate a rpm database which contains all the packages that you said were needed in ubi-build-files-*.txt -RUN rpm --root /image --initdb \ + && strip --strip-unneeded /image/usr/lib64/*[0-9].so && rpm --root /image --initdb \ && PACKAGES=$(rpm -qf $(cat /tmp/ubi-build-files-${TARGETARCH}.txt) | grep -v "is not owned by any package" | sort -u) \ && echo dnf install -y 'dnf-command(download)' \ && dnf download --destdir / ${PACKAGES} \ @@ -32,4 +29,4 @@ USER 65534 ARG TARGETOS ARG TARGETARCH COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets -ENTRYPOINT ["/bin/external-secrets"] \ No newline at end of file +ENTRYPOINT ["/bin/external-secrets"] diff --git a/apis/externalsecrets/v1alpha1/externalsecret_conversion_test.go b/apis/externalsecrets/v1alpha1/externalsecret_conversion_test.go index 67af85f99e8..4dccc21ba11 100644 --- a/apis/externalsecrets/v1alpha1/externalsecret_conversion_test.go +++ b/apis/externalsecrets/v1alpha1/externalsecret_conversion_test.go @@ -25,7 +25,8 @@ import ( ) const ( - keyName = "my-key" + keyName = "my-key" + testTarget = "test-target" ) func newExternalSecretV1Alpha1() *ExternalSecret { @@ -45,7 +46,7 @@ func newExternalSecretV1Alpha1() *ExternalSecret { }, }, Binding: corev1.LocalObjectReference{ - Name: "test-target", + Name: testTarget, }, }, Spec: ExternalSecretSpec{ @@ -54,7 +55,7 @@ func newExternalSecretV1Alpha1() *ExternalSecret { Kind: "ClusterSecretStore", }, Target: ExternalSecretTarget{ - Name: "test-target", + Name: testTarget, CreationPolicy: Owner, Immutable: false, Template: &ExternalSecretTemplate{ @@ -130,7 +131,7 @@ func newExternalSecretV1Beta1() *esv1beta1.ExternalSecret { }, }, Binding: corev1.LocalObjectReference{ - Name: "test-target", + Name: testTarget, }, }, Spec: esv1beta1.ExternalSecretSpec{ @@ -139,7 +140,7 @@ func newExternalSecretV1Beta1() *esv1beta1.ExternalSecret { Kind: "ClusterSecretStore", }, Target: esv1beta1.ExternalSecretTarget{ - Name: "test-target", + Name: testTarget, CreationPolicy: esv1beta1.CreatePolicyOwner, Immutable: false, Template: &esv1beta1.ExternalSecretTemplate{ diff --git a/apis/externalsecrets/v1beta1/externalsecret_validator.go b/apis/externalsecrets/v1beta1/externalsecret_validator.go index 073ff361f05..c92e848e0f2 100644 --- a/apis/externalsecrets/v1beta1/externalsecret_validator.go +++ b/apis/externalsecrets/v1beta1/externalsecret_validator.go @@ -44,13 +44,8 @@ func validateExternalSecret(obj runtime.Object) (admission.Warnings, error) { } var errs error - if (es.Spec.Target.DeletionPolicy == DeletionPolicyDelete && es.Spec.Target.CreationPolicy == CreatePolicyMerge) || - (es.Spec.Target.DeletionPolicy == DeletionPolicyDelete && es.Spec.Target.CreationPolicy == CreatePolicyNone) { - errs = errors.Join(errs, errors.New("deletionPolicy=Delete must not be used when the controller doesn't own the secret. Please set creationPolicy=Owner")) - } - - if es.Spec.Target.DeletionPolicy == DeletionPolicyMerge && es.Spec.Target.CreationPolicy == CreatePolicyNone { - errs = errors.Join(errs, errors.New("deletionPolicy=Merge must not be used with creationPolicy=None. There is no Secret to merge with")) + if err := validatePolicies(es); err != nil { + errs = errors.Join(errs, err) } if len(es.Spec.Data) == 0 && len(es.Spec.DataFrom) == 0 { @@ -58,17 +53,16 @@ func validateExternalSecret(obj runtime.Object) (admission.Warnings, error) { } for _, ref := range es.Spec.DataFrom { - generatorRef := ref.SourceRef != nil && ref.SourceRef.GeneratorRef != nil - if (ref.Find != nil && (ref.Extract != nil || generatorRef)) || (ref.Extract != nil && (ref.Find != nil || generatorRef)) || (generatorRef && (ref.Find != nil || ref.Extract != nil)) { - errs = errors.Join(errs, errors.New("extract, find, or generatorRef cannot be set at the same time")) + if err := validateExtractFindGenerator(ref); err != nil { + errs = errors.Join(errs, err) } - if ref.Find == nil && ref.Extract == nil && ref.SourceRef == nil { - errs = errors.Join(errs, errors.New("either extract, find, or sourceRef must be set to dataFrom")) + if err := validateFindExtractSourceRef(ref); err != nil { + errs = errors.Join(errs, err) } - if ref.SourceRef != nil && ref.SourceRef.GeneratorRef == nil && ref.SourceRef.SecretStoreRef == nil { - errs = errors.Join(errs, errors.New("generatorRef or storeRef must be set when using sourceRef in dataFrom")) + if err := validateSourceRef(ref); err != nil { + errs = errors.Join(errs, err) } } @@ -76,6 +70,45 @@ func validateExternalSecret(obj runtime.Object) (admission.Warnings, error) { return nil, errs } +func validateSourceRef(ref ExternalSecretDataFromRemoteRef) error { + if ref.SourceRef != nil && ref.SourceRef.GeneratorRef == nil && ref.SourceRef.SecretStoreRef == nil { + return errors.New("generatorRef or storeRef must be set when using sourceRef in dataFrom") + } + + return nil +} + +func validateFindExtractSourceRef(ref ExternalSecretDataFromRemoteRef) error { + if ref.Find == nil && ref.Extract == nil && ref.SourceRef == nil { + return errors.New("either extract, find, or sourceRef must be set to dataFrom") + } + + return nil +} + +func validateExtractFindGenerator(ref ExternalSecretDataFromRemoteRef) error { + generatorRef := ref.SourceRef != nil && ref.SourceRef.GeneratorRef != nil + if (ref.Find != nil && (ref.Extract != nil || generatorRef)) || (ref.Extract != nil && (ref.Find != nil || generatorRef)) || (generatorRef && (ref.Find != nil || ref.Extract != nil)) { + return errors.New("extract, find, or generatorRef cannot be set at the same time") + } + + return nil +} + +func validatePolicies(es *ExternalSecret) error { + var errs error + if (es.Spec.Target.DeletionPolicy == DeletionPolicyDelete && es.Spec.Target.CreationPolicy == CreatePolicyMerge) || + (es.Spec.Target.DeletionPolicy == DeletionPolicyDelete && es.Spec.Target.CreationPolicy == CreatePolicyNone) { + errs = errors.Join(errs, errors.New("deletionPolicy=Delete must not be used when the controller doesn't own the secret. Please set creationPolicy=Owner")) + } + + if es.Spec.Target.DeletionPolicy == DeletionPolicyMerge && es.Spec.Target.CreationPolicy == CreatePolicyNone { + errs = errors.Join(errs, errors.New("deletionPolicy=Merge must not be used with creationPolicy=None. There is no Secret to merge with")) + } + + return errs +} + func validateDuplicateKeys(es *ExternalSecret, errs error) error { if es.Spec.Target.DeletionPolicy == DeletionPolicyRetain { seenKeys := make(map[string]struct{}) diff --git a/apis/externalsecrets/v1beta1/externalsecret_validator_test.go b/apis/externalsecrets/v1beta1/externalsecret_validator_test.go index 611ad6ae612..0391b663b99 100644 --- a/apis/externalsecrets/v1beta1/externalsecret_validator_test.go +++ b/apis/externalsecrets/v1beta1/externalsecret_validator_test.go @@ -20,6 +20,10 @@ import ( "k8s.io/apimachinery/pkg/runtime" ) +const ( + errExtractFindGenerator = "extract, find, or generatorRef cannot be set at the same time" +) + func TestValidateExternalSecret(t *testing.T) { tests := []struct { name string @@ -80,7 +84,7 @@ func TestValidateExternalSecret(t *testing.T) { }, }, }, - expectedErr: "extract, find, or generatorRef cannot be set at the same time", + expectedErr: errExtractFindGenerator, }, { name: "generator with find", @@ -96,7 +100,7 @@ func TestValidateExternalSecret(t *testing.T) { }, }, }, - expectedErr: "extract, find, or generatorRef cannot be set at the same time", + expectedErr: errExtractFindGenerator, }, { name: "generator with extract", @@ -112,7 +116,7 @@ func TestValidateExternalSecret(t *testing.T) { }, }, }, - expectedErr: "extract, find, or generatorRef cannot be set at the same time", + expectedErr: errExtractFindGenerator, }, { name: "empty dataFrom", diff --git a/cmd/certcontroller.go b/cmd/certcontroller.go index b61ac51be25..0f2cccd33db 100644 --- a/cmd/certcontroller.go +++ b/cmd/certcontroller.go @@ -115,7 +115,14 @@ var certcontrollerCmd = &cobra.Command{ crdctrl := crds.New(mgr.GetClient(), mgr.GetScheme(), mgr.Elected(), ctrl.Log.WithName("controllers").WithName("webhook-certs-updater"), - crdRequeueInterval, serviceName, serviceNamespace, secretName, secretNamespace, crdNames) + crdRequeueInterval, + crds.Opts{ + SvcName: serviceName, + SvcNamespace: serviceNamespace, + SecretName: secretName, + SecretNamespace: secretNamespace, + Resources: crdNames, + }) if err := crdctrl.SetupWithManager(mgr, controller.Options{ MaxConcurrentReconciles: concurrent, }); err != nil { @@ -125,8 +132,13 @@ var certcontrollerCmd = &cobra.Command{ whc := webhookconfig.New(mgr.GetClient(), mgr.GetScheme(), mgr.Elected(), ctrl.Log.WithName("controllers").WithName("webhook-certs-updater"), - serviceName, serviceNamespace, - secretName, secretNamespace, crdRequeueInterval) + webhookconfig.Opts{ + SvcName: serviceName, + SvcNamespace: serviceNamespace, + SecretName: secretName, + SecretNamespace: secretNamespace, + RequeueInterval: crdRequeueInterval, + }) if err := whc.SetupWithManager(mgr, controller.Options{ MaxConcurrentReconciles: concurrent, }); err != nil { diff --git a/deploy/charts/external-secrets/templates/deployment.yaml b/deploy/charts/external-secrets/templates/deployment.yaml index 75a908e635d..42c0d967aec 100644 --- a/deploy/charts/external-secrets/templates/deployment.yaml +++ b/deploy/charts/external-secrets/templates/deployment.yaml @@ -110,7 +110,7 @@ spec: {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} {{- if .Values.extraContainers }} - {{ toYaml .Values.extraContainers | nindent 8}} + {{ toYaml .Values.extraContainers | nindent 8 }} {{- end }} dnsPolicy: {{ .Values.dnsPolicy }} {{- if .Values.dnsConfig }} diff --git a/e2e/Dockerfile b/e2e/Dockerfile index d5f0859d42c..6b63f6f8594 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.4-bookworm@sha256:ef30001eeadd12890c7737c26f3be5b3a8479ccdcdc553b999c84879875a27ce as builder +FROM golang:1.23.4-bookworm@sha256:ef30001eeadd12890c7737c26f3be5b3a8479ccdcdc553b999c84879875a27ce AS builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" diff --git a/e2e/framework/addon/conjur.go b/e2e/framework/addon/conjur.go index 8714a95a6be..e22a47bb0ba 100644 --- a/e2e/framework/addon/conjur.go +++ b/e2e/framework/addon/conjur.go @@ -11,6 +11,7 @@ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. */ + package addon import ( @@ -127,7 +128,7 @@ func (l *Conjur) initConjur() error { return fmt.Errorf("error fetching admin API key: %w", err) } - // TODO: ExecCmdWithContainer includes the StdErr output with a warning about config directory. + // Note: ExecCmdWithContainer includes the StdErr output with a warning about config directory. // Therefore we need to split the output and only use the first line. l.AdminApiKey = strings.Split(apiKey, "\n")[0] diff --git a/e2e/framework/addon/eso.go b/e2e/framework/addon/eso.go index d432fc55f53..56e9330edfc 100644 --- a/e2e/framework/addon/eso.go +++ b/e2e/framework/addon/eso.go @@ -25,7 +25,10 @@ type ESO struct { *HelmChart } -const installCRDsVar = "installCRDs" +const ( + installCRDsVar = "installCRDs" + esoImage = "ghcr.io/external-secrets/external-secrets" +) func NewESO(mutators ...MutationFunc) *ESO { eso := &ESO{ @@ -44,7 +47,7 @@ func NewESO(mutators ...MutationFunc) *ESO { }, { Key: "webhook.image.repository", - Value: "ghcr.io/external-secrets/external-secrets", + Value: esoImage, }, { Key: "certController.image.tag", @@ -52,7 +55,7 @@ func NewESO(mutators ...MutationFunc) *ESO { }, { Key: "certController.image.repository", - Value: "ghcr.io/external-secrets/external-secrets", + Value: esoImage, }, { Key: "image.tag", @@ -60,7 +63,7 @@ func NewESO(mutators ...MutationFunc) *ESO { }, { Key: "image.repository", - Value: "ghcr.io/external-secrets/external-secrets", + Value: esoImage, }, { Key: "extraArgs.loglevel", diff --git a/e2e/suites/provider/cases/aws/common.go b/e2e/suites/provider/cases/aws/common.go index 04459715acd..e941d5b6765 100644 --- a/e2e/suites/provider/cases/aws/common.go +++ b/e2e/suites/provider/cases/aws/common.go @@ -94,9 +94,17 @@ func newStaticStoreProvider(serviceType esv1beta1.AWSServiceType, region, secret } } -// SessionTagsStore is namespaced and references -// static credentials from a secret. It assumes a role and specifies session tags -func SetupSessionTagsStore(f *framework.Framework, kid, sak, st, region, role string, sessionTags []*esv1beta1.Tag, serviceType esv1beta1.AWSServiceType) { +type AccessOpts struct { + KID string + SAK string + ST string + Region string + Role string +} + +// SetupSessionTagsStore is namespaced and references +// static credentials from a secret. It assumes a Role and specifies session tags +func SetupSessionTagsStore(f *framework.Framework, access AccessOpts, sessionTags []*esv1beta1.Tag, serviceType esv1beta1.AWSServiceType) { credsName := "provider-secret-sess-tags" awsCreds := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ @@ -104,9 +112,9 @@ func SetupSessionTagsStore(f *framework.Framework, kid, sak, st, region, role st Namespace: f.Namespace.Name, }, StringData: map[string]string{ - staticKeyID: kid, - staticSecretAccessKey: sak, - staticySessionToken: st, + staticKeyID: access.KID, + staticSecretAccessKey: access.SAK, + staticySessionToken: access.ST, }, } err := f.CRClient.Create(context.Background(), awsCreds) @@ -118,16 +126,16 @@ func SetupSessionTagsStore(f *framework.Framework, kid, sak, st, region, role st Namespace: f.Namespace.Name, }, Spec: esv1beta1.SecretStoreSpec{ - Provider: newStaticStoreProvider(serviceType, region, credsName, role, "", sessionTags), + Provider: newStaticStoreProvider(serviceType, access.Region, credsName, access.Role, "", sessionTags), }, } err = f.CRClient.Create(context.Background(), secretStore) Expect(err).ToNot(HaveOccurred()) } -// ExternalIDStore is namespaced and references +// SetupExternalIDStore is namespaced and references // static credentials from a secret. It assumes a role and specifies an externalID -func SetupExternalIDStore(f *framework.Framework, kid, sak, st, region, role, externalID string, sessionTags []*esv1beta1.Tag, serviceType esv1beta1.AWSServiceType) { +func SetupExternalIDStore(f *framework.Framework, access AccessOpts, externalID string, sessionTags []*esv1beta1.Tag, serviceType esv1beta1.AWSServiceType) { credsName := "provider-secret-ext-id" awsCreds := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ @@ -135,9 +143,9 @@ func SetupExternalIDStore(f *framework.Framework, kid, sak, st, region, role, ex Namespace: f.Namespace.Name, }, StringData: map[string]string{ - staticKeyID: kid, - staticSecretAccessKey: sak, - staticySessionToken: st, + staticKeyID: access.KID, + staticSecretAccessKey: access.SAK, + staticySessionToken: access.ST, }, } err := f.CRClient.Create(context.Background(), awsCreds) @@ -149,25 +157,25 @@ func SetupExternalIDStore(f *framework.Framework, kid, sak, st, region, role, ex Namespace: f.Namespace.Name, }, Spec: esv1beta1.SecretStoreSpec{ - Provider: newStaticStoreProvider(serviceType, region, credsName, role, externalID, sessionTags), + Provider: newStaticStoreProvider(serviceType, access.Region, credsName, access.Role, externalID, sessionTags), }, } err = f.CRClient.Create(context.Background(), secretStore) Expect(err).ToNot(HaveOccurred()) } -// StaticStore is namespaced and references +// SetupStaticStore is namespaced and references // static credentials from a secret. -func SetupStaticStore(f *framework.Framework, kid, sak, st, region string, serviceType esv1beta1.AWSServiceType) { +func SetupStaticStore(f *framework.Framework, access AccessOpts, serviceType esv1beta1.AWSServiceType) { awsCreds := &corev1.Secret{ ObjectMeta: metav1.ObjectMeta{ Name: StaticCredentialsSecretName, Namespace: f.Namespace.Name, }, StringData: map[string]string{ - staticKeyID: kid, - staticSecretAccessKey: sak, - staticySessionToken: st, + staticKeyID: access.KID, + staticSecretAccessKey: access.SAK, + staticySessionToken: access.ST, }, } err := f.CRClient.Create(context.Background(), awsCreds) @@ -179,7 +187,7 @@ func SetupStaticStore(f *framework.Framework, kid, sak, st, region string, servi Namespace: f.Namespace.Name, }, Spec: esv1beta1.SecretStoreSpec{ - Provider: newStaticStoreProvider(serviceType, region, StaticCredentialsSecretName, "", "", nil), + Provider: newStaticStoreProvider(serviceType, access.Region, StaticCredentialsSecretName, "", "", nil), }, } err = f.CRClient.Create(context.Background(), secretStore) @@ -188,7 +196,7 @@ func SetupStaticStore(f *framework.Framework, kid, sak, st, region string, servi // CreateReferentStaticStore creates a CSS with referent auth and // creates a secret with static authentication credentials in the ExternalSecret namespace. -func CreateReferentStaticStore(f *framework.Framework, kid, sak, st, region string, serviceType esv1beta1.AWSServiceType) { +func CreateReferentStaticStore(f *framework.Framework, access AccessOpts, serviceType esv1beta1.AWSServiceType) { ns := f.Namespace.Name awsCreds := &corev1.Secret{ @@ -197,9 +205,9 @@ func CreateReferentStaticStore(f *framework.Framework, kid, sak, st, region stri Namespace: ns, }, StringData: map[string]string{ - staticKeyID: kid, - staticSecretAccessKey: sak, - staticySessionToken: st, + staticKeyID: access.KID, + staticSecretAccessKey: access.SAK, + staticySessionToken: access.ST, }, } err := f.CRClient.Create(context.Background(), awsCreds) @@ -210,7 +218,7 @@ func CreateReferentStaticStore(f *framework.Framework, kid, sak, st, region stri Name: ReferentSecretStoreName(f), }, Spec: esv1beta1.SecretStoreSpec{ - Provider: newStaticStoreProvider(serviceType, region, StaticReferentCredentialsSecretName, "", "", nil), + Provider: newStaticStoreProvider(serviceType, access.Region, StaticReferentCredentialsSecretName, "", "", nil), }, } err = f.CRClient.Create(context.Background(), secretStore) diff --git a/e2e/suites/provider/cases/aws/parameterstore/provider.go b/e2e/suites/provider/cases/aws/parameterstore/provider.go index 01183e3d5dd..5ba30330885 100644 --- a/e2e/suites/provider/cases/aws/parameterstore/provider.go +++ b/e2e/suites/provider/cases/aws/parameterstore/provider.go @@ -68,8 +68,8 @@ func NewProvider(f *framework.Framework, kid, sak, st, region, saName, saNamespa } BeforeEach(func() { - awscommon.SetupStaticStore(f, kid, sak, st, region, esv1beta1.AWSServiceParameterStore) - awscommon.CreateReferentStaticStore(f, kid, sak, st, region, esv1beta1.AWSServiceParameterStore) + awscommon.SetupStaticStore(f, awscommon.AccessOpts{KID: kid, SAK: sak, ST: st, Region: region}, esv1beta1.AWSServiceParameterStore) + awscommon.CreateReferentStaticStore(f, awscommon.AccessOpts{KID: kid, SAK: sak, ST: st, Region: region}, esv1beta1.AWSServiceParameterStore) prov.SetupReferencedIRSAStore() prov.SetupMountedIRSAStore() }) diff --git a/e2e/suites/provider/cases/aws/secretsmanager/provider.go b/e2e/suites/provider/cases/aws/secretsmanager/provider.go index 717a14803bc..6633b21f0f9 100644 --- a/e2e/suites/provider/cases/aws/secretsmanager/provider.go +++ b/e2e/suites/provider/cases/aws/secretsmanager/provider.go @@ -69,10 +69,21 @@ func NewProvider(f *framework.Framework, kid, sak, st, region, saName, saNamespa } BeforeEach(func() { - awscommon.SetupStaticStore(f, kid, sak, st, region, esv1beta1.AWSServiceSecretsManager) - awscommon.SetupExternalIDStore(f, kid, sak, st, region, awscommon.IAMRoleExternalID, awscommon.IAMTrustedExternalID, nil, esv1beta1.AWSServiceSecretsManager) - awscommon.SetupSessionTagsStore(f, kid, sak, st, region, awscommon.IAMRoleSessionTags, nil, esv1beta1.AWSServiceSecretsManager) - awscommon.CreateReferentStaticStore(f, kid, sak, st, region, esv1beta1.AWSServiceSecretsManager) + awscommon.SetupStaticStore(f, awscommon.AccessOpts{KID: kid, SAK: sak, ST: st, Region: region}, esv1beta1.AWSServiceSecretsManager) + awscommon.SetupExternalIDStore( + f, + awscommon.AccessOpts{KID: kid, SAK: sak, ST: st, Region: region, Role: awscommon.IAMRoleExternalID}, + awscommon.IAMTrustedExternalID, + nil, + esv1beta1.AWSServiceSecretsManager, + ) + awscommon.SetupSessionTagsStore( + f, + awscommon.AccessOpts{KID: kid, SAK: sak, ST: st, Region: region, Role: awscommon.IAMRoleSessionTags}, + nil, + esv1beta1.AWSServiceSecretsManager, + ) + awscommon.CreateReferentStaticStore(f, awscommon.AccessOpts{KID: kid, SAK: sak, ST: st, Region: region}, esv1beta1.AWSServiceSecretsManager) prov.SetupReferencedIRSAStore() prov.SetupMountedIRSAStore() }) diff --git a/hack/api-docs/Dockerfile b/hack/api-docs/Dockerfile index e0ebe56ac85..a4d7395fd0b 100644 --- a/hack/api-docs/Dockerfile +++ b/hack/api-docs/Dockerfile @@ -13,16 +13,16 @@ FROM alpine:3.21@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 RUN apk add -U --no-cache \ - python3 \ - python3-dev \ - py3-pip \ - musl-dev \ - git \ - openssh \ - git-fast-import \ bash \ + diffutils \ gcc \ - diffutils + git \ + git-fast-import \ + musl-dev \ + openssh \ + py3-pip \ + python3 \ + python3-dev ENV PATH=$PATH:/.venv/bin COPY requirements.txt / diff --git a/overrides/main.html b/overrides/main.html index 50fcb81ac18..b8bea4f732a 100644 --- a/overrides/main.html +++ b/overrides/main.html @@ -7,6 +7,6 @@ {% endblock %} {% block footer %} - + {{ super() }} {% endblock %} diff --git a/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go b/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go index 891ecba714b..2d5fec46d64 100644 --- a/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go +++ b/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller.go @@ -45,7 +45,7 @@ import ( ctrlmetrics "github.com/external-secrets/external-secrets/pkg/controllers/metrics" ) -// ClusterExternalSecretReconciler reconciles a ClusterExternalSecret object. +// Reconciler reconciles a ClusterExternalSecret object. type Reconciler struct { client.Client Log logr.Logger @@ -91,6 +91,10 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu p := client.MergeFrom(clusterExternalSecret.DeepCopy()) defer r.deferPatch(ctx, log, &clusterExternalSecret, p) + return r.reconcile(ctx, log, &clusterExternalSecret) +} + +func (r *Reconciler) reconcile(ctx context.Context, log logr.Logger, clusterExternalSecret *esv1beta1.ClusterExternalSecret) (ctrl.Result, error) { refreshInt := r.RequeueInterval if clusterExternalSecret.Spec.RefreshInterval != nil { refreshInt = clusterExternalSecret.Spec.RefreshInterval.Duration @@ -102,30 +106,20 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu } if prevName := clusterExternalSecret.Status.ExternalSecretName; prevName != esName { // ExternalSecretName has changed, so remove the old ones - failedNamespaces := map[string]error{} - for _, ns := range clusterExternalSecret.Status.ProvisionedNamespaces { - if err := r.deleteExternalSecret(ctx, prevName, clusterExternalSecret.Name, ns); err != nil { - log.Error(err, "could not delete ExternalSecret") - failedNamespaces[ns] = err - } - } - if len(failedNamespaces) > 0 { - condition := NewClusterExternalSecretCondition(failedNamespaces) - SetClusterExternalSecretCondition(&clusterExternalSecret, *condition) - clusterExternalSecret.Status.FailedNamespaces = toNamespaceFailures(failedNamespaces) + if err := r.removeOldSecrets(ctx, log, clusterExternalSecret, prevName); err != nil { return ctrl.Result{}, err } } clusterExternalSecret.Status.ExternalSecretName = esName - namespaces, err := r.getTargetNamespaces(ctx, &clusterExternalSecret) + namespaces, err := r.getTargetNamespaces(ctx, clusterExternalSecret) if err != nil { log.Error(err, "failed to get target Namespaces") failedNamespaces := map[string]error{ "unknown": err, } condition := NewClusterExternalSecretCondition(failedNamespaces) - SetClusterExternalSecretCondition(&clusterExternalSecret, *condition) + SetClusterExternalSecretCondition(clusterExternalSecret, *condition) clusterExternalSecret.Status.FailedNamespaces = toNamespaceFailures(failedNamespaces) @@ -134,10 +128,30 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu failedNamespaces := r.deleteOutdatedExternalSecrets(ctx, namespaces, esName, clusterExternalSecret.Name, clusterExternalSecret.Status.ProvisionedNamespaces) - provisionedNamespaces := []string{} + provisionedNamespaces := r.gatherProvisionedNamespaces(ctx, log, clusterExternalSecret, namespaces, esName, failedNamespaces) + + condition := NewClusterExternalSecretCondition(failedNamespaces) + SetClusterExternalSecretCondition(clusterExternalSecret, *condition) + + clusterExternalSecret.Status.FailedNamespaces = toNamespaceFailures(failedNamespaces) + sort.Strings(provisionedNamespaces) + clusterExternalSecret.Status.ProvisionedNamespaces = provisionedNamespaces + + return ctrl.Result{RequeueAfter: refreshInt}, nil +} + +func (r *Reconciler) gatherProvisionedNamespaces( + ctx context.Context, + log logr.Logger, + clusterExternalSecret *esv1beta1.ClusterExternalSecret, + namespaces []v1.Namespace, + esName string, + failedNamespaces map[string]error, +) []string { + var provisionedNamespaces []string //nolint:prealloc // we don't know the size for _, namespace := range namespaces { var existingES esv1beta1.ExternalSecret - err = r.Get(ctx, types.NamespacedName{ + err := r.Get(ctx, types.NamespacedName{ Name: esName, Namespace: namespace.Name, }, &existingES) @@ -152,7 +166,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu continue } - if err := r.createOrUpdateExternalSecret(ctx, &clusterExternalSecret, namespace, esName, clusterExternalSecret.Spec.ExternalSecretMetadata); err != nil { + if err := r.createOrUpdateExternalSecret(ctx, clusterExternalSecret, namespace, esName, clusterExternalSecret.Spec.ExternalSecretMetadata); err != nil { log.Error(err, "failed to create or update external secret") failedNamespaces[namespace.Name] = err continue @@ -160,19 +174,33 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu provisionedNamespaces = append(provisionedNamespaces, namespace.Name) } + return provisionedNamespaces +} - condition := NewClusterExternalSecretCondition(failedNamespaces) - SetClusterExternalSecretCondition(&clusterExternalSecret, *condition) - - clusterExternalSecret.Status.FailedNamespaces = toNamespaceFailures(failedNamespaces) - sort.Strings(provisionedNamespaces) - clusterExternalSecret.Status.ProvisionedNamespaces = provisionedNamespaces +func (r *Reconciler) removeOldSecrets(ctx context.Context, log logr.Logger, clusterExternalSecret *esv1beta1.ClusterExternalSecret, prevName string) error { + var ( + failedNamespaces = map[string]error{} + lastErr error + ) + for _, ns := range clusterExternalSecret.Status.ProvisionedNamespaces { + if err := r.deleteExternalSecret(ctx, prevName, clusterExternalSecret.Name, ns); err != nil { + log.Error(err, "could not delete ExternalSecret") + failedNamespaces[ns] = err + lastErr = err + } + } + if len(failedNamespaces) > 0 { + condition := NewClusterExternalSecretCondition(failedNamespaces) + SetClusterExternalSecretCondition(clusterExternalSecret, *condition) + clusterExternalSecret.Status.FailedNamespaces = toNamespaceFailures(failedNamespaces) + return lastErr + } - return ctrl.Result{RequeueAfter: refreshInt}, nil + return nil } func (r *Reconciler) getTargetNamespaces(ctx context.Context, ces *esv1beta1.ClusterExternalSecret) ([]v1.Namespace, error) { - selectors := []*metav1.LabelSelector{} + var selectors []*metav1.LabelSelector //nolint:prealloc // ces.Spec.NamespaceSelector might be empty. if s := ces.Spec.NamespaceSelector; s != nil { selectors = append(selectors, s) } @@ -341,9 +369,13 @@ func (r *Reconciler) findObjectsForNamespace(ctx context.Context, namespace clie return []reconcile.Request{} } + return r.queueRequestsForItem(&clusterExternalSecrets, namespace) +} + +func (r *Reconciler) queueRequestsForItem(clusterExternalSecrets *esv1beta1.ClusterExternalSecretList, namespace client.Object) []reconcile.Request { var requests []reconcile.Request for i := range clusterExternalSecrets.Items { - clusterExternalSecret := &clusterExternalSecrets.Items[i] + clusterExternalSecret := clusterExternalSecrets.Items[i] var selectors []*metav1.LabelSelector if s := clusterExternalSecret.Spec.NamespaceSelector; s != nil { selectors = append(selectors, s) diff --git a/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller_test.go b/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller_test.go index c7835cbf079..e631237e87d 100644 --- a/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller_test.go +++ b/pkg/controllers/clusterexternalsecret/clusterexternalsecret_controller_test.go @@ -39,6 +39,17 @@ func init() { cesmetrics.SetUpMetrics() } +const ( + metadataLabelName = "kubernetes.io/metadata.name" + testLabelKey = "test-label-key" + testAnnotationKey = "test-annotation-key" + testLabelValue = "test-label-value" + testAnnotationValue = "test-annotation-value" + updatedTestStore = "updated-test-store" + noLongerMatchLabelKey = "no-longer-match-label-key" + noLongerMatchLabelValue = "no-longer-match-label-value" +) + var ( timeout = time.Second * 10 interval = time.Millisecond * 250 @@ -158,7 +169,7 @@ var _ = Describe("ClusterExternalSecret controller", func() { clusterExternalSecret: func(namespaces []v1.Namespace) esv1beta1.ClusterExternalSecret { ces := defaultClusterExternalSecret() ces.Spec.NamespaceSelector = &metav1.LabelSelector{ - MatchLabels: map[string]string{"kubernetes.io/metadata.name": namespaces[0].Name}, + MatchLabels: map[string]string{metadataLabelName: namespaces[0].Name}, } return *ces }, @@ -199,7 +210,7 @@ var _ = Describe("ClusterExternalSecret controller", func() { clusterExternalSecret: func(namespaces []v1.Namespace) esv1beta1.ClusterExternalSecret { ces := defaultClusterExternalSecret() ces.Spec.NamespaceSelector = &metav1.LabelSelector{ - MatchLabels: map[string]string{"kubernetes.io/metadata.name": namespaces[0].Name}, + MatchLabels: map[string]string{metadataLabelName: namespaces[0].Name}, } ces.Spec.ExternalSecretName = "test-es" ces.Spec.ExternalSecretMetadata = esv1beta1.ExternalSecretMetadata{ @@ -247,7 +258,7 @@ var _ = Describe("ClusterExternalSecret controller", func() { clusterExternalSecret: func(namespaces []v1.Namespace) esv1beta1.ClusterExternalSecret { ces := defaultClusterExternalSecret() ces.Spec.NamespaceSelector = &metav1.LabelSelector{ - MatchLabels: map[string]string{"kubernetes.io/metadata.name": namespaces[0].Name}, + MatchLabels: map[string]string{metadataLabelName: namespaces[0].Name}, } ces.Spec.ExternalSecretName = "old-es-name" return *ces @@ -304,7 +315,7 @@ var _ = Describe("ClusterExternalSecret controller", func() { clusterExternalSecret: func(namespaces []v1.Namespace) esv1beta1.ClusterExternalSecret { ces := defaultClusterExternalSecret() ces.Spec.NamespaceSelector = &metav1.LabelSelector{ - MatchLabels: map[string]string{"kubernetes.io/metadata.name": namespaces[0].Name}, + MatchLabels: map[string]string{metadataLabelName: namespaces[0].Name}, } return *ces }, @@ -321,19 +332,19 @@ var _ = Describe("ClusterExternalSecret controller", func() { copied := created.DeepCopy() copied.Spec.ExternalSecretMetadata = esv1beta1.ExternalSecretMetadata{ - Labels: map[string]string{"test-label-key": "test-label-value"}, - Annotations: map[string]string{"test-annotation-key": "test-annotation-value"}, + Labels: map[string]string{testLabelKey: testLabelValue}, + Annotations: map[string]string{testAnnotationKey: testAnnotationValue}, } - copied.Spec.ExternalSecretSpec.SecretStoreRef.Name = "updated-test-store" //nolint:goconst + copied.Spec.ExternalSecretSpec.SecretStoreRef.Name = updatedTestStore Expect(k8sClient.Patch(ctx, copied, crclient.MergeFrom(created.DeepCopy()))).ShouldNot(HaveOccurred()) }, expectedClusterExternalSecret: func(namespaces []v1.Namespace, created esv1beta1.ClusterExternalSecret) esv1beta1.ClusterExternalSecret { updatedSpec := created.Spec.DeepCopy() updatedSpec.ExternalSecretMetadata = esv1beta1.ExternalSecretMetadata{ - Labels: map[string]string{"test-label-key": "test-label-value"}, - Annotations: map[string]string{"test-annotation-key": "test-annotation-value"}, + Labels: map[string]string{testLabelKey: testLabelValue}, + Annotations: map[string]string{testAnnotationKey: testAnnotationValue}, } - updatedSpec.ExternalSecretSpec.SecretStoreRef.Name = "updated-test-store" + updatedSpec.ExternalSecretSpec.SecretStoreRef.Name = updatedTestStore return esv1beta1.ClusterExternalSecret{ ObjectMeta: metav1.ObjectMeta{ @@ -354,15 +365,15 @@ var _ = Describe("ClusterExternalSecret controller", func() { }, expectedExternalSecrets: func(namespaces []v1.Namespace, created esv1beta1.ClusterExternalSecret) []esv1beta1.ExternalSecret { updatedSpec := created.Spec.ExternalSecretSpec.DeepCopy() - updatedSpec.SecretStoreRef.Name = "updated-test-store" + updatedSpec.SecretStoreRef.Name = updatedTestStore return []esv1beta1.ExternalSecret{ { ObjectMeta: metav1.ObjectMeta{ Namespace: namespaces[0].Name, Name: created.Name, - Labels: map[string]string{"test-label-key": "test-label-value"}, - Annotations: map[string]string{"test-annotation-key": "test-annotation-value"}, + Labels: map[string]string{testLabelKey: testLabelValue}, + Annotations: map[string]string{testAnnotationKey: testAnnotationValue}, }, Spec: *updatedSpec, }, @@ -376,7 +387,7 @@ var _ = Describe("ClusterExternalSecret controller", func() { clusterExternalSecret: func(namespaces []v1.Namespace) esv1beta1.ClusterExternalSecret { ces := defaultClusterExternalSecret() ces.Spec.NamespaceSelector = &metav1.LabelSelector{ - MatchLabels: map[string]string{"kubernetes.io/metadata.name": namespaces[0].Name}, + MatchLabels: map[string]string{metadataLabelName: namespaces[0].Name}, } es := &esv1beta1.ExternalSecret{ @@ -438,7 +449,7 @@ var _ = Describe("ClusterExternalSecret controller", func() { clusterExternalSecret: func(namespaces []v1.Namespace) esv1beta1.ClusterExternalSecret { ces := defaultClusterExternalSecret() ces.Spec.NamespaceSelector = &metav1.LabelSelector{ - MatchLabels: map[string]string{"kubernetes.io/metadata.name": namespaces[0].Name}, + MatchLabels: map[string]string{metadataLabelName: namespaces[0].Name}, } es := &esv1beta1.ExternalSecret{ @@ -501,13 +512,13 @@ var _ = Describe("ClusterExternalSecret controller", func() { { ObjectMeta: metav1.ObjectMeta{ Name: randomNamespaceName(), - Labels: map[string]string{"no-longer-match-label-key": "no-longer-match-label-value"}, + Labels: map[string]string{noLongerMatchLabelKey: noLongerMatchLabelValue}, }, }, { ObjectMeta: metav1.ObjectMeta{ Name: randomNamespaceName(), - Labels: map[string]string{"no-longer-match-label-key": "no-longer-match-label-value"}, + Labels: map[string]string{noLongerMatchLabelKey: noLongerMatchLabelValue}, }, }, }, @@ -515,7 +526,7 @@ var _ = Describe("ClusterExternalSecret controller", func() { ces := defaultClusterExternalSecret() ces.Spec.RefreshInterval = &metav1.Duration{Duration: 100 * time.Millisecond} ces.Spec.NamespaceSelector = &metav1.LabelSelector{ - MatchLabels: map[string]string{"no-longer-match-label-key": "no-longer-match-label-value"}, + MatchLabels: map[string]string{noLongerMatchLabelKey: noLongerMatchLabelValue}, } return *ces }, @@ -646,7 +657,7 @@ var _ = Describe("ClusterExternalSecret controller", func() { clusterExternalSecret: func(namespaces []v1.Namespace) esv1beta1.ClusterExternalSecret { ces := defaultClusterExternalSecret() ces.Spec.NamespaceSelector = &metav1.LabelSelector{ - MatchLabels: map[string]string{"kubernetes.io/metadata.name": "no-namespace-matches"}, + MatchLabels: map[string]string{metadataLabelName: "no-namespace-matches"}, } return *ces }, diff --git a/pkg/controllers/crds/crds_controller.go b/pkg/controllers/crds/crds_controller.go index a26e951234c..1f77ade758f 100644 --- a/pkg/controllers/crds/crds_controller.go +++ b/pkg/controllers/crds/crds_controller.go @@ -81,18 +81,26 @@ type Reconciler struct { readyStatusMap map[string]bool } +type Opts struct { + SvcName string + SvcNamespace string + SecretName string + SecretNamespace string + Resources []string +} + func New(k8sClient client.Client, scheme *runtime.Scheme, leaderChan <-chan struct{}, logger logr.Logger, - interval time.Duration, svcName, svcNamespace, secretName, secretNamespace string, resources []string) *Reconciler { + interval time.Duration, opts Opts) *Reconciler { return &Reconciler{ Client: k8sClient, Log: logger, Scheme: scheme, - SvcName: svcName, - SvcNamespace: svcNamespace, - SecretName: secretName, - SecretNamespace: secretNamespace, + SvcName: opts.SvcName, + SvcNamespace: opts.SvcNamespace, + SecretName: opts.SecretName, + SecretNamespace: opts.SecretNamespace, RequeueInterval: interval, - CrdResources: resources, + CrdResources: opts.Resources, CAName: "external-secrets", CAOrganization: "external-secrets", leaderChan: leaderChan, diff --git a/pkg/controllers/crds/suite_test.go b/pkg/controllers/crds/suite_test.go index 069f7ceea18..3d515d703f1 100644 --- a/pkg/controllers/crds/suite_test.go +++ b/pkg/controllers/crds/suite_test.go @@ -81,8 +81,14 @@ var _ = BeforeSuite(func() { leaderChan := make(chan struct{}) close(leaderChan) rec := New(k8sClient, k8sManager.GetScheme(), leaderChan, log, time.Second*1, - "foo", "default", "foo", "default", []string{ - "secretstores.test.io", + Opts{ + SvcName: "foo", + SvcNamespace: "default", + SecretName: "foo", + SecretNamespace: "default", + Resources: []string{ + "secretstores.test.io", + }, }) rec.SetupWithManager(k8sManager, controller.Options{}) Expect(err).ToNot(HaveOccurred()) diff --git a/pkg/controllers/externalsecret/externalsecret_controller_test.go b/pkg/controllers/externalsecret/externalsecret_controller_test.go index 3c7afaf0de4..44e8f8fc6e9 100644 --- a/pkg/controllers/externalsecret/externalsecret_controller_test.go +++ b/pkg/controllers/externalsecret/externalsecret_controller_test.go @@ -48,6 +48,15 @@ import ( . "github.com/onsi/gomega" ) +const ( + labelKey = "label-key" + labelValue = "label-value" + annotationKey = "annotation-key" + annotationValue = "annotation-value" + existingLabelKey = "existing-label-key" + existingLabelValue = "existing-label-value" +) + var ( fakeProvider *fake.Client metric dto.Metric @@ -320,16 +329,16 @@ var _ = Describe("ExternalSecret controller", Serial, func() { // should be copied over to the Kind=Secret syncLabelsAnnotations := func(tc *testCase) { tc.externalSecret.ObjectMeta.Labels = map[string]string{ - "label-key": "label-value", + labelKey: labelValue, } tc.externalSecret.ObjectMeta.Annotations = map[string]string{ - "annotation-key": "annotation-value", + annotationKey: annotationValue, } fakeProvider.WithGetSecret([]byte(secretVal), nil) tc.checkSecret = func(es *esv1beta1.ExternalSecret, secret *v1.Secret) { - Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue("label-key", "label-value")) - Expect(secret.ObjectMeta.Annotations).To(HaveKeyWithValue("annotation-key", "annotation-value")) + Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue(labelKey, labelValue)) + Expect(secret.ObjectMeta.Annotations).To(HaveKeyWithValue(annotationKey, annotationValue)) // ownerRef must not be set! Expect(ctest.HasOwnerRef(secret.ObjectMeta, "ExternalSecret", ExternalSecretName)).To(BeTrue()) @@ -340,10 +349,10 @@ var _ = Describe("ExternalSecret controller", Serial, func() { // should be merged to the Secret if exists mergeLabelsAnnotations := func(tc *testCase) { tc.externalSecret.ObjectMeta.Labels = map[string]string{ - "label-key": "label-value", + labelKey: labelValue, } tc.externalSecret.ObjectMeta.Annotations = map[string]string{ - "annotation-key": "annotation-value", + annotationKey: annotationValue, } fakeProvider.WithGetSecret([]byte(secretVal), nil) // Create a secret owned by another entity to test if the pre-existing metadata is preserved @@ -352,7 +361,7 @@ var _ = Describe("ExternalSecret controller", Serial, func() { Name: ExternalSecretTargetSecretName, Namespace: ExternalSecretNamespace, Labels: map[string]string{ - "existing-label-key": "existing-label-value", + existingLabelKey: existingLabelValue, }, Annotations: map[string]string{ "existing-annotation-key": "existing-annotation-value", @@ -361,19 +370,19 @@ var _ = Describe("ExternalSecret controller", Serial, func() { }, client.FieldOwner(FakeManager))).To(Succeed()) tc.checkSecret = func(es *esv1beta1.ExternalSecret, secret *v1.Secret) { - Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue("label-key", "label-value")) - Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue("existing-label-key", "existing-label-value")) - Expect(secret.ObjectMeta.Annotations).To(HaveKeyWithValue("annotation-key", "annotation-value")) + Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue(labelKey, labelValue)) + Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue(existingLabelKey, existingLabelValue)) + Expect(secret.ObjectMeta.Annotations).To(HaveKeyWithValue(annotationKey, annotationValue)) Expect(secret.ObjectMeta.Annotations).To(HaveKeyWithValue("existing-annotation-key", "existing-annotation-value")) } } removeOutdatedLabelsAnnotations := func(tc *testCase) { tc.externalSecret.ObjectMeta.Labels = map[string]string{ - "label-key": "label-value", + labelKey: labelValue, } tc.externalSecret.ObjectMeta.Annotations = map[string]string{ - "annotation-key": "annotation-value", + annotationKey: annotationValue, } fakeProvider.WithGetSecret([]byte(secretVal), nil) // Create a secret owned by the operator to test if the outdated pre-existing metadata is removed @@ -382,7 +391,7 @@ var _ = Describe("ExternalSecret controller", Serial, func() { Name: ExternalSecretTargetSecretName, Namespace: ExternalSecretNamespace, Labels: map[string]string{ - "existing-label-key": "existing-label-value", + existingLabelKey: existingLabelValue, }, Annotations: map[string]string{ "existing-annotation-key": "existing-annotation-value", @@ -391,9 +400,9 @@ var _ = Describe("ExternalSecret controller", Serial, func() { }, client.FieldOwner(ExternalSecretFQDN))).To(Succeed()) tc.checkSecret = func(es *esv1beta1.ExternalSecret, secret *v1.Secret) { - Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue("label-key", "label-value")) - Expect(secret.ObjectMeta.Labels).NotTo(HaveKeyWithValue("existing-label-key", "existing-label-value")) - Expect(secret.ObjectMeta.Annotations).To(HaveKeyWithValue("annotation-key", "annotation-value")) + Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue(labelKey, labelValue)) + Expect(secret.ObjectMeta.Labels).NotTo(HaveKeyWithValue(existingLabelKey, existingLabelValue)) + Expect(secret.ObjectMeta.Annotations).To(HaveKeyWithValue(annotationKey, annotationValue)) Expect(secret.ObjectMeta.Annotations).NotTo(HaveKeyWithValue("existing-annotation-key", "existing-annotation-value")) } } @@ -432,7 +441,7 @@ var _ = Describe("ExternalSecret controller", Serial, func() { Name: ExternalSecretTargetSecretName, Namespace: ExternalSecretNamespace, Labels: map[string]string{ - "existing-label-key": "existing-label-value", + existingLabelKey: existingLabelValue, }, Annotations: map[string]string{ "existing-annotation-key": "existing-annotation-value", @@ -450,7 +459,7 @@ var _ = Describe("ExternalSecret controller", Serial, func() { Expect(string(secret.Data[targetProp])).To(Equal(secretVal)) Expect(secret.ObjectMeta.Labels).To(HaveLen(3)) - Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue("existing-label-key", "existing-label-value")) + Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue(existingLabelKey, existingLabelValue)) Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue("es-label-key", "es-label-value")) Expect(secret.ObjectMeta.Labels).To(HaveKeyWithValue(esv1beta1.LabelManaged, esv1beta1.LabelManagedValue)) diff --git a/pkg/controllers/pushsecret/pushsecret_controller.go b/pkg/controllers/pushsecret/pushsecret_controller.go index 3b2aac83e33..f5c562ed542 100644 --- a/pkg/controllers/pushsecret/pushsecret_controller.go +++ b/pkg/controllers/pushsecret/pushsecret_controller.go @@ -49,15 +49,15 @@ import ( ) const ( - errFailedGetSecret = "could not get source secret" - errPatchStatus = "error merging" - errGetSecretStore = "could not get SecretStore %q, %w" - errGetClusterSecretStore = "could not get ClusterSecretStore %q, %w" - errSetSecretFailed = "could not write remote ref %v to target secretstore %v: %v" - errFailedSetSecret = "set secret failed: %v" - errConvert = "could not apply conversion strategy to keys: %v" - errUnmanagedStores = "PushSecret %q has no managed stores to push to" - pushSecretFinalizer = "pushsecret.externalsecrets.io/finalizer" + errFailedGetSecret = "could not get source secret" + errPatchStatus = "error merging" + errGetSecretStore = "could not get SecretStore %q, %w" + errGetClusterSecretStore = "could not get ClusterSecretStore %q, %w" + errSetSecretFailed = "could not write remote ref %v to target secretstore %v: %v" + errFailedSetSecret = "set secret failed: %v" + errConvert = "could not apply conversion strategy to keys: %v" + pushSecretFinalizer = "pushsecret.externalsecrets.io/finalizer" + errCloudNotUpdateFinalizer = "could not update finalizers: %w" ) type Reconciler struct { @@ -122,7 +122,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu if !controllerutil.ContainsFinalizer(&ps, pushSecretFinalizer) { controllerutil.AddFinalizer(&ps, pushSecretFinalizer) if err := r.Client.Update(ctx, &ps, &client.UpdateOptions{}); err != nil { - return ctrl.Result{}, fmt.Errorf("could not update finalizers: %w", err) + return ctrl.Result{}, fmt.Errorf(errCloudNotUpdateFinalizer, err) } return ctrl.Result{}, nil @@ -140,7 +140,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu controllerutil.RemoveFinalizer(&ps, pushSecretFinalizer) if err := r.Client.Update(ctx, &ps, &client.UpdateOptions{}); err != nil { - return ctrl.Result{}, fmt.Errorf("could not update finalizers: %w", err) + return ctrl.Result{}, fmt.Errorf(errCloudNotUpdateFinalizer, err) } return ctrl.Result{}, nil @@ -150,7 +150,7 @@ func (r *Reconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Resu if controllerutil.ContainsFinalizer(&ps, pushSecretFinalizer) { controllerutil.RemoveFinalizer(&ps, pushSecretFinalizer) if err := r.Client.Update(ctx, &ps, &client.UpdateOptions{}); err != nil { - return ctrl.Result{}, fmt.Errorf("could not update finalizers: %w", err) + return ctrl.Result{}, fmt.Errorf(errCloudNotUpdateFinalizer, err) } } default: diff --git a/pkg/controllers/pushsecret/pushsecret_controller_test.go b/pkg/controllers/pushsecret/pushsecret_controller_test.go index 7c153cbc61d..263307c9236 100644 --- a/pkg/controllers/pushsecret/pushsecret_controller_test.go +++ b/pkg/controllers/pushsecret/pushsecret_controller_test.go @@ -125,7 +125,6 @@ var _ = Describe("PushSecret controller", func() { }, }) // give a time for reconciler to remove finalizers before removing SecretStores - // TODO: Secret Stores should have finalizers bound to PushSecrets if DeletionPolicy == Delete time.Sleep(2 * time.Second) k8sClient.Delete(context.Background(), &v1beta1.SecretStore{ ObjectMeta: metav1.ObjectMeta{ @@ -742,7 +741,7 @@ var _ = Describe("PushSecret controller", func() { Match: v1alpha1.PushSecretMatch{ SecretKey: "some-array[0].entity", RemoteRef: v1alpha1.PushSecretRemoteRef{ - RemoteKey: "path/to/key", + RemoteKey: defaultPath, }, }, }, @@ -1181,15 +1180,9 @@ var _ = Describe("PushSecret Controller Un/Managed Stores", func() { }) const ( - defaultKey = "key" - defaultVal = "value" - defaultPath = "path/to/key" - otherKey = "other-key" - otherVal = "other-value" - otherPath = "path/to/other-key" - newKey = "new-key" - newVal = "new-value" - storePrefixTemplate = "SecretStore/%v" + defaultKey = "key" + defaultVal = "value" + defaultPath = "path/to/key" ) makeDefaultTestcase := func() *testCase { diff --git a/pkg/controllers/secretstore/clustersecretstore_controller.go b/pkg/controllers/secretstore/clustersecretstore_controller.go index 02b39cbbdd0..1725586ea6c 100644 --- a/pkg/controllers/secretstore/clustersecretstore_controller.go +++ b/pkg/controllers/secretstore/clustersecretstore_controller.go @@ -63,7 +63,12 @@ func (r *ClusterStoreReconciler) Reconcile(ctx context.Context, req ctrl.Request return ctrl.Result{}, err } - return reconcile(ctx, req, &css, r.Client, log, r.ControllerClass, cssmetrics.GetGaugeVec, r.recorder, r.RequeueInterval) + return reconcile(ctx, req, &css, r.Client, log, Opts{ + ControllerClass: r.ControllerClass, + GaugeVecGetter: cssmetrics.GetGaugeVec, + Recorder: r.recorder, + RequeueInterval: r.RequeueInterval, + }) } // SetupWithManager returns a new controller builder that will be started by the provided Manager. diff --git a/pkg/controllers/secretstore/common.go b/pkg/controllers/secretstore/common.go index a9c5b51baf8..538b7fdb00c 100644 --- a/pkg/controllers/secretstore/common.go +++ b/pkg/controllers/secretstore/common.go @@ -30,24 +30,30 @@ import ( ) const ( - errStoreProvider = "could not get store provider: %w" errStoreClient = "could not get provider client: %w" errValidationFailed = "could not validate provider: %w" errPatchStatus = "unable to patch status: %w" errUnableCreateClient = "unable to create client" errUnableValidateStore = "unable to validate store: %s" - errUnableGetProvider = "unable to get store provider" msgStoreValidated = "store validated" ) -func reconcile(ctx context.Context, req ctrl.Request, ss esapi.GenericStore, cl client.Client, log logr.Logger, - controllerClass string, gaugeVecGetter metrics.GaugeVevGetter, recorder record.EventRecorder, requeueInterval time.Duration) (ctrl.Result, error) { - if !ShouldProcessStore(ss, controllerClass) { +type Opts struct { + ControllerClass string + GaugeVecGetter metrics.GaugeVevGetter + Recorder record.EventRecorder + RequeueInterval time.Duration +} + +func reconcile(ctx context.Context, req ctrl.Request, ss esapi.GenericStore, cl client.Client, log logr.Logger, opts Opts) (ctrl.Result, error) { + if !ShouldProcessStore(ss, opts.ControllerClass) { log.V(1).Info("skip store") return ctrl.Result{}, nil } + requeueInterval := opts.RequeueInterval + if ss.GetSpec().RefreshInterval != 0 { requeueInterval = time.Second * time.Duration(ss.GetSpec().RefreshInterval) } @@ -64,7 +70,7 @@ func reconcile(ctx context.Context, req ctrl.Request, ss esapi.GenericStore, cl // validateStore modifies the store conditions // we have to patch the status log.V(1).Info("validating") - err := validateStore(ctx, req.Namespace, controllerClass, ss, cl, gaugeVecGetter, recorder) + err := validateStore(ctx, req.Namespace, opts.ControllerClass, ss, cl, opts.GaugeVecGetter, opts.Recorder) if err != nil { log.Error(err, "unable to validate store") return ctrl.Result{}, err @@ -79,9 +85,9 @@ func reconcile(ctx context.Context, req ctrl.Request, ss esapi.GenericStore, cl } ss.SetStatus(capStatus) - recorder.Event(ss, v1.EventTypeNormal, esapi.ReasonStoreValid, msgStoreValidated) + opts.Recorder.Event(ss, v1.EventTypeNormal, esapi.ReasonStoreValid, msgStoreValidated) cond := NewSecretStoreCondition(esapi.SecretStoreReady, v1.ConditionTrue, esapi.ReasonStoreValid, msgStoreValidated) - SetExternalSecretCondition(ss, *cond, gaugeVecGetter) + SetExternalSecretCondition(ss, *cond, opts.GaugeVecGetter) return ctrl.Result{ RequeueAfter: requeueInterval, diff --git a/pkg/controllers/secretstore/secretstore_controller.go b/pkg/controllers/secretstore/secretstore_controller.go index 5fa0654d65a..ad46f5ab2c2 100644 --- a/pkg/controllers/secretstore/secretstore_controller.go +++ b/pkg/controllers/secretstore/secretstore_controller.go @@ -63,7 +63,12 @@ func (r *StoreReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl return ctrl.Result{}, err } - return reconcile(ctx, req, &ss, r.Client, log, r.ControllerClass, ssmetrics.GetGaugeVec, r.recorder, r.RequeueInterval) + return reconcile(ctx, req, &ss, r.Client, log, Opts{ + ControllerClass: r.ControllerClass, + GaugeVecGetter: ssmetrics.GetGaugeVec, + Recorder: r.recorder, + RequeueInterval: r.RequeueInterval, + }) } // SetupWithManager returns a new controller builder that will be started by the provided Manager. diff --git a/pkg/controllers/webhookconfig/suite_test.go b/pkg/controllers/webhookconfig/suite_test.go index 76d2ef521b6..061bef4fbf2 100644 --- a/pkg/controllers/webhookconfig/suite_test.go +++ b/pkg/controllers/webhookconfig/suite_test.go @@ -87,7 +87,13 @@ var _ = BeforeSuite(func() { Expect(k8sClient).ToNot(BeNil()) leaderChan := make(chan struct{}) close(leaderChan) - reconciler = New(k8sClient, k8sManager.GetScheme(), leaderChan, ctrl.Log, ctrlSvcName, ctrlSvcNamespace, ctrlSecretName, ctrlSecretNamespace, time.Second) + reconciler = New(k8sClient, k8sManager.GetScheme(), leaderChan, ctrl.Log, Opts{ + SvcName: ctrlSvcName, + SvcNamespace: ctrlSvcNamespace, + SecretName: ctrlSecretName, + SecretNamespace: ctrlSecretNamespace, + RequeueInterval: time.Second, + }) reconciler.SetupWithManager(k8sManager, controller.Options{}) Expect(err).ToNot(HaveOccurred()) diff --git a/pkg/controllers/webhookconfig/webhookconfig.go b/pkg/controllers/webhookconfig/webhookconfig.go index 58eae5a678b..bc262458268 100644 --- a/pkg/controllers/webhookconfig/webhookconfig.go +++ b/pkg/controllers/webhookconfig/webhookconfig.go @@ -57,18 +57,24 @@ type Reconciler struct { webhookReady bool } -func New(k8sClient client.Client, scheme *runtime.Scheme, leaderChan <-chan struct{}, - log logr.Logger, svcName, svcNamespace, secretName, secretNamespace string, - requeueInterval time.Duration) *Reconciler { +type Opts struct { + SvcName string + SvcNamespace string + SecretName string + SecretNamespace string + RequeueInterval time.Duration +} + +func New(k8sClient client.Client, scheme *runtime.Scheme, leaderChan <-chan struct{}, log logr.Logger, opts Opts) *Reconciler { return &Reconciler{ Client: k8sClient, Scheme: scheme, Log: log, - RequeueDuration: requeueInterval, - SvcName: svcName, - SvcNamespace: svcNamespace, - SecretName: secretName, - SecretNamespace: secretNamespace, + RequeueDuration: opts.RequeueInterval, + SvcName: opts.SvcName, + SvcNamespace: opts.SvcNamespace, + SecretName: opts.SecretName, + SecretNamespace: opts.SecretNamespace, leaderChan: leaderChan, leaderElected: false, webhookReadyMu: &sync.Mutex{}, diff --git a/pkg/generator/vault/vault.go b/pkg/generator/vault/vault.go index f729e064142..28e85a204a1 100644 --- a/pkg/generator/vault/vault.go +++ b/pkg/generator/vault/vault.go @@ -30,6 +30,7 @@ import ( genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1" provider "github.com/external-secrets/external-secrets/pkg/provider/vault" + "github.com/external-secrets/external-secrets/pkg/provider/vault/util" "github.com/external-secrets/external-secrets/pkg/utils" ) @@ -76,23 +77,7 @@ func (g *Generator) generate(ctx context.Context, c *provider.Provider, jsonSpec return nil, fmt.Errorf(errVaultClient, err) } - var result *vault.Secret - if res.Spec.Method == "" || res.Spec.Method == "GET" { - result, err = cl.Logical().ReadWithDataWithContext(ctx, res.Spec.Path, nil) - } else if res.Spec.Method == "LIST" { - result, err = cl.Logical().ListWithContext(ctx, res.Spec.Path) - } else if res.Spec.Method == "DELETE" { - result, err = cl.Logical().DeleteWithContext(ctx, res.Spec.Path) - } else { - params := make(map[string]any) - if res.Spec.Parameters != nil { - err = json.Unmarshal(res.Spec.Parameters.Raw, ¶ms) - if err != nil { - return nil, err - } - } - result, err = cl.Logical().WriteWithContext(ctx, res.Spec.Path, params) - } + result, err := g.fetchVaultSecret(ctx, res, cl) if err != nil { return nil, err } @@ -124,6 +109,32 @@ func (g *Generator) generate(ctx context.Context, c *provider.Provider, jsonSpec return response, nil } +func (g *Generator) fetchVaultSecret(ctx context.Context, res *genv1alpha1.VaultDynamicSecret, cl util.Client) (*vault.Secret, error) { + var ( + result *vault.Secret + err error + ) + + if res.Spec.Method == "" || res.Spec.Method == "GET" { + result, err = cl.Logical().ReadWithDataWithContext(ctx, res.Spec.Path, nil) + } else if res.Spec.Method == "LIST" { + result, err = cl.Logical().ListWithContext(ctx, res.Spec.Path) + } else if res.Spec.Method == "DELETE" { + result, err = cl.Logical().DeleteWithContext(ctx, res.Spec.Path) + } else { + params := make(map[string]any) + if res.Spec.Parameters != nil { + if err := json.Unmarshal(res.Spec.Parameters.Raw, ¶ms); err != nil { + return nil, err + } + } + + result, err = cl.Logical().WriteWithContext(ctx, res.Spec.Path, params) + } + + return result, err +} + func parseSpec(data []byte) (*genv1alpha1.VaultDynamicSecret, error) { var spec genv1alpha1.VaultDynamicSecret err := yaml.Unmarshal(data, &spec) diff --git a/pkg/provider/akeyless/akeyless.go b/pkg/provider/akeyless/akeyless.go index 07629670566..d230faaa011 100644 --- a/pkg/provider/akeyless/akeyless.go +++ b/pkg/provider/akeyless/akeyless.go @@ -47,9 +47,8 @@ type AkeylessCtx string const ( defaultAPIUrl = "https://api.akeyless.io" - errNotImplemented = "not implemented" - ExtSecretManagedTag = "k8s-external-secrets" - AkeylessToken AkeylessCtx = "AKEYLESS_TOKEN" + extSecretManagedTag = "k8s-external-secrets" + aKeylessToken AkeylessCtx = "AKEYLESS_TOKEN" ) // https://github.com/external-secrets/external-secrets/issues/644 @@ -230,14 +229,14 @@ func newClient(ctx context.Context, store esv1beta1.GenericStore, kube client.Cl } func (a *Akeyless) contextWithToken(ctx context.Context) (context.Context, error) { - if v := ctx.Value(AkeylessToken); v != nil { + if v := ctx.Value(aKeylessToken); v != nil { return ctx, nil } token, err := a.Client.TokenFromSecretRef(ctx) if err != nil { return nil, err } - return context.WithValue(ctx, AkeylessToken, token), nil + return context.WithValue(ctx, aKeylessToken, token), nil } func (a *Akeyless) Close(_ context.Context) error { @@ -299,8 +298,8 @@ func (a *Akeyless) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDa return []byte(val.String()), nil } -// Implements store.Client.GetAllSecrets Interface. -// Retrieves a all secrets with defined in ref.Name or tags. +// GetAllSecrets Implements store.Client.GetAllSecrets Interface. +// Retrieves all secrets with defined in ref.Name or tags. func (a *Akeyless) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecretFind) (map[string][]byte, error) { if utils.IsNil(a.Client) { return nil, errors.New(errUninitalizedAkeylessProvider) @@ -321,37 +320,32 @@ func (a *Akeyless) GetAllSecrets(ctx context.Context, ref esv1beta1.ExternalSecr } } if ref.Name != nil { - potentialSecrets, err := a.Client.ListSecrets(ctx, searchPath, "") + return a.findSecretsFromName(ctx, searchPath, *ref.Name) + } + if len(ref.Tags) > 0 { + return a.getSecrets(ctx, searchPath, ref.Tags) + } + + return nil, errors.New("unexpected find operator") +} + +func (a *Akeyless) getSecrets(ctx context.Context, searchPath string, tags map[string]string) (map[string][]byte, error) { + var potentialSecretsName []string + for _, v := range tags { + potentialSecrets, err := a.Client.ListSecrets(ctx, searchPath, v) if err != nil { return nil, err } - if len(potentialSecrets) == 0 { - return nil, nil + if len(potentialSecrets) > 0 { + potentialSecretsName = append(potentialSecretsName, potentialSecrets...) } - return a.findSecretsFromName(ctx, potentialSecrets, *ref.Name) } - if len(ref.Tags) > 0 { - var potentialSecretsName []string - for _, v := range ref.Tags { - potentialSecrets, err := a.Client.ListSecrets(ctx, searchPath, v) - if err != nil { - return nil, err - } - if len(potentialSecrets) > 0 { - potentialSecretsName = append(potentialSecretsName, potentialSecrets...) - } - } - if len(potentialSecretsName) == 0 { - return nil, nil - } - return a.getSecrets(ctx, potentialSecretsName) + if len(potentialSecretsName) == 0 { + return nil, nil } - return nil, errors.New("unexpected find operator") -} -func (a *Akeyless) getSecrets(ctx context.Context, candidates []string) (map[string][]byte, error) { secrets := make(map[string][]byte) - for _, name := range candidates { + for _, name := range potentialSecretsName { secretValue, err := a.Client.GetSecretByType(ctx, name, 0) if err != nil { return nil, err @@ -363,13 +357,21 @@ func (a *Akeyless) getSecrets(ctx context.Context, candidates []string) (map[str return secrets, nil } -func (a *Akeyless) findSecretsFromName(ctx context.Context, candidates []string, ref esv1beta1.FindName) (map[string][]byte, error) { +func (a *Akeyless) findSecretsFromName(ctx context.Context, searchPath string, ref esv1beta1.FindName) (map[string][]byte, error) { + potentialSecrets, err := a.Client.ListSecrets(ctx, searchPath, "") + if err != nil { + return nil, err + } + if len(potentialSecrets) == 0 { + return nil, nil + } + secrets := make(map[string][]byte) matcher, err := find.New(ref) if err != nil { return nil, err } - for _, name := range candidates { + for _, name := range potentialSecrets { ok := matcher.MatchName(name) if ok { secretValue, err := a.Client.GetSecretByType(ctx, name, 0) @@ -384,7 +386,7 @@ func (a *Akeyless) findSecretsFromName(ctx context.Context, candidates []string, return secrets, nil } -// Implements store.Client.GetSecretMap Interface. +// GetSecretMap implements store.Client.GetSecretMap Interface. // New version of GetSecretMap. func (a *Akeyless) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { if utils.IsNil(a.Client) { @@ -495,7 +497,7 @@ func (a *Akeyless) DeleteSecret(ctx context.Context, psr esv1beta1.PushSecretRem if err != nil { return err } - if item == nil || item.ItemTags == nil || !slices.Contains(*item.ItemTags, ExtSecretManagedTag) { + if item == nil || item.ItemTags == nil || !slices.Contains(*item.ItemTags, extSecretManagedTag) { return nil } if psr.GetProperty() == "" { diff --git a/pkg/provider/akeyless/akeyless_api.go b/pkg/provider/akeyless/akeyless_api.go index b7cd3f94ee1..9af7c2a4d59 100644 --- a/pkg/provider/akeyless/akeyless_api.go +++ b/pkg/provider/akeyless/akeyless_api.go @@ -114,7 +114,7 @@ func (a *akeylessBase) GetSecretByType(ctx context.Context, secretName string, v } func SetBodyToken(t Tokener, ctx context.Context) error { - token, ok := ctx.Value(AkeylessToken).(string) + token, ok := ctx.Value(aKeylessToken).(string) if !ok { return ErrTokenNotExists } @@ -321,7 +321,7 @@ func (a *akeylessBase) CreateSecret(ctx context.Context, remoteKey, data string) body := akeyless.CreateSecret{ Name: remoteKey, Value: data, - Tags: &[]string{ExtSecretManagedTag}, + Tags: &[]string{extSecretManagedTag}, } if err := SetBodyToken(&body, ctx); err != nil { return err @@ -360,33 +360,36 @@ func (a *akeylessBase) DeleteSecret(ctx context.Context, remoteKey string) error } func (a *akeylessBase) getK8SServiceAccountJWT(ctx context.Context, kubernetesAuth *esv1beta1.AkeylessKubernetesAuth) (string, error) { - if kubernetesAuth != nil { - if kubernetesAuth.ServiceAccountRef != nil { - // Kubernetes =v1.24: fetch token via TokenRequest API - jwt, err = a.getJWTfromServiceAccountToken(ctx, *kubernetesAuth.ServiceAccountRef, nil, 600) - if err != nil { - return "", err - } - return jwt, nil - } else if kubernetesAuth.SecretRef != nil { - tokenRef := kubernetesAuth.SecretRef - if tokenRef.Key == "" { - tokenRef = kubernetesAuth.SecretRef.DeepCopy() - tokenRef.Key = "token" - } - jwt, err := resolvers.SecretKeyRef(ctx, a.kube, a.storeKind, a.namespace, tokenRef) - if err != nil { - return "", err - } - return jwt, nil + if kubernetesAuth == nil { + return readK8SServiceAccountJWT() + } + + switch { + case kubernetesAuth.ServiceAccountRef != nil: + jwt, err := a.getJWTFromServiceAccount(ctx, kubernetesAuth.ServiceAccountRef) + if jwt != "" { + return jwt, err + } + // Kubernetes >=v1.24: fetch token via TokenRequest API + jwt, err = a.getJWTfromServiceAccountToken(ctx, *kubernetesAuth.ServiceAccountRef, nil, 600) + if err != nil { + return "", err } + return jwt, nil + case kubernetesAuth.SecretRef != nil: + tokenRef := kubernetesAuth.SecretRef + if tokenRef.Key == "" { + tokenRef = kubernetesAuth.SecretRef.DeepCopy() + tokenRef.Key = "token" + } + jwt, err := resolvers.SecretKeyRef(ctx, a.kube, a.storeKind, a.namespace, tokenRef) + if err != nil { + return "", err + } + return jwt, nil } - return readK8SServiceAccountJWT() + + return "", fmt.Errorf("can't determine k8s service account jwt") } func (a *akeylessBase) getJWTFromServiceAccount(ctx context.Context, serviceAccountRef *esmeta.ServiceAccountSelector) (string, error) { diff --git a/pkg/provider/akeyless/akeyless_test.go b/pkg/provider/akeyless/akeyless_test.go index 479de54d01e..295471a9c9e 100644 --- a/pkg/provider/akeyless/akeyless_test.go +++ b/pkg/provider/akeyless/akeyless_test.go @@ -402,7 +402,7 @@ func TestDeleteSecret(t *testing.T) { })), makeValidAkeylessTestCase("delete whole secret").SetExpectInput(&testingfake.PushSecretData{RemoteKey: "42"}). SetMockClient(fakeakeyless.New().SetDescribeItemFn(func(ctx context.Context, itemName string) (*akeyless.Item, error) { - return &akeyless.Item{ItemTags: &[]string{ExtSecretManagedTag}}, nil + return &akeyless.Item{ItemTags: &[]string{extSecretManagedTag}}, nil }).SetDeleteSecretFn(func(ctx context.Context, remoteKey string) error { if remoteKey != "42" { return fmt.Errorf("remote key %s expected %s", remoteKey, "42") @@ -411,7 +411,7 @@ func TestDeleteSecret(t *testing.T) { })), makeValidAkeylessTestCase("delete property of secret").SetExpectInput(&testingfake.PushSecretData{Property: "Foo"}). SetMockClient(fakeakeyless.New().SetDescribeItemFn(func(ctx context.Context, itemName string) (*akeyless.Item, error) { - return &akeyless.Item{ItemTags: &[]string{ExtSecretManagedTag}}, nil + return &akeyless.Item{ItemTags: &[]string{extSecretManagedTag}}, nil }).SetGetSecretFn(func(secretName string, version int32) (string, error) { return `{"Dio": "Brando", "Foo": "Fighters"}`, nil }). @@ -424,7 +424,7 @@ func TestDeleteSecret(t *testing.T) { })), makeValidAkeylessTestCase("delete secret if one property left").SetExpectInput(&testingfake.PushSecretData{RemoteKey: "Rings", Property: "Annatar"}). SetMockClient(fakeakeyless.New().SetDescribeItemFn(func(ctx context.Context, itemName string) (*akeyless.Item, error) { - return &akeyless.Item{ItemTags: &[]string{ExtSecretManagedTag}}, nil + return &akeyless.Item{ItemTags: &[]string{extSecretManagedTag}}, nil }).SetGetSecretFn(func(secretName string, version int32) (string, error) { return `{"Annatar": "The Lord of Gifts"}`, nil }). diff --git a/pkg/provider/aws/parameterstore/parameterstore.go b/pkg/provider/aws/parameterstore/parameterstore.go index 842cc3e028f..cd5e42d1739 100644 --- a/pkg/provider/aws/parameterstore/parameterstore.go +++ b/pkg/provider/aws/parameterstore/parameterstore.go @@ -29,7 +29,7 @@ import ( "github.com/aws/aws-sdk-go/service/ssm" "github.com/tidwall/gjson" corev1 "k8s.io/api/core/v1" - utilpointer "k8s.io/utils/ptr" + "k8s.io/utils/ptr" ctrl "sigs.k8s.io/controller-runtime" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" @@ -42,10 +42,10 @@ import ( // Declares metadata information for pushing secrets to AWS Parameter Store. const ( - PushSecretType = "parameterStoreType" - StoreTypeString = "String" - StoreKeyID = "parameterStoreKeyID" - PushSecretKeyID = "keyID" + pushSecretType = "parameterStoreType" + storeTypeString = "String" + storeKeyID = "parameterStoreKeyID" + pushSecretKeyID = "keyID" ) // https://github.com/external-secrets/external-secrets/issues/644 @@ -154,12 +154,12 @@ func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, err error ) - parameterTypeFormat, err := utils.FetchValueFromMetadata(PushSecretType, data.GetMetadata(), StoreTypeString) + parameterTypeFormat, err := utils.FetchValueFromMetadata(pushSecretType, data.GetMetadata(), storeTypeString) if err != nil { return fmt.Errorf("failed to parse metadata: %w", err) } - parameterKeyIDFormat, err := utils.FetchValueFromMetadata(StoreKeyID, data.GetMetadata(), PushSecretKeyID) + parameterKeyIDFormat, err := utils.FetchValueFromMetadata(storeKeyID, data.GetMetadata(), pushSecretKeyID) if err != nil { return fmt.Errorf("failed to parse metadata: %w", err) } @@ -168,8 +168,6 @@ func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, parameterKeyIDFormat = "alias/aws/ssm" } - overwrite := true - key := data.GetSecretKey() if key == "" { @@ -181,14 +179,12 @@ func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, value = secret.Data[key] } - stringValue := string(value) secretName := pm.prefix + data.GetRemoteKey() - secretRequest := ssm.PutParameterInput{ - Name: &secretName, - Value: &stringValue, - Type: ¶meterTypeFormat, - Overwrite: &overwrite, + Name: ptr.To(pm.prefix + data.GetRemoteKey()), + Value: ptr.To(string(value)), + Type: ptr.To(parameterTypeFormat), + Overwrite: ptr.To(true), } if parameterTypeFormat == "SecureString" { @@ -210,33 +206,37 @@ func (pm *ParameterStore) PushSecret(ctx context.Context, secret *corev1.Secret, // If we have a valid parameter returned to us, check its tags if existing != nil && existing.Parameter != nil { - tags, err := pm.getTagsByName(ctx, existing) - if err != nil { - return fmt.Errorf("error getting the existing tags for the parameter %v: %w", secretName, err) - } + return pm.setExisting(ctx, existing, secretName, value, secretRequest) + } - isManaged := isManagedByESO(tags) + // let's set the secret + // Do we need to delete the existing parameter on the remote? + return pm.setManagedRemoteParameter(ctx, secretRequest, true) +} - if !isManaged { - return errors.New("secret not managed by external-secrets") - } +func (pm *ParameterStore) setExisting(ctx context.Context, existing *ssm.GetParameterOutput, secretName string, value []byte, secretRequest ssm.PutParameterInput) error { + tags, err := pm.getTagsByName(ctx, existing) + if err != nil { + return fmt.Errorf("error getting the existing tags for the parameter %v: %w", secretName, err) + } - // When fetching a remote SecureString parameter without decrypting, the default value will always be 'sensitive' - // in this case, no updates will be pushed remotely - if existing.Parameter.Value != nil && *existing.Parameter.Value == "sensitive" { - return errors.New("unable to compare 'sensitive' result, ensure to request a decrypted value") - } + isManaged := isManagedByESO(tags) - if existing.Parameter.Value != nil && *existing.Parameter.Value == string(value) { - return nil - } + if !isManaged { + return errors.New("secret not managed by external-secrets") + } - return pm.setManagedRemoteParameter(ctx, secretRequest, false) + // When fetching a remote SecureString parameter without decrypting, the default value will always be 'sensitive' + // in this case, no updates will be pushed remotely + if existing.Parameter.Value != nil && *existing.Parameter.Value == "sensitive" { + return errors.New("unable to compare 'sensitive' result, ensure to request a decrypted value") } - // let's set the secret - // Do we need to delete the existing parameter on the remote? - return pm.setManagedRemoteParameter(ctx, secretRequest, true) + if existing.Parameter.Value != nil && *existing.Parameter.Value == string(value) { + return nil + } + + return pm.setManagedRemoteParameter(ctx, secretRequest, false) } func isManagedByESO(tags []*ssm.Tag) bool { @@ -309,14 +309,17 @@ func (pm *ParameterStore) findByName(ctx context.Context, ref esv1beta1.External logger.Info("GetParametersByPath: access denied. using fallback to describe parameters. It is recommended to add ssm:GetParametersByPath permissions", "path", ref.Path) return pm.fallbackFindByName(ctx, ref) } + return nil, err } + for _, param := range it.Parameters { if !matcher.MatchName(*param.Name) { continue } data[*param.Name] = []byte(*param.Value) } + nextToken = it.NextToken if nextToken == nil { break @@ -375,9 +378,9 @@ func (pm *ParameterStore) findByTags(ctx context.Context, ref esv1beta1.External filters := make([]*ssm.ParameterStringFilter, 0) for k, v := range ref.Tags { filters = append(filters, &ssm.ParameterStringFilter{ - Key: utilpointer.To(fmt.Sprintf("tag:%s", k)), - Values: []*string{utilpointer.To(v)}, - Option: utilpointer.To("Equals"), + Key: ptr.To(fmt.Sprintf("tag:%s", k)), + Values: []*string{ptr.To(v)}, + Option: ptr.To("Equals"), }) } @@ -419,7 +422,7 @@ func (pm *ParameterStore) findByTags(ctx context.Context, ref esv1beta1.External func (pm *ParameterStore) fetchAndSet(ctx context.Context, data map[string][]byte, name string) error { out, err := pm.client.GetParameterWithContext(ctx, &ssm.GetParameterInput{ - Name: utilpointer.To(name), + Name: ptr.To(name), WithDecryption: aws.Bool(true), }) metrics.ObserveAPICall(constants.ProviderAWSPS, constants.CallAWSPSGetParameter, err) diff --git a/pkg/provider/aws/secretsmanager/secretsmanager.go b/pkg/provider/aws/secretsmanager/secretsmanager.go index 559bd326c85..4113e42e45e 100644 --- a/pkg/provider/aws/secretsmanager/secretsmanager.go +++ b/pkg/provider/aws/secretsmanager/secretsmanager.go @@ -113,55 +113,11 @@ func (sm *SecretsManager) fetch(ctx context.Context, ref esv1beta1.ExternalSecre return secretOut, nil } - var secretOut *awssm.GetSecretValueOutput - var err error - - if ref.MetadataPolicy == esv1beta1.ExternalSecretMetadataPolicyFetch { - describeSecretInput := &awssm.DescribeSecretInput{ - SecretId: &ref.Key, - } - - descOutput, err := sm.client.DescribeSecretWithContext(ctx, describeSecretInput) - if err != nil { - return nil, err - } - log.Info("found metadata secret", "key", ref.Key, "output", descOutput) - - jsonTags, err := util.SecretTagsToJSONString(descOutput.Tags) - if err != nil { - return nil, err - } - secretOut = &awssm.GetSecretValueOutput{ - ARN: descOutput.ARN, - CreatedDate: descOutput.CreatedDate, - Name: descOutput.Name, - SecretString: &jsonTags, - VersionId: &ver, - } - } else { - var getSecretValueInput *awssm.GetSecretValueInput - if strings.HasPrefix(ver, "uuid/") { - versionID := strings.TrimPrefix(ver, "uuid/") - getSecretValueInput = &awssm.GetSecretValueInput{ - SecretId: &ref.Key, - VersionId: &versionID, - } - } else { - getSecretValueInput = &awssm.GetSecretValueInput{ - SecretId: &ref.Key, - VersionStage: &ver, - } - } - secretOut, err = sm.client.GetSecretValue(getSecretValueInput) - metrics.ObserveAPICall(constants.ProviderAWSSM, constants.CallAWSSMGetSecretValue, err) - var nf *awssm.ResourceNotFoundException - if errors.As(err, &nf) { - return nil, esv1beta1.NoSecretErr - } - if err != nil { - return nil, err - } + secretOut, err := sm.constructSecretValue(ctx, ref, ver) + if err != nil { + return nil, err } + sm.cache[cacheKey] = secretOut return secretOut, nil @@ -634,3 +590,51 @@ func (sm *SecretsManager) setSecretValues(secret *awssm.SecretValueEntry, data m data[*secret.Name] = secret.SecretBinary } } + +func (sm *SecretsManager) constructSecretValue(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef, ver string) (*awssm.GetSecretValueOutput, error) { + if ref.MetadataPolicy == esv1beta1.ExternalSecretMetadataPolicyFetch { + describeSecretInput := &awssm.DescribeSecretInput{ + SecretId: &ref.Key, + } + + descOutput, err := sm.client.DescribeSecretWithContext(ctx, describeSecretInput) + if err != nil { + return nil, err + } + log.Info("found metadata secret", "key", ref.Key, "output", descOutput) + + jsonTags, err := util.SecretTagsToJSONString(descOutput.Tags) + if err != nil { + return nil, err + } + return &awssm.GetSecretValueOutput{ + ARN: descOutput.ARN, + CreatedDate: descOutput.CreatedDate, + Name: descOutput.Name, + SecretString: &jsonTags, + VersionId: &ver, + }, nil + } + + var getSecretValueInput *awssm.GetSecretValueInput + if strings.HasPrefix(ver, "uuid/") { + versionID := strings.TrimPrefix(ver, "uuid/") + getSecretValueInput = &awssm.GetSecretValueInput{ + SecretId: &ref.Key, + VersionId: &versionID, + } + } else { + getSecretValueInput = &awssm.GetSecretValueInput{ + SecretId: &ref.Key, + VersionStage: &ver, + } + } + secretOut, err := sm.client.GetSecretValue(getSecretValueInput) + metrics.ObserveAPICall(constants.ProviderAWSSM, constants.CallAWSSMGetSecretValue, err) + var nf *awssm.ResourceNotFoundException + if errors.As(err, &nf) { + return nil, esv1beta1.NoSecretErr + } + + return secretOut, err +} diff --git a/pkg/provider/aws/secretsmanager/secretsmanager_test.go b/pkg/provider/aws/secretsmanager/secretsmanager_test.go index 71cfcc7c770..115a7dfd318 100644 --- a/pkg/provider/aws/secretsmanager/secretsmanager_test.go +++ b/pkg/provider/aws/secretsmanager/secretsmanager_test.go @@ -62,6 +62,7 @@ const ( tagvalue1 = "tagvalue1" tagname2 = "tagname2" tagvalue2 = "tagvalue2" + fakeKey = "fake-key" ) func makeValidSecretsManagerTestCase() *secretsManagerTestCase { @@ -464,11 +465,11 @@ func TestSetSecret(t *testing.T) { ARN: &arn, } - pushSecretDataWithoutProperty := fake.PushSecretData{SecretKey: secretKey, RemoteKey: "fake-key", Property: ""} - pushSecretDataWithMetadata := fake.PushSecretData{SecretKey: secretKey, RemoteKey: "fake-key", Property: "", Metadata: &apiextensionsv1.JSON{ + pushSecretDataWithoutProperty := fake.PushSecretData{SecretKey: secretKey, RemoteKey: fakeKey, Property: ""} + pushSecretDataWithMetadata := fake.PushSecretData{SecretKey: secretKey, RemoteKey: fakeKey, Property: "", Metadata: &apiextensionsv1.JSON{ Raw: []byte(`{"secretPushFormat": "string"}`), }} - pushSecretDataWithProperty := fake.PushSecretData{SecretKey: secretKey, RemoteKey: "fake-key", Property: "other-fake-property"} + pushSecretDataWithProperty := fake.PushSecretData{SecretKey: secretKey, RemoteKey: fakeKey, Property: "other-fake-property"} type args struct { store *esv1beta1.AWSProvider @@ -655,7 +656,7 @@ func TestSetSecret(t *testing.T) { Version: &defaultUpdatedVersion, }), }, - pushSecretData: fake.PushSecretData{SecretKey: secretKey, RemoteKey: "fake-key", Property: "fake-property.other-fake-property"}, + pushSecretData: fake.PushSecretData{SecretKey: secretKey, RemoteKey: fakeKey, Property: "fake-property.other-fake-property"}, }, want: want{ err: nil, @@ -992,7 +993,7 @@ func TestDeleteSecret(t *testing.T) { } for name, tc := range tests { t.Run(name, func(t *testing.T) { - ref := fake.PushSecretData{RemoteKey: "fake-key"} + ref := fake.PushSecretData{RemoteKey: fakeKey} sm := SecretsManager{ client: &tc.args.client, config: &tc.args.config, @@ -1333,7 +1334,7 @@ func TestSecretExists(t *testing.T) { getSecretCorrectErr := awssm.ResourceNotFoundException{} getSecretWrongErr := awssm.InvalidRequestException{} - pushSecretDataWithoutProperty := fake.PushSecretData{SecretKey: "fake-secret-key", RemoteKey: "fake-key", Property: ""} + pushSecretDataWithoutProperty := fake.PushSecretData{SecretKey: "fake-secret-key", RemoteKey: fakeKey, Property: ""} type args struct { store *esv1beta1.AWSProvider diff --git a/pkg/provider/azure/keyvault/keyvault.go b/pkg/provider/azure/keyvault/keyvault.go index 5af350db210..cd2ccc32f2a 100644 --- a/pkg/provider/azure/keyvault/keyvault.go +++ b/pkg/provider/azure/keyvault/keyvault.go @@ -66,6 +66,7 @@ const ( AnnotationClientID = "azure.workload.identity/client-id" AnnotationTenantID = "azure.workload.identity/tenant-id" managerLabel = "external-secrets" + managedBy = "managed-by" errUnexpectedStoreSpec = "unexpected store spec" errMissingAuthType = "cannot initialize Azure Client: no valid authType was specified" @@ -246,7 +247,7 @@ func canDelete(tags map[string]*string, err error) (bool, error) { if aerr.StatusCode == 404 { return false, nil } - manager, ok := tags["managed-by"] + manager, ok := tags[managedBy] if !ok || manager == nil || *manager != managerLabel { return false, errors.New("not managed by external-secrets") } @@ -410,7 +411,7 @@ func canCreate(tags map[string]*string, err error) (bool, error) { return false, fmt.Errorf("unexpected api error: %w", err) } if err == nil { - manager, ok := tags["managed-by"] + manager, ok := tags[managedBy] if !ok || manager == nil || *manager != managerLabel { return false, errors.New("not managed by external-secrets") } @@ -441,7 +442,7 @@ func (a *Azure) setKeyVaultSecret(ctx context.Context, secretName string, value secretParams := keyvault.SecretSetParameters{ Value: &val, Tags: map[string]*string{ - "managed-by": pointer.To(managerLabel), + managedBy: pointer.To(managerLabel), }, SecretAttributes: &keyvault.SecretAttributes{ Enabled: pointer.To(true), @@ -482,7 +483,7 @@ func (a *Azure) setKeyVaultCertificate(ctx context.Context, secretName string, v params := keyvault.CertificateImportParameters{ Base64EncodedCertificate: &val, Tags: map[string]*string{ - "managed-by": pointer.To(managerLabel), + managedBy: pointer.To(managerLabel), }, } _, err = a.baseClient.ImportCertificate(ctx, *a.provider.VaultURL, secretName, params) @@ -538,7 +539,7 @@ func (a *Azure) setKeyVaultKey(ctx context.Context, secretName string, value []b Key: &azkey, KeyAttributes: &keyvault.KeyAttributes{}, Tags: map[string]*string{ - "managed-by": pointer.To(managerLabel), + managedBy: pointer.To(managerLabel), }, } _, err = a.baseClient.ImportKey(ctx, *a.provider.VaultURL, secretName, params) @@ -698,7 +699,7 @@ func parseError(err error) error { return err } -// Implements store.Client.GetSecret Interface. +// GetSecret implements store.Client.GetSecret Interface. // Retrieves a secret/Key/Certificate/Tag with the secret name defined in ref.Name // The Object Type is defined as a prefix in the ref.Name , if no prefix is defined , we assume a secret is required. func (a *Azure) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { diff --git a/pkg/provider/azure/keyvault/keyvault_test.go b/pkg/provider/azure/keyvault/keyvault_test.go index b9b8ecbb45f..e6cbe08d693 100644 --- a/pkg/provider/azure/keyvault/keyvault_test.go +++ b/pkg/provider/azure/keyvault/keyvault_test.go @@ -140,6 +140,9 @@ const ( foo = "foo" bar = "bar" errStore = "Azure.ValidateStore() error = %v, wantErr %v" + externalSecrets = "external-secrets" + notFoundMessage = "Not Found" + forbiddenMessage = "Forbidden" ) func getTagMap() map[string]*string { @@ -176,7 +179,7 @@ func TestAzureKeyVaultDeleteSecret(t *testing.T) { } smtc.secretOutput = keyvault.SecretBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, Value: pointer.To("foo"), } @@ -187,8 +190,8 @@ func TestAzureKeyVaultDeleteSecret(t *testing.T) { smtc.pushData = testingfake.PushSecretData{ RemoteKey: secretName, } - smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: "Not Found"} - smtc.deleteErr = autorest.DetailedError{StatusCode: 404, Method: "DELETE", Message: "Not Found"} + smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: notFoundMessage} + smtc.deleteErr = autorest.DetailedError{StatusCode: 404, Method: "DELETE", Message: notFoundMessage} } secretNotManaged := func(smtc *secretManagerTestCase) { @@ -216,7 +219,7 @@ func TestAzureKeyVaultDeleteSecret(t *testing.T) { } smtc.secretOutput = keyvault.SecretBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, Value: pointer.To("foo"), } @@ -238,7 +241,7 @@ func TestAzureKeyVaultDeleteSecret(t *testing.T) { } smtc.certOutput = keyvault.CertificateBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, } smtc.deleteCertificateOutput = keyvault.DeletedCertificateBundle{} @@ -248,7 +251,7 @@ func TestAzureKeyVaultDeleteSecret(t *testing.T) { RemoteKey: certName, } smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: "Certificate Not Found"} - smtc.deleteErr = autorest.DetailedError{StatusCode: 404, Method: "DELETE", Message: "Not Found"} + smtc.deleteErr = autorest.DetailedError{StatusCode: 404, Method: "DELETE", Message: notFoundMessage} } certNotManaged := func(smtc *secretManagerTestCase) { @@ -274,7 +277,7 @@ func TestAzureKeyVaultDeleteSecret(t *testing.T) { } smtc.certOutput = keyvault.CertificateBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, } smtc.expectError = "No certificate delete Permissions" @@ -295,7 +298,7 @@ func TestAzureKeyVaultDeleteSecret(t *testing.T) { } smtc.keyOutput = keyvault.KeyBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, } smtc.deleteKeyOutput = keyvault.DeletedKeyBundle{} @@ -304,8 +307,8 @@ func TestAzureKeyVaultDeleteSecret(t *testing.T) { smtc.pushData = testingfake.PushSecretData{ RemoteKey: keyName, } - smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: "Not Found"} - smtc.deleteErr = autorest.DetailedError{StatusCode: 404, Method: "DELETE", Message: "Not Found"} + smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: notFoundMessage} + smtc.deleteErr = autorest.DetailedError{StatusCode: 404, Method: "DELETE", Message: notFoundMessage} } keyNotManaged := func(smtc *secretManagerTestCase) { @@ -331,7 +334,7 @@ func TestAzureKeyVaultDeleteSecret(t *testing.T) { } smtc.keyOutput = keyvault.KeyBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, } smtc.expectError = errNoPermission @@ -405,7 +408,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } smtc.secretOutput = keyvault.SecretBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, Value: &goodSecret, } @@ -418,7 +421,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } smtc.secretOutput = keyvault.SecretBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, Value: &goodSecret, } @@ -445,7 +448,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } smtc.secretOutput = keyvault.SecretBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, Value: &goodSecret, Attributes: &keyvault.SecretAttributes{ @@ -454,7 +457,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } smtc.setSecretOutput = keyvault.SecretBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, Value: &goodSecret, Attributes: &keyvault.SecretAttributes{ @@ -470,7 +473,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } smtc.secretOutput = keyvault.SecretBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("nope"), + managedBy: pointer.To("nope"), }, Value: &goodSecret, } @@ -486,7 +489,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } smtc.secretOutput = keyvault.SecretBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, Value: &wholeSecretString, } @@ -512,7 +515,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { SecretKey: secretKey, RemoteKey: secretName, } - smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: "Not Found"} + smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: notFoundMessage} } failedGetSecret := func(smtc *secretManagerTestCase) { smtc.setValue = []byte(goodSecret) @@ -520,7 +523,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { SecretKey: secretKey, RemoteKey: secretName, } - smtc.apiErr = autorest.DetailedError{StatusCode: 403, Method: "GET", Message: "Forbidden"} + smtc.apiErr = autorest.DetailedError{StatusCode: 403, Method: "GET", Message: forbiddenMessage} smtc.expectError = errAPI } failedNotParseableError := func(smtc *secretManagerTestCase) { @@ -538,8 +541,8 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { SecretKey: secretKey, RemoteKey: secretName, } - smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: "Not Found"} - smtc.setErr = autorest.DetailedError{StatusCode: 403, Method: "POST", Message: "Forbidden"} + smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: notFoundMessage} + smtc.setErr = autorest.DetailedError{StatusCode: 403, Method: "POST", Message: forbiddenMessage} smtc.expectError = "could not set secret example-1: #POST: Forbidden: StatusCode=403" } keySuccess := func(smtc *secretManagerTestCase) { @@ -550,7 +553,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } smtc.keyOutput = keyvault.KeyBundle{ Tags: map[string]*string{ - "managed-by": pointer.To(managerLabel), + managedBy: pointer.To(managerLabel), }, Key: &keyvault.JSONWebKey{}, } @@ -563,7 +566,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } smtc.keyOutput = keyvault.KeyBundle{ Tags: map[string]*string{ - "managed-by": pointer.To(managerLabel), + managedBy: pointer.To(managerLabel), }, Key: &keyvault.JSONWebKey{}, } @@ -576,7 +579,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } smtc.keyOutput = keyvault.KeyBundle{ Tags: map[string]*string{ - "managed-by": pointer.To(managerLabel), + managedBy: pointer.To(managerLabel), }, Key: &keyvault.JSONWebKey{}, } @@ -589,7 +592,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } smtc.keyOutput = keyvault.KeyBundle{ Tags: map[string]*string{ - "managed-by": pointer.To(managerLabel), + managedBy: pointer.To(managerLabel), }, Key: &keyvault.JSONWebKey{}, } @@ -602,7 +605,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } smtc.keyOutput = keyvault.KeyBundle{ Tags: map[string]*string{ - "managed-by": pointer.To(managerLabel), + managedBy: pointer.To(managerLabel), }, Key: &keyvault.JSONWebKey{}, } @@ -629,7 +632,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { } smtc.keyOutput = keyvault.KeyBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("internal-secrets"), + managedBy: pointer.To("internal-secrets"), }, Key: &keyvault.JSONWebKey{}, } @@ -641,7 +644,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { SecretKey: secretKey, RemoteKey: keyName, } - smtc.apiErr = autorest.DetailedError{StatusCode: 403, Method: "GET", Message: "Forbidden"} + smtc.apiErr = autorest.DetailedError{StatusCode: 403, Method: "GET", Message: forbiddenMessage} smtc.expectError = errAPI } keyNotFound := func(smtc *secretManagerTestCase) { @@ -650,7 +653,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { SecretKey: secretKey, RemoteKey: keyName, } - smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: "Not Found"} + smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: notFoundMessage} smtc.expectError = "" } importKeyFailed := func(smtc *secretManagerTestCase) { @@ -659,8 +662,8 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { SecretKey: secretKey, RemoteKey: keyName, } - smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: "Not Found"} - smtc.setErr = autorest.DetailedError{StatusCode: 403, Method: "POST", Message: "Forbidden"} + smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: notFoundMessage} + smtc.setErr = autorest.DetailedError{StatusCode: 403, Method: "POST", Message: forbiddenMessage} smtc.expectError = "could not import key keyname: #POST: Forbidden: StatusCode=403" } certP12Success := func(smtc *secretManagerTestCase) { @@ -672,7 +675,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { smtc.certOutput = keyvault.CertificateBundle{ X509Thumbprint: pointer.To("123"), Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, } } @@ -685,7 +688,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { smtc.certOutput = keyvault.CertificateBundle{ X509Thumbprint: pointer.To("123"), Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, } } @@ -698,7 +701,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { smtc.certOutput = keyvault.CertificateBundle{ X509Thumbprint: pointer.To("123"), Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, } } @@ -712,7 +715,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { smtc.certOutput = keyvault.CertificateBundle{ X509Thumbprint: pointer.To("123"), Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, } } @@ -727,7 +730,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { smtc.certOutput = keyvault.CertificateBundle{ X509Thumbprint: pointer.To("123"), Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, } } @@ -742,7 +745,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { smtc.certOutput = keyvault.CertificateBundle{ X509Thumbprint: pointer.To("123"), Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, } } @@ -757,7 +760,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { smtc.certOutput = keyvault.CertificateBundle{ X509Thumbprint: pointer.To("123"), Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, } smtc.expectError = "could not import certificate certname: error" @@ -774,7 +777,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { smtc.certOutput = keyvault.CertificateBundle{ Cer: &cert, Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + managedBy: pointer.To(externalSecrets), }, } } @@ -788,7 +791,7 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { smtc.certOutput = keyvault.CertificateBundle{ X509Thumbprint: pointer.To("123"), Tags: map[string]*string{ - "managed-by": pointer.To("foobar"), + managedBy: pointer.To("foobar"), }, } smtc.expectError = "certificate certname: not managed by external-secrets" @@ -888,17 +891,17 @@ func TestAzureKeyVaultPushSecret(t *testing.T) { if err == nil { t.Errorf("[%d] unexpected error: , expected: '%s'", k, v.expectError) } else { - t.Errorf("[%d] unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError) + t.Errorf(unexpectedError, k, err.Error(), v.expectError) } } if len(v.expectedData) > 0 { sm.baseClient = v.mockClient out, err := sm.GetSecretMap(context.Background(), *v.ref) if !utils.ErrorContains(err, v.expectError) { - t.Errorf("[%d] unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError) + t.Errorf(unexpectedError, k, err.Error(), v.expectError) } if err == nil && !reflect.DeepEqual(out, v.expectedData) { - t.Errorf("[%d] unexpected secret data: expected %#v, got %#v", k, v.expectedData, out) + t.Errorf(unexpectedSecretData, k, v.expectedData, out) } } } @@ -1271,7 +1274,7 @@ func TestAzureKeyVaultSecretManagerGetSecret(t *testing.T) { sm.baseClient = v.mockClient out, err := sm.GetSecret(context.Background(), *v.ref) if !utils.ErrorContains(err, v.expectError) { - t.Errorf("[%d] unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError) + t.Errorf(unexpectedError, k, err.Error(), v.expectError) } if string(out) != v.expectedSecret { t.Errorf("[%d] unexpected secret: expected %s, got %s", k, v.expectedSecret, string(out)) @@ -1430,10 +1433,10 @@ func TestAzureKeyVaultSecretManagerGetSecretMap(t *testing.T) { sm.baseClient = v.mockClient out, err := sm.GetSecretMap(context.Background(), *v.ref) if !utils.ErrorContains(err, v.expectError) { - t.Errorf("[%d] unexpected error: %s, expected: '%s'", k, err.Error(), v.expectError) + t.Errorf(unexpectedError, k, err.Error(), v.expectError) } if err == nil && !reflect.DeepEqual(out, v.expectedData) { - t.Errorf("[%d] unexpected secret data: expected %#v, got %#v", k, v.expectedData, out) + t.Errorf(unexpectedSecretData, k, v.expectedData, out) } } } @@ -1734,7 +1737,7 @@ func TestAzureKeyVaultSecretExists(t *testing.T) { } smtc.secretOutput = keyvault.SecretBundle{ Tags: map[string]*string{ - "managed-by": pointer.To("external-secrets"), + "managed-by": pointer.To(externalSecrets), }, Value: pointer.To("foo"), } @@ -1758,7 +1761,7 @@ func TestAzureKeyVaultSecretExists(t *testing.T) { smtc.pushData = testingfake.PushSecretData{ RemoteKey: secretName, } - smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: "Not Found"} + smtc.apiErr = autorest.DetailedError{StatusCode: 404, Method: "GET", Message: notFoundMessage} smtc.expectedExistence = false } diff --git a/pkg/provider/bitwarden/bitwarden_sdk.go b/pkg/provider/bitwarden/bitwarden_sdk.go index e661dfb0c32..3adb090ac72 100644 --- a/pkg/provider/bitwarden/bitwarden_sdk.go +++ b/pkg/provider/bitwarden/bitwarden_sdk.go @@ -33,6 +33,8 @@ const ( WardenHeaderAccessToken = "Warden-Access-Token" WardenHeaderAPIURL = "Warden-Api-Url" WardenHeaderIdentityURL = "Warden-Identity-Url" + + restAPIURL = "/rest/api/1/secret" ) type SecretResponse struct { @@ -130,7 +132,7 @@ func (s *SdkClient) GetSecret(ctx context.Context, id string) (*SecretResponse, if err := s.performHTTPRequestOperation(ctx, params{ method: http.MethodGet, - url: s.bitwardenSdkServerURL + "/rest/api/1/secret", + url: s.bitwardenSdkServerURL + restAPIURL, body: body, result: &secretResp, }); err != nil { @@ -150,7 +152,7 @@ func (s *SdkClient) DeleteSecret(ctx context.Context, ids []string) (*SecretsDel secretResp := &SecretsDeleteResponse{} if err := s.performHTTPRequestOperation(ctx, params{ method: http.MethodDelete, - url: s.bitwardenSdkServerURL + "/rest/api/1/secret", + url: s.bitwardenSdkServerURL + restAPIURL, body: body, result: &secretResp, }); err != nil { @@ -164,7 +166,7 @@ func (s *SdkClient) CreateSecret(ctx context.Context, createReq SecretCreateRequ secretResp := &SecretResponse{} if err := s.performHTTPRequestOperation(ctx, params{ method: http.MethodPost, - url: s.bitwardenSdkServerURL + "/rest/api/1/secret", + url: s.bitwardenSdkServerURL + restAPIURL, body: createReq, result: &secretResp, }); err != nil { @@ -178,7 +180,7 @@ func (s *SdkClient) UpdateSecret(ctx context.Context, putReq SecretPutRequest) ( secretResp := &SecretResponse{} if err := s.performHTTPRequestOperation(ctx, params{ method: http.MethodPut, - url: s.bitwardenSdkServerURL + "/rest/api/1/secret", + url: s.bitwardenSdkServerURL + restAPIURL, body: putReq, result: &secretResp, }); err != nil { diff --git a/pkg/provider/bitwarden/bitwarden_sdk_test.go b/pkg/provider/bitwarden/bitwarden_sdk_test.go index 0a6a268e07f..2906afcc54c 100644 --- a/pkg/provider/bitwarden/bitwarden_sdk_test.go +++ b/pkg/provider/bitwarden/bitwarden_sdk_test.go @@ -26,7 +26,7 @@ import ( // The rest of the tests much look the same, it would be nice if I could find a way // to nicely unify the tests for all of them. -func TestSdkClient_CreateSecret(t *testing.T) { +func TestSdkClientCreateSecret(t *testing.T) { type fields struct { apiURL func(c *httptest.Server) string identityURL func(c *httptest.Server) string diff --git a/pkg/provider/bitwarden/client.go b/pkg/provider/bitwarden/client.go index 94215d4a9f7..8df7131801c 100644 --- a/pkg/provider/bitwarden/client.go +++ b/pkg/provider/bitwarden/client.go @@ -24,6 +24,7 @@ import ( "gopkg.in/yaml.v3" corev1 "k8s.io/api/core/v1" "k8s.io/kube-openapi/pkg/validation/strfmt" + "k8s.io/utils/ptr" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" "github.com/external-secrets/external-secrets/pkg/utils" @@ -32,6 +33,13 @@ import ( const ( // NoteMetadataKey defines the note for the pushed secret. NoteMetadataKey = "note" + + errNoProvider = "store does not have a provider" +) + +var ( + errFailedToGetAllSecrets = "failed to get all secrets: %w" + errFailedToGetSecret = "failed to get secret: %w" ) // PushSecret will write a single secret into the provider. @@ -46,7 +54,7 @@ const ( func (p *Provider) PushSecret(ctx context.Context, secret *corev1.Secret, data esv1beta1.PushSecretData) error { spec := p.store.GetSpec() if spec == nil || spec.Provider == nil { - return errors.New("store does not have a provider") + return errors.New(errNoProvider) } if data.GetRemoteKey() == "" { @@ -84,7 +92,7 @@ func (p *Provider) PushSecret(ctx context.Context, secret *corev1.Secret, data e // ListAll Secrets for an organization. If the key matches our key, we GetSecret that and do a compare. remoteSecrets, err := p.bitwardenSdkClient.ListSecrets(ctx, spec.Provider.BitwardenSecretsManager.OrganizationID) if err != nil { - return fmt.Errorf("failed to get all secrets: %w", err) + return fmt.Errorf(errFailedToGetAllSecrets, err) } for _, d := range remoteSecrets.Data { @@ -98,18 +106,10 @@ func (p *Provider) PushSecret(ctx context.Context, secret *corev1.Secret, data e } // If all pushed data matches, we won't push this secret. - if sec.Key == data.GetRemoteKey() && - sec.Value == string(value) && - sec.Note == note && - sec.ProjectID != nil && - *sec.ProjectID == spec.Provider.BitwardenSecretsManager.ProjectID { + if p.isExactlySameSecret(sec, data.GetRemoteKey(), note, spec.Provider.BitwardenSecretsManager.ProjectID, value) { // we have a complete match, skip pushing. return nil - } else if sec.Key == data.GetRemoteKey() && - sec.Value != string(value) && - sec.Note == note && - sec.ProjectID != nil && - *sec.ProjectID == spec.Provider.BitwardenSecretsManager.ProjectID { + } else if p.isOnlyValueDifferent(sec, data.GetRemoteKey(), note, spec.Provider.BitwardenSecretsManager.ProjectID, value) { // only the value is different, update the existing secret. _, err = p.bitwardenSdkClient.UpdateSecret(ctx, SecretPutRequest{ ID: sec.ID, @@ -136,12 +136,26 @@ func (p *Provider) PushSecret(ctx context.Context, secret *corev1.Secret, data e return err } +func (p *Provider) isExactlySameSecret(sec *SecretResponse, remoteKey, note, projectID string, value []byte) bool { + return sec.Key == remoteKey && + sec.Value == string(value) && + sec.Note == note && + ptr.Deref(sec.ProjectID, "") == projectID +} + +func (p *Provider) isOnlyValueDifferent(sec *SecretResponse, remoteKey, note, projectID string, value []byte) bool { + return sec.Key == remoteKey && + sec.Value != string(value) && + sec.Note == note && + ptr.Deref(sec.ProjectID, "") == projectID +} + // GetSecret returns a single secret from the provider. func (p *Provider) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if strfmt.IsUUID(ref.Key) { resp, err := p.bitwardenSdkClient.GetSecret(ctx, ref.Key) if err != nil { - return nil, fmt.Errorf("error getting secret: %w", err) + return nil, fmt.Errorf(errFailedToGetSecret, err) } return []byte(resp.Value), nil @@ -149,12 +163,12 @@ func (p *Provider) GetSecret(ctx context.Context, ref esv1beta1.ExternalSecretDa spec := p.store.GetSpec() if spec == nil || spec.Provider == nil { - return nil, errors.New("store does not have a provider") + return nil, errors.New(errNoProvider) } secret, err := p.findSecretByRef(ctx, ref.Key, spec.Provider.BitwardenSecretsManager.ProjectID) if err != nil { - return nil, fmt.Errorf("error getting secret: %w", err) + return nil, fmt.Errorf(errFailedToGetSecret, err) } if secret == nil { @@ -172,12 +186,12 @@ func (p *Provider) DeleteSecret(ctx context.Context, ref esv1beta1.PushSecretRem spec := p.store.GetSpec() if spec == nil || spec.Provider == nil { - return errors.New("store does not have a provider") + return errors.New(errNoProvider) } secret, err := p.findSecretByRef(ctx, ref.GetRemoteKey(), spec.Provider.BitwardenSecretsManager.ProjectID) if err != nil { - return fmt.Errorf("error getting secret: %w", err) + return fmt.Errorf(errFailedToGetSecret, err) } if secret == nil { @@ -210,7 +224,7 @@ func (p *Provider) SecretExists(ctx context.Context, ref esv1beta1.PushSecretRem if strfmt.IsUUID(ref.GetRemoteKey()) { _, err := p.bitwardenSdkClient.GetSecret(ctx, ref.GetRemoteKey()) if err != nil { - return false, fmt.Errorf("error getting secret: %w", err) + return false, fmt.Errorf(errFailedToGetSecret, err) } return true, nil @@ -218,12 +232,12 @@ func (p *Provider) SecretExists(ctx context.Context, ref esv1beta1.PushSecretRem spec := p.store.GetSpec() if spec == nil || spec.Provider == nil { - return false, errors.New("store does not have a provider") + return false, errors.New(errNoProvider) } secret, err := p.findSecretByRef(ctx, ref.GetRemoteKey(), spec.Provider.BitwardenSecretsManager.ProjectID) if err != nil { - return false, fmt.Errorf("error getting secret: %w", err) + return false, fmt.Errorf(errFailedToGetSecret, err) } if secret == nil { @@ -296,19 +310,19 @@ func (p *Provider) parseYamlSecretData(data []byte) (map[string][]byte, error) { func (p *Provider) GetAllSecrets(ctx context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { spec := p.store.GetSpec() if spec == nil { - return nil, errors.New("store does not have a provider") + return nil, errors.New(errNoProvider) } secrets, err := p.bitwardenSdkClient.ListSecrets(ctx, spec.Provider.BitwardenSecretsManager.OrganizationID) if err != nil { - return nil, fmt.Errorf("failed to get all secrets: %w", err) + return nil, fmt.Errorf(errFailedToGetAllSecrets, err) } result := map[string][]byte{} for _, d := range secrets.Data { sec, err := p.bitwardenSdkClient.GetSecret(ctx, d.ID) if err != nil { - return nil, fmt.Errorf("failed to get secret: %w", err) + return nil, fmt.Errorf(errFailedToGetSecret, err) } result[d.ID] = []byte(sec.Value) @@ -330,13 +344,13 @@ func (p *Provider) Close(_ context.Context) error { func (p *Provider) findSecretByRef(ctx context.Context, key, projectID string) (*SecretResponse, error) { spec := p.store.GetSpec() if spec == nil || spec.Provider == nil { - return nil, errors.New("store does not have a provider") + return nil, errors.New(errNoProvider) } // ListAll Secrets for an organization. If the key matches our key, we GetSecret that and do a compare. secrets, err := p.bitwardenSdkClient.ListSecrets(ctx, spec.Provider.BitwardenSecretsManager.OrganizationID) if err != nil { - return nil, fmt.Errorf("failed to get all secrets: %w", err) + return nil, fmt.Errorf(errFailedToGetAllSecrets, err) } var remoteSecret *SecretResponse @@ -347,7 +361,7 @@ func (p *Provider) findSecretByRef(ctx context.Context, key, projectID string) ( sec, err := p.bitwardenSdkClient.GetSecret(ctx, d.ID) if err != nil { - return nil, fmt.Errorf("failed to get secret: %w", err) + return nil, fmt.Errorf(errFailedToGetSecret, err) } if sec.ProjectID != nil && *sec.ProjectID == projectID { diff --git a/pkg/provider/bitwarden/client_test.go b/pkg/provider/bitwarden/client_test.go index 3672600a08e..f7f1a44ab51 100644 --- a/pkg/provider/bitwarden/client_test.go +++ b/pkg/provider/bitwarden/client_test.go @@ -28,6 +28,11 @@ import ( "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" ) +const ( + remoteID = "d8f29773-3019-4973-9bbc-66327d077fe2" + testKey = "this-is-a-name" +) + var projectID = "e8fc8f9c-2208-446e-9e89-9bc358f39b47" func TestProviderDeleteSecret(t *testing.T) { @@ -72,7 +77,7 @@ func TestProviderDeleteSecret(t *testing.T) { args: args{ ctx: context.TODO(), ref: v1alpha1.PushSecretRemoteRef{ - RemoteKey: "d8f29773-3019-4973-9bbc-66327d077fe2", + RemoteKey: remoteID, }, }, }, @@ -94,15 +99,15 @@ func TestProviderDeleteSecret(t *testing.T) { c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ Data: []SecretIdentifierResponse{ { - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", - Key: "this-is-a-name", + ID: remoteID, + Key: testKey, OrganizationID: "orgid", }, }, }) c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "key", Note: "note", OrganizationID: "org", @@ -118,7 +123,7 @@ func TestProviderDeleteSecret(t *testing.T) { args: args{ ctx: context.TODO(), ref: v1alpha1.PushSecretRemoteRef{ - RemoteKey: "d8f29773-3019-4973-9bbc-66327d077fe2", + RemoteKey: remoteID, }, }, }, @@ -140,8 +145,8 @@ func TestProviderDeleteSecret(t *testing.T) { c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ Data: []SecretIdentifierResponse{ { - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", - Key: "this-is-a-name", + ID: remoteID, + Key: testKey, OrganizationID: "orgid", }, }, @@ -149,8 +154,8 @@ func TestProviderDeleteSecret(t *testing.T) { projectID := "another-project" c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", - Key: "this-is-a-name", + ID: remoteID, + Key: testKey, Note: "note", OrganizationID: "orgid", Value: "value", @@ -165,7 +170,7 @@ func TestProviderDeleteSecret(t *testing.T) { args: args{ ctx: context.TODO(), ref: v1alpha1.PushSecretRemoteRef{ - RemoteKey: "this-is-a-name", + RemoteKey: testKey, }, }, }, @@ -226,7 +231,7 @@ func TestProviderGetAllSecrets(t *testing.T) { c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ Data: []SecretIdentifierResponse{ { - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "key1", OrganizationID: "orgid", }, @@ -239,7 +244,7 @@ func TestProviderGetAllSecrets(t *testing.T) { }) c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "key1", Value: "value1", }) @@ -255,7 +260,7 @@ func TestProviderGetAllSecrets(t *testing.T) { ref: v1beta1.ExternalSecretFind{}, }, want: map[string][]byte{ - "d8f29773-3019-4973-9bbc-66327d077fe2": []byte("value1"), + remoteID: []byte("value1"), "7c0d21ec-10d9-4972-bdf8-ec52df99cc86": []byte("value2"), }, }, @@ -322,7 +327,7 @@ func TestProviderGetSecret(t *testing.T) { args: args{ ctx: context.Background(), ref: v1beta1.ExternalSecretDataRemoteRef{ - Key: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: remoteID, }, }, want: []byte("value"), @@ -348,15 +353,15 @@ func TestProviderGetSecret(t *testing.T) { c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ Data: []SecretIdentifierResponse{ { - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", - Key: "this-is-a-name", + ID: remoteID, + Key: testKey, OrganizationID: "orgid", }, }, }) c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "key", Note: "note", OrganizationID: "org", @@ -368,7 +373,7 @@ func TestProviderGetSecret(t *testing.T) { args: args{ ctx: context.Background(), ref: v1beta1.ExternalSecretDataRemoteRef{ - Key: "this-is-a-name", + Key: testKey, }, }, want: []byte("value"), @@ -429,7 +434,7 @@ func TestProviderPushSecret(t *testing.T) { Match: v1alpha1.PushSecretMatch{ SecretKey: "key", RemoteRef: v1alpha1.PushSecretRemoteRef{ - RemoteKey: "this-is-a-name", + RemoteKey: testKey, }, }, }, @@ -453,14 +458,14 @@ func TestProviderPushSecret(t *testing.T) { c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ Data: []SecretIdentifierResponse{ { - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", - Key: "this-is-a-name", + ID: remoteID, + Key: testKey, OrganizationID: "orgid", }, }, }) c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "no-match", // if this is this-is-a-name it would match Note: "", OrganizationID: "orgid", @@ -472,7 +477,7 @@ func TestProviderPushSecret(t *testing.T) { assertMock: func(t *testing.T, c *FakeClient) { cargs := c.createSecretCallArguments[0] assert.Equal(t, cargs, SecretCreateRequest{ - Key: "this-is-a-name", + Key: testKey, Note: "", OrganizationID: "orgid", ProjectIDS: []string{projectID}, @@ -493,7 +498,7 @@ func TestProviderPushSecret(t *testing.T) { data: v1alpha1.PushSecretData{ Match: v1alpha1.PushSecretMatch{ RemoteRef: v1alpha1.PushSecretRemoteRef{ - RemoteKey: "this-is-a-name", + RemoteKey: testKey, }, }, }, @@ -517,14 +522,14 @@ func TestProviderPushSecret(t *testing.T) { c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ Data: []SecretIdentifierResponse{ { - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", - Key: "this-is-a-name", + ID: remoteID, + Key: testKey, OrganizationID: "orgid", }, }, }) c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "no-match", // if this is this-is-a-name it would match Note: "", OrganizationID: "orgid", @@ -536,7 +541,7 @@ func TestProviderPushSecret(t *testing.T) { assertMock: func(t *testing.T, c *FakeClient) { cargs := c.createSecretCallArguments[0] assert.Equal(t, SecretCreateRequest{ - Key: "this-is-a-name", + Key: testKey, Note: "", OrganizationID: "orgid", ProjectIDS: []string{projectID}, @@ -546,7 +551,7 @@ func TestProviderPushSecret(t *testing.T) { }, }, { - name: "push secret is successful for a existing remote secret but only the value differs will call update", + name: "push secret is successful for an existing remote secret but only the value differs will call update", args: args{ ctx: context.Background(), secret: &corev1.Secret{ @@ -558,7 +563,7 @@ func TestProviderPushSecret(t *testing.T) { Match: v1alpha1.PushSecretMatch{ SecretKey: "key", RemoteRef: v1alpha1.PushSecretRemoteRef{ - RemoteKey: "this-is-a-name", + RemoteKey: testKey, }, }, }, @@ -582,15 +587,15 @@ func TestProviderPushSecret(t *testing.T) { c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ Data: []SecretIdentifierResponse{ { - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", - Key: "this-is-a-name", + ID: remoteID, + Key: testKey, OrganizationID: "orgid", }, }, }) c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", - Key: "this-is-a-name", + ID: remoteID, + Key: testKey, Note: "", OrganizationID: "orgid", Value: "value", @@ -601,8 +606,8 @@ func TestProviderPushSecret(t *testing.T) { assertMock: func(t *testing.T, c *FakeClient) { pargs := c.updateSecretCallArguments[0] assert.Equal(t, pargs, SecretPutRequest{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", - Key: "this-is-a-name", + ID: remoteID, + Key: testKey, Note: "", OrganizationID: "orgid", ProjectIDS: []string{projectID}, @@ -624,7 +629,7 @@ func TestProviderPushSecret(t *testing.T) { Match: v1alpha1.PushSecretMatch{ SecretKey: "key", RemoteRef: v1alpha1.PushSecretRemoteRef{ - RemoteKey: "this-is-a-name", + RemoteKey: testKey, }, }, }, @@ -648,15 +653,15 @@ func TestProviderPushSecret(t *testing.T) { c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ Data: []SecretIdentifierResponse{ { - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", - Key: "this-is-a-name", + ID: remoteID, + Key: testKey, OrganizationID: "orgid", }, }, }) c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", - Key: "this-is-a-name", + ID: remoteID, + Key: testKey, OrganizationID: "orgid", Value: "value", ProjectID: &projectID, @@ -735,7 +740,7 @@ func TestProviderSecretExists(t *testing.T) { ref: v1alpha1.PushSecretData{ Match: v1alpha1.PushSecretMatch{ RemoteRef: v1alpha1.PushSecretRemoteRef{ - RemoteKey: "d8f29773-3019-4973-9bbc-66327d077fe2", + RemoteKey: remoteID, }, }, }, @@ -759,14 +764,14 @@ func TestProviderSecretExists(t *testing.T) { c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ Data: []SecretIdentifierResponse{ { - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "name", OrganizationID: "orgid", }, }, }) c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "name", OrganizationID: "orgid", Value: "value", @@ -803,7 +808,7 @@ func TestProviderSecretExists(t *testing.T) { c.ListSecretReturnsOnCallN(0, &SecretIdentifiersResponse{ Data: []SecretIdentifierResponse{ { - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "name", OrganizationID: "orgid", }, @@ -811,7 +816,7 @@ func TestProviderSecretExists(t *testing.T) { }) projectIDDifferent := "different-project" c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "name", OrganizationID: "orgid", Value: "value", @@ -845,6 +850,7 @@ func TestProviderSecretExists(t *testing.T) { }, }, mock: func(c *FakeClient) { + // no mocking needed }, assertMock: func(t *testing.T, c *FakeClient) { assert.Equal(t, 0, c.listSecretsCalledN) @@ -916,7 +922,7 @@ func TestProviderGetSecretMap(t *testing.T) { store: &v1beta1.SecretStore{}, mock: func(c *FakeClient) { c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "key", Note: "note", OrganizationID: "org", @@ -927,7 +933,7 @@ func TestProviderGetSecretMap(t *testing.T) { args: args{ ctx: context.Background(), ref: v1beta1.ExternalSecretDataRemoteRef{ - Key: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: remoteID, Property: "key", }, key: "key", @@ -944,7 +950,7 @@ func TestProviderGetSecretMap(t *testing.T) { store: &v1beta1.SecretStore{}, mock: func(c *FakeClient) { c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "key", Note: "note", OrganizationID: "org", @@ -955,7 +961,7 @@ func TestProviderGetSecretMap(t *testing.T) { args: args{ ctx: context.Background(), ref: v1beta1.ExternalSecretDataRemoteRef{ - Key: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: remoteID, Property: "key", }, key: "key", @@ -972,7 +978,7 @@ func TestProviderGetSecretMap(t *testing.T) { store: &v1beta1.SecretStore{}, mock: func(c *FakeClient) { c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "key", Note: "note", OrganizationID: "org", @@ -984,7 +990,7 @@ func TestProviderGetSecretMap(t *testing.T) { args: args{ ctx: context.Background(), ref: v1beta1.ExternalSecretDataRemoteRef{ - Key: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: remoteID, Property: "key", }, key: "key", @@ -1001,7 +1007,7 @@ func TestProviderGetSecretMap(t *testing.T) { store: &v1beta1.SecretStore{}, mock: func(c *FakeClient) { c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "key", Note: "note", OrganizationID: "org", @@ -1013,7 +1019,7 @@ key2: !!binary VGhpcyBpcyBhIHRlc3Q=`, args: args{ ctx: context.Background(), ref: v1beta1.ExternalSecretDataRemoteRef{ - Key: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: remoteID, Property: "key2", }, key: "key2", @@ -1030,7 +1036,7 @@ key2: !!binary VGhpcyBpcyBhIHRlc3Q=`, store: &v1beta1.SecretStore{}, mock: func(c *FakeClient) { c.GetSecretReturnsOnCallN(0, &SecretResponse{ - ID: "d8f29773-3019-4973-9bbc-66327d077fe2", + ID: remoteID, Key: "key", Note: "note", OrganizationID: "org", @@ -1041,7 +1047,7 @@ key2: !!binary VGhpcyBpcyBhIHRlc3Q=`, args: args{ ctx: context.Background(), ref: v1beta1.ExternalSecretDataRemoteRef{ - Key: "d8f29773-3019-4973-9bbc-66327d077fe2", + Key: remoteID, Property: "nope", }, }, diff --git a/pkg/provider/gcp/secretmanager/client.go b/pkg/provider/gcp/secretmanager/client.go index ae244da1288..52f9566ca10 100644 --- a/pkg/provider/gcp/secretmanager/client.go +++ b/pkg/provider/gcp/secretmanager/client.go @@ -519,15 +519,7 @@ func (c *Client) getSecretMetadata(ctx context.Context, ref esv1beta1.ExternalSe labels = "labels" ) - extractMetadataKey := func(s string, p string) string { - prefix := p + "." - if !strings.HasPrefix(s, prefix) { - return "" - } - return strings.TrimPrefix(s, prefix) - } - - if annotation := extractMetadataKey(ref.Property, annotations); annotation != "" { + if annotation := c.extractMetadataKey(ref.Property, annotations); annotation != "" { v, ok := secret.GetAnnotations()[annotation] if !ok { return nil, fmt.Errorf("annotation with key %s does not exist in secret %s", annotation, ref.Key) @@ -536,7 +528,7 @@ func (c *Client) getSecretMetadata(ctx context.Context, ref esv1beta1.ExternalSe return []byte(v), nil } - if label := extractMetadataKey(ref.Property, labels); label != "" { + if label := c.extractMetadataKey(ref.Property, labels); label != "" { v, ok := secret.GetLabels()[label] if !ok { return nil, fmt.Errorf("label with key %s does not exist in secret %s", label, ref.Key) @@ -578,6 +570,14 @@ func (c *Client) getSecretMetadata(ctx context.Context, ref esv1beta1.ExternalSe return j, nil } +func (c *Client) extractMetadataKey(s, p string) string { + prefix := p + "." + if !strings.HasPrefix(s, prefix) { + return "" + } + return strings.TrimPrefix(s, prefix) +} + // GetSecretMap returns multiple k/v pairs from the provider. func (c *Client) GetSecretMap(ctx context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { if c.smClient == nil || c.store.ProjectID == "" { diff --git a/pkg/provider/gcp/secretmanager/client_test.go b/pkg/provider/gcp/secretmanager/client_test.go index d4b11fb46d1..c7e7e1cf3f0 100644 --- a/pkg/provider/gcp/secretmanager/client_test.go +++ b/pkg/provider/gcp/secretmanager/client_test.go @@ -44,6 +44,9 @@ const ( errCallNotFoundAtIndex0 = "index 0 for call not found in the list of calls" usEast1 = "us-east1" errInvalidReplicationType = "req.Secret.Replication.Replication was not of type *secretmanagerpb.Replication_UserManaged_ but: %T" + testSecretName = "projects/foo/secret/bar" + managedBy = "managed-by" + externalSecrets = "external-secrets" ) type secretManagerTestCase struct { @@ -207,7 +210,7 @@ func TestSecretManagerGetSecret(t *testing.T) { } } -func TestGetSecret_MetadataPolicyFetch(t *testing.T) { +func TestGetSecretMetadataPolicyFetch(t *testing.T) { tests := []struct { name string ref esv1beta1.ExternalSecretDataRemoteRef @@ -224,14 +227,14 @@ func TestGetSecret_MetadataPolicyFetch(t *testing.T) { }, getSecretMockReturn: fakesm.SecretMockReturn{ Secret: &secretmanagerpb.Secret{ - Name: "projects/foo/secret/bar", + Name: testSecretName, Annotations: map[string]string{ - "managed-by": "external-secrets", + managedBy: externalSecrets, }, }, Err: nil, }, - expectedSecret: "external-secrets", + expectedSecret: externalSecrets, }, { name: "label is specified", @@ -242,14 +245,14 @@ func TestGetSecret_MetadataPolicyFetch(t *testing.T) { }, getSecretMockReturn: fakesm.SecretMockReturn{ Secret: &secretmanagerpb.Secret{ - Name: "projects/foo/secret/bar", + Name: testSecretName, Labels: map[string]string{ - "managed-by": "external-secrets", + managedBy: externalSecrets, }, }, Err: nil, }, - expectedSecret: "external-secrets", + expectedSecret: externalSecrets, }, { name: "annotations is specified", @@ -260,7 +263,7 @@ func TestGetSecret_MetadataPolicyFetch(t *testing.T) { }, getSecretMockReturn: fakesm.SecretMockReturn{ Secret: &secretmanagerpb.Secret{ - Name: "projects/foo/secret/bar", + Name: testSecretName, Annotations: map[string]string{ "annotationKey1": "annotationValue1", "annotationKey2": "annotationValue2", @@ -283,7 +286,7 @@ func TestGetSecret_MetadataPolicyFetch(t *testing.T) { }, getSecretMockReturn: fakesm.SecretMockReturn{ Secret: &secretmanagerpb.Secret{ - Name: "projects/foo/secret/bar", + Name: testSecretName, Annotations: map[string]string{ "annotationKey1": "annotationValue1", "annotationKey2": "annotationValue2", @@ -305,7 +308,7 @@ func TestGetSecret_MetadataPolicyFetch(t *testing.T) { }, getSecretMockReturn: fakesm.SecretMockReturn{ Secret: &secretmanagerpb.Secret{ - Name: "projects/foo/secret/bar", + Name: testSecretName, Labels: map[string]string{ "label-key": "label-value", }, @@ -326,9 +329,9 @@ func TestGetSecret_MetadataPolicyFetch(t *testing.T) { }, getSecretMockReturn: fakesm.SecretMockReturn{ Secret: &secretmanagerpb.Secret{ - Name: "projects/foo/secret/bar", + Name: testSecretName, Annotations: map[string]string{ - "managed-by": "external-secrets", + managedBy: externalSecrets, }, }, Err: nil, @@ -344,9 +347,9 @@ func TestGetSecret_MetadataPolicyFetch(t *testing.T) { }, getSecretMockReturn: fakesm.SecretMockReturn{ Secret: &secretmanagerpb.Secret{ - Name: "projects/foo/secret/bar", + Name: testSecretName, Labels: map[string]string{ - "managed-by": "external-secrets", + managedBy: externalSecrets, }, }, Err: nil, @@ -362,9 +365,9 @@ func TestGetSecret_MetadataPolicyFetch(t *testing.T) { }, getSecretMockReturn: fakesm.SecretMockReturn{ Secret: &secretmanagerpb.Secret{ - Name: "projects/foo/secret/bar", + Name: testSecretName, Labels: map[string]string{ - "managed-by": "external-secrets", + managedBy: externalSecrets, }, }, Err: nil, @@ -434,9 +437,9 @@ func TestDeleteSecret(t *testing.T) { getSecretOutput: fakesm.SecretMockReturn{ Secret: &secretmanagerpb.Secret{ - Name: "projects/foo/secret/bar", + Name: testSecretName, Labels: map[string]string{ - "managed-by": "external-secrets", + managedBy: externalSecrets, }, }, Err: nil, @@ -449,7 +452,7 @@ func TestDeleteSecret(t *testing.T) { getSecretOutput: fakesm.SecretMockReturn{ Secret: &secretmanagerpb.Secret{ - Name: "projects/foo/secret/bar", + Name: testSecretName, Labels: map[string]string{}, }, Err: nil, @@ -537,7 +540,7 @@ func TestPushSecret(t *testing.T) { }, }, Labels: map[string]string{ - "managed-by": "external-secrets", + managedBy: externalSecrets, }, } secretWithTopics := secretmanagerpb.Secret{ @@ -548,7 +551,7 @@ func TestPushSecret(t *testing.T) { }, }, Labels: map[string]string{ - "managed-by": "external-secrets", + managedBy: externalSecrets, }, Topics: []*secretmanagerpb.Topic{ { @@ -567,7 +570,7 @@ func TestPushSecret(t *testing.T) { }, }, Labels: map[string]string{ - "managed-by": "not-external-secrets", + managedBy: "not-external-secrets", }, } @@ -660,7 +663,7 @@ func TestPushSecret(t *testing.T) { }, }, Labels: map[string]string{ - "managed-by": "external-secrets", + managedBy: externalSecrets, "label-key1": "label-value1", }, Annotations: map[string]string{ @@ -693,7 +696,7 @@ func TestPushSecret(t *testing.T) { }, }, Labels: map[string]string{ - "managed-by": "external-secrets", + managedBy: externalSecrets, "label-key1": "label-value1", }, Annotations: map[string]string{ @@ -950,7 +953,7 @@ func TestSecretExists(t *testing.T) { }, getSecretMockReturn: fakesm.SecretMockReturn{ Secret: &secretmanagerpb.Secret{ - Name: "projects/foo/secret/bar", + Name: testSecretName, }, Err: nil, }, @@ -979,7 +982,7 @@ func TestSecretExists(t *testing.T) { }, getSecretMockReturn: fakesm.SecretMockReturn{ Secret: &secretmanagerpb.Secret{ - Name: "projects/foo/secret/bar", + Name: testSecretName, }, Err: errors.New("some error"), }, @@ -1011,7 +1014,7 @@ func TestSecretExists(t *testing.T) { } } -func TestPushSecret_Property(t *testing.T) { +func TestPushSecretProperty(t *testing.T) { secretKey := "secret-key" defaultAddSecretVersionMockReturn := func(gotPayload, expectedPayload string) (*secretmanagerpb.SecretVersion, error) { if gotPayload != expectedPayload { diff --git a/pkg/provider/gitlab/gitlab.go b/pkg/provider/gitlab/gitlab.go index 921a2d3891e..667dacc64c9 100644 --- a/pkg/provider/gitlab/gitlab.go +++ b/pkg/provider/gitlab/gitlab.go @@ -38,19 +38,16 @@ import ( ) const ( - errGitlabCredSecretName = "credentials are empty" - errInvalidClusterStoreMissingSAKNamespace = "invalid clusterStore missing SAK namespace" - errFetchSAKSecret = "couldn't find secret on cluster: %w" - errList = "could not verify whether the gitlabClient is valid: %w" - errProjectAuth = "gitlabClient is not allowed to get secrets for project id [%s]" - errGroupAuth = "gitlabClient is not allowed to get secrets for group id [%s]" - errUninitializedGitlabProvider = "provider gitlab is not initialized" - errNameNotDefined = "'find.name' is mandatory" - errEnvironmentIsConstricted = "'find.tags' is constrained by 'environment_scope' of the store" - errTagsOnlyEnvironmentSupported = "'find.tags' only supports 'environment_scope'" - errPathNotImplemented = "'find.path' is not implemented in the GitLab provider" - errJSONSecretUnmarshal = "unable to unmarshal secret: %w" - errNotImplemented = "not implemented" + errList = "could not verify whether the gitlabClient is valid: %w" + errProjectAuth = "gitlabClient is not allowed to get secrets for project id [%s]" + errGroupAuth = "gitlabClient is not allowed to get secrets for group id [%s]" + errUninitializedGitlabProvider = "provider gitlab is not initialized" + errNameNotDefined = "'find.name' is mandatory" + errEnvironmentIsConstricted = "'find.tags' is constrained by 'environment_scope' of the store" + errTagsOnlyEnvironmentSupported = "'find.tags' only supports 'environment_scope'" + errPathNotImplemented = "'find.path' is not implemented in the GitLab provider" + errJSONSecretUnmarshal = "unable to unmarshal secret: %w" + errNotImplemented = "not implemented" ) // https://github.com/external-secrets/external-secrets/issues/644 @@ -138,36 +135,27 @@ func (g *gitlabBase) GetAllSecrets(_ context.Context, ref esv1beta1.ExternalSecr return nil, err } - var gopts = &gitlab.ListGroupVariablesOptions{PerPage: 100} - secretData := make(map[string][]byte) - for _, groupID := range g.store.GroupIDs { - for groupPage := 1; ; groupPage++ { - gopts.Page = groupPage - groupVars, response, err := g.groupVariablesClient.ListVariables(groupID, gopts) - metrics.ObserveAPICall(constants.ProviderGitLab, constants.CallGitLabGroupListVariables, err) - if err != nil { - return nil, err - } - for _, data := range groupVars { - matching, key, isWildcard := matchesFilter(effectiveEnvironment, data.EnvironmentScope, data.Key, matcher) - if !matching && !isWildcard { - continue - } - secretData[key] = []byte(data.Value) - } - if response.CurrentPage >= response.TotalPages { - break - } - } + secretData, err := g.fetchSecretData(effectiveEnvironment, matcher) + if err != nil { + return nil, err + } + + // _Note_: fetchProjectVariables alters secret data map + if err := g.fetchProjectVariables(effectiveEnvironment, matcher, secretData); err != nil { + return nil, err } + return secretData, nil +} + +func (g *gitlabBase) fetchProjectVariables(effectiveEnvironment string, matcher *find.Matcher, secretData map[string][]byte) error { var popts = &gitlab.ListProjectVariablesOptions{PerPage: 100} for projectPage := 1; ; projectPage++ { popts.Page = projectPage projectData, response, err := g.projectVariablesClient.ListVariables(g.store.ProjectID, popts) metrics.ObserveAPICall(constants.ProviderGitLab, constants.CallGitLabProjectListVariables, err) if err != nil { - return nil, err + return err } for _, data := range projectData { @@ -187,9 +175,59 @@ func (g *gitlabBase) GetAllSecrets(_ context.Context, ref esv1beta1.ExternalSecr } } + return nil +} + +func (g *gitlabBase) fetchSecretData(effectiveEnvironment string, matcher *find.Matcher) (map[string][]byte, error) { + var gopts = &gitlab.ListGroupVariablesOptions{PerPage: 100} + secretData := make(map[string][]byte) + for _, groupID := range g.store.GroupIDs { + if err := g.setVariablesForGroupID(effectiveEnvironment, matcher, gopts, groupID, secretData); err != nil { + return nil, err + } + } + return secretData, nil } +func (g *gitlabBase) setVariablesForGroupID( + effectiveEnvironment string, + matcher *find.Matcher, + gopts *gitlab.ListGroupVariablesOptions, + groupID string, + secretData map[string][]byte, +) error { + for groupPage := 1; ; groupPage++ { + gopts.Page = groupPage + groupVars, response, err := g.groupVariablesClient.ListVariables(groupID, gopts) + metrics.ObserveAPICall(constants.ProviderGitLab, constants.CallGitLabGroupListVariables, err) + if err != nil { + return err + } + g.setGroupValues(effectiveEnvironment, matcher, groupVars, secretData) + + if response.CurrentPage >= response.TotalPages { + break + } + } + return nil +} + +func (g *gitlabBase) setGroupValues( + effectiveEnvironment string, + matcher *find.Matcher, + groupVars []*gitlab.GroupVariable, + secretData map[string][]byte, +) { + for _, data := range groupVars { + matching, key, isWildcard := matchesFilter(effectiveEnvironment, data.EnvironmentScope, data.Key, matcher) + if !matching && !isWildcard { + continue + } + secretData[key] = []byte(data.Value) + } +} + func ExtractTag(tags map[string]string) (string, error) { var environmentScope string for tag, value := range tags { @@ -222,19 +260,10 @@ func (g *gitlabBase) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDa vopts = &gitlab.GetProjectVariableOptions{Filter: &gitlab.VariableFilter{EnvironmentScope: g.store.Environment}} } - data, resp, err := g.projectVariablesClient.GetVariable(g.store.ProjectID, ref.Key, vopts) - metrics.ObserveAPICall(constants.ProviderGitLab, constants.CallGitLabProjectVariableGet, err) + // _Note_: getVariables potentially alters vopts environment variable. + data, resp, err := g.getVariables(ref, vopts) if err != nil { - if resp != nil && resp.StatusCode == http.StatusNotFound && !isEmptyOrWildcard(g.store.Environment) { - vopts.Filter.EnvironmentScope = "*" - data, resp, err = g.projectVariablesClient.GetVariable(g.store.ProjectID, ref.Key, vopts) - metrics.ObserveAPICall(constants.ProviderGitLab, constants.CallGitLabProjectVariableGet, err) - if err != nil || resp == nil { - return nil, fmt.Errorf("error getting variable %s from GitLab: %w", ref.Key, err) - } - } else { - return nil, err - } + return nil, err } err = g.ResolveGroupIds() diff --git a/pkg/provider/gitlab/provider.go b/pkg/provider/gitlab/provider.go index c147a00a444..3cd09590847 100644 --- a/pkg/provider/gitlab/provider.go +++ b/pkg/provider/gitlab/provider.go @@ -17,12 +17,16 @@ package gitlab import ( "context" "errors" + "fmt" + "net/http" gitlab "gitlab.com/gitlab-org/api/client-go" kclient "sigs.k8s.io/controller-runtime/pkg/client" "sigs.k8s.io/controller-runtime/pkg/webhook/admission" esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1" + "github.com/external-secrets/external-secrets/pkg/constants" + "github.com/external-secrets/external-secrets/pkg/metrics" "github.com/external-secrets/external-secrets/pkg/utils" ) @@ -96,6 +100,25 @@ func (g *gitlabBase) getClient(ctx context.Context, provider *esv1beta1.GitlabPr return client, nil } +func (g *gitlabBase) getVariables(ref esv1beta1.ExternalSecretDataRemoteRef, vopts *gitlab.GetProjectVariableOptions) (*gitlab.ProjectVariable, *gitlab.Response, error) { + data, resp, err := g.projectVariablesClient.GetVariable(g.store.ProjectID, ref.Key, vopts) + metrics.ObserveAPICall(constants.ProviderGitLab, constants.CallGitLabProjectVariableGet, err) + if err != nil { + if resp != nil && resp.StatusCode == http.StatusNotFound && !isEmptyOrWildcard(g.store.Environment) { + vopts.Filter.EnvironmentScope = "*" + data, resp, err = g.projectVariablesClient.GetVariable(g.store.ProjectID, ref.Key, vopts) + metrics.ObserveAPICall(constants.ProviderGitLab, constants.CallGitLabProjectVariableGet, err) + if err != nil || resp == nil { + return nil, nil, fmt.Errorf("error getting variable %s from GitLab: %w", ref.Key, err) + } + } else { + return nil, nil, err + } + } + + return data, resp, nil +} + func (g *Provider) ValidateStore(store esv1beta1.GenericStore) (admission.Warnings, error) { storeSpec := store.GetSpec() gitlabSpec := storeSpec.Provider.Gitlab diff --git a/pkg/provider/ibm/provider.go b/pkg/provider/ibm/provider.go index 98d5ba414bf..6c5738d96e8 100644 --- a/pkg/provider/ibm/provider.go +++ b/pkg/provider/ibm/provider.go @@ -39,10 +39,6 @@ import ( ) const ( - SecretsManagerEndpointEnv = "IBM_SECRETSMANAGER_ENDPOINT" - STSEndpointEnv = "IBM_STS_ENDPOINT" - SSMEndpointEnv = "IBM_SSM_ENDPOINT" - certificateConst = "certificate" intermediateConst = "intermediate" privateKeyConst = "private_key" @@ -54,14 +50,13 @@ const ( payloadConst = "payload" smAPIKeyConst = "api_key" - errIBMClient = "cannot setup new ibm client: %w" - errIBMCredSecretName = "invalid IBM SecretStore resource: missing IBM APIKey" - errUninitalizedIBMProvider = "provider IBM is not initialized" - errFetchSAKSecret = "could not fetch SecretAccessKey secret: %w" - errJSONSecretUnmarshal = "unable to unmarshal secret: %w" - errJSONSecretMarshal = "unable to marshal secret: %w" - errExtractingSecret = "unable to extract the fetched secret %s of type %s while performing %s" - errNotImplemented = "not implemented" + errIBMClient = "cannot setup new ibm client: %w" + errUninitializedIBMProvider = "provider IBM is not initialized" + errJSONSecretUnmarshal = "unable to unmarshal secret: %w" + errJSONSecretMarshal = "unable to marshal secret: %w" + errExtractingSecret = "unable to extract the fetched secret %s of type %s while performing %s" + errNotImplemented = "not implemented" + errKeyDoesNotExist = "key %s does not exist in secret %s" ) var contextTimeout = time.Minute * 2 @@ -106,12 +101,12 @@ func (ibm *providerIBM) SecretExists(_ context.Context, _ esv1beta1.PushSecretRe return false, errors.New(errNotImplemented) } -// Not Implemented PushSecret. +// PushSecret not implemented. func (ibm *providerIBM) PushSecret(_ context.Context, _ *corev1.Secret, _ esv1beta1.PushSecretData) error { return errors.New(errNotImplemented) } -// Empty GetAllSecrets. +// GetAllSecrets empty. func (ibm *providerIBM) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSecretFind) (map[string][]byte, error) { // TO be implemented return nil, errors.New(errNotImplemented) @@ -119,7 +114,7 @@ func (ibm *providerIBM) GetAllSecrets(_ context.Context, _ esv1beta1.ExternalSec func (ibm *providerIBM) GetSecret(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) ([]byte, error) { if utils.IsNil(ibm.IBMClient) { - return nil, errors.New(errUninitalizedIBMProvider) + return nil, errors.New(errUninitializedIBMProvider) } var secretGroupName string @@ -209,7 +204,7 @@ func getArbitrarySecret(ibm *providerIBM, secretName *string, secretGroupName st if val, ok := secMap[payloadConst]; ok { return []byte(val.(string)), nil } - return nil, fmt.Errorf("key %s does not exist in secret %s", payloadConst, *secretName) + return nil, fmt.Errorf(errKeyDoesNotExist, payloadConst, *secretName) } func getImportCertSecret(ibm *providerIBM, secretName *string, ref esv1beta1.ExternalSecretDataRemoteRef, secretGroupName string) ([]byte, error) { @@ -230,7 +225,7 @@ func getImportCertSecret(ibm *providerIBM, secretName *string, ref esv1beta1.Ext fmt.Printf("warn: %s is empty for secret %s\n", privateKeyConst, *secretName) return []byte(""), nil } - return nil, fmt.Errorf("key %s does not exist in secret %s", ref.Property, ref.Key) + return nil, fmt.Errorf(errKeyDoesNotExist, ref.Property, ref.Key) } func getPublicCertSecret(ibm *providerIBM, secretName *string, ref esv1beta1.ExternalSecretDataRemoteRef, secretGroupName string) ([]byte, error) { @@ -245,7 +240,7 @@ func getPublicCertSecret(ibm *providerIBM, secretName *string, ref esv1beta1.Ext if val, ok := secMap[ref.Property]; ok { return []byte(val.(string)), nil } - return nil, fmt.Errorf("key %s does not exist in secret %s", ref.Property, ref.Key) + return nil, fmt.Errorf(errKeyDoesNotExist, ref.Property, ref.Key) } func getPrivateCertSecret(ibm *providerIBM, secretName *string, ref esv1beta1.ExternalSecretDataRemoteRef, secretGroupName string) ([]byte, error) { @@ -260,7 +255,7 @@ func getPrivateCertSecret(ibm *providerIBM, secretName *string, ref esv1beta1.Ex if val, ok := secMap[ref.Property]; ok { return []byte(val.(string)), nil } - return nil, fmt.Errorf("key %s does not exist in secret %s", ref.Property, ref.Key) + return nil, fmt.Errorf(errKeyDoesNotExist, ref.Property, ref.Key) } func getIamCredentialsSecret(ibm *providerIBM, secretName *string, secretGroupName string) ([]byte, error) { @@ -275,7 +270,7 @@ func getIamCredentialsSecret(ibm *providerIBM, secretName *string, secretGroupNa if val, ok := secMap[smAPIKeyConst]; ok { return []byte(val.(string)), nil } - return nil, fmt.Errorf("key %s does not exist in secret %s", smAPIKeyConst, *secretName) + return nil, fmt.Errorf(errKeyDoesNotExist, smAPIKeyConst, *secretName) } func getServiceCredentialsSecret(ibm *providerIBM, secretName *string, secretGroupName string) ([]byte, error) { @@ -294,7 +289,7 @@ func getServiceCredentialsSecret(ibm *providerIBM, secretName *string, secretGro } return mval, nil } - return nil, fmt.Errorf("key %s does not exist in secret %s", credentialsConst, *secretName) + return nil, fmt.Errorf(errKeyDoesNotExist, credentialsConst, *secretName) } func getUsernamePasswordSecret(ibm *providerIBM, secretName *string, ref esv1beta1.ExternalSecretDataRemoteRef, secretGroupName string) ([]byte, error) { @@ -309,7 +304,7 @@ func getUsernamePasswordSecret(ibm *providerIBM, secretName *string, ref esv1bet if val, ok := secMap[ref.Property]; ok { return []byte(val.(string)), nil } - return nil, fmt.Errorf("key %s does not exist in secret %s", ref.Property, ref.Key) + return nil, fmt.Errorf(errKeyDoesNotExist, ref.Property, ref.Key) } // Returns a secret of type kv and supports json path. @@ -348,7 +343,7 @@ func getKVSecret(ref esv1beta1.ExternalSecretDataRemoteRef, secret *sm.KVSecret) // try to get value for this path val := gjson.Get(payloadJSON, ref.Property) if !val.Exists() { - return nil, fmt.Errorf("key %s does not exist in secret %s", ref.Property, ref.Key) + return nil, fmt.Errorf(errKeyDoesNotExist, ref.Property, ref.Key) } return []byte(val.String()), nil } @@ -399,7 +394,7 @@ func getSecretData(ibm *providerIBM, secretName *string, secretType, secretGroup func (ibm *providerIBM) GetSecretMap(_ context.Context, ref esv1beta1.ExternalSecretDataRemoteRef) (map[string][]byte, error) { if utils.IsNil(ibm.IBMClient) { - return nil, errors.New(errUninitalizedIBMProvider) + return nil, errors.New(errUninitializedIBMProvider) } var secretGroupName string secretType := sm.Secret_SecretType_Arbitrary @@ -434,7 +429,7 @@ func (ibm *providerIBM) GetSecretMap(_ context.Context, ref esv1beta1.ExternalSe checkNilFn := func(propertyList []string) error { for _, prop := range propertyList { if _, ok := secMap[prop]; !ok { - return fmt.Errorf("key %s does not exist in secret %s", prop, secretName) + return fmt.Errorf(errKeyDoesNotExist, prop, secretName) } } return nil diff --git a/pkg/provider/ibm/provider_test.go b/pkg/provider/ibm/provider_test.go index 22a9b4ec0af..d4334a2219c 100644 --- a/pkg/provider/ibm/provider_test.go +++ b/pkg/provider/ibm/provider_test.go @@ -68,7 +68,7 @@ func makeValidSecretManagerTestCase() *secretManagerTestCase { ref: makeValidRef(), apiOutput: makeValidAPIOutput(), getByNameInput: makeValidGetByNameInput(), - getByNameOutput: makeValidGetByNameOutput(), + getByNameOutput: makeValidAPIOutput(), getByNameError: nil, serviceURL: nil, apiErr: nil, @@ -115,16 +115,6 @@ func makeValidGetByNameInput() *sm.GetSecretByNameTypeOptions { return &sm.GetSecretByNameTypeOptions{} } -func makeValidGetByNameOutput() sm.SecretIntf { - secret := &sm.Secret{ - SecretType: utilpointer.To(sm.Secret_SecretType_Arbitrary), - Name: utilpointer.To("testyname"), - ID: utilpointer.To(secretUUID), - } - var i sm.SecretIntf = secret - return i -} - func makeValidSecretManagerTestCaseCustom(tweaks ...func(smtc *secretManagerTestCase)) *secretManagerTestCase { smtc := makeValidSecretManagerTestCase() for _, fn := range tweaks { @@ -151,7 +141,7 @@ var setAPIErr = func(smtc *secretManagerTestCase) { var setNilMockClient = func(smtc *secretManagerTestCase) { smtc.mockClient = nil - smtc.expectError = errUninitalizedIBMProvider + smtc.expectError = errUninitializedIBMProvider } // simple tests for Validate Store. diff --git a/pkg/provider/kubernetes/auth_test.go b/pkg/provider/kubernetes/auth_test.go index 7c3feb75cff..23ed2beeaf7 100644 --- a/pkg/provider/kubernetes/auth_test.go +++ b/pkg/provider/kubernetes/auth_test.go @@ -67,6 +67,7 @@ users: user: token: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJPbmxpbmUgSldUIEJ1aWxkZXIiLCJpYXQiOjE3MTkzOTY4OTksImV4cCI6MTc1MDkzMjg4NywiYXVkIjoid3d3LmV4YW1wbGUuY29tIiwic3ViIjoianJvY2tldEBleGFtcGxlLmNvbSIsIkdpdmVuTmFtZSI6IkpvaG5ueSIsIlN1cm5hbWUiOiJSb2NrZXQiLCJFbWFpbCI6Impyb2NrZXRAZXhhbXBsZS5jb20iLCJSb2xlIjpbIk1hbmFnZXIiLCJQcm9qZWN0IEFkbWluaXN0cmF0b3IiXX0.xXrfIl0akhfjWU_BDl7Ad54SXje0YlJdnugzwh96VmM ` + serverURL = "https://my.test.tld" ) func TestSetAuth(t *testing.T) { @@ -122,7 +123,7 @@ func TestSetAuth(t *testing.T) { }).Build(), store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ - URL: "https://my.test.tld", + URL: serverURL, CAProvider: &esv1beta1.CAProvider{ Type: esv1beta1.CAProviderTypeSecret, Name: "foobar", @@ -141,7 +142,7 @@ func TestSetAuth(t *testing.T) { }, }, want: &want{ - Host: "https://my.test.tld", + Host: serverURL, BearerToken: "mytoken", TLSClientConfig: rest.TLSClientConfig{ CAData: []byte(caCert), @@ -172,7 +173,7 @@ func TestSetAuth(t *testing.T) { }).Build(), store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ - URL: "https://my.test.tld", + URL: serverURL, CAProvider: &esv1beta1.CAProvider{ Type: esv1beta1.CAProviderTypeConfigMap, Name: "foobar", @@ -191,7 +192,7 @@ func TestSetAuth(t *testing.T) { }, }, want: &want{ - Host: "https://my.test.tld", + Host: serverURL, BearerToken: "mytoken", TLSClientConfig: rest.TLSClientConfig{ CAData: []byte("1234"), @@ -214,7 +215,7 @@ func TestSetAuth(t *testing.T) { }).Build(), store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ - URL: "https://my.test.tld", + URL: serverURL, CABundle: []byte(caCert), }, Auth: esv1beta1.KubernetesAuth{ @@ -229,7 +230,7 @@ func TestSetAuth(t *testing.T) { }, }, want: &want{ - Host: "https://my.test.tld", + Host: serverURL, BearerToken: "mytoken", TLSClientConfig: rest.TLSClientConfig{ CAData: []byte(caCert), @@ -253,7 +254,7 @@ func TestSetAuth(t *testing.T) { }).Build(), store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ - URL: "https://my.test.tld", + URL: serverURL, CABundle: []byte(caCert), }, Auth: esv1beta1.KubernetesAuth{ @@ -271,7 +272,7 @@ func TestSetAuth(t *testing.T) { }, }, want: &want{ - Host: "https://my.test.tld", + Host: serverURL, TLSClientConfig: rest.TLSClientConfig{ CAData: []byte(caCert), CertData: []byte("my-cert"), @@ -293,7 +294,7 @@ func TestSetAuth(t *testing.T) { kubeclientset: utilfake.NewCreateTokenMock().WithToken("my-sa-token"), store: &esv1beta1.KubernetesProvider{ Server: esv1beta1.KubernetesServer{ - URL: "https://my.test.tld", + URL: serverURL, CABundle: []byte(caCert), }, Auth: esv1beta1.KubernetesAuth{ @@ -305,7 +306,7 @@ func TestSetAuth(t *testing.T) { }, }, want: &want{ - Host: "https://my.test.tld", + Host: serverURL, BearerToken: "my-sa-token", TLSClientConfig: rest.TLSClientConfig{ CAData: []byte(caCert), diff --git a/pkg/provider/oracle/oracle.go b/pkg/provider/oracle/oracle.go index 070c3ec58bb..0ecde55bf17 100644 --- a/pkg/provider/oracle/oracle.go +++ b/pkg/provider/oracle/oracle.go @@ -58,6 +58,7 @@ const ( errJSONSecretUnmarshal = "unable to unmarshal secret: %w" errMissingKey = "missing Key in secret: %s" errUnexpectedContent = "unexpected secret bundle content" + errSettingOCIEnvVariables = "unable to set OCI SDK environment variable %s: %w" ) // https://github.com/external-secrets/external-secrets/issues/644 @@ -273,20 +274,9 @@ func (vms *VaultManagementService) NewClient(ctx context.Context, store esv1beta return nil, errors.New(errMissingRegion) } - var ( - err error - configurationProvider common.ConfigurationProvider - ) - - if oracleSpec.PrincipalType == esv1beta1.WorkloadPrincipal { - configurationProvider, err = vms.getWorkloadIdentityProvider(store, oracleSpec.ServiceAccountRef, oracleSpec.Region, namespace) - } else if oracleSpec.PrincipalType == esv1beta1.InstancePrincipal || oracleSpec.Auth == nil { - configurationProvider, err = auth.InstancePrincipalConfigurationProvider() - } else { - configurationProvider, err = getUserAuthConfigurationProvider(ctx, kube, oracleSpec, namespace, store.GetObjectKind().GroupVersionKind().Kind, oracleSpec.Region) - } + configurationProvider, err := vms.constructProvider(ctx, store, oracleSpec, kube, namespace) if err != nil { - return nil, fmt.Errorf(errOracleClient, err) + return nil, err } secretManagementService, err := secrets.NewSecretsClientWithConfigurationProvider(configurationProvider) @@ -308,34 +298,9 @@ func (vms *VaultManagementService) NewClient(ctx context.Context, store esv1beta vaultClient.SetRegion(oracleSpec.Region) if storeSpec.RetrySettings != nil { - opts := []common.RetryPolicyOption{common.WithShouldRetryOperation(common.DefaultShouldRetryOperation)} - - if mr := storeSpec.RetrySettings.MaxRetries; mr != nil { - attempts := safeConvert(*mr) - opts = append(opts, common.WithMaximumNumberAttempts(attempts)) - } - - if ri := storeSpec.RetrySettings.RetryInterval; ri != nil { - i, err := time.ParseDuration(*storeSpec.RetrySettings.RetryInterval) - if err != nil { - return nil, fmt.Errorf(errOracleClient, err) - } - opts = append(opts, common.WithFixedBackoff(i)) + if err := vms.configureRetryPolicy(storeSpec, secretManagementService, kmsVaultClient, vaultClient); err != nil { + return nil, fmt.Errorf(errOracleClient, err) } - - customRetryPolicy := common.NewRetryPolicyWithOptions(opts...) - - secretManagementService.SetCustomClientConfiguration(common.CustomClientConfiguration{ - RetryPolicy: &customRetryPolicy, - }) - - kmsVaultClient.SetCustomClientConfiguration(common.CustomClientConfiguration{ - RetryPolicy: &customRetryPolicy, - }) - - vaultClient.SetCustomClientConfiguration(common.CustomClientConfiguration{ - RetryPolicy: &customRetryPolicy, - }) } return &VaultManagementService{ @@ -348,6 +313,24 @@ func (vms *VaultManagementService) NewClient(ctx context.Context, store esv1beta }, nil } +func (vms *VaultManagementService) constructOptions(storeSpec *esv1beta1.SecretStoreSpec) ([]common.RetryPolicyOption, error) { + opts := []common.RetryPolicyOption{common.WithShouldRetryOperation(common.DefaultShouldRetryOperation)} + + if mr := storeSpec.RetrySettings.MaxRetries; mr != nil { + attempts := safeConvert(*mr) + opts = append(opts, common.WithMaximumNumberAttempts(attempts)) + } + + if ri := storeSpec.RetrySettings.RetryInterval; ri != nil { + i, err := time.ParseDuration(*storeSpec.RetrySettings.RetryInterval) + if err != nil { + return nil, fmt.Errorf(errOracleClient, err) + } + opts = append(opts, common.WithFixedBackoff(i)) + } + return opts, nil +} + func safeConvert(i int32) uint { if i < 0 { return 0 @@ -573,7 +556,7 @@ func (vms *VaultManagementService) ValidateStore(store esv1beta1.GenericStore) ( func (vms *VaultManagementService) getWorkloadIdentityProvider(store esv1beta1.GenericStore, serviceAcccountRef *esmeta.ServiceAccountSelector, region, namespace string) (configurationProvider common.ConfigurationProvider, err error) { defer func() { if uerr := os.Unsetenv(auth.ResourcePrincipalVersionEnvVar); uerr != nil { - err = errors.Join(err, fmt.Errorf("unable to set OCI SDK environment variable %s: %w", auth.ResourcePrincipalRegionEnvVar, uerr)) + err = errors.Join(err, fmt.Errorf(errSettingOCIEnvVariables, auth.ResourcePrincipalRegionEnvVar, uerr)) } if uerr := os.Unsetenv(auth.ResourcePrincipalRegionEnvVar); uerr != nil { err = errors.Join(err, fmt.Errorf("unabled to unset OCI SDK environment variable %s: %w", auth.ResourcePrincipalVersionEnvVar, uerr)) @@ -583,10 +566,10 @@ func (vms *VaultManagementService) getWorkloadIdentityProvider(store esv1beta1.G vms.workloadIdentityMutex.Lock() // OCI SDK requires specific environment variables for workload identity. if err := os.Setenv(auth.ResourcePrincipalVersionEnvVar, auth.ResourcePrincipalVersion2_2); err != nil { - return nil, fmt.Errorf("unable to set OCI SDK environment variable %s: %w", auth.ResourcePrincipalVersionEnvVar, err) + return nil, fmt.Errorf(errSettingOCIEnvVariables, auth.ResourcePrincipalVersionEnvVar, err) } if err := os.Setenv(auth.ResourcePrincipalRegionEnvVar, region); err != nil { - return nil, fmt.Errorf("unable to set OCI SDK environment variable %s: %w", auth.ResourcePrincipalRegionEnvVar, err) + return nil, fmt.Errorf(errSettingOCIEnvVariables, auth.ResourcePrincipalRegionEnvVar, err) } // If no service account is specified, use the pod service account to create the Workload Identity provider. if serviceAcccountRef == nil { @@ -608,6 +591,54 @@ func (vms *VaultManagementService) getWorkloadIdentityProvider(store esv1beta1.G return auth.OkeWorkloadIdentityConfigurationProviderWithServiceAccountTokenProvider(tokenProvider) } +func (vms *VaultManagementService) constructProvider(ctx context.Context, store esv1beta1.GenericStore, oracleSpec *esv1beta1.OracleProvider, kube kclient.Client, namespace string) (common.ConfigurationProvider, error) { + var ( + configurationProvider common.ConfigurationProvider + err error + ) + + if oracleSpec.PrincipalType == esv1beta1.WorkloadPrincipal { + configurationProvider, err = vms.getWorkloadIdentityProvider(store, oracleSpec.ServiceAccountRef, oracleSpec.Region, namespace) + } else if oracleSpec.PrincipalType == esv1beta1.InstancePrincipal || oracleSpec.Auth == nil { + configurationProvider, err = auth.InstancePrincipalConfigurationProvider() + } else { + configurationProvider, err = getUserAuthConfigurationProvider(ctx, kube, oracleSpec, namespace, store.GetObjectKind().GroupVersionKind().Kind, oracleSpec.Region) + } + if err != nil { + return nil, fmt.Errorf(errOracleClient, err) + } + + return configurationProvider, nil +} + +func (vms *VaultManagementService) configureRetryPolicy( + storeSpec *esv1beta1.SecretStoreSpec, + secretManagementService secrets.SecretsClient, + kmsVaultClient keymanagement.KmsVaultClient, + vaultClient vault.VaultsClient, +) error { + opts, err := vms.constructOptions(storeSpec) + if err != nil { + return err + } + + customRetryPolicy := common.NewRetryPolicyWithOptions(opts...) + + secretManagementService.SetCustomClientConfiguration(common.CustomClientConfiguration{ + RetryPolicy: &customRetryPolicy, + }) + + kmsVaultClient.SetCustomClientConfiguration(common.CustomClientConfiguration{ + RetryPolicy: &customRetryPolicy, + }) + + vaultClient.SetCustomClientConfiguration(common.CustomClientConfiguration{ + RetryPolicy: &customRetryPolicy, + }) + + return err +} + func sanitizeOCISDKErr(err error) error { if err == nil { return nil diff --git a/pkg/provider/oracle/oracle_test.go b/pkg/provider/oracle/oracle_test.go index bc43acb54c5..5f618835dec 100644 --- a/pkg/provider/oracle/oracle_test.go +++ b/pkg/provider/oracle/oracle_test.go @@ -321,7 +321,7 @@ func TestValidateStore(t *testing.T) { } } -func TestVaultManagementService_NewClient(t *testing.T) { +func TestVaultManagementServiceNewClient(t *testing.T) { t.Parallel() namespace := "default" diff --git a/pkg/provider/passbolt/passbolt_test.go b/pkg/provider/passbolt/passbolt_test.go index e343431a921..86f1fb9e74d 100644 --- a/pkg/provider/passbolt/passbolt_test.go +++ b/pkg/provider/passbolt/passbolt_test.go @@ -28,6 +28,13 @@ import ( esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" ) +const ( + someKey1 = "some-key1" + someKey2 = "some-key2" + someURI1 = "some-uri1" + someURI2 = "some-uri2" +) + type PassboltClientMock struct { } @@ -42,8 +49,8 @@ func (p *PassboltClientMock) Logout(_ context.Context) error { } func (p *PassboltClientMock) GetResource(_ context.Context, resourceID string) (*api.Resource, error) { resmap := map[string]api.Resource{ - "some-key1": {ID: "some-key1", Name: "some-name1", URI: "some-uri1"}, - "some-key2": {ID: "some-key2", Name: "some-name2", URI: "some-uri2"}, + someKey1: {ID: someKey1, Name: "some-name1", URI: someURI1}, + someKey2: {ID: someKey2, Name: "some-name2", URI: someURI2}, } if res, ok := resmap[resourceID]; ok { @@ -55,8 +62,8 @@ func (p *PassboltClientMock) GetResource(_ context.Context, resourceID string) ( func (p *PassboltClientMock) GetResources(_ context.Context, _ *api.GetResourcesOptions) ([]api.Resource, error) { res := []api.Resource{ - {ID: "some-key1", Name: "some-name1", URI: "some-uri1"}, - {ID: "some-key2", Name: "some-name2", URI: "some-uri2"}, + {ID: someKey1, Name: "some-name1", URI: someURI1}, + {ID: someKey2, Name: "some-name2", URI: someURI2}, } return res, nil } @@ -72,8 +79,8 @@ func (p *PassboltClientMock) DecryptMessage(message string) (string, error) { func (p *PassboltClientMock) GetSecret(_ context.Context, resourceID string) (*api.Secret, error) { resmap := map[string]api.Secret{ - "some-key1": {Data: `{"password": "some-password1", "description": "some-description1"}`}, - "some-key2": {Data: `{"password": "some-password2", "description": "some-description2"}`}, + someKey1: {Data: `{"password": "some-password1", "description": "some-description1"}`}, + someKey2: {Data: `{"password": "some-password2", "description": "some-description2"}`}, } if res, ok := resmap[resourceID]; ok { @@ -167,8 +174,8 @@ func TestGetAllSecrets(t *testing.T) { }, }, expected: map[string][]byte{ - "some-key1": []byte(`{"name":"some-name1","username":"","password":"some-password1","uri":"some-uri1","description":"some-description1"}`), - "some-key2": []byte(`{"name":"some-name2","username":"","password":"some-password2","uri":"some-uri2","description":"some-description2"}`), + someKey1: []byte(`{"name":"some-name1","username":"","password":"some-password1","uri":"some-uri1","description":"some-description1"}`), + someKey2: []byte(`{"name":"some-name2","username":"","password":"some-password2","uri":"some-uri2","description":"some-description2"}`), }, }, { @@ -234,7 +241,7 @@ func TestGetSecret(t *testing.T) { { name: "get property from secret", request: esv1beta1.ExternalSecretDataRemoteRef{ - Key: "some-key1", + Key: someKey1, Property: "password", }, expValue: "some-password1", @@ -242,14 +249,14 @@ func TestGetSecret(t *testing.T) { { name: "get full secret", request: esv1beta1.ExternalSecretDataRemoteRef{ - Key: "some-key1", + Key: someKey1, }, expValue: `{"name":"some-name1","username":"","password":"some-password1","uri":"some-uri1","description":"some-description1"}`, }, { name: "return err when using invalid property", request: esv1beta1.ExternalSecretDataRemoteRef{ - Key: "some-key1", + Key: someKey1, Property: "invalid", }, expErr: errPassboltSecretPropertyInvalid, diff --git a/pkg/provider/vault/auth.go b/pkg/provider/vault/auth.go index e3be9abc023..e076bcca844 100644 --- a/pkg/provider/vault/auth.go +++ b/pkg/provider/vault/auth.go @@ -222,6 +222,7 @@ func (c *client) useAuthNamespace(_ context.Context) func() { } } - // no-op - return func() {} + return func() { + // no-op + } } diff --git a/pkg/provider/vault/fake/vault.go b/pkg/provider/vault/fake/vault.go index c0a7ebc5071..1910c432172 100644 --- a/pkg/provider/vault/fake/vault.go +++ b/pkg/provider/vault/fake/vault.go @@ -24,7 +24,7 @@ import ( vault "github.com/hashicorp/vault/api" - util "github.com/external-secrets/external-secrets/pkg/provider/vault/util" + "github.com/external-secrets/external-secrets/pkg/provider/vault/util" ) type LoginFn func(ctx context.Context, authMethod vault.AuthMethod) (*vault.Secret, error) @@ -189,11 +189,15 @@ func NewTokenFn(v string) MockTokenFn { } func NewClearTokenFn() MockClearTokenFn { - return func() {} + return func() { + // no-op + } } func NewAddHeaderFn() MockAddHeaderFn { - return func(key, value string) {} + return func(key, value string) { + // no header + } } type VaultClient struct { diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 4f11326bcd6..2cac8c1d579 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -2,9 +2,7 @@ FROM golang:1.23.4@sha256:70031844b8c225351d0bb63e2c383f80db85d92ba894e3da7e13bc WORKDIR / COPY ./bin/external-secrets /external-secrets -RUN go install github.com/go-delve/delve/cmd/dlv@v1.22.0 -RUN chmod +x /go/bin/dlv -RUN mv /go/bin/dlv / +RUN go install github.com/go-delve/delve/cmd/dlv@v1.22.0 && chmod +x /go/bin/dlv && mv /go/bin/dlv / EXPOSE 30000 From 3b463c75730f02dcec9b6bd444e353f3bce98910 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Sun, 22 Dec 2024 12:36:43 +0100 Subject: [PATCH 488/517] fix: Dockerfile.ubi using the wrong registry (#4234) * fix: Dockerfile.ubi using the wrong registry Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * fix CVE on golang.org/x/net Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> * using the version that was used before on a passing run Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- Dockerfile.ubi | 2 +- e2e/go.mod | 2 +- e2e/go.sum | 4 ++-- go.mod | 2 +- go.sum | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Dockerfile.ubi b/Dockerfile.ubi index 0b03f1a5b83..af5c65c5410 100644 --- a/Dockerfile.ubi +++ b/Dockerfile.ubi @@ -1,4 +1,4 @@ -FROM registry.redhat.io/ubi8/ubi@sha256:17b8ee77f5c03bedf40bfe23557d35f2c2f67be11b78a8a7a6aec0db4d818a25 AS minimal-ubi +FROM registry.access.redhat.com/ubi8/ubi@sha256:7287624c777a5812893fb02e180acf7d85569858c217d9b1dfb5179bf4ae6ee1 AS minimal-ubi ARG TARGETOS ARG TARGETARCH diff --git a/e2e/go.mod b/e2e/go.mod index c0d846c35b6..658914c1911 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -193,7 +193,7 @@ require ( go.opentelemetry.io/otel/trace v1.33.0 // indirect golang.org/x/crypto v0.31.0 // indirect golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect - golang.org/x/net v0.32.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/term v0.27.0 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 78757bdd177..8964d9e773c 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -640,8 +640,8 @@ golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk= golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= diff --git a/go.mod b/go.mod index 1aa369e1fea..a2dde16e679 100644 --- a/go.mod +++ b/go.mod @@ -249,7 +249,7 @@ require ( go.uber.org/multierr v1.11.0 // indirect golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect golang.org/x/mod v0.22.0 // indirect - golang.org/x/net v0.32.0 // indirect + golang.org/x/net v0.33.0 // indirect golang.org/x/sys v0.28.0 // indirect golang.org/x/term v0.27.0 // indirect golang.org/x/text v0.21.0 // indirect diff --git a/go.sum b/go.sum index b2b2091b4bb..761d2f40b1d 100644 --- a/go.sum +++ b/go.sum @@ -836,8 +836,8 @@ golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/net v0.20.0/go.mod h1:z8BVo6PvndSri0LbOE3hAn0apkU+1YvI6E70E9jsnvY= golang.org/x/net v0.21.0/go.mod h1:bIjVDfnllIU7BJ2DNgfnXvpSvtn8VRwhlsaeUTyUS44= golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= -golang.org/x/net v0.32.0 h1:ZqPmj8Kzc+Y6e0+skZsuACbx+wzMgo5MQsJh9Qd6aYI= -golang.org/x/net v0.32.0/go.mod h1:CwU0IoeOlnQQWJ6ioyFrfRuomB8GKF6KbYXZVyeXNfs= +golang.org/x/net v0.33.0 h1:74SYHlV8BIgHIFC/LrYkOGIwL19eTYXQ5wc6TBuO36I= +golang.org/x/net v0.33.0/go.mod h1:HXLR5J+9DxmrqMwG9qjGCxZ+zKXxBru04zlTvWlWuN4= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= From 997cf24c2ec849f626dbee43afea310851536cff Mon Sep 17 00:00:00 2001 From: Sverre Boschman <1142569+sboschman@users.noreply.github.com> Date: Mon, 23 Dec 2024 08:24:40 +0200 Subject: [PATCH 489/517] feat: add filterCertChain template helper function (#3934) * feat: add filterCertChain template helper function Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com> * refactor: use constants for cert types Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com> * refactor: split TestFilterCertChain to reduce complexity Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com> * refactor: shortcut return in filterCertChain Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com> * refactor: root cert check in separate method Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com> --------- Signed-off-by: Sverre Boschman <1142569+sboschman@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/guides/templating.md | 7 + ...certchain-template-v2-external-secret.yaml | 17 ++ pkg/template/v2/jwk.go | 4 +- pkg/template/v2/pem.go | 51 ++++- pkg/template/v2/pem_chain.go | 13 +- pkg/template/v2/pem_test.go | 195 +++++++++++++++++- pkg/template/v2/template.go | 3 +- 7 files changed, 281 insertions(+), 9 deletions(-) create mode 100644 docs/snippets/filtercertchain-template-v2-external-secret.yaml diff --git a/docs/guides/templating.md b/docs/guides/templating.md index e3080c5ead7..a4d535c3090 100644 --- a/docs/guides/templating.md +++ b/docs/guides/templating.md @@ -130,6 +130,12 @@ You can achieve that by using the `filterPEM` function to extract a specific typ {% include 'filterpem-template-v2-external-secret.yaml' %} ``` +In case you have a secret that contains a (partial) certificate chain you can extract the `leaf`, `intermediate` or `root` certificate(s) using the `filterCertChain` function. See the following example on how to use the `filterPEM` and `filterCertChain` functions together to split the certificate chain into a `tlc.crt` part only containting the leaf certificate and a `ca.crt` part with all the intermediate certificates. + +```yaml +{% include 'filtercertchain-template-v2-external-secret.yaml' %} +``` + ## Templating with PushSecret `PushSecret` templating is much like `ExternalSecrets` templating. In-fact under the hood, it's using the same data structure. @@ -163,6 +169,7 @@ In addition to that you can use over 200+ [sprig functions](http://masterminds.g | fullPemToPkcs12 | Takes a PEM encoded certificates chain and key and creates a base64 encoded PKCS#12 archive. | | fullPemToPkcs12Pass | Same as `fullPemToPkcs12`. Uses the provided password to encrypt the PKCS#12 archive. | | filterPEM | Filters PEM blocks with a specific type from a list of PEM blocks. | +| filterCertChain | Filters PEM block(s) with a specific certificate type (`leaf`, `intermediate` or `root`) from a certificate chain of PEM blocks (PEM blocks with type `CERTIFICATE`). | | jwkPublicKeyPem | Takes an json-serialized JWK and returns an PEM block of type `PUBLIC KEY` that contains the public key. [See here](https://golang.org/pkg/crypto/x509/#MarshalPKIXPublicKey) for details. | | jwkPrivateKeyPem | Takes an json-serialized JWK as `string` and returns an PEM block of type `PRIVATE KEY` that contains the private key in PKCS #8 format. [See here](https://golang.org/pkg/crypto/x509/#MarshalPKCS8PrivateKey) for details. | | toYaml | Takes an interface, marshals it to yaml. It returns a string, even on marshal error (empty string). | diff --git a/docs/snippets/filtercertchain-template-v2-external-secret.yaml b/docs/snippets/filtercertchain-template-v2-external-secret.yaml new file mode 100644 index 00000000000..c754822d073 --- /dev/null +++ b/docs/snippets/filtercertchain-template-v2-external-secret.yaml @@ -0,0 +1,17 @@ +{% raw %} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: template +spec: + # ... + target: + template: + type: kubernetes.io/tls + engineVersion: v2 + data: + ca.crt: "{{ .mysecret | filterPEM "CERTIFICATE" | filterCertChain "intermediate" }}" + tls.crt: "{{ .mysecret | filterPEM "CERTIFICATE" | filterCertChain "leaf" }}" + tls.key: "{{ .mysecret | filterPEM "PRIVATE KEY" }}" + +{% endraw %} diff --git a/pkg/template/v2/jwk.go b/pkg/template/v2/jwk.go index d0ba453c917..6a64f2a4d8d 100644 --- a/pkg/template/v2/jwk.go +++ b/pkg/template/v2/jwk.go @@ -34,7 +34,7 @@ func jwkPublicKeyPem(jwkjson string) (string, error) { if err != nil { return "", err } - return pemEncode(string(mpk), "PUBLIC KEY") + return pemEncode(mpk, "PUBLIC KEY") } func jwkPrivateKeyPem(jwkjson string) (string, error) { @@ -52,5 +52,5 @@ func jwkPrivateKeyPem(jwkjson string) (string, error) { if err != nil { return "", err } - return pemEncode(string(mpk), "PRIVATE KEY") + return pemEncode(mpk, "PRIVATE KEY") } diff --git a/pkg/template/v2/pem.go b/pkg/template/v2/pem.go index 0490bc1698b..8f44ba55fbc 100644 --- a/pkg/template/v2/pem.go +++ b/pkg/template/v2/pem.go @@ -16,6 +16,7 @@ package template import ( "bytes" + "crypto/x509" "encoding/pem" "errors" "strings" @@ -23,6 +24,10 @@ import ( const ( errJunk = "error filtering pem: found junk" + + certTypeLeaf = "leaf" + certTypeIntermediate = "intermediate" + certTypeRoot = "root" ) func filterPEM(pemType, input string) (string, error) { @@ -56,8 +61,50 @@ func filterPEM(pemType, input string) (string, error) { return string(blocks), nil } -func pemEncode(thing, kind string) (string, error) { +func filterCertChain(certType, input string) (string, error) { + ordered, err := fetchX509CertChains([]byte(input)) + if err != nil { + return "", err + } + + switch certType { + case certTypeLeaf: + cert := ordered[0] + if cert.AuthorityKeyId != nil && !bytes.Equal(cert.AuthorityKeyId, cert.SubjectKeyId) { + return pemEncode(ordered[0].Raw, pemTypeCertificate) + } + case certTypeIntermediate: + if len(ordered) < 2 { + return "", nil + } + var pemData []byte + for _, cert := range ordered[1:] { + if isRootCertificate(cert) { + break + } + b := &pem.Block{ + Type: pemTypeCertificate, + Bytes: cert.Raw, + } + pemData = append(pemData, pem.EncodeToMemory(b)...) + } + return string(pemData), nil + case certTypeRoot: + cert := ordered[len(ordered)-1] + if isRootCertificate(cert) { + return pemEncode(cert.Raw, pemTypeCertificate) + } + } + + return "", nil +} + +func isRootCertificate(cert *x509.Certificate) bool { + return cert.AuthorityKeyId == nil || bytes.Equal(cert.AuthorityKeyId, cert.SubjectKeyId) +} + +func pemEncode(thing []byte, kind string) (string, error) { buf := bytes.NewBuffer(nil) - err := pem.Encode(buf, &pem.Block{Type: kind, Bytes: []byte(thing)}) + err := pem.Encode(buf, &pem.Block{Type: kind, Bytes: thing}) return buf.String(), err } diff --git a/pkg/template/v2/pem_chain.go b/pkg/template/v2/pem_chain.go index d1fc9c8f2db..708374d19b1 100644 --- a/pkg/template/v2/pem_chain.go +++ b/pkg/template/v2/pem_chain.go @@ -47,9 +47,8 @@ type node struct { isParent bool } -func fetchCertChains(data []byte) ([]byte, error) { +func fetchX509CertChains(data []byte) ([]*x509.Certificate, error) { var newCertChain []*x509.Certificate - var pemData []byte nodes, err := pemToNodes(data) if err != nil { return nil, err @@ -98,12 +97,20 @@ func fetchCertChains(data []byte) ([]byte, error) { processedNodes++ // ensure we aren't stuck in a cyclic loop if processedNodes > len(nodes) { - return pemData, errors.New(errChainCycle) + return nil, errors.New(errChainCycle) } newCertChain = append(newCertChain, leaf.cert) leaf = leaf.parent } + return newCertChain, nil +} +func fetchCertChains(data []byte) ([]byte, error) { + var pemData []byte + newCertChain, err := fetchX509CertChains(data) + if err != nil { + return nil, err + } for _, cert := range newCertChain { b := &pem.Block{ Type: pemTypeCertificate, diff --git a/pkg/template/v2/pem_test.go b/pkg/template/v2/pem_test.go index 3963395426a..ce04efa44c0 100644 --- a/pkg/template/v2/pem_test.go +++ b/pkg/template/v2/pem_test.go @@ -14,7 +14,10 @@ limitations under the License. package template -import "testing" +import ( + "os" + "testing" +) const ( certData = `-----BEGIN CERTIFICATE----- @@ -179,3 +182,193 @@ func TestFilterPEM(t *testing.T) { }) } } + +type filterCertChainTestArgs struct { + input []string + certType string +} + +type filterCertChainTest struct { + name string + args filterCertChainTestArgs + want string + wantErr bool +} + +func TestFilterCertChain(t *testing.T) { + const ( + leafCertPath = "_testdata/foo.crt" + intermediateCertPath = "_testdata/intermediate-ca.crt" + rootCertPath = "_testdata/root-ca.crt" + rootKeyPath = "_testdata/root-ca.key" + ) + tests := []filterCertChainTest{ + { + name: "extract leaf cert / empty cert chain", + args: filterCertChainTestArgs{ + input: []string{}, + certType: certTypeLeaf, + }, + wantErr: true, + }, + { + name: "extract leaf cert / cert chain with pkey", + args: filterCertChainTestArgs{ + input: []string{ + leafCertPath, + rootKeyPath, + }, + certType: certTypeLeaf, + }, + wantErr: true, + }, + { + name: "extract leaf cert / leaf cert only", + args: filterCertChainTestArgs{ + input: []string{ + leafCertPath, + }, + certType: certTypeLeaf, + }, + want: leafCertPath, + }, + { + name: "extract leaf cert / cert chain without root", + args: filterCertChainTestArgs{ + input: []string{ + leafCertPath, + intermediateCertPath, + }, + certType: certTypeLeaf, + }, + want: leafCertPath, + }, + { + name: "extract leaf cert / root cert only", + args: filterCertChainTestArgs{ + input: []string{ + rootCertPath, + }, + certType: certTypeLeaf, + }, + want: "", + }, + { + name: "extract leaf cert / full cert chain", + args: filterCertChainTestArgs{ + input: []string{ + leafCertPath, + intermediateCertPath, + rootCertPath, + }, + certType: certTypeLeaf, + }, + want: leafCertPath, + }, + { + name: "extract intermediate cert / leaf cert only", + args: filterCertChainTestArgs{ + input: []string{ + leafCertPath, + }, + certType: certTypeIntermediate, + }, + want: "", + }, + { + name: "extract intermediate cert / cert chain without root", + args: filterCertChainTestArgs{ + input: []string{ + leafCertPath, + intermediateCertPath, + }, + certType: certTypeIntermediate, + }, + want: intermediateCertPath, + }, + { + name: "extract intermediate cert / full cert chain", + args: filterCertChainTestArgs{ + input: []string{ + leafCertPath, + intermediateCertPath, + rootCertPath, + }, + certType: certTypeIntermediate, + }, + want: intermediateCertPath, + }, + { + name: "extract root cert / leaf cert only", + args: filterCertChainTestArgs{ + input: []string{ + leafCertPath, + }, + certType: certTypeRoot, + }, + want: "", + }, + { + name: "extract root cert / root cert only", + args: filterCertChainTestArgs{ + input: []string{ + rootCertPath, + }, + certType: certTypeRoot, + }, + want: rootCertPath, + }, + { + name: "extract root cert / full cert chain", + args: filterCertChainTestArgs{ + input: []string{ + leafCertPath, + intermediateCertPath, + rootCertPath, + }, + certType: certTypeRoot, + }, + want: rootCertPath, + }, + } + for _, tt := range tests { + runFilterCertChainTest(t, tt) + } +} + +func runFilterCertChainTest(t *testing.T, tt filterCertChainTest) { + t.Run(tt.name, func(t *testing.T) { + chainIn, err := readCertificates(tt.args.input) + if err != nil { + t.Error(err) + } + var expOut []byte + if tt.want != "" { + var err error + expOut, err = os.ReadFile(tt.want) + if err != nil { + t.Error(err) + } + } + got, err := filterCertChain(tt.args.certType, string(chainIn)) + if (err != nil) != tt.wantErr { + t.Errorf("filterCertChain() error = %v, wantErr %v", err, tt.wantErr) + return + } + if got != string(expOut) { + t.Errorf("filterCertChain() = %v, want %v", got, string(expOut)) + } + }) +} + +func readCertificates(certFiles []string) ([]byte, error) { + var certificates []byte + for _, f := range certFiles { + c, err := os.ReadFile(f) + if err != nil { + return nil, err + } + certificates = append(certificates, c...) + } + return certificates, nil +} diff --git a/pkg/template/v2/template.go b/pkg/template/v2/template.go index 46040e84485..97a99ebd126 100644 --- a/pkg/template/v2/template.go +++ b/pkg/template/v2/template.go @@ -37,7 +37,8 @@ var tplFuncs = tpl.FuncMap{ "fullPemToPkcs12": fullPemToPkcs12, "fullPemToPkcs12Pass": fullPemToPkcs12Pass, - "filterPEM": filterPEM, + "filterPEM": filterPEM, + "filterCertChain": filterCertChain, "jwkPublicKeyPem": jwkPublicKeyPem, "jwkPrivateKeyPem": jwkPrivateKeyPem, From 2b4e4a3bc7c458b8c7405ad0c56a4a45fe088687 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 23 Dec 2024 08:12:06 +0100 Subject: [PATCH 490/517] fix: SonarCloud security hotspot (#4235) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- docs/snippets/gitops/repositories.yaml | 2 +- e2e/Dockerfile | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/snippets/gitops/repositories.yaml b/docs/snippets/gitops/repositories.yaml index 27d51c18eb1..6daa65b0ac9 100644 --- a/docs/snippets/gitops/repositories.yaml +++ b/docs/snippets/gitops/repositories.yaml @@ -17,4 +17,4 @@ spec: interval: 10m ref: tag: v0.10.3 - url: http://github.com/external-secrets/external-secrets + url: https://github.com/external-secrets/external-secrets diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 6b63f6f8594..67e4a5dfa84 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -4,9 +4,9 @@ ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" RUN go install github.com/onsi/ginkgo/v2/ginkgo@v2.1.6 -RUN wget -q https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl && \ +RUN wget --max-redirect=0 -q https://storage.googleapis.com/kubernetes-release/release/${KUBECTL_VERSION}/bin/linux/amd64/kubectl -O /usr/local/bin/kubectl && \ chmod +x /usr/local/bin/kubectl && \ - wget -q https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -O - | tar -xzO linux-amd64/helm > /usr/local/bin/helm && \ + wget --max-redirect=0 -q https://get.helm.sh/helm-${HELM_VERSION}-linux-amd64.tar.gz -O - | tar -xzO linux-amd64/helm > /usr/local/bin/helm && \ chmod +x /usr/local/bin/helm WORKDIR /usr/src/app From f96c4bb417054be0e865fa5cc1dc26b818b9c79b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 23 Dec 2024 18:20:08 +0100 Subject: [PATCH 491/517] chore(deps): bump ubi8/ubi from `7287624` to `37cdac4` (#4245) Bumps ubi8/ubi from `7287624` to `37cdac4`. --- updated-dependencies: - dependency-name: ubi8/ubi dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- Dockerfile.ubi | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile.ubi b/Dockerfile.ubi index af5c65c5410..b4ff3ff45e5 100644 --- a/Dockerfile.ubi +++ b/Dockerfile.ubi @@ -1,4 +1,4 @@ -FROM registry.access.redhat.com/ubi8/ubi@sha256:7287624c777a5812893fb02e180acf7d85569858c217d9b1dfb5179bf4ae6ee1 AS minimal-ubi +FROM registry.access.redhat.com/ubi8/ubi@sha256:37cdac4ec130a64050d6df4e1f2ef3f53868bea55d11f623d141f139ee342bd8 AS minimal-ubi ARG TARGETOS ARG TARGETARCH From 21205d3a093f9081ec79a7b0d1a8703363e95f2f Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 23 Dec 2024 19:54:12 +0100 Subject: [PATCH 492/517] revert: softprops update failing the release process (#4248) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 619d92a467e..88ba4954f87 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: ref: ${{ github.event.inputs.source_ref }} - name: Create Release - uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 with: tag_name: ${{ github.event.inputs.version }} target_commitish: ${{ github.event.inputs.source_ref }} @@ -113,7 +113,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Update Release - uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 + uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 with: tag_name: ${{ github.event.inputs.version }} files: | From be58db05bbd75744763da96633d1416badd72704 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 23 Dec 2024 21:21:46 +0100 Subject: [PATCH 493/517] chore: release v0.12.1 (#4250) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- deploy/charts/external-secrets/Chart.yaml | 4 ++-- deploy/charts/external-secrets/README.md | 2 +- .../__snapshot__/cert_controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/controller_test.yaml.snap | 10 +++++----- .../tests/__snapshot__/webhook_test.yaml.snap | 14 +++++++------- 5 files changed, 20 insertions(+), 20 deletions(-) diff --git a/deploy/charts/external-secrets/Chart.yaml b/deploy/charts/external-secrets/Chart.yaml index b9714dd1372..9d2cadc75f2 100644 --- a/deploy/charts/external-secrets/Chart.yaml +++ b/deploy/charts/external-secrets/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: external-secrets description: External secret management for Kubernetes type: application -version: "0.11.0" -appVersion: "v0.11.0" +version: "0.12.1" +appVersion: "v0.12.1" kubeVersion: ">= 1.19.0-0" keywords: - kubernetes-external-secrets diff --git a/deploy/charts/external-secrets/README.md b/deploy/charts/external-secrets/README.md index 93bfc228cc1..81e0e019e86 100644 --- a/deploy/charts/external-secrets/README.md +++ b/deploy/charts/external-secrets/README.md @@ -4,7 +4,7 @@ [//]: # (README.md generated by gotmpl. DO NOT EDIT.) -![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.11.0](https://img.shields.io/badge/Version-0.11.0-informational?style=flat-square) +![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.12.1](https://img.shields.io/badge/Version-0.12.1-informational?style=flat-square) External secret management for Kubernetes diff --git a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap index 7137e955f05..65a99e1cd6f 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/cert_controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.11.0 - helm.sh/chart: external-secrets-0.11.0 + app.kubernetes.io/version: v0.12.1 + helm.sh/chart: external-secrets-0.12.1 name: RELEASE-NAME-external-secrets-cert-controller namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-cert-controller - app.kubernetes.io/version: v0.11.0 - helm.sh/chart: external-secrets-0.11.0 + app.kubernetes.io/version: v0.12.1 + helm.sh/chart: external-secrets-0.12.1 spec: automountServiceAccountToken: true containers: @@ -41,7 +41,7 @@ should match snapshot of default values: - --loglevel=info - --zap-time-encoding=epoch - --enable-partial-cache=true - image: oci.external-secrets.io/external-secrets/external-secrets:v0.11.0 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.12.1 imagePullPolicy: IfNotPresent name: cert-controller ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap index 784cf350112..834f9f6fbac 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/controller_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.11.0 - helm.sh/chart: external-secrets-0.11.0 + app.kubernetes.io/version: v0.12.1 + helm.sh/chart: external-secrets-0.12.1 name: RELEASE-NAME-external-secrets namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets - app.kubernetes.io/version: v0.11.0 - helm.sh/chart: external-secrets-0.11.0 + app.kubernetes.io/version: v0.12.1 + helm.sh/chart: external-secrets-0.12.1 spec: automountServiceAccountToken: true containers: @@ -34,7 +34,7 @@ should match snapshot of default values: - --metrics-addr=:8080 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.11.0 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.12.1 imagePullPolicy: IfNotPresent name: external-secrets ports: diff --git a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap index 57a81688e61..3c5ef2aa406 100644 --- a/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap +++ b/deploy/charts/external-secrets/tests/__snapshot__/webhook_test.yaml.snap @@ -7,8 +7,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.11.0 - helm.sh/chart: external-secrets-0.11.0 + app.kubernetes.io/version: v0.12.1 + helm.sh/chart: external-secrets-0.12.1 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE spec: @@ -24,8 +24,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.11.0 - helm.sh/chart: external-secrets-0.11.0 + app.kubernetes.io/version: v0.12.1 + helm.sh/chart: external-secrets-0.12.1 spec: automountServiceAccountToken: true containers: @@ -39,7 +39,7 @@ should match snapshot of default values: - --healthz-addr=:8081 - --loglevel=info - --zap-time-encoding=epoch - image: oci.external-secrets.io/external-secrets/external-secrets:v0.11.0 + image: oci.external-secrets.io/external-secrets/external-secrets:v0.12.1 imagePullPolicy: IfNotPresent name: webhook ports: @@ -83,8 +83,8 @@ should match snapshot of default values: app.kubernetes.io/instance: RELEASE-NAME app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: external-secrets-webhook - app.kubernetes.io/version: v0.11.0 + app.kubernetes.io/version: v0.12.1 external-secrets.io/component: webhook - helm.sh/chart: external-secrets-0.11.0 + helm.sh/chart: external-secrets-0.12.1 name: RELEASE-NAME-external-secrets-webhook namespace: NAMESPACE From d5577eb61a0675c54bf8066d91bd16bc1481a199 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 15:57:41 +0100 Subject: [PATCH 494/517] chore(deps): bump codecov/codecov-action from 5.1.1 to 5.1.2 (#4236) Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 5.1.1 to 5.1.2. - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/codecov/codecov-action/compare/7f8b4b4bde536c465e797be725718b88c5d95e0e...1e68e06f1dbfde0e4cefc87efeba9e4643565303) --- updated-dependencies: - dependency-name: codecov/codecov-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 213e0e7ea11..a4c58569816 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -126,7 +126,7 @@ jobs: make test - name: Publish Unit Test Coverage - uses: codecov/codecov-action@7f8b4b4bde536c465e797be725718b88c5d95e0e # v5.1.1 + uses: codecov/codecov-action@1e68e06f1dbfde0e4cefc87efeba9e4643565303 # v5.1.2 env: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} with: From cd5f1f061ade40f5f651b341a1095cd1c5537bcc Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 16:01:56 +0100 Subject: [PATCH 495/517] chore(deps): bump docker/setup-buildx-action from 3.7.1 to 3.8.0 (#4237) Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.7.1 to 3.8.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](https://github.com/docker/setup-buildx-action/compare/c47758b77c9736f4b2ef4073d4d51994fabfe349...6524bf65af31da8d45b59e8c27de4bd072b392f5) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/publish.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml index 8757dc842ba..6541430fae6 100644 --- a/.github/workflows/publish.yml +++ b/.github/workflows/publish.yml @@ -60,7 +60,7 @@ jobs: platforms: all - name: Setup Docker Buildx - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1 + uses: docker/setup-buildx-action@6524bf65af31da8d45b59e8c27de4bd072b392f5 # v3.8.0 with: version: 'v0.4.2' install: true From 699bca36d8600d710b810871ac8fcac61624a9af Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 16:05:15 +0100 Subject: [PATCH 496/517] chore(deps): bump github/codeql-action from 3.27.9 to 3.28.0 (#4238) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.27.9 to 3.28.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/df409f7d9260372bd5f19e5b04e83cb3c43714ae...48ab28a6f5dbc2a99bf1e0131198dd8f1df78169) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecard.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml index 775b92e51ed..2837b006c52 100644 --- a/.github/workflows/scorecard.yml +++ b/.github/workflows/scorecard.yml @@ -33,6 +33,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9 + uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0 with: sarif_file: results.sarif From 6263d538b47a5aded5a2d8363b00d955158c1863 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 16:36:21 +0100 Subject: [PATCH 497/517] chore(deps): bump mkdocs-material in /hack/api-docs (#4240) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.48 to 9.5.49. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](https://github.com/squidfunk/mkdocs-material/compare/9.5.48...9.5.49) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index dc54f02ca9a..1c79a3b1464 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -18,7 +18,7 @@ mergedeep==1.3.4 mike @ git+https://github.com/jimporter/mike@300593c338b18f61f604d18457c351e166318020 mkdocs==1.6.1 mkdocs-macros-plugin==1.3.7 -mkdocs-material==9.5.48 +mkdocs-material==9.5.49 mkdocs-material-extensions==1.3.1 mkdocs-minify-plugin==0.8.0 packaging==24.2 From c84c2c96e25de63e4430da9a3db8e2a4fd6b80ae Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 16:40:56 +0100 Subject: [PATCH 498/517] chore(deps): bump livereload from 2.7.0 to 2.7.1 in /hack/api-docs (#4241) Bumps [livereload](https://github.com/lepture/python-livereload) from 2.7.0 to 2.7.1. - [Release notes](https://github.com/lepture/python-livereload/releases) - [Changelog](https://github.com/lepture/python-livereload/blob/master/CHANGES.rst) - [Commits](https://github.com/lepture/python-livereload/compare/2.7.0...v2.7.1) --- updated-dependencies: - dependency-name: livereload dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 1c79a3b1464..4c127965fd3 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -11,7 +11,7 @@ importlib-metadata==8.5.0 importlib-resources==6.4.5 Jinja2==3.1.4 jsmin==3.0.1 -livereload==2.7.0 +livereload==2.7.1 Markdown==3.7 MarkupSafe==3.0.2 mergedeep==1.3.4 From 19508f18a274c09d36f000e500d05154b15e75a9 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 16:43:25 +0100 Subject: [PATCH 499/517] chore(deps): bump urllib3 from 2.2.3 to 2.3.0 in /hack/api-docs (#4242) Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.3 to 2.3.0. - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](https://github.com/urllib3/urllib3/compare/2.2.3...2.3.0) --- updated-dependencies: - dependency-name: urllib3 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 4c127965fd3..4ff68a669e0 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -36,7 +36,7 @@ requests==2.32.3 six==1.17.0 termcolor==2.5.0 tornado==6.4.2 -urllib3==2.2.3 +urllib3==2.3.0 verspec==0.1.0 watchdog==6.0.0 zipp==3.21.0 From 8154767b02b9273776801383cb806f6e59e371a5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 17:12:47 +0100 Subject: [PATCH 500/517] chore(deps): bump click from 8.1.7 to 8.1.8 in /hack/api-docs (#4243) Bumps [click](https://github.com/pallets/click) from 8.1.7 to 8.1.8. - [Release notes](https://github.com/pallets/click/releases) - [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/click/compare/8.1.7...8.1.8) --- updated-dependencies: - dependency-name: click dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 4ff68a669e0..38770a4227b 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -1,7 +1,7 @@ Babel==2.16.0 certifi==2024.12.14 charset-normalizer==3.4.0 -click==8.1.7 +click==8.1.8 colorama==0.4.6 csscompressor==0.9.5 ghp-import==2.1.0 From acb4734c2ce876c307ac5bc1db1af9c25d65395f Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 17:16:35 +0100 Subject: [PATCH 501/517] chore(deps): bump jinja2 from 3.1.4 to 3.1.5 in /hack/api-docs (#4244) Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.5. - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](https://github.com/pallets/jinja/compare/3.1.4...3.1.5) --- updated-dependencies: - dependency-name: jinja2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 38770a4227b..06ee1397224 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -9,7 +9,7 @@ htmlmin==0.1.12 idna==3.10 importlib-metadata==8.5.0 importlib-resources==6.4.5 -Jinja2==3.1.4 +Jinja2==3.1.5 jsmin==3.0.1 livereload==2.7.1 Markdown==3.7 From 9970c8f10c4959e8d8b600d6dbe0b927c5a54882 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 18:05:38 +0100 Subject: [PATCH 502/517] chore(deps): bump helm/kind-action from 1.10.0 to 1.12.0 (#4249) Bumps [helm/kind-action](https://github.com/helm/kind-action) from 1.10.0 to 1.12.0. - [Release notes](https://github.com/helm/kind-action/releases) - [Commits](https://github.com/helm/kind-action/compare/0025e74a8c7512023d06dc019c617aa3cf561fde...a1b0e391336a6ee6713a0583f8c6240d70863de3) --- updated-dependencies: - dependency-name: helm/kind-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/helm.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 3ace5744342..1bf34b4115d 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -56,7 +56,7 @@ jobs: run: ct lint --config=.github/ci/ct.yaml - name: Create kind cluster - uses: helm/kind-action@0025e74a8c7512023d06dc019c617aa3cf561fde # v1.10.0 + uses: helm/kind-action@a1b0e391336a6ee6713a0583f8c6240d70863de3 # v1.12.0 if: steps.list-changed.outputs.changed == 'true' - name: Run chart-testing (install) From 5a6068e3958c2818a4e17e4505c82331c5fb495b Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Wed, 25 Dec 2024 20:44:34 +0100 Subject: [PATCH 503/517] update dependencies (#4246) Signed-off-by: External Secrets Operator Co-authored-by: External Secrets Operator --- e2e/go.mod | 26 ++++++++++----------- e2e/go.sum | 56 ++++++++++++++++++++++---------------------- go.mod | 32 ++++++++++++------------- go.sum | 68 +++++++++++++++++++++++++++--------------------------- 4 files changed, 91 insertions(+), 91 deletions(-) diff --git a/e2e/go.mod b/e2e/go.mod index 658914c1911..9a5f65535f3 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -56,13 +56,13 @@ require ( github.com/fluxcd/source-controller/api v1.2.3 github.com/golang-jwt/jwt/v4 v4.5.1 github.com/hashicorp/vault/api v1.15.0 - github.com/onsi/ginkgo/v2 v2.22.0 - github.com/onsi/gomega v1.35.1 - github.com/oracle/oci-go-sdk/v65 v65.80.0 + github.com/onsi/ginkgo/v2 v2.22.1 + github.com/onsi/gomega v1.36.1 + github.com/oracle/oci-go-sdk/v65 v65.81.1 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 - gitlab.com/gitlab-org/api/client-go v0.117.0 + gitlab.com/gitlab-org/api/client-go v0.118.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.211.0 + google.golang.org/api v0.214.0 k8s.io/api v0.32.0 k8s.io/apiextensions-apiserver v0.32.0 k8s.io/apimachinery v0.32.0 @@ -75,7 +75,7 @@ require ( require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.12.1 // indirect + cloud.google.com/go/auth v0.13.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect cloud.google.com/go/iam v1.3.0 // indirect @@ -131,7 +131,7 @@ require ( github.com/google/s2a-go v0.1.8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.4 // indirect - github.com/googleapis/gax-go/v2 v2.14.0 // indirect + github.com/googleapis/gax-go/v2 v2.14.1 // indirect github.com/gorilla/websocket v1.5.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect @@ -177,7 +177,7 @@ require ( github.com/shopspring/decimal v1.4.0 // indirect github.com/sirupsen/logrus v1.9.3 // indirect github.com/sony/gobreaker v1.0.0 // indirect - github.com/spf13/cast v1.7.0 // indirect + github.com/spf13/cast v1.7.1 // indirect github.com/spf13/pflag v1.0.5 // indirect github.com/tidwall/gjson v1.18.0 // indirect github.com/tidwall/match v1.1.1 // indirect @@ -192,7 +192,7 @@ require ( go.opentelemetry.io/otel/metric v1.33.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect golang.org/x/crypto v0.31.0 // indirect - golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect + golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect golang.org/x/net v0.33.0 // indirect golang.org/x/sync v0.10.0 // indirect golang.org/x/sys v0.28.0 // indirect @@ -201,10 +201,10 @@ require ( golang.org/x/time v0.8.0 // indirect golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect - google.golang.org/grpc v1.69.0 // indirect + google.golang.org/genproto v0.0.0-20241219192143-6b3ec007d9bb // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb // indirect + google.golang.org/grpc v1.69.2 // indirect google.golang.org/protobuf v1.36.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 8964d9e773c..178a9901624 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -20,10 +20,10 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= -cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.12.1 h1:n2Bj25BUMM0nvE9D2XLTiImanwZhO3DkfWSYS/SAJP4= -cloud.google.com/go/auth v0.12.1/go.mod h1:BFMu+TNpF3DmvfBO9ClqTR/SiqVIm7LukKF9mbendF4= +cloud.google.com/go v0.117.0 h1:Z5TNFfQxj7WG2FgOGX1ekC5RiXrYgms6QscOm32M/4s= +cloud.google.com/go v0.117.0/go.mod h1:ZbwhVTb1DBGt2Iwb3tNO6SEK4q+cplHZmLWH+DelYYc= +cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs= +cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q= cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -315,8 +315,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gT github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o= -github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= +github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrkurSS/Q= +github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA= github.com/gorilla/websocket v1.5.0 h1:PPwGk2jz7EePpoHN/+ClbZu8SPxiqlu12wZP/3sWmnc= github.com/gorilla/websocket v1.5.0/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -420,14 +420,14 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= -github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= -github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= +github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM= +github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= +github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.80.0 h1:Rr7QLMozd2DfDBKo6AB3DzLYQxAwuOG118+K5AAD5E8= -github.com/oracle/oci-go-sdk/v65 v65.80.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.81.1 h1:JYc47bk8n/MUchA2KHu1ggsCQzlJZQLJ+tTKfOho00E= +github.com/oracle/oci-go-sdk/v65 v65.81.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c h1:+mdjkGKdHQG3305AYmdv1U2eRNDiU2ErMBj1gwrq8eQ= github.com/pkg/browser v0.0.0-20240102092130-5ac0b6a4141c/go.mod h1:7rwL4CYBLnjLxUqIJNnCWiEdr3bn6IUYi15bNlnbCCU= @@ -465,8 +465,8 @@ github.com/sony/gobreaker v0.5.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJ github.com/sony/gobreaker v1.0.0 h1:feX5fGGXSl3dYd4aHZItw+FpHLvvoaqkawKjVNiFMNQ= github.com/sony/gobreaker v1.0.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= -github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= +github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= @@ -509,8 +509,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zalando/go-keyring v0.2.6 h1:r7Yc3+H+Ux0+M72zacZoItR3UDxeWfKTcabvkI8ua9s= github.com/zalando/go-keyring v0.2.6/go.mod h1:2TCrxYrbUNYfNS/Kgy/LSrkSQzZ5UPVH85RwfczwvcI= -gitlab.com/gitlab-org/api/client-go v0.117.0 h1:HsbKxlTjVgfYmyCU+NRQk2G42RlMOKs6gF+/o0DL+TI= -gitlab.com/gitlab-org/api/client-go v0.117.0/go.mod h1:E+X2dndIYDuUfKVP0C3jhkWvTSE00BkLbCsXTY3edDo= +gitlab.com/gitlab-org/api/client-go v0.118.0 h1:qHIEw+XHt+2xuk4iZGW8fc6t+gTLAGEmTA5Bzp/brxs= +gitlab.com/gitlab-org/api/client-go v0.118.0/go.mod h1:E+X2dndIYDuUfKVP0C3jhkWvTSE00BkLbCsXTY3edDo= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -570,8 +570,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e h1:4qufH0hlUYs6AO6XmZC3GqfDPGSXHVXUFR6OND+iJX4= -golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= +golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 h1:1UoZQm6f0P/ZO0w1Ri+f+ifG/gXhegadRdwBIXEFWDo= +golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -834,8 +834,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.211.0 h1:IUpLjq09jxBSV1lACO33CGY3jsRcbctfGzhj+ZSE/Bg= -google.golang.org/api v0.211.0/go.mod h1:XOloB4MXFH4UTlQSGuNUxw0UT74qdENK8d6JNsXKLi0= +google.golang.org/api v0.214.0 h1:h2Gkq07OYi6kusGOaT/9rnNljuXmqPnaig7WGPmKbwA= +google.golang.org/api v0.214.0/go.mod h1:bYPpLG8AyeMWwDU6NXoB00xC0DFkikVvd5MfwoxjLqE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -883,12 +883,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576 h1:k48HcZ4FE6in0o8IflZCkc1lTc2u37nhGd8P+fo4r24= -google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576/go.mod h1:DV2u3tCn/AcVjjmGYZKt6HyvY4w4y3ipAdHkMbe/0i4= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/genproto v0.0.0-20241219192143-6b3ec007d9bb h1:JGs+s1Q6osip3cDY197L1HmkuPn8wPp9Hfy9jl+Uz+U= +google.golang.org/genproto v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:o8GgNarfULyZPNaIY8RDfXM7AZcmcKC/tbMWp/ZOFDw= +google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb h1:B7GIB7sr443wZ/EAEl7VZjmh1V6qzkt5V+RYcUYtS1U= +google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:E5//3O5ZIG2l71Xnt+P/CYUY8Bxs8E7WMoZ9tlcMbAY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb h1:3oy2tynMOP1QbTC0MsNNAV+Se8M2Bd0A5+x1QHyw+pI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -908,8 +908,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= -google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/go.mod b/go.mod index a2dde16e679..1dea8ee31dd 100644 --- a/go.mod +++ b/go.mod @@ -24,29 +24,29 @@ require ( github.com/go-test/deep v1.0.4 // indirect github.com/google/go-cmp v0.6.0 github.com/google/uuid v1.6.0 - github.com/googleapis/gax-go/v2 v2.14.0 + github.com/googleapis/gax-go/v2 v2.14.1 github.com/hashicorp/vault/api v1.15.0 github.com/hashicorp/vault/api/auth/approle v0.8.0 github.com/hashicorp/vault/api/auth/kubernetes v0.8.0 github.com/hashicorp/vault/api/auth/ldap v0.8.0 github.com/huandu/xstrings v1.5.0 // indirect - github.com/onsi/ginkgo/v2 v2.22.0 - github.com/onsi/gomega v1.35.1 - github.com/oracle/oci-go-sdk/v65 v65.80.0 + github.com/onsi/ginkgo/v2 v2.22.1 + github.com/onsi/gomega v1.36.1 + github.com/oracle/oci-go-sdk/v65 v65.81.1 github.com/prometheus/client_golang v1.20.5 github.com/prometheus/client_model v0.6.1 github.com/spf13/cobra v1.8.1 github.com/stretchr/testify v1.10.0 github.com/tidwall/gjson v1.18.0 - github.com/yandex-cloud/go-genproto v0.0.0-20241206133605-07e4a676108b - github.com/yandex-cloud/go-sdk v0.0.0-20241206142255-6c3760d17eea + github.com/yandex-cloud/go-genproto v0.0.0-20241220122821-aeb3b05efd1c + github.com/yandex-cloud/go-sdk v0.0.0-20241220131134-2393e243c134 github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.31.0 golang.org/x/oauth2 v0.24.0 - google.golang.org/api v0.211.0 - google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576 - google.golang.org/grpc v1.69.0 + google.golang.org/api v0.214.0 + google.golang.org/genproto v0.0.0-20241219192143-6b3ec007d9bb + google.golang.org/grpc v1.69.2 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 k8s.io/api v0.32.0 @@ -86,7 +86,7 @@ require ( github.com/hashicorp/vault/api/auth/userpass v0.8.0 github.com/keeper-security/secrets-manager-go/core v1.6.4 github.com/lestrrat-go/jwx/v2 v2.1.3 - github.com/maxbrunsfeld/counterfeiter/v6 v6.10.0 + github.com/maxbrunsfeld/counterfeiter/v6 v6.11.2 github.com/passbolt/go-passbolt v0.7.1 github.com/previder/vault-cli v0.1.2 github.com/pulumi/esc-sdk/sdk v0.10.5 @@ -94,7 +94,7 @@ require ( github.com/sethvargo/go-password v0.3.1 github.com/spf13/pflag v1.0.5 github.com/tidwall/sjson v1.2.5 - gitlab.com/gitlab-org/api/client-go v0.117.0 + gitlab.com/gitlab-org/api/client-go v0.118.0 k8s.io/kube-openapi v0.0.0-20241212222426-2c72e554b1e7 sigs.k8s.io/yaml v1.4.0 software.sslmate.com/src/go-pkcs12 v0.5.0 @@ -102,7 +102,7 @@ require ( require ( al.essio.dev/pkg/shellescape v1.5.1 // indirect - cloud.google.com/go/auth v0.12.1 // indirect + cloud.google.com/go/auth v0.13.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect github.com/ProtonMail/go-crypto v1.1.3 // indirect @@ -150,8 +150,8 @@ require ( go.opentelemetry.io/otel/metric v1.33.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect golang.org/x/sync v0.10.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect @@ -239,7 +239,7 @@ require ( github.com/ryanuber/go-glob v1.0.0 // indirect github.com/shopspring/decimal v1.4.0 // indirect github.com/sony/gobreaker v1.0.0 // indirect - github.com/spf13/cast v1.7.0 // indirect + github.com/spf13/cast v1.7.1 // indirect github.com/tidwall/match v1.1.1 // indirect github.com/tidwall/pretty v1.2.1 // indirect github.com/uber/jaeger-client-go v2.30.0+incompatible // indirect @@ -247,7 +247,7 @@ require ( go.mongodb.org/mongo-driver v1.17.1 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e // indirect + golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect golang.org/x/mod v0.22.0 // indirect golang.org/x/net v0.33.0 // indirect golang.org/x/sys v0.28.0 // indirect diff --git a/go.sum b/go.sum index 761d2f40b1d..4f501e327c7 100644 --- a/go.sum +++ b/go.sum @@ -20,10 +20,10 @@ cloud.google.com/go v0.74.0/go.mod h1:VV1xSbzvo+9QJOxLDaJfTjx5e+MePCpCWwvftOeQmW cloud.google.com/go v0.78.0/go.mod h1:QjdrLG0uq+YwhjoVOLsS1t7TW8fs36kLs4XO5R5ECHg= cloud.google.com/go v0.79.0/go.mod h1:3bzgcEeQlzbuEAYu4mrWhKqWjmpprinYgKJLgKHnbb8= cloud.google.com/go v0.81.0/go.mod h1:mk/AM35KwGk/Nm2YSeZbxXdrNK3KZOYHmLkOqC2V6E0= -cloud.google.com/go v0.116.0 h1:B3fRrSDkLRt5qSHWe40ERJvhvnQwdZiHu0bJOpldweE= -cloud.google.com/go v0.116.0/go.mod h1:cEPSRWPzZEswwdr9BxE6ChEn01dWlTaF05LiC2Xs70U= -cloud.google.com/go/auth v0.12.1 h1:n2Bj25BUMM0nvE9D2XLTiImanwZhO3DkfWSYS/SAJP4= -cloud.google.com/go/auth v0.12.1/go.mod h1:BFMu+TNpF3DmvfBO9ClqTR/SiqVIm7LukKF9mbendF4= +cloud.google.com/go v0.117.0 h1:Z5TNFfQxj7WG2FgOGX1ekC5RiXrYgms6QscOm32M/4s= +cloud.google.com/go v0.117.0/go.mod h1:ZbwhVTb1DBGt2Iwb3tNO6SEK4q+cplHZmLWH+DelYYc= +cloud.google.com/go/auth v0.13.0 h1:8Fu8TZy167JkW8Tj3q7dIkr2v4cndv41ouecJx0PAHs= +cloud.google.com/go/auth v0.13.0/go.mod h1:COOjD9gwfKNKz+IIduatIhYJQIc0mG3H102r/EMxX6Q= cloud.google.com/go/auth/oauth2adapt v0.2.6 h1:V6a6XDu2lTwPZWOawrAa9HUK+DB2zfJyTuciBG5hFkU= cloud.google.com/go/auth/oauth2adapt v0.2.6/go.mod h1:AlmsELtlEBnaNTL7jCj8VQFLy6mbZv0s4Q7NGBeQ5E8= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= @@ -422,8 +422,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.3.4 h1:XYIDZApgAnrN1c855gT github.com/googleapis/enterprise-certificate-proxy v0.3.4/go.mod h1:YKe7cfqYXjKGpGvmSg28/fFvhNzinZQm8DGnaburhGA= github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= -github.com/googleapis/gax-go/v2 v2.14.0 h1:f+jMrjBPl+DL9nI4IQzLUxMq7XrAqFYB7hBPqMNIe8o= -github.com/googleapis/gax-go/v2 v2.14.0/go.mod h1:lhBCnjdLrWRaPvLWhmc8IS24m9mr07qSYnHncrgo+zk= +github.com/googleapis/gax-go/v2 v2.14.1 h1:hb0FFeiPaQskmvakKu5EbCbpntQn48jyHuvrkurSS/Q= +github.com/googleapis/gax-go/v2 v2.14.1/go.mod h1:Hb/NubMaVM88SrNkvl8X/o8XWwDJEPqouaLeN2IUxoA= github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/gopherjs/gopherjs v0.0.0-20200217142428-fce0ec30dd00/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -532,8 +532,8 @@ github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27k github.com/mattn/go-isatty v0.0.16/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY= github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= -github.com/maxbrunsfeld/counterfeiter/v6 v6.10.0 h1:9WsegDYiSKtZXru+NcOB4z7iqb00n4atjmQlyy5TRXI= -github.com/maxbrunsfeld/counterfeiter/v6 v6.10.0/go.mod h1:TeVdzh+5QB5IpWDJAU/uviXA6kOg9yXzLrrjeLKJXqY= +github.com/maxbrunsfeld/counterfeiter/v6 v6.11.2 h1:yVCLo4+ACVroOEr4iFU1iH46Ldlzz2rTuu18Ra7M8sU= +github.com/maxbrunsfeld/counterfeiter/v6 v6.11.2/go.mod h1:VzB2VoMh1Y32/QqDfg9ZJYHj99oM4LiGtqPZydTiQSQ= github.com/mitchellh/copystructure v1.0.0/go.mod h1:SNtv71yrdKgLRyLFxmLdkAbkKEFWgYaq1OVrnRcwhnw= github.com/mitchellh/copystructure v1.2.0 h1:vpKXTN4ewci03Vljg/q9QvCGUDttBOGBIa15WveJJGw= github.com/mitchellh/copystructure v1.2.0/go.mod h1:qLl+cE2AmVv+CoeAwDPye/v+N2HKCj9FbZEVFJRxO9s= @@ -564,14 +564,14 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.22.0 h1:Yed107/8DjTr0lKCNt7Dn8yQ6ybuDRQoMGrNFKzMfHg= -github.com/onsi/ginkgo/v2 v2.22.0/go.mod h1:7Du3c42kxCUegi0IImZ1wUQzMBVecgIHjR1C+NkhLQo= -github.com/onsi/gomega v1.35.1 h1:Cwbd75ZBPxFSuZ6T+rN/WCb/gOc6YgFBXLlZLhC7Ds4= -github.com/onsi/gomega v1.35.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= +github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM= +github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= +github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= -github.com/oracle/oci-go-sdk/v65 v65.80.0 h1:Rr7QLMozd2DfDBKo6AB3DzLYQxAwuOG118+K5AAD5E8= -github.com/oracle/oci-go-sdk/v65 v65.80.0/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= +github.com/oracle/oci-go-sdk/v65 v65.81.1 h1:JYc47bk8n/MUchA2KHu1ggsCQzlJZQLJ+tTKfOho00E= +github.com/oracle/oci-go-sdk/v65 v65.81.1/go.mod h1:IBEV9l1qBzUpo7zgGaRUhbB05BVfcDGYRFBCPlTcPp0= github.com/passbolt/go-passbolt v0.7.1 h1:boNYHZmSnWl/3bKbUiaWgF/mELCtHfliGHzggf884GE= github.com/passbolt/go-passbolt v0.7.1/go.mod h1:if/jzzYYUjRtq/5h+l+J5Dka0f5dED67QM1lhpTx4pY= github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= @@ -631,8 +631,8 @@ github.com/sony/gobreaker v0.5.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJ github.com/sony/gobreaker v1.0.0 h1:feX5fGGXSl3dYd4aHZItw+FpHLvvoaqkawKjVNiFMNQ= github.com/sony/gobreaker v1.0.0/go.mod h1:ZKptC7FHNvhBz7dN2LGjPVBz2sZJmc0/PkyDJOjmxWY= github.com/spf13/cast v1.3.1/go.mod h1:Qx5cxh0v+4UWYiBimWS+eyWzqEqokIECu5etghLkUJE= -github.com/spf13/cast v1.7.0 h1:ntdiHjuueXFgm5nzDRdOS4yfT43P5Fnud6DH50rz/7w= -github.com/spf13/cast v1.7.0/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= +github.com/spf13/cast v1.7.1 h1:cuNEagBQEHWN1FnbGEjCXL2szYEXqfJPbP2HNUaca9Y= +github.com/spf13/cast v1.7.1/go.mod h1:ancEpBxwJDODSW/UG4rDrAqiKolqNNh2DX3mk86cAdo= github.com/spf13/cobra v1.8.1 h1:e5/vxKd/rZsfSJMUX1agtjeTDf+qv1/JdBF8gg5k9ZM= github.com/spf13/cobra v1.8.1/go.mod h1:wHxEcudfqmLYa8iTfL+OuZPbBZkmvliBWKIezN3kD9Y= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -676,10 +676,10 @@ github.com/uber/jaeger-lib v2.4.1+incompatible h1:td4jdvLcExb4cBISKIpHuGoVXh+dVK github.com/uber/jaeger-lib v2.4.1+incompatible/go.mod h1:ComeNDZlWwrWnDv8aPp0Ba6+uUTzImX/AauajbLI56U= github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM= github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg= -github.com/yandex-cloud/go-genproto v0.0.0-20241206133605-07e4a676108b h1:+xsB23dmxN3hBSGZLAiyLsUADnqr6ASOiZJmLd8++nk= -github.com/yandex-cloud/go-genproto v0.0.0-20241206133605-07e4a676108b/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= -github.com/yandex-cloud/go-sdk v0.0.0-20241206142255-6c3760d17eea h1:XvnMWpD249l3rhJjDWEAGOQmYZ3Rw0XjEwREDzm9wDs= -github.com/yandex-cloud/go-sdk v0.0.0-20241206142255-6c3760d17eea/go.mod h1:6JH4ZTrHlyTtKwf1VoEGfbHl+or8NFdOyxwYzID0UdI= +github.com/yandex-cloud/go-genproto v0.0.0-20241220122821-aeb3b05efd1c h1:Rnr+lDYXVkP+3eT8/d68iq4G/UeIhyCQk+HKa8toTvg= +github.com/yandex-cloud/go-genproto v0.0.0-20241220122821-aeb3b05efd1c/go.mod h1:0LDD/IZLIUIV4iPH+YcF+jysO3jkSvADFGm4dCAuwQo= +github.com/yandex-cloud/go-sdk v0.0.0-20241220131134-2393e243c134 h1:qmpz0Kvr9GAng8LAhRcKIpY71CEAcL3EBkftVlsP5Cw= +github.com/yandex-cloud/go-sdk v0.0.0-20241220131134-2393e243c134/go.mod h1:KgZCJrxdhdw/sKhTQ/M3S9WOLri2PCnBlc4C3s+PfKY= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 h1:ilQV1hzziu+LLM3zUTJ0trRztfwgjqKnBWNtSRkbmwM= github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78/go.mod h1:aL8wCCfTfSfmXjznFBSZNN13rSJjlIOI1fUNAtF7rmI= github.com/yuin/goldmark v1.1.25/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= @@ -690,8 +690,8 @@ github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9dec github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= github.com/zalando/go-keyring v0.2.6 h1:r7Yc3+H+Ux0+M72zacZoItR3UDxeWfKTcabvkI8ua9s= github.com/zalando/go-keyring v0.2.6/go.mod h1:2TCrxYrbUNYfNS/Kgy/LSrkSQzZ5UPVH85RwfczwvcI= -gitlab.com/gitlab-org/api/client-go v0.117.0 h1:HsbKxlTjVgfYmyCU+NRQk2G42RlMOKs6gF+/o0DL+TI= -gitlab.com/gitlab-org/api/client-go v0.117.0/go.mod h1:E+X2dndIYDuUfKVP0C3jhkWvTSE00BkLbCsXTY3edDo= +gitlab.com/gitlab-org/api/client-go v0.118.0 h1:qHIEw+XHt+2xuk4iZGW8fc6t+gTLAGEmTA5Bzp/brxs= +gitlab.com/gitlab-org/api/client-go v0.118.0/go.mod h1:E+X2dndIYDuUfKVP0C3jhkWvTSE00BkLbCsXTY3edDo= go.mongodb.org/mongo-driver v1.17.1 h1:Wic5cJIwJgSpBhe3lx3+/RybR5PiYRMpVFgO7cOHyIM= go.mongodb.org/mongo-driver v1.17.1/go.mod h1:wwWm/+BuOddhcq3n68LKRmgk2wXzmF6s0SFOa0GINL4= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= @@ -759,8 +759,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e h1:4qufH0hlUYs6AO6XmZC3GqfDPGSXHVXUFR6OND+iJX4= -golang.org/x/exp v0.0.0-20241215155358-4a5509556b9e/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= +golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 h1:1UoZQm6f0P/ZO0w1Ri+f+ifG/gXhegadRdwBIXEFWDo= +golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -1051,8 +1051,8 @@ google.golang.org/api v0.40.0/go.mod h1:fYKFpnQN0DsDSKRVRcQSDQNtqWPfM9i+zNPxepjR google.golang.org/api v0.41.0/go.mod h1:RkxM5lITDfTzmyKFPt+wGrCJbVfniCr2ool8kTBzRTU= google.golang.org/api v0.43.0/go.mod h1:nQsDGjRXMo4lvh5hP0TKqF244gqhGcr/YSIykhUk/94= google.golang.org/api v0.45.0/go.mod h1:ISLIJCedJolbZvDfAk+Ctuq5hf+aJ33WgtUsfyFoLXA= -google.golang.org/api v0.211.0 h1:IUpLjq09jxBSV1lACO33CGY3jsRcbctfGzhj+ZSE/Bg= -google.golang.org/api v0.211.0/go.mod h1:XOloB4MXFH4UTlQSGuNUxw0UT74qdENK8d6JNsXKLi0= +google.golang.org/api v0.214.0 h1:h2Gkq07OYi6kusGOaT/9rnNljuXmqPnaig7WGPmKbwA= +google.golang.org/api v0.214.0/go.mod h1:bYPpLG8AyeMWwDU6NXoB00xC0DFkikVvd5MfwoxjLqE= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1100,12 +1100,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576 h1:k48HcZ4FE6in0o8IflZCkc1lTc2u37nhGd8P+fo4r24= -google.golang.org/genproto v0.0.0-20241209162323-e6fa225c2576/go.mod h1:DV2u3tCn/AcVjjmGYZKt6HyvY4w4y3ipAdHkMbe/0i4= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576 h1:CkkIfIt50+lT6NHAVoRYEyAvQGFM7xEwXUUywFvEb3Q= -google.golang.org/genproto/googleapis/api v0.0.0-20241209162323-e6fa225c2576/go.mod h1:1R3kvZ1dtP3+4p4d3G8uJ8rFk/fWlScl38vanWACI08= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576 h1:8ZmaLZE4XWrtU3MyClkYqqtl6Oegr3235h7jxsDyqCY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241209162323-e6fa225c2576/go.mod h1:5uTbfoYQed2U9p3KIj2/Zzm02PYhndfdmML0qC3q3FU= +google.golang.org/genproto v0.0.0-20241219192143-6b3ec007d9bb h1:JGs+s1Q6osip3cDY197L1HmkuPn8wPp9Hfy9jl+Uz+U= +google.golang.org/genproto v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:o8GgNarfULyZPNaIY8RDfXM7AZcmcKC/tbMWp/ZOFDw= +google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb h1:B7GIB7sr443wZ/EAEl7VZjmh1V6qzkt5V+RYcUYtS1U= +google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:E5//3O5ZIG2l71Xnt+P/CYUY8Bxs8E7WMoZ9tlcMbAY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb h1:3oy2tynMOP1QbTC0MsNNAV+Se8M2Bd0A5+x1QHyw+pI= +google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1125,8 +1125,8 @@ google.golang.org/grpc v1.35.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAG google.golang.org/grpc v1.36.0/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.36.1/go.mod h1:qjiiYl8FncCW8feJPdyg3v6XW24KsRHe+dy9BAGRRjU= google.golang.org/grpc v1.37.0/go.mod h1:NREThFqKR1f3iQ6oBuvc5LadQuXVGo9rkm5ZGrQdJfM= -google.golang.org/grpc v1.69.0 h1:quSiOM1GJPmPH5XtU+BCoVXcDVJJAzNcoyfC2cCjGkI= -google.golang.org/grpc v1.69.0/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= +google.golang.org/grpc v1.69.2 h1:U3S9QEtbXC0bYNvRtcoklF3xGtLViumSYxWykJS+7AU= +google.golang.org/grpc v1.69.2/go.mod h1:vyjdE6jLBI76dgpDojsFGNaHlxdjXN9ghpnd2o7JGZ4= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= From 323389f2947d54803ab82c61d934cf5495109a9a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Dec 2024 07:59:23 +0100 Subject: [PATCH 504/517] chore(deps): bump golang from `6c5c959` to `6c5c959` (#4255) Bumps golang from `6c5c959` to `6c5c959`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tilt.debug.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.debug.dockerfile b/tilt.debug.dockerfile index 2cac8c1d579..3fe6fa24d33 100644 --- a/tilt.debug.dockerfile +++ b/tilt.debug.dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.4@sha256:70031844b8c225351d0bb63e2c383f80db85d92ba894e3da7e13bcf80efa9a37 +FROM golang:1.23.4@sha256:7ea4c9dcb2b97ff8ee80a67db3d44f98c8ffa0d191399197007d8459c1453041 WORKDIR / COPY ./bin/external-secrets /external-secrets From 822e9d07c56113c278ab28b52fb312ffdb5a380d Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Dec 2024 08:01:47 +0100 Subject: [PATCH 505/517] chore(deps): bump charset-normalizer in /hack/api-docs (#4256) Bumps [charset-normalizer](https://github.com/jawah/charset_normalizer) from 3.4.0 to 3.4.1. - [Release notes](https://github.com/jawah/charset_normalizer/releases) - [Changelog](https://github.com/jawah/charset_normalizer/blob/master/CHANGELOG.md) - [Commits](https://github.com/jawah/charset_normalizer/compare/3.4.0...3.4.1) --- updated-dependencies: - dependency-name: charset-normalizer dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 06ee1397224..2d7d389575d 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -1,6 +1,6 @@ Babel==2.16.0 certifi==2024.12.14 -charset-normalizer==3.4.0 +charset-normalizer==3.4.1 click==8.1.8 colorama==0.4.6 csscompressor==0.9.5 From 915e20ea285165d6f1eafa6b12bb0eafba63af98 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Dec 2024 08:03:52 +0100 Subject: [PATCH 506/517] chore(deps): bump pymdown-extensions in /hack/api-docs (#4257) Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.12 to 10.13. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.12...10.13) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 2d7d389575d..d43ae85d71b 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -27,7 +27,7 @@ pathspec==0.12.1 pep562==1.1 platformdirs==4.3.6 Pygments==2.18.0 -pymdown-extensions==10.12 +pymdown-extensions==10.13 python-dateutil==2.9.0.post0 PyYAML==6.0.2 pyyaml_env_tag==0.1 From a2ff0f1ee74cb97712b108fb28444651ad3ff9ef Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Dec 2024 08:28:57 +0100 Subject: [PATCH 507/517] chore(deps): bump softprops/action-gh-release from 2.1.0 to 2.2.0 (#4258) Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.1.0 to 2.2.0. - [Release notes](https://github.com/softprops/action-gh-release/releases) - [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md) - [Commits](https://github.com/softprops/action-gh-release/compare/01570a1f39cb168c169c802c3bceb9e93fb10974...7b4da11513bf3f43f9999e90eabced41ab8bb048) --- updated-dependencies: - dependency-name: softprops/action-gh-release dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/release.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 88ba4954f87..619d92a467e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -28,7 +28,7 @@ jobs: ref: ${{ github.event.inputs.source_ref }} - name: Create Release - uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: tag_name: ${{ github.event.inputs.version }} target_commitish: ${{ github.event.inputs.source_ref }} @@ -113,7 +113,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - name: Update Release - uses: softprops/action-gh-release@01570a1f39cb168c169c802c3bceb9e93fb10974 # v2.1.0 + uses: softprops/action-gh-release@7b4da11513bf3f43f9999e90eabced41ab8bb048 # v2.2.0 with: tag_name: ${{ github.event.inputs.version }} files: | From 3fefa7ea71ab9e2b63585e4b15c2a08dbe6a906e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 31 Dec 2024 08:42:20 +0100 Subject: [PATCH 508/517] chore(deps): bump golang from `ef30001` to `2e83858` in /e2e (#4259) Bumps golang from `ef30001` to `2e83858`. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- e2e/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/e2e/Dockerfile b/e2e/Dockerfile index 67e4a5dfa84..974fb7fb2c9 100644 --- a/e2e/Dockerfile +++ b/e2e/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.4-bookworm@sha256:ef30001eeadd12890c7737c26f3be5b3a8479ccdcdc553b999c84879875a27ce AS builder +FROM golang:1.23.4-bookworm@sha256:2e838582004fab0931693a3a84743ceccfbfeeafa8187e87291a1afea457ff7a AS builder ENV KUBECTL_VERSION="v1.28.3" ENV HELM_VERSION="v3.13.1" From 2d0943cbbf072190ebe23a05b3bdd626cb90f38e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 10:05:41 +0100 Subject: [PATCH 509/517] chore(deps): bump importlib-resources in /hack/api-docs (#4266) Bumps [importlib-resources](https://github.com/python/importlib_resources) from 6.4.5 to 6.5.2. - [Release notes](https://github.com/python/importlib_resources/releases) - [Changelog](https://github.com/python/importlib_resources/blob/main/NEWS.rst) - [Commits](https://github.com/python/importlib_resources/compare/v6.4.5...v6.5.2) --- updated-dependencies: - dependency-name: importlib-resources dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index d43ae85d71b..6bebc47abe8 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -8,7 +8,7 @@ ghp-import==2.1.0 htmlmin==0.1.12 idna==3.10 importlib-metadata==8.5.0 -importlib-resources==6.4.5 +importlib-resources==6.5.2 Jinja2==3.1.5 jsmin==3.0.1 livereload==2.7.1 From 3fb9f774b3bd111ae95a18c675c2a896c047dc88 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 7 Jan 2025 10:24:34 +0100 Subject: [PATCH 510/517] chore(deps): bump pygments from 2.18.0 to 2.19.1 in /hack/api-docs (#4270) Bumps [pygments](https://github.com/pygments/pygments) from 2.18.0 to 2.19.1. - [Release notes](https://github.com/pygments/pygments/releases) - [Changelog](https://github.com/pygments/pygments/blob/master/CHANGES) - [Commits](https://github.com/pygments/pygments/compare/2.18.0...2.19.1) --- updated-dependencies: - dependency-name: pygments dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 6bebc47abe8..73a9c375016 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -26,7 +26,7 @@ paginate==0.5.7 pathspec==0.12.1 pep562==1.1 platformdirs==4.3.6 -Pygments==2.18.0 +Pygments==2.19.1 pymdown-extensions==10.13 python-dateutil==2.9.0.post0 PyYAML==6.0.2 From e7c89f68bbf25c241e48f763b85fd3647e5dc239 Mon Sep 17 00:00:00 2001 From: Martin Schwamberger Date: Thu, 9 Jan 2025 07:15:57 +0100 Subject: [PATCH 511/517] add allowEmptyResponse to vaultdynamicsecrets (#4271) Signed-off-by: Kyaak Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- apis/generators/v1alpha1/types_vault.go | 5 ++ ...external-secrets.io_clustergenerators.yaml | 5 ++ ...ternal-secrets.io_vaultdynamicsecrets.yaml | 5 ++ deploy/crds/bundle.yaml | 8 ++ pkg/generator/vault/vault.go | 5 ++ pkg/generator/vault/vault_test.go | 80 ++++++++++++++++++- 6 files changed, 106 insertions(+), 2 deletions(-) diff --git a/apis/generators/v1alpha1/types_vault.go b/apis/generators/v1alpha1/types_vault.go index 571682646a4..9266b5427ec 100644 --- a/apis/generators/v1alpha1/types_vault.go +++ b/apis/generators/v1alpha1/types_vault.go @@ -50,6 +50,11 @@ type VaultDynamicSecretSpec struct { // Vault path to obtain the dynamic secret from Path string `json:"path"` + + // Do not fail if no secrets are found. Useful for requests where no data is expected. + // +optional + // +kubebuilder:default=false + AllowEmptyResponse bool `json:"allowEmptyResponse,omitempty"` } // +kubebuilder:validation:Enum=Data;Auth diff --git a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml index 00712429e28..88c4ef562f2 100644 --- a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml +++ b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml @@ -735,6 +735,11 @@ spec: type: object vaultDynamicSecretSpec: properties: + allowEmptyResponse: + default: false + description: Do not fail if no secrets are found. Useful for + requests where no data is expected. + type: boolean controller: description: |- Used to select the correct ESO controller (think: ingress.ingressClassName) diff --git a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml index 277c2340102..21c0a1618c2 100644 --- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml +++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml @@ -41,6 +41,11 @@ spec: type: object spec: properties: + allowEmptyResponse: + default: false + description: Do not fail if no secrets are found. Useful for requests + where no data is expected. + type: boolean controller: description: |- Used to select the correct ESO controller (think: ingress.ingressClassName) diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 5a749380f1d..8cef990824e 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -14541,6 +14541,10 @@ spec: type: object vaultDynamicSecretSpec: properties: + allowEmptyResponse: + default: false + description: Do not fail if no secrets are found. Useful for requests where no data is expected. + type: boolean controller: description: |- Used to select the correct ESO controller (think: ingress.ingressClassName) @@ -16444,6 +16448,10 @@ spec: type: object spec: properties: + allowEmptyResponse: + default: false + description: Do not fail if no secrets are found. Useful for requests where no data is expected. + type: boolean controller: description: |- Used to select the correct ESO controller (think: ingress.ingressClassName) diff --git a/pkg/generator/vault/vault.go b/pkg/generator/vault/vault.go index 28e85a204a1..4ab236325bd 100644 --- a/pkg/generator/vault/vault.go +++ b/pkg/generator/vault/vault.go @@ -81,6 +81,11 @@ func (g *Generator) generate(ctx context.Context, c *provider.Provider, jsonSpec if err != nil { return nil, err } + + if result == nil && res.Spec.AllowEmptyResponse { + return nil, nil + } + if result == nil { return nil, fmt.Errorf(errGetSecret, errors.New("empty response from Vault")) } diff --git a/pkg/generator/vault/vault_test.go b/pkg/generator/vault/vault_test.go index 3781ac34e15..d033c3d2070 100644 --- a/pkg/generator/vault/vault_test.go +++ b/pkg/generator/vault/vault_test.go @@ -161,6 +161,80 @@ spec: err: errors.New("unable to get dynamic secret: empty response from Vault"), }, }, + "AllowEmptyVaultPOST": { + reason: "Allow empty response from Vault POST.", + args: args{ + corev1: utilfake.NewCreateTokenMock().WithToken("ok"), + jsonSpec: &apiextensions.JSON{ + Raw: []byte(`apiVersion: generators.external-secrets.io/v1alpha1 +kind: VaultDynamicSecret +spec: + provider: + auth: + kubernetes: + role: test + serviceAccountRef: + name: "testing" + method: POST + parameters: + foo: "bar" + path: "github/token/example" + allowEmptyResponse: true`), + }, + kube: clientfake.NewClientBuilder().WithObjects(&corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + Name: "testing", + Namespace: "testing", + }, + Secrets: []corev1.ObjectReference{ + { + Name: "test", + }, + }, + }).Build(), + }, + want: want{ + err: nil, + val: nil, + }, + }, + "AllowEmptyVaultGET": { + reason: "Allow empty response from Vault GET.", + args: args{ + corev1: utilfake.NewCreateTokenMock().WithToken("ok"), + jsonSpec: &apiextensions.JSON{ + Raw: []byte(`apiVersion: generators.external-secrets.io/v1alpha1 +kind: VaultDynamicSecret +spec: + provider: + auth: + kubernetes: + role: test + serviceAccountRef: + name: "testing" + method: GET + parameters: + foo: "bar" + path: "github/token/example" + allowEmptyResponse: true`), + }, + kube: clientfake.NewClientBuilder().WithObjects(&corev1.ServiceAccount{ + ObjectMeta: metav1.ObjectMeta{ + Name: "testing", + Namespace: "testing", + }, + Secrets: []corev1.ObjectReference{ + { + Name: "test", + }, + }, + }).Build(), + }, + want: want{ + err: nil, + val: nil, + }, + }, } for name, tc := range cases { @@ -168,8 +242,10 @@ spec: c := &provider.Provider{NewVaultClient: fake.ClientWithLoginMock} gen := &Generator{} val, err := gen.generate(context.Background(), c, tc.args.jsonSpec, tc.args.kube, tc.args.corev1, "testing") - if diff := cmp.Diff(tc.want.err.Error(), err.Error()); diff != "" { - t.Errorf("\n%s\nvault.GetSecret(...): -want error, +got error:\n%s", tc.reason, diff) + if err != nil || tc.want.err != nil { + if diff := cmp.Diff(tc.want.err.Error(), err.Error()); diff != "" { + t.Errorf("\n%s\nvault.GetSecret(...): -want error, +got error:\n%s", tc.reason, diff) + } } if diff := cmp.Diff(tc.want.val, val); diff != "" { t.Errorf("\n%s\nvault.GetSecret(...): -want val, +got val:\n%s", tc.reason, diff) From ab5de7862961199721ef5a768d95715276d43b36 Mon Sep 17 00:00:00 2001 From: Carlos Lopez Date: Thu, 9 Jan 2025 09:33:40 +0100 Subject: [PATCH 512/517] docs: Fix IAM policy AWS SM provider (#4275) Signed-off-by: Carlos Lopez --- docs/provider/aws-secrets-manager.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/provider/aws-secrets-manager.md b/docs/provider/aws-secrets-manager.md index 040ae0c5844..4a6a713e6ed 100644 --- a/docs/provider/aws-secrets-manager.md +++ b/docs/provider/aws-secrets-manager.md @@ -27,6 +27,14 @@ For Batch permissions read the following post https://aws.amazon.com/about-aws/w { "Version": "2012-10-17", "Statement": [ + { + "Action" : [ + "secretsmanager:ListSecrets", + "secretsmanager:BatchGetSecretValue" + ], + "Effect" : "Allow", + "Resource" : "*" + }, { "Effect": "Allow", "Action": [ @@ -34,7 +42,6 @@ For Batch permissions read the following post https://aws.amazon.com/about-aws/w "secretsmanager:GetSecretValue", "secretsmanager:DescribeSecret", "secretsmanager:ListSecretVersionIds" - "secretsmanager:BatchGetSecretValue" ], "Resource": [ "arn:aws:secretsmanager:us-west-2:111122223333:secret:dev-*" From a0386badf80fb27f4958697c443b81920356d3be Mon Sep 17 00:00:00 2001 From: dronenb Date: Thu, 9 Jan 2025 10:44:59 -0600 Subject: [PATCH 513/517] feat(generators): add Quay generator support (#4252) * feat(generators): add Quay generator support Signed-off-by: Ben Dronen * fix(quay): better logic for default URL Signed-off-by: Ben Dronen * fix(quay): make CRD spec show the correct default URL Signed-off-by: Ben Dronen * docs: add Quay docs + add expiry to generator Signed-off-by: Ben Dronen * fix(quay-generator): better error handling, use context in http request, strip https:// prefix from registry Signed-off-by: Ben Dronen --------- Signed-off-by: Ben Dronen --- .../v1beta1/externalsecret_types.go | 2 +- apis/generators/v1alpha1/register.go | 9 + apis/generators/v1alpha1/types_cluster.go | 4 +- apis/generators/v1alpha1/types_quay.go | 52 +++++ .../v1alpha1/zz_generated.deepcopy.go | 79 +++++++ ...nal-secrets.io_clusterexternalsecrets.yaml | 2 + .../external-secrets.io_externalsecrets.yaml | 2 + .../external-secrets.io_pushsecrets.yaml | 1 + ...external-secrets.io_clustergenerators.yaml | 45 ++++ ....external-secrets.io_quayaccesstokens.yaml | 89 ++++++++ config/crds/bases/kustomization.yaml | 1 + .../external-secrets/templates/rbac.yaml | 3 + deploy/crds/bundle.yaml | 144 ++++++++++++ docs/api/generator/quay.md | 39 ++++ docs/snippets/generator-quay-example.yaml | 29 +++ docs/snippets/generator-quay.yaml | 11 + hack/api-docs/mkdocs.yml | 1 + pkg/generator/quay/quay.go | 211 ++++++++++++++++++ pkg/generator/register/register.go | 1 + pkg/utils/resolvers/generator.go | 7 + 20 files changed, 730 insertions(+), 2 deletions(-) create mode 100644 apis/generators/v1alpha1/types_quay.go create mode 100644 config/crds/bases/generators.external-secrets.io_quayaccesstokens.yaml create mode 100644 docs/api/generator/quay.md create mode 100644 docs/snippets/generator-quay-example.yaml create mode 100644 docs/snippets/generator-quay.yaml create mode 100644 pkg/generator/quay/quay.go diff --git a/apis/externalsecrets/v1beta1/externalsecret_types.go b/apis/externalsecrets/v1beta1/externalsecret_types.go index f97689f0e11..764b0e11d6c 100644 --- a/apis/externalsecrets/v1beta1/externalsecret_types.go +++ b/apis/externalsecrets/v1beta1/externalsecret_types.go @@ -424,7 +424,7 @@ type GeneratorRef struct { APIVersion string `json:"apiVersion,omitempty"` // Specify the Kind of the generator resource - // +kubebuilder:validation:Enum=ACRAccessToken;ClusterGenerator;ECRAuthorizationToken;Fake;GCRAccessToken;GithubAccessToken;Password;STSSessionToken;UUID;VaultDynamicSecret;Webhook + // +kubebuilder:validation:Enum=ACRAccessToken;ClusterGenerator;ECRAuthorizationToken;Fake;GCRAccessToken;GithubAccessToken;QuayAccessToken;Password;STSSessionToken;UUID;VaultDynamicSecret;Webhook Kind string `json:"kind"` // Specify the name of the generator resource diff --git a/apis/generators/v1alpha1/register.go b/apis/generators/v1alpha1/register.go index 1b63c52b468..a0dab72ab9c 100644 --- a/apis/generators/v1alpha1/register.go +++ b/apis/generators/v1alpha1/register.go @@ -108,6 +108,14 @@ var ( GithubAccessTokenGroupVersionKind = SchemeGroupVersion.WithKind(GithubAccessTokenKind) ) +// QuayAccessToken type metadata. +var ( + QuayAccessTokenKind = reflect.TypeOf(QuayAccessToken{}).Name() + QuayAccessTokenGroupKind = schema.GroupKind{Group: Group, Kind: QuayAccessTokenKind}.String() + QuayAccessTokenKindAPIVersion = QuayAccessTokenKind + "." + SchemeGroupVersion.String() + QuayAccessTokenGroupVersionKind = SchemeGroupVersion.WithKind(QuayAccessTokenKind) +) + // Uuid type metadata. var ( UUIDKind = reflect.TypeOf(UUID{}).Name() @@ -146,6 +154,7 @@ func init() { SchemeBuilder.Register(&Fake{}, &FakeList{}) SchemeBuilder.Register(&GCRAccessToken{}, &GCRAccessTokenList{}) SchemeBuilder.Register(&GithubAccessToken{}, &GithubAccessTokenList{}) + SchemeBuilder.Register(&QuayAccessToken{}, &QuayAccessTokenList{}) SchemeBuilder.Register(&Password{}, &PasswordList{}) SchemeBuilder.Register(&STSSessionToken{}, &STSSessionTokenList{}) SchemeBuilder.Register(&UUID{}, &UUIDList{}) diff --git a/apis/generators/v1alpha1/types_cluster.go b/apis/generators/v1alpha1/types_cluster.go index b1f6a724fb9..4ee116fb66e 100644 --- a/apis/generators/v1alpha1/types_cluster.go +++ b/apis/generators/v1alpha1/types_cluster.go @@ -27,7 +27,7 @@ type ClusterGeneratorSpec struct { } // GeneratorKind represents a kind of generator. -// +kubebuilder:validation:Enum=ACRAccessToken;ECRAuthorizationToken;Fake;GCRAccessToken;GithubAccessToken;Password;STSSessionToken;UUID;VaultDynamicSecret;Webhook +// +kubebuilder:validation:Enum=ACRAccessToken;ECRAuthorizationToken;Fake;GCRAccessToken;GithubAccessToken;QuayAccessToken;Password;STSSessionToken;UUID;VaultDynamicSecret;Webhook type GeneratorKind string const ( @@ -36,6 +36,7 @@ const ( GeneratorKindFake GeneratorKind = "Fake" GeneratorKindGCRAccessToken GeneratorKind = "GCRAccessToken" GeneratorKindGithubAccessToken GeneratorKind = "GithubAccessToken" + GeneratorKindQuayAccessToken GeneratorKind = "QuayAccessToken" GeneratorKindPassword GeneratorKind = "Password" GeneratorKindSTSSessionToken GeneratorKind = "STSSessionToken" GeneratorKindUUID GeneratorKind = "UUID" @@ -51,6 +52,7 @@ type GeneratorSpec struct { FakeSpec *FakeSpec `json:"fakeSpec,omitempty"` GCRAccessTokenSpec *GCRAccessTokenSpec `json:"gcrAccessTokenSpec,omitempty"` GithubAccessTokenSpec *GithubAccessTokenSpec `json:"githubAccessTokenSpec,omitempty"` + QuayAccessTokenSpec *QuayAccessTokenSpec `json:"quayAccessTokenSpec,omitempty"` PasswordSpec *PasswordSpec `json:"passwordSpec,omitempty"` STSSessionTokenSpec *STSSessionTokenSpec `json:"stsSessionTokenSpec,omitempty"` UUIDSpec *UUIDSpec `json:"uuidSpec,omitempty"` diff --git a/apis/generators/v1alpha1/types_quay.go b/apis/generators/v1alpha1/types_quay.go new file mode 100644 index 00000000000..09b663112af --- /dev/null +++ b/apis/generators/v1alpha1/types_quay.go @@ -0,0 +1,52 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + + esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" +) + +type QuayAccessTokenSpec struct { + // URL configures the Quay instance URL. Defaults to quay.io. + URL string `json:"url,omitempty"` + // Name of the robot account you are federating with + RobotAccount string `json:"robotAccount"` + // Name of the service account you are federating with + ServiceAccountRef esmeta.ServiceAccountSelector `json:"serviceAccountRef"` +} + +// QuayAccessToken generates Quay oauth token for pulling/pushing images +// +kubebuilder:object:root=true +// +kubebuilder:storageversion +// +kubebuilder:subresource:status +// +kubebuilder:metadata:labels="external-secrets.io/component=controller" +// +kubebuilder:resource:scope=Namespaced,categories={external-secrets, external-secrets-generators} +type QuayAccessToken struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + + Spec QuayAccessTokenSpec `json:"spec,omitempty"` +} + +// +kubebuilder:object:root=true + +// QuayAccessTokenList contains a list of ExternalSecret resources. +type QuayAccessTokenList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata,omitempty"` + Items []QuayAccessToken `json:"items"` +} diff --git a/apis/generators/v1alpha1/zz_generated.deepcopy.go b/apis/generators/v1alpha1/zz_generated.deepcopy.go index 32ec9812138..c7809c0d82c 100644 --- a/apis/generators/v1alpha1/zz_generated.deepcopy.go +++ b/apis/generators/v1alpha1/zz_generated.deepcopy.go @@ -668,6 +668,11 @@ func (in *GeneratorSpec) DeepCopyInto(out *GeneratorSpec) { *out = new(GithubAccessTokenSpec) (*in).DeepCopyInto(*out) } + if in.QuayAccessTokenSpec != nil { + in, out := &in.QuayAccessTokenSpec, &out.QuayAccessTokenSpec + *out = new(QuayAccessTokenSpec) + (*in).DeepCopyInto(*out) + } if in.PasswordSpec != nil { in, out := &in.PasswordSpec, &out.PasswordSpec *out = new(PasswordSpec) @@ -911,6 +916,80 @@ func (in *PasswordSpec) DeepCopy() *PasswordSpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QuayAccessToken) DeepCopyInto(out *QuayAccessToken) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuayAccessToken. +func (in *QuayAccessToken) DeepCopy() *QuayAccessToken { + if in == nil { + return nil + } + out := new(QuayAccessToken) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *QuayAccessToken) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QuayAccessTokenList) DeepCopyInto(out *QuayAccessTokenList) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ListMeta.DeepCopyInto(&out.ListMeta) + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]QuayAccessToken, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuayAccessTokenList. +func (in *QuayAccessTokenList) DeepCopy() *QuayAccessTokenList { + if in == nil { + return nil + } + out := new(QuayAccessTokenList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *QuayAccessTokenList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *QuayAccessTokenSpec) DeepCopyInto(out *QuayAccessTokenSpec) { + *out = *in + in.ServiceAccountRef.DeepCopyInto(&out.ServiceAccountRef) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new QuayAccessTokenSpec. +func (in *QuayAccessTokenSpec) DeepCopy() *QuayAccessTokenSpec { + if in == nil { + return nil + } + out := new(QuayAccessTokenSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *RequestParameters) DeepCopyInto(out *RequestParameters) { *out = *in diff --git a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml index 666d872d165..c4d3d5bdcf7 100644 --- a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml @@ -165,6 +165,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -360,6 +361,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index 943e0ee1ec4..71b49e994cd 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -455,6 +455,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -649,6 +650,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID diff --git a/config/crds/bases/external-secrets.io_pushsecrets.yaml b/config/crds/bases/external-secrets.io_pushsecrets.yaml index e433d5738dd..e0936dd2c92 100644 --- a/config/crds/bases/external-secrets.io_pushsecrets.yaml +++ b/config/crds/bases/external-secrets.io_pushsecrets.yaml @@ -188,6 +188,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID diff --git a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml index 88c4ef562f2..420007af690 100644 --- a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml +++ b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml @@ -566,6 +566,50 @@ spec: - length - noUpper type: object + quayAccessTokenSpec: + properties: + robotAccount: + description: Name of the robot account you are federating + with + type: string + serviceAccountRef: + description: Name of the service account you are federating + with + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being + referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + url: + description: URL configures the Quay instance URL. Defaults + to quay.io. + type: string + required: + - robotAccount + - serviceAccountRef + type: object stsSessionTokenSpec: properties: auth: @@ -1695,6 +1739,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID diff --git a/config/crds/bases/generators.external-secrets.io_quayaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_quayaccesstokens.yaml new file mode 100644 index 00000000000..efc1c97e653 --- /dev/null +++ b/config/crds/bases/generators.external-secrets.io_quayaccesstokens.yaml @@ -0,0 +1,89 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + external-secrets.io/component: controller + name: quayaccesstokens.generators.external-secrets.io +spec: + group: generators.external-secrets.io + names: + categories: + - external-secrets + - external-secrets-generators + kind: QuayAccessToken + listKind: QuayAccessTokenList + plural: quayaccesstokens + singular: quayaccesstoken + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: QuayAccessToken generates Quay oauth token for pulling/pushing + images + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + robotAccount: + description: Name of the robot account you are federating with + type: string + serviceAccountRef: + description: Name of the service account you are federating with + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred + to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + url: + description: URL configures the Quay instance URL. Defaults to quay.io. + type: string + required: + - robotAccount + - serviceAccountRef + type: object + type: object + served: true + storage: true + subresources: + status: {} diff --git a/config/crds/bases/kustomization.yaml b/config/crds/bases/kustomization.yaml index 72ca951d8ef..0c7b2f3574b 100644 --- a/config/crds/bases/kustomization.yaml +++ b/config/crds/bases/kustomization.yaml @@ -14,6 +14,7 @@ resources: - generators.external-secrets.io_gcraccesstokens.yaml - generators.external-secrets.io_githubaccesstokens.yaml - generators.external-secrets.io_passwords.yaml + - generators.external-secrets.io_quayaccesstokens.yaml - generators.external-secrets.io_stssessiontokens.yaml - generators.external-secrets.io_uuids.yaml - generators.external-secrets.io_vaultdynamicsecrets.yaml diff --git a/deploy/charts/external-secrets/templates/rbac.yaml b/deploy/charts/external-secrets/templates/rbac.yaml index cfb3d4bff15..69bde32c257 100644 --- a/deploy/charts/external-secrets/templates/rbac.yaml +++ b/deploy/charts/external-secrets/templates/rbac.yaml @@ -56,6 +56,7 @@ rules: - "fakes" - "gcraccesstokens" - "githubaccesstokens" + - "quayaccesstokens" - "passwords" - "stssessiontokens" - "uuids" @@ -153,6 +154,7 @@ rules: - "fakes" - "gcraccesstokens" - "githubaccesstokens" + - "quayaccesstokens" - "passwords" - "vaultdynamicsecrets" - "webhooks" @@ -199,6 +201,7 @@ rules: - "fakes" - "gcraccesstokens" - "githubaccesstokens" + - "quayaccesstokens" - "passwords" - "vaultdynamicsecrets" - "webhooks" diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 8cef990824e..8c3dc0f982a 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -155,6 +155,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -341,6 +342,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -6939,6 +6941,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -7125,6 +7128,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -7593,6 +7597,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -14379,6 +14384,46 @@ spec: - length - noUpper type: object + quayAccessTokenSpec: + properties: + robotAccount: + description: Name of the robot account you are federating with + type: string + serviceAccountRef: + description: Name of the service account you are federating with + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + url: + description: URL configures the Quay instance URL. Defaults to quay.io. + type: string + required: + - robotAccount + - serviceAccountRef + type: object stsSessionTokenSpec: properties: auth: @@ -15454,6 +15499,7 @@ spec: - Fake - GCRAccessToken - GithubAccessToken + - QuayAccessToken - Password - STSSessionToken - UUID @@ -16127,6 +16173,104 @@ spec: --- apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition +metadata: + annotations: + controller-gen.kubebuilder.io/version: v0.16.5 + labels: + external-secrets.io/component: controller + name: quayaccesstokens.generators.external-secrets.io +spec: + group: generators.external-secrets.io + names: + categories: + - external-secrets + - external-secrets-generators + kind: QuayAccessToken + listKind: QuayAccessTokenList + plural: quayaccesstokens + singular: quayaccesstoken + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: QuayAccessToken generates Quay oauth token for pulling/pushing images + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + properties: + robotAccount: + description: Name of the robot account you are federating with + type: string + serviceAccountRef: + description: Name of the service account you are federating with + properties: + audiences: + description: |- + Audience specifies the `aud` claim for the service account token + If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity + then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + maxLength: 253 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + namespace: + description: |- + Namespace of the resource being referred to. + Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent. + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + required: + - name + type: object + url: + description: URL configures the Quay instance URL. Defaults to quay.io. + type: string + required: + - robotAccount + - serviceAccountRef + type: object + type: object + served: true + storage: true + subresources: + status: {} + conversion: + strategy: Webhook + webhook: + conversionReviewVersions: + - v1 + clientConfig: + service: + name: kubernetes + namespace: default + path: /convert +--- +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.16.5 diff --git a/docs/api/generator/quay.md b/docs/api/generator/quay.md new file mode 100644 index 00000000000..cceabf3fe8f --- /dev/null +++ b/docs/api/generator/quay.md @@ -0,0 +1,39 @@ +`QuayAccessToken` creates a short-lived Quay Access token that can be used to authenticate against quay.io or a self-hosted instance of Quay in order to push or pull images. This requires a [Quay Robot Account configured to federate](https://docs.projectquay.io/manage_quay.html#setting-robot-federation) with a Kubernetes service account. + +## Output Keys and Values + +| Key | Description | +| ---------- | ------------------------------------------------------------------------------ | +| registry | Domain name of the registry you are authenticating to (defaults to `quay.io`). | +| auth | Base64 encoded authentication string. | +| expiry | Time when token expires in UNIX time (seconds since January 1, 1970 UTC). | + +## Authentication + +To configure Robot Account federation, your cluster must have a publicly available [OIDC service account issuer](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-issuer-discovery) endpoint for Quay to validate tokens against against. You can determine the issuer and subject fields by creating and decoding a service account token for the service account you wish to federate with (this is the service account you will use in `spec.serviceAccountRef`). For example, if federating with the `default` service account in the `default` namespace: + +Obtain issuer: + +```bash +kubectl create token default -n default | cut -d '.' -f 2 | sed 's/[^=]$/&==/' | base64 -d | jq -r '.iss' +``` + +Obtain subject: + +```bash +kubectl create token default -n default | cut -d '.' -f 2 | sed 's/[^=]$/&==/' | base64 -d | jq -r '.sub' +``` + +Then use the instructions [here](https://docs.projectquay.io/manage_quay.html#setting-robot-federation) to set up a robot account and federation. + +## Example Manifest + +```yaml +{% include 'generator-quay.yaml' %} +``` + +Example `ExternalSecret` that references the Quay generator: + +```yaml +{% include 'generator-quay-example.yaml' %} +``` diff --git a/docs/snippets/generator-quay-example.yaml b/docs/snippets/generator-quay-example.yaml new file mode 100644 index 00000000000..2d62d9b4e0a --- /dev/null +++ b/docs/snippets/generator-quay-example.yaml @@ -0,0 +1,29 @@ +{% raw %} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: quay-credentials + namespace: default +spec: + dataFrom: + - sourceRef: + generatorRef: + apiVersion: generators.external-secrets.io/v1alpha1 + kind: QuayAccessToken + name: my-quay-token + refreshInterval: 55m # Tokens are good for 1 hour + target: + name: quay-credentials + template: + type: kubernetes.io/dockerconfigjson + data: + .dockerconfigjson: | + { + "auths": { + "{{ .registry }}": { + "auth": "{{ .auth }}" + } + } + } + +{% endraw %} diff --git a/docs/snippets/generator-quay.yaml b/docs/snippets/generator-quay.yaml new file mode 100644 index 00000000000..abc74bc6d51 --- /dev/null +++ b/docs/snippets/generator-quay.yaml @@ -0,0 +1,11 @@ +apiVersion: generators.external-secrets.io/v1alpha1 +kind: QuayAccessToken +metadata: + name: my-quay-token + namespace: default +spec: + url: "quay.io" + robotAccount: "quay_user_or_org+robot_account_name" + serviceAccountRef: + name: "default" + namespace: "default" diff --git a/hack/api-docs/mkdocs.yml b/hack/api-docs/mkdocs.yml index c3b5c385d90..6cf81e710d7 100644 --- a/hack/api-docs/mkdocs.yml +++ b/hack/api-docs/mkdocs.yml @@ -71,6 +71,7 @@ nav: - AWS STS Session Token: api/generator/sts.md - Cluster Generator: api/generator/cluster.md - Google Container Registry: api/generator/gcr.md + - Quay: api/generator/quay.md - Vault Dynamic Secret: api/generator/vault.md - Password: api/generator/password.md - Fake: api/generator/fake.md diff --git a/pkg/generator/quay/quay.go b/pkg/generator/quay/quay.go new file mode 100644 index 00000000000..10abe352282 --- /dev/null +++ b/pkg/generator/quay/quay.go @@ -0,0 +1,211 @@ +/* +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package quay + +import ( + "context" + b64 "encoding/base64" + "encoding/json" + "errors" + "fmt" + "io" + "net/http" + "strconv" + "strings" + "time" + + authv1 "k8s.io/api/authentication/v1" + apiextensions "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + "sigs.k8s.io/controller-runtime/pkg/client" + ctrlcfg "sigs.k8s.io/controller-runtime/pkg/client/config" + "sigs.k8s.io/yaml" + + genv1alpha1 "github.com/external-secrets/external-secrets/apis/generators/v1alpha1" + esmeta "github.com/external-secrets/external-secrets/apis/meta/v1" +) + +type Generator struct { + httpClient *http.Client +} + +const ( + defaultQuayURL = "quay.io" + + errNoSpec = "no config spec provided" + errParseSpec = "unable to parse spec: %w" + errGetToken = "unable to get authorization token: %w" + + httpClientTimeout = 5 * time.Second +) + +func (g *Generator) Generate(ctx context.Context, jsonSpec *apiextensions.JSON, kube client.Client, namespace string) (map[string][]byte, error) { + return g.generate( + ctx, + jsonSpec, + kube, + namespace, + ) +} + +func (g *Generator) generate( + ctx context.Context, + jsonSpec *apiextensions.JSON, + _ client.Client, + namespace string) (map[string][]byte, error) { + if jsonSpec == nil { + return nil, errors.New(errNoSpec) + } + res, err := parseSpec(jsonSpec.Raw) + if err != nil { + return nil, fmt.Errorf(errParseSpec, err) + } + + // Fetch the service account token + token, err := fetchServiceAccountToken(ctx, res.Spec.ServiceAccountRef, namespace) + if err != nil { + return nil, fmt.Errorf("failed to fetch service account token: %w", err) + } + url := res.Spec.URL + if url == "" { + url = defaultQuayURL + } + url = strings.TrimPrefix(url, "https://") + + accessToken, err := getQuayRobotToken(ctx, token, res.Spec.RobotAccount, url, g.httpClient) + if err != nil { + return nil, err + } + exp, err := tokenExpiration(accessToken) + if err != nil { + return nil, err + } + return map[string][]byte{ + "registry": []byte(url), + "auth": []byte(b64.StdEncoding.EncodeToString([]byte(res.Spec.RobotAccount + ":" + accessToken))), + "expiry": []byte(exp), + }, nil +} + +func getClaims(tokenString string) (map[string]interface{}, error) { + // Split the token into its three parts + parts := strings.Split(tokenString, ".") + if len(parts) != 3 { + return nil, fmt.Errorf("invalid token format") + } + + // Decode the payload (the second part of the token) + payload, err := b64.RawURLEncoding.DecodeString(parts[1]) + if err != nil { + return nil, fmt.Errorf("error decoding payload: %w", err) + } + + var claims map[string]interface{} + if err := json.Unmarshal(payload, &claims); err != nil { + return nil, fmt.Errorf("error un-marshaling claims: %w", err) + } + return claims, nil +} + +func tokenExpiration(tokenString string) (string, error) { + claims, err := getClaims(tokenString) + if err != nil { + return "", fmt.Errorf("error getting claims: %w", err) + } + exp, ok := claims["exp"].(float64) + if ok { + return strconv.FormatFloat(exp, 'f', -1, 64), nil + } + + return "", fmt.Errorf("exp claim not found or wrong type") +} + +// https://docs.projectquay.io/manage_quay.html#exchanging-oauth2-robot-account-token +func getQuayRobotToken(ctx context.Context, fedToken, robotAccount, url string, hc *http.Client) (string, error) { + if hc == nil { + hc = &http.Client{ + Timeout: httpClientTimeout, + } + } + + req, err := http.NewRequestWithContext(ctx, "GET", "https://"+url+"/oauth2/federation/robot/token", http.NoBody) + if err != nil { + return "", err + } + req.SetBasicAuth(robotAccount, fedToken) + resp, err := hc.Do(req) + if err != nil { + return "", err + } + defer resp.Body.Close() + + if resp.StatusCode != 200 { + return "", fmt.Errorf("request failed do to unexpected status: %s", resp.Status) + } + + body, err := io.ReadAll(resp.Body) + if err != nil { + return "", err + } + + var result map[string]interface{} + + err = json.Unmarshal(body, &result) + if err != nil { + return "", err + } + token, ok := result["token"] + if !ok { + return "", fmt.Errorf("token not found in response") + } + tokenString, ok := token.(string) + if !ok { + return "", fmt.Errorf("error when typecasting token to string") + } + return tokenString, nil +} + +func fetchServiceAccountToken(ctx context.Context, saRef esmeta.ServiceAccountSelector, namespace string) (string, error) { + cfg, err := ctrlcfg.GetConfig() + if err != nil { + return "", err + } + kubeClient, err := kubernetes.NewForConfig(cfg) + if err != nil { + return "", fmt.Errorf("failed to create kubernetes client: %w", err) + } + + tokenRequest := &authv1.TokenRequest{ + Spec: authv1.TokenRequestSpec{ + Audiences: saRef.Audiences, + }, + } + tokenResponse, err := kubeClient.CoreV1().ServiceAccounts(namespace).CreateToken(ctx, saRef.Name, tokenRequest, metav1.CreateOptions{}) + if err != nil { + return "", fmt.Errorf("failed to create token: %w", err) + } + return tokenResponse.Status.Token, nil +} + +func parseSpec(data []byte) (*genv1alpha1.QuayAccessToken, error) { + var spec genv1alpha1.QuayAccessToken + err := yaml.Unmarshal(data, &spec) + return &spec, err +} + +func init() { + genv1alpha1.Register(genv1alpha1.QuayAccessTokenKind, &Generator{}) +} diff --git a/pkg/generator/register/register.go b/pkg/generator/register/register.go index ae247af225f..223ec3f519a 100644 --- a/pkg/generator/register/register.go +++ b/pkg/generator/register/register.go @@ -23,6 +23,7 @@ import ( _ "github.com/external-secrets/external-secrets/pkg/generator/gcr" _ "github.com/external-secrets/external-secrets/pkg/generator/github" _ "github.com/external-secrets/external-secrets/pkg/generator/password" + _ "github.com/external-secrets/external-secrets/pkg/generator/quay" _ "github.com/external-secrets/external-secrets/pkg/generator/sts" _ "github.com/external-secrets/external-secrets/pkg/generator/uuid" _ "github.com/external-secrets/external-secrets/pkg/generator/vault" diff --git a/pkg/utils/resolvers/generator.go b/pkg/utils/resolvers/generator.go index 470edaae778..b647b8b8f6e 100644 --- a/pkg/utils/resolvers/generator.go +++ b/pkg/utils/resolvers/generator.go @@ -173,6 +173,13 @@ func clusterGeneratorToVirtual(gen *genv1alpha1.ClusterGenerator) (client.Object return &genv1alpha1.GithubAccessToken{ Spec: *gen.Spec.Generator.GithubAccessTokenSpec, }, nil + case genv1alpha1.GeneratorKindQuayAccessToken: + if gen.Spec.Generator.QuayAccessTokenSpec == nil { + return nil, fmt.Errorf("when kind is %s, QuayAccessTokenSpec must be set", gen.Spec.Kind) + } + return &genv1alpha1.QuayAccessToken{ + Spec: *gen.Spec.Generator.QuayAccessTokenSpec, + }, nil case genv1alpha1.GeneratorKindPassword: if gen.Spec.Generator.PasswordSpec == nil { return nil, fmt.Errorf("when kind is %s, PasswordSpec must be set", gen.Spec.Kind) From 46726d8a3f63dea40a1d6fb5a6115d365d568ae4 Mon Sep 17 00:00:00 2001 From: "eso-service-account-app[bot]" <85832941+eso-service-account-app[bot]@users.noreply.github.com> Date: Fri, 10 Jan 2025 09:34:25 +0100 Subject: [PATCH 514/517] chore: update dependencies (#4269) * update dependencies Signed-off-by: External Secrets Operator * run make check-diff Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --------- Signed-off-by: External Secrets Operator Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Co-authored-by: External Secrets Operator Co-authored-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- ...nal-secrets.io_clusterexternalsecrets.yaml | 2 +- ...ternal-secrets.io_clustersecretstores.yaml | 2 +- .../external-secrets.io_externalsecrets.yaml | 2 +- .../external-secrets.io_pushsecrets.yaml | 2 +- .../external-secrets.io_secretstores.yaml | 2 +- ...s.external-secrets.io_acraccesstokens.yaml | 2 +- ...external-secrets.io_clustergenerators.yaml | 2 +- ...nal-secrets.io_ecrauthorizationtokens.yaml | 2 +- .../generators.external-secrets.io_fakes.yaml | 2 +- ...s.external-secrets.io_gcraccesstokens.yaml | 2 +- ...xternal-secrets.io_githubaccesstokens.yaml | 2 +- ...erators.external-secrets.io_passwords.yaml | 2 +- ....external-secrets.io_stssessiontokens.yaml | 2 +- .../generators.external-secrets.io_uuids.yaml | 2 +- ...ternal-secrets.io_vaultdynamicsecrets.yaml | 2 +- ...nerators.external-secrets.io_webhooks.yaml | 2 +- deploy/crds/bundle.yaml | 32 +++++----- e2e/go.mod | 28 ++++---- e2e/go.sum | 56 ++++++++-------- go.mod | 32 +++++----- go.sum | 64 +++++++++---------- 21 files changed, 122 insertions(+), 122 deletions(-) diff --git a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml index c4d3d5bdcf7..0be9840f250 100644 --- a/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_clustersecretstores.yaml b/config/crds/bases/external-secrets.io_clustersecretstores.yaml index f31b8c12230..5dd557673a6 100644 --- a/config/crds/bases/external-secrets.io_clustersecretstores.yaml +++ b/config/crds/bases/external-secrets.io_clustersecretstores.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: clustersecretstores.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_externalsecrets.yaml b/config/crds/bases/external-secrets.io_externalsecrets.yaml index 71b49e994cd..e96bb049079 100644 --- a/config/crds/bases/external-secrets.io_externalsecrets.yaml +++ b/config/crds/bases/external-secrets.io_externalsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: externalsecrets.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_pushsecrets.yaml b/config/crds/bases/external-secrets.io_pushsecrets.yaml index e0936dd2c92..c6e2dd5736c 100644 --- a/config/crds/bases/external-secrets.io_pushsecrets.yaml +++ b/config/crds/bases/external-secrets.io_pushsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: pushsecrets.external-secrets.io diff --git a/config/crds/bases/external-secrets.io_secretstores.yaml b/config/crds/bases/external-secrets.io_secretstores.yaml index 47d87cc9b66..ae5ae778c9a 100644 --- a/config/crds/bases/external-secrets.io_secretstores.yaml +++ b/config/crds/bases/external-secrets.io_secretstores.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml index c23b626c376..8f40122efc7 100644 --- a/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_acraccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml index 420007af690..f5191249c61 100644 --- a/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml +++ b/config/crds/bases/generators.external-secrets.io_clustergenerators.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: clustergenerators.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml index 9d10f672c98..28366c0019c 100644 --- a/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_ecrauthorizationtokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_fakes.yaml b/config/crds/bases/generators.external-secrets.io_fakes.yaml index b24f3fc73fe..bb270a8a8e6 100644 --- a/config/crds/bases/generators.external-secrets.io_fakes.yaml +++ b/config/crds/bases/generators.external-secrets.io_fakes.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: fakes.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml index 56c86748ed0..5f66ce95a1b 100644 --- a/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_gcraccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml index facd3502f3e..e492bf38199 100644 --- a/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_githubaccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_passwords.yaml b/config/crds/bases/generators.external-secrets.io_passwords.yaml index a4d06263f95..28d523db665 100644 --- a/config/crds/bases/generators.external-secrets.io_passwords.yaml +++ b/config/crds/bases/generators.external-secrets.io_passwords.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: passwords.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml b/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml index 62e1e976fbe..6ffe4c5d1ab 100644 --- a/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_stssessiontokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: stssessiontokens.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_uuids.yaml b/config/crds/bases/generators.external-secrets.io_uuids.yaml index 345bc0b1380..d3410a9631d 100644 --- a/config/crds/bases/generators.external-secrets.io_uuids.yaml +++ b/config/crds/bases/generators.external-secrets.io_uuids.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: uuids.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml index 21c0a1618c2..7e1fff17249 100644 --- a/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml +++ b/config/crds/bases/generators.external-secrets.io_vaultdynamicsecrets.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io diff --git a/config/crds/bases/generators.external-secrets.io_webhooks.yaml b/config/crds/bases/generators.external-secrets.io_webhooks.yaml index c681e7d0306..015bc794c54 100644 --- a/config/crds/bases/generators.external-secrets.io_webhooks.yaml +++ b/config/crds/bases/generators.external-secrets.io_webhooks.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: webhooks.generators.external-secrets.io diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index 8c3dc0f982a..ae24434fed7 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: clusterexternalsecrets.external-secrets.io @@ -736,7 +736,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: clustersecretstores.external-secrets.io @@ -6509,7 +6509,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: externalsecrets.external-secrets.io @@ -7417,7 +7417,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: pushsecrets.external-secrets.io @@ -7856,7 +7856,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: secretstores.external-secrets.io @@ -13629,7 +13629,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: acraccesstokens.generators.external-secrets.io @@ -13846,7 +13846,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: clustergenerators.generators.external-secrets.io @@ -15530,7 +15530,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: ecrauthorizationtokens.generators.external-secrets.io @@ -15735,7 +15735,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: fakes.generators.external-secrets.io @@ -15811,7 +15811,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: gcraccesstokens.generators.external-secrets.io @@ -15954,7 +15954,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: githubaccesstokens.generators.external-secrets.io @@ -16077,7 +16077,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: passwords.generators.external-secrets.io @@ -16175,7 +16175,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: quayaccesstokens.generators.external-secrets.io @@ -16492,7 +16492,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: uuids.generators.external-secrets.io @@ -16553,7 +16553,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: vaultdynamicsecrets.generators.external-secrets.io @@ -17416,7 +17416,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: webhooks.generators.external-secrets.io diff --git a/e2e/go.mod b/e2e/go.mod index 9a5f65535f3..b92be3da662 100644 --- a/e2e/go.mod +++ b/e2e/go.mod @@ -39,7 +39,7 @@ replace ( ) require ( - cloud.google.com/go/secretmanager v1.14.2 + cloud.google.com/go/secretmanager v1.14.3 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/azure/auth v0.5.13 @@ -49,19 +49,19 @@ require ( github.com/akeylesslabs/akeyless-go/v3 v3.6.3 github.com/aliyun/alibaba-cloud-sdk-go v1.62.271 github.com/aws/aws-sdk-go v1.55.5 - github.com/cyberark/conjur-api-go v0.12.9 + github.com/cyberark/conjur-api-go v0.12.10 github.com/external-secrets/external-secrets v0.0.0 github.com/fluxcd/helm-controller/api v0.37.2 github.com/fluxcd/pkg/apis/meta v1.2.0 github.com/fluxcd/source-controller/api v1.2.3 github.com/golang-jwt/jwt/v4 v4.5.1 github.com/hashicorp/vault/api v1.15.0 - github.com/onsi/ginkgo/v2 v2.22.1 - github.com/onsi/gomega v1.36.1 + github.com/onsi/ginkgo/v2 v2.22.2 + github.com/onsi/gomega v1.36.2 github.com/oracle/oci-go-sdk/v65 v65.81.1 github.com/scaleway/scaleway-sdk-go v1.0.0-beta.30 gitlab.com/gitlab-org/api/client-go v0.118.0 - golang.org/x/oauth2 v0.24.0 + golang.org/x/oauth2 v0.25.0 google.golang.org/api v0.214.0 k8s.io/api v0.32.0 k8s.io/apiextensions-apiserver v0.32.0 @@ -78,7 +78,7 @@ require ( cloud.google.com/go/auth v0.13.0 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.6 // indirect cloud.google.com/go/compute/metadata v0.6.0 // indirect - cloud.google.com/go/iam v1.3.0 // indirect + cloud.google.com/go/iam v1.3.1 // indirect dario.cat/mergo v1.0.1 // indirect github.com/Azure/azure-sdk-for-go/sdk/azcore v1.16.0 // indirect github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.8.0 // indirect @@ -192,20 +192,20 @@ require ( go.opentelemetry.io/otel/metric v1.33.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect golang.org/x/crypto v0.31.0 // indirect - golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect + golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 // indirect golang.org/x/net v0.33.0 // indirect golang.org/x/sync v0.10.0 // indirect - golang.org/x/sys v0.28.0 // indirect - golang.org/x/term v0.27.0 // indirect + golang.org/x/sys v0.29.0 // indirect + golang.org/x/term v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.8.0 // indirect + golang.org/x/time v0.9.0 // indirect golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto v0.0.0-20241219192143-6b3ec007d9bb // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb // indirect + google.golang.org/genproto v0.0.0-20250102185135-69823020774d // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250102185135-69823020774d // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d // indirect google.golang.org/grpc v1.69.2 // indirect - google.golang.org/protobuf v1.36.0 // indirect + google.golang.org/protobuf v1.36.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/e2e/go.sum b/e2e/go.sum index 178a9901624..ad341fc5533 100644 --- a/e2e/go.sum +++ b/e2e/go.sum @@ -37,14 +37,14 @@ cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4 cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.3.0 h1:4Wo2qTaGKFtajbLpF6I4mywg900u3TLlHDb6mriLDPU= -cloud.google.com/go/iam v1.3.0/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= +cloud.google.com/go/iam v1.3.1 h1:KFf8SaT71yYq+sQtRISn90Gyhyf4X8RGgeAVC8XGf3E= +cloud.google.com/go/iam v1.3.1/go.mod h1:3wMtuyT4NcbnYNPLMBzYRFiEfjKfJlLVLrisE7bwm34= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.14.2 h1:2XscWCfy//l/qF96YE18/oUaNJynAx749Jg3u0CjQr8= -cloud.google.com/go/secretmanager v1.14.2/go.mod h1:Q18wAPMM6RXLC/zVpWTlqq2IBSbbm7pKBlM3lCKsmjw= +cloud.google.com/go/secretmanager v1.14.3 h1:XVGHbcXEsbrgi4XHzgK5np81l1eO7O72WOXHhXUemrM= +cloud.google.com/go/secretmanager v1.14.3/go.mod h1:Pwzcfn69Ni9Lrk1/XBzo1H9+MCJwJ6CDCoeoQUsMN+c= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -138,8 +138,8 @@ github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDk github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/cncf/udpa/go v0.0.0-20200629203442-efcf912fb354/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk= -github.com/cyberark/conjur-api-go v0.12.9 h1:EPd7p07Z3kEx7minaf4BUCwx57adzHg+FCeGav1p/Gg= -github.com/cyberark/conjur-api-go v0.12.9/go.mod h1:/lZcWpHodKrwJC85J8h6R8uCvt3TknQeUZMUxSinFGU= +github.com/cyberark/conjur-api-go v0.12.10 h1:exseTvvp7l4Fhw6RTE0kq9Ddipsk+941k945Nyoq8CE= +github.com/cyberark/conjur-api-go v0.12.10/go.mod h1:XNoyT5ZBLJAGjqXmelLv+eYMG4QxYkZWiw1zld3m0QQ= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -420,10 +420,10 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f h1:y5//uYreIhSUg3J1GEMiLbxo1LJaP8RfCpH6pymGZus= github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f/go.mod h1:ZdcZmHo+o7JKHSa8/e818NopupXU1YMK5fe1lsApnBw= -github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= -github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM= -github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= -github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU= +github.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk= +github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= +github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= github.com/oracle/oci-go-sdk/v65 v65.81.1 h1:JYc47bk8n/MUchA2KHu1ggsCQzlJZQLJ+tTKfOho00E= @@ -570,8 +570,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 h1:1UoZQm6f0P/ZO0w1Ri+f+ifG/gXhegadRdwBIXEFWDo= -golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= +golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 h1:9kj3STMvgqy3YA4VQXBrN7925ICMxD5wzMRcgA30588= +golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -655,8 +655,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= -golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= +golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -721,8 +721,8 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -731,8 +731,8 @@ golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= -golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= +golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -752,8 +752,8 @@ golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= -golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -883,12 +883,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241219192143-6b3ec007d9bb h1:JGs+s1Q6osip3cDY197L1HmkuPn8wPp9Hfy9jl+Uz+U= -google.golang.org/genproto v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:o8GgNarfULyZPNaIY8RDfXM7AZcmcKC/tbMWp/ZOFDw= -google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb h1:B7GIB7sr443wZ/EAEl7VZjmh1V6qzkt5V+RYcUYtS1U= -google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:E5//3O5ZIG2l71Xnt+P/CYUY8Bxs8E7WMoZ9tlcMbAY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb h1:3oy2tynMOP1QbTC0MsNNAV+Se8M2Bd0A5+x1QHyw+pI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= +google.golang.org/genproto v0.0.0-20250102185135-69823020774d h1:3NH+6ZtWWhXDpEJEAtzF1Gp/zA87pKkIB4gO1Ag8VSI= +google.golang.org/genproto v0.0.0-20250102185135-69823020774d/go.mod h1:zhXVSAeuPiprFfMSrt7Jo1Uighv2Nfu3HAZrw83tcYE= +google.golang.org/genproto/googleapis/api v0.0.0-20250102185135-69823020774d h1:H8tOf8XM88HvKqLTxe755haY6r1fqqzLbEnfrmLXlSA= +google.golang.org/genproto/googleapis/api v0.0.0-20250102185135-69823020774d/go.mod h1:2v7Z7gP2ZUOGsaFyxATQSRoBnKygqVq2Cwnvom7QiqY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d h1:xJJRGY7TJcvIlpSrN3K6LAWgNFUILlO+OMAqtg9aqnw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -923,8 +923,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= -google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= diff --git a/go.mod b/go.mod index 1dea8ee31dd..252924e4d08 100644 --- a/go.mod +++ b/go.mod @@ -5,8 +5,8 @@ go 1.23.4 replace github.com/Masterminds/sprig/v3 => github.com/external-secrets/sprig/v3 v3.3.0 require ( - cloud.google.com/go/iam v1.3.0 - cloud.google.com/go/secretmanager v1.14.2 + cloud.google.com/go/iam v1.3.1 + cloud.google.com/go/secretmanager v1.14.3 github.com/Azure/azure-sdk-for-go v68.0.0+incompatible github.com/Azure/go-autorest/autorest v0.11.29 github.com/Azure/go-autorest/autorest/adal v0.9.24 @@ -30,8 +30,8 @@ require ( github.com/hashicorp/vault/api/auth/kubernetes v0.8.0 github.com/hashicorp/vault/api/auth/ldap v0.8.0 github.com/huandu/xstrings v1.5.0 // indirect - github.com/onsi/ginkgo/v2 v2.22.1 - github.com/onsi/gomega v1.36.1 + github.com/onsi/ginkgo/v2 v2.22.2 + github.com/onsi/gomega v1.36.2 github.com/oracle/oci-go-sdk/v65 v65.81.1 github.com/prometheus/client_golang v1.20.5 github.com/prometheus/client_model v0.6.1 @@ -43,9 +43,9 @@ require ( github.com/youmark/pkcs8 v0.0.0-20240726163527-a2c0da244d78 go.uber.org/zap v1.27.0 golang.org/x/crypto v0.31.0 - golang.org/x/oauth2 v0.24.0 + golang.org/x/oauth2 v0.25.0 google.golang.org/api v0.214.0 - google.golang.org/genproto v0.0.0-20241219192143-6b3ec007d9bb + google.golang.org/genproto v0.0.0-20250102185135-69823020774d google.golang.org/grpc v1.69.2 gopkg.in/yaml.v3 v3.0.1 grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 @@ -55,7 +55,7 @@ require ( k8s.io/client-go v0.32.0 k8s.io/utils v0.0.0-20241210054802-24370beab758 sigs.k8s.io/controller-runtime v0.19.3 - sigs.k8s.io/controller-tools v0.16.5 + sigs.k8s.io/controller-tools v0.17.0 ) require github.com/1Password/connect-sdk-go v1.5.3 @@ -77,7 +77,7 @@ require ( github.com/aliyun/credentials-go v1.4.3 github.com/avast/retry-go/v4 v4.6.0 github.com/cenkalti/backoff/v4 v4.3.0 - github.com/cyberark/conjur-api-go v0.12.9 + github.com/cyberark/conjur-api-go v0.12.10 github.com/fortanix/sdkms-client-go v0.4.0 github.com/go-openapi/strfmt v0.23.0 github.com/golang-jwt/jwt/v5 v5.2.1 @@ -124,7 +124,7 @@ require ( github.com/danieljoos/wincred v1.2.2 // indirect github.com/felixge/httpsnoop v1.0.4 // indirect github.com/fxamacker/cbor/v2 v2.7.0 // indirect - github.com/gabriel-vasile/mimetype v1.4.7 // indirect + github.com/gabriel-vasile/mimetype v1.4.8 // indirect github.com/go-jose/go-jose/v4 v4.0.4 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-playground/validator/v10 v10.23.0 // indirect @@ -150,8 +150,8 @@ require ( go.opentelemetry.io/otel/metric v1.33.0 // indirect go.opentelemetry.io/otel/trace v1.33.0 // indirect golang.org/x/sync v0.10.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250102185135-69823020774d // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d // indirect gopkg.in/evanphx/json-patch.v4 v4.12.0 // indirect gopkg.in/ghodss/yaml.v1 v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.5.0 // indirect @@ -247,16 +247,16 @@ require ( go.mongodb.org/mongo-driver v1.17.1 // indirect go.uber.org/atomic v1.11.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 // indirect + golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 // indirect golang.org/x/mod v0.22.0 // indirect golang.org/x/net v0.33.0 // indirect - golang.org/x/sys v0.28.0 // indirect - golang.org/x/term v0.27.0 // indirect + golang.org/x/sys v0.29.0 // indirect + golang.org/x/term v0.28.0 // indirect golang.org/x/text v0.21.0 // indirect - golang.org/x/time v0.8.0 // indirect + golang.org/x/time v0.9.0 // indirect golang.org/x/tools v0.28.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/protobuf v1.36.0 // indirect + google.golang.org/protobuf v1.36.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 diff --git a/go.sum b/go.sum index 4f501e327c7..ed959da154a 100644 --- a/go.sum +++ b/go.sum @@ -37,14 +37,14 @@ cloud.google.com/go/compute/metadata v0.6.0 h1:A6hENjEsCDtC1k8byVsgwvVcioamEHvZ4 cloud.google.com/go/compute/metadata v0.6.0/go.mod h1:FjyFAW1MW0C203CEOMDTu3Dk1FlqW3Rga40jzHL4hfg= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= -cloud.google.com/go/iam v1.3.0 h1:4Wo2qTaGKFtajbLpF6I4mywg900u3TLlHDb6mriLDPU= -cloud.google.com/go/iam v1.3.0/go.mod h1:0Ys8ccaZHdI1dEUilwzqng/6ps2YB6vRsjIe00/+6JY= +cloud.google.com/go/iam v1.3.1 h1:KFf8SaT71yYq+sQtRISn90Gyhyf4X8RGgeAVC8XGf3E= +cloud.google.com/go/iam v1.3.1/go.mod h1:3wMtuyT4NcbnYNPLMBzYRFiEfjKfJlLVLrisE7bwm34= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= cloud.google.com/go/pubsub v1.3.1/go.mod h1:i+ucay31+CNRpDW4Lu78I4xXG+O1r/MAHgjpRVR+TSU= -cloud.google.com/go/secretmanager v1.14.2 h1:2XscWCfy//l/qF96YE18/oUaNJynAx749Jg3u0CjQr8= -cloud.google.com/go/secretmanager v1.14.2/go.mod h1:Q18wAPMM6RXLC/zVpWTlqq2IBSbbm7pKBlM3lCKsmjw= +cloud.google.com/go/secretmanager v1.14.3 h1:XVGHbcXEsbrgi4XHzgK5np81l1eO7O72WOXHhXUemrM= +cloud.google.com/go/secretmanager v1.14.3/go.mod h1:Pwzcfn69Ni9Lrk1/XBzo1H9+MCJwJ6CDCoeoQUsMN+c= cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw= cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos= cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk= @@ -226,8 +226,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= github.com/ctdk/goiardi v0.11.10 h1:IB/3Afl1pC2Q4KGwzmhHPAoJfe8VtU51wZ2V0QkvsL0= github.com/ctdk/goiardi v0.11.10/go.mod h1:Pr6Cj6Wsahw45myttaOEZeZ0LE7p1qzWmzgsBISkrNI= -github.com/cyberark/conjur-api-go v0.12.9 h1:EPd7p07Z3kEx7minaf4BUCwx57adzHg+FCeGav1p/Gg= -github.com/cyberark/conjur-api-go v0.12.9/go.mod h1:/lZcWpHodKrwJC85J8h6R8uCvt3TknQeUZMUxSinFGU= +github.com/cyberark/conjur-api-go v0.12.10 h1:exseTvvp7l4Fhw6RTE0kq9Ddipsk+941k945Nyoq8CE= +github.com/cyberark/conjur-api-go v0.12.10/go.mod h1:XNoyT5ZBLJAGjqXmelLv+eYMG4QxYkZWiw1zld3m0QQ= github.com/danieljoos/wincred v1.2.2 h1:774zMFJrqaeYCK2W57BgAem/MLi6mtSE47MB6BOJ0i0= github.com/danieljoos/wincred v1.2.2/go.mod h1:w7w4Utbrz8lqeMbDAK0lkNJUv5sAOkFi7nd/ogr0Uh8= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -271,8 +271,8 @@ github.com/fsnotify/fsnotify v1.8.0 h1:dAwr6QBTBZIkG8roQaJjGof0pp0EeF+tNV7YBP3F/ github.com/fsnotify/fsnotify v1.8.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0= github.com/fxamacker/cbor/v2 v2.7.0 h1:iM5WgngdRBanHcxugY4JySA0nk1wZorNOpTgCMedv5E= github.com/fxamacker/cbor/v2 v2.7.0/go.mod h1:pxXPTn3joSm21Gbwsv0w9OSA2y1HFR9qXEeXQVeNoDQ= -github.com/gabriel-vasile/mimetype v1.4.7 h1:SKFKl7kD0RiPdbht0s7hFtjl489WcQ1VyPW8ZzUMYCA= -github.com/gabriel-vasile/mimetype v1.4.7/go.mod h1:GDlAgAyIRT27BhFl53XNAFtfjzOkLaF35JdEG0P7LtU= +github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM= +github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8= github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk= github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04= github.com/go-chef/chef v0.30.1 h1:yvOSijEBWAQtRbBPj9hz1atEJUU6HckPc7AaEyZXnLg= @@ -564,10 +564,10 @@ github.com/oklog/ulid v1.3.1 h1:EGfNDEx6MqHz8B3uNV6QAib1UR2Lm97sHi3ocA6ESJ4= github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U= github.com/onsi/ginkgo v1.16.5 h1:8xi0RTUf59SOSfEtZMvwTvXYMzG4gV23XVHOZiXNtnE= github.com/onsi/ginkgo v1.16.5/go.mod h1:+E8gABHa3K6zRBolWtd+ROzc/U5bkGt0FwiG042wbpU= -github.com/onsi/ginkgo/v2 v2.22.1 h1:QW7tbJAUDyVDVOM5dFa7qaybo+CRfR7bemlQUN6Z8aM= -github.com/onsi/ginkgo/v2 v2.22.1/go.mod h1:S6aTpoRsSq2cZOd+pssHAlKW/Q/jZt6cPrPlnj4a1xM= -github.com/onsi/gomega v1.36.1 h1:bJDPBO7ibjxcbHMgSCoo4Yj18UWbKDlLwX1x9sybDcw= -github.com/onsi/gomega v1.36.1/go.mod h1:PvZbdDc8J6XJEpDK4HCuRBm8a6Fzp9/DmhC9C7yFlog= +github.com/onsi/ginkgo/v2 v2.22.2 h1:/3X8Panh8/WwhU/3Ssa6rCKqPLuAkVY2I0RoyDLySlU= +github.com/onsi/ginkgo/v2 v2.22.2/go.mod h1:oeMosUL+8LtarXBHu/c0bx2D/K9zyQ6uX3cTyztHwsk= +github.com/onsi/gomega v1.36.2 h1:koNYke6TVk6ZmnyHrCXba/T/MoLBXFjeC1PtvYgw0A8= +github.com/onsi/gomega v1.36.2/go.mod h1:DdwyADRjrc825LhMEkD76cHR5+pUnjhUN8GlHlRPHzY= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b h1:FfH+VrHHk6Lxt9HdVS0PXzSXFyS2NbZKXv33FYPol0A= github.com/opentracing/opentracing-go v1.2.1-0.20220228012449-10b1cf09e00b/go.mod h1:AC62GU6hc0BrNm+9RK9VSiwa/EUe1bkIeFORAMcHvJU= github.com/oracle/oci-go-sdk/v65 v65.81.1 h1:JYc47bk8n/MUchA2KHu1ggsCQzlJZQLJ+tTKfOho00E= @@ -759,8 +759,8 @@ golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u0 golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4= golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM= golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= -golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67 h1:1UoZQm6f0P/ZO0w1Ri+f+ifG/gXhegadRdwBIXEFWDo= -golang.org/x/exp v0.0.0-20241217172543-b2144cdd0a67/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= +golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329 h1:9kj3STMvgqy3YA4VQXBrN7925ICMxD5wzMRcgA30588= +golang.org/x/exp v0.0.0-20250103183323-7d7fa50e5329/go.mod h1:qj5a5QZpwLU2NLQudwIN5koi3beDhSAlJwa67PuM98c= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -851,8 +851,8 @@ golang.org/x/oauth2 v0.0.0-20210220000619-9bb904979d93/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210313182246-cd4f82c27b84/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210413134643-5e61552d6c78/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE= -golang.org/x/oauth2 v0.24.0 h1:KTBBxWqUa0ykRPLtV69rRto9TLXcqYkeswu48x/gvNE= -golang.org/x/oauth2 v0.24.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= +golang.org/x/oauth2 v0.25.0 h1:CY4y7XT9v0cRI9oupztF8AgiIu99L/ksR/Xp/6jrZ70= +golang.org/x/oauth2 v0.25.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -929,8 +929,8 @@ golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.16.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.28.0 h1:Fksou7UEQUWlKvIdsqzJmUmCX3cZuD2+P3XyyzwMhlA= -golang.org/x/sys v0.28.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.29.0 h1:TPYlXGxvx1MGTn2GiZDhnjPA9wZzZeGKHHmKhHYvgaU= +golang.org/x/sys v0.29.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= @@ -943,8 +943,8 @@ golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/term v0.16.0/go.mod h1:yn7UURbUtPyrVJPGPq404EukNFxcm/foM+bV/bfcDsY= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= -golang.org/x/term v0.27.0 h1:WP60Sv1nlK1T6SupCHbXzSaN0b9wUmsPoRS9b61A23Q= -golang.org/x/term v0.27.0/go.mod h1:iMsnZpn0cago0GOrHO2+Y7u7JPn5AylBrcoWkElMTSM= +golang.org/x/term v0.28.0 h1:/Ts8HFuMR2E6IP/jlo7QVLZHggjKQbhu/7H0LJFr3Gg= +golang.org/x/term v0.28.0/go.mod h1:Sw/lC2IAUZ92udQNf3WodGtn4k/XoLyZoh8v/8uiwek= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -966,8 +966,8 @@ golang.org/x/text v0.21.0/go.mod h1:4IBbMaMmOPCJ8SecivzSH54+73PCFmPWxNTLm+vZkEQ= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= -golang.org/x/time v0.8.0 h1:9i3RxcPv3PZnitoVGMPDKZSq1xW1gK1Xy3ArNOGZfEg= -golang.org/x/time v0.8.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/time v0.9.0 h1:EsRrnYcQiGH+5FfbgvV4AP7qEZstoyrHB0DzarOQ4ZY= +golang.org/x/time v0.9.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY= @@ -1100,12 +1100,12 @@ google.golang.org/genproto v0.0.0-20210310155132-4ce2db91004e/go.mod h1:FWY/as6D google.golang.org/genproto v0.0.0-20210319143718-93e7006c17a6/go.mod h1:FWY/as6DDZQgahTzZj3fqbO1CbirC29ZNUFHwi0/+no= google.golang.org/genproto v0.0.0-20210402141018-6c239bbf2bb1/go.mod h1:9lPAdzaEmUacj36I+k7YKbEc5CXzPIeORRgDAUOu28A= google.golang.org/genproto v0.0.0-20210413151531-c14fb6ef47c3/go.mod h1:P3QM42oQyzQSnHPnZ/vqoCdDmzH28fzWByN9asMeM8A= -google.golang.org/genproto v0.0.0-20241219192143-6b3ec007d9bb h1:JGs+s1Q6osip3cDY197L1HmkuPn8wPp9Hfy9jl+Uz+U= -google.golang.org/genproto v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:o8GgNarfULyZPNaIY8RDfXM7AZcmcKC/tbMWp/ZOFDw= -google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb h1:B7GIB7sr443wZ/EAEl7VZjmh1V6qzkt5V+RYcUYtS1U= -google.golang.org/genproto/googleapis/api v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:E5//3O5ZIG2l71Xnt+P/CYUY8Bxs8E7WMoZ9tlcMbAY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb h1:3oy2tynMOP1QbTC0MsNNAV+Se8M2Bd0A5+x1QHyw+pI= -google.golang.org/genproto/googleapis/rpc v0.0.0-20241219192143-6b3ec007d9bb/go.mod h1:lcTa1sDdWEIHMWlITnIczmw5w60CF9ffkb8Z+DVmmjA= +google.golang.org/genproto v0.0.0-20250102185135-69823020774d h1:3NH+6ZtWWhXDpEJEAtzF1Gp/zA87pKkIB4gO1Ag8VSI= +google.golang.org/genproto v0.0.0-20250102185135-69823020774d/go.mod h1:zhXVSAeuPiprFfMSrt7Jo1Uighv2Nfu3HAZrw83tcYE= +google.golang.org/genproto/googleapis/api v0.0.0-20250102185135-69823020774d h1:H8tOf8XM88HvKqLTxe755haY6r1fqqzLbEnfrmLXlSA= +google.golang.org/genproto/googleapis/api v0.0.0-20250102185135-69823020774d/go.mod h1:2v7Z7gP2ZUOGsaFyxATQSRoBnKygqVq2Cwnvom7QiqY= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d h1:xJJRGY7TJcvIlpSrN3K6LAWgNFUILlO+OMAqtg9aqnw= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250102185135-69823020774d/go.mod h1:3ENsm/5D1mzDyhpzeRi1NR784I0BcofWBoSc5QqqMK4= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1140,8 +1140,8 @@ google.golang.org/protobuf v1.25.0/go.mod h1:9JNX74DMeImyA3h4bdi1ymwjUzf21/xIlba google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.36.0 h1:mjIs9gYtt56AzC4ZaffQuh88TZurBGhIJMBZGSxNerQ= -google.golang.org/protobuf v1.36.0/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= +google.golang.org/protobuf v1.36.1 h1:yBPeRvTftaleIgM3PZ/WBIZ7XM/eEYAaEyCwvyjq/gk= +google.golang.org/protobuf v1.36.1/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= @@ -1203,8 +1203,8 @@ rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0= rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA= sigs.k8s.io/controller-runtime v0.19.3 h1:XO2GvC9OPftRst6xWCpTgBZO04S2cbp0Qqkj8bX1sPw= sigs.k8s.io/controller-runtime v0.19.3/go.mod h1:j4j87DqtsThvwTv5/Tc5NFRyyF/RF0ip4+62tbTSIUM= -sigs.k8s.io/controller-tools v0.16.5 h1:5k9FNRqziBPwqr17AMEPPV/En39ZBplLAdOwwQHruP4= -sigs.k8s.io/controller-tools v0.16.5/go.mod h1:8vztuRVzs8IuuJqKqbXCSlXcw+lkAv/M2sTpg55qjMY= +sigs.k8s.io/controller-tools v0.17.0 h1:KaEQZbhrdY6J3zLBHplt+0aKUp8PeIttlhtF2UDo6bI= +sigs.k8s.io/controller-tools v0.17.0/go.mod h1:SKoWY8rwGWDzHtfnhmOwljn6fViG0JF7/xmnxpklgjo= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/structured-merge-diff/v4 v4.5.0 h1:nbCitCK2hfnhyiKo6uf2HxUPTCodY6Qaf85SbDIaMBk= From 913e9fb15acf9330a1ee04af654634d83cc21678 Mon Sep 17 00:00:00 2001 From: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> Date: Mon, 13 Jan 2025 12:46:39 +0100 Subject: [PATCH 515/517] fix: run make check-diff on main (#4285) Signed-off-by: Gergely Brautigam <182850+Skarlso@users.noreply.github.com> --- .../bases/generators.external-secrets.io_quayaccesstokens.yaml | 2 +- deploy/crds/bundle.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/config/crds/bases/generators.external-secrets.io_quayaccesstokens.yaml b/config/crds/bases/generators.external-secrets.io_quayaccesstokens.yaml index efc1c97e653..de88e43ba00 100644 --- a/config/crds/bases/generators.external-secrets.io_quayaccesstokens.yaml +++ b/config/crds/bases/generators.external-secrets.io_quayaccesstokens.yaml @@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: quayaccesstokens.generators.external-secrets.io diff --git a/deploy/crds/bundle.yaml b/deploy/crds/bundle.yaml index ae24434fed7..d1a7cf15af0 100644 --- a/deploy/crds/bundle.yaml +++ b/deploy/crds/bundle.yaml @@ -16273,7 +16273,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.16.5 + controller-gen.kubebuilder.io/version: v0.17.0 labels: external-secrets.io/component: controller name: stssessiontokens.generators.external-secrets.io From fd31d6e45d8f71858dd114223ca311531ba4334e Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 13:27:13 +0100 Subject: [PATCH 516/517] chore(deps): bump pymdown-extensions in /hack/api-docs (#4280) Bumps [pymdown-extensions](https://github.com/facelessuser/pymdown-extensions) from 10.13 to 10.14. - [Release notes](https://github.com/facelessuser/pymdown-extensions/releases) - [Commits](https://github.com/facelessuser/pymdown-extensions/compare/10.13...10.14) --- updated-dependencies: - dependency-name: pymdown-extensions dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- hack/api-docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/api-docs/requirements.txt b/hack/api-docs/requirements.txt index 73a9c375016..103c0b19ec6 100644 --- a/hack/api-docs/requirements.txt +++ b/hack/api-docs/requirements.txt @@ -27,7 +27,7 @@ pathspec==0.12.1 pep562==1.1 platformdirs==4.3.6 Pygments==2.19.1 -pymdown-extensions==10.13 +pymdown-extensions==10.14 python-dateutil==2.9.0.post0 PyYAML==6.0.2 pyyaml_env_tag==0.1 From 7731123b556339297810ffd284624650613d1199 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 13 Jan 2025 13:33:18 +0100 Subject: [PATCH 517/517] chore(deps): bump alpine from `21dc606` to `56fa17d` (#4281) Bumps alpine from `21dc606` to `56fa17d`. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- tilt.dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tilt.dockerfile b/tilt.dockerfile index 61647a6d6db..efd3587d904 100644 --- a/tilt.dockerfile +++ b/tilt.dockerfile @@ -1,4 +1,4 @@ -FROM alpine@sha256:21dc6063fd678b478f57c0e13f47560d0ea4eeba26dfc947b2a4f81f686b9f45 +FROM alpine@sha256:56fa17d2a7e7f168a043a2712e63aed1f8543aeafdcee47c58dcffe38ed51099 WORKDIR / COPY ./bin/external-secrets /external-secrets