diff --git a/Makefile b/Makefile index 109f182..b552ae9 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 0.9.8 +VERSION ?= 0.9.9 # CHANNELS define the bundle channels used in the bundle. # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") diff --git a/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml b/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml index 4de4e41..51a1728 100644 --- a/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml +++ b/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml @@ -375,7 +375,7 @@ metadata: "kind": "ExternalSecret", "metadata": { "annotations": { - "acme.org/sha": "1234" + "acme.org/sha": 1234 }, "labels": { "acme.org/owned-by": "q-team" @@ -671,8 +671,8 @@ metadata: capabilities: Deep Insights categories: Security certified: "false" - containerImage: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.8 - createdAt: "2023-10-31T12:45:51Z" + containerImage: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.9 + createdAt: "2023-11-13T19:16:18Z" description: Operator to configure external-secrets helm-chart based operator operatorframework.io/cluster-monitoring: "true" operators.openshift.io/infrastructure-features: '["Disconnected"]' @@ -682,7 +682,7 @@ metadata: labels: operatorframework.io/arch.amd64: supported operatorframework.io/os.linux: supported - name: external-secrets-operator.v0.9.8 + name: external-secrets-operator.v0.9.9 namespace: external-secrets spec: apiservicedefinitions: {} @@ -968,7 +968,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - image: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.8 + image: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.9 livenessProbe: httpGet: path: /healthz @@ -1066,4 +1066,4 @@ spec: provider: name: External Secrets url: https://external-secrets.io - version: 0.9.8 + version: 0.9.9 diff --git a/bundle/manifests/external-secrets.io_clusterexternalsecrets.yaml b/bundle/manifests/external-secrets.io_clusterexternalsecrets.yaml index d6195b6..c6caef6 100644 --- a/bundle/manifests/external-secrets.io_clusterexternalsecrets.yaml +++ b/bundle/manifests/external-secrets.io_clusterexternalsecrets.yaml @@ -139,8 +139,9 @@ spec: maxProperties: 1 properties: generatorRef: - description: GeneratorRef points to a generator custom - resource in + description: "GeneratorRef points to a generator custom + resource. \n Deprecated: The generatorRef is not implemented + in .data[]. this will be removed with v1." properties: apiVersion: default: generators.external-secrets.io/v1alpha1 @@ -314,7 +315,7 @@ spec: properties: generatorRef: description: GeneratorRef points to a generator custom - resource in + resource. properties: apiVersion: default: generators.external-secrets.io/v1alpha1 diff --git a/bundle/manifests/external-secrets.io_clustersecretstores.yaml b/bundle/manifests/external-secrets.io_clustersecretstores.yaml index 01f98f7..37b562a 100644 --- a/bundle/manifests/external-secrets.io_clustersecretstores.yaml +++ b/bundle/manifests/external-secrets.io_clustersecretstores.yaml @@ -954,6 +954,14 @@ spec: - tenancy - user type: object + compartment: + description: Compartment is the vault compartment OCID. Required + for PushSecret + type: string + encryptionKey: + description: EncryptionKey is the OCID of the encryption key + within the vault. Required for PushSecret + type: string principalType: description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal @@ -963,6 +971,31 @@ spec: region: description: Region is the region where vault is located. type: string + serviceAccountRef: + description: ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. + properties: + audiences: + description: Audience specifies the `aud` claim for the + service account token If the service account uses a + well-known annotation for e.g. IRSA or GCP Workload + Identity then this audiences will be appended to the + list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being + referred to. + type: string + namespace: + description: Namespace of the resource being referred + to. Ignored if referent is not cluster-scoped. cluster-scoped + defaults to the namespace of the referent. + type: string + required: + - name + type: object vault: description: Vault is the vault's OCID of the specific vault where secret is located. @@ -3034,6 +3067,14 @@ spec: - tenancy - user type: object + compartment: + description: Compartment is the vault compartment OCID. Required + for PushSecret + type: string + encryptionKey: + description: EncryptionKey is the OCID of the encryption key + within the vault. Required for PushSecret + type: string principalType: description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal @@ -3043,6 +3084,31 @@ spec: region: description: Region is the region where vault is located. type: string + serviceAccountRef: + description: ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. + properties: + audiences: + description: Audience specifies the `aud` claim for the + service account token If the service account uses a + well-known annotation for e.g. IRSA or GCP Workload + Identity then this audiences will be appended to the + list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being + referred to. + type: string + namespace: + description: Namespace of the resource being referred + to. Ignored if referent is not cluster-scoped. cluster-scoped + defaults to the namespace of the referent. + type: string + required: + - name + type: object vault: description: Vault is the vault's OCID of the specific vault where secret is located. diff --git a/bundle/manifests/external-secrets.io_externalsecrets.yaml b/bundle/manifests/external-secrets.io_externalsecrets.yaml index 49664a3..27b0b78 100644 --- a/bundle/manifests/external-secrets.io_externalsecrets.yaml +++ b/bundle/manifests/external-secrets.io_externalsecrets.yaml @@ -388,8 +388,9 @@ spec: maxProperties: 1 properties: generatorRef: - description: GeneratorRef points to a generator custom resource - in + description: "GeneratorRef points to a generator custom + resource. \n Deprecated: The generatorRef is not implemented + in .data[]. this will be removed with v1." properties: apiVersion: default: generators.external-secrets.io/v1alpha1 @@ -561,8 +562,7 @@ spec: maxProperties: 1 properties: generatorRef: - description: GeneratorRef points to a generator custom resource - in + description: GeneratorRef points to a generator custom resource. properties: apiVersion: default: generators.external-secrets.io/v1alpha1 diff --git a/bundle/manifests/external-secrets.io_secretstores.yaml b/bundle/manifests/external-secrets.io_secretstores.yaml index 13a76d1..328aa2b 100644 --- a/bundle/manifests/external-secrets.io_secretstores.yaml +++ b/bundle/manifests/external-secrets.io_secretstores.yaml @@ -954,6 +954,14 @@ spec: - tenancy - user type: object + compartment: + description: Compartment is the vault compartment OCID. Required + for PushSecret + type: string + encryptionKey: + description: EncryptionKey is the OCID of the encryption key + within the vault. Required for PushSecret + type: string principalType: description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal @@ -963,6 +971,31 @@ spec: region: description: Region is the region where vault is located. type: string + serviceAccountRef: + description: ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. + properties: + audiences: + description: Audience specifies the `aud` claim for the + service account token If the service account uses a + well-known annotation for e.g. IRSA or GCP Workload + Identity then this audiences will be appended to the + list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being + referred to. + type: string + namespace: + description: Namespace of the resource being referred + to. Ignored if referent is not cluster-scoped. cluster-scoped + defaults to the namespace of the referent. + type: string + required: + - name + type: object vault: description: Vault is the vault's OCID of the specific vault where secret is located. @@ -3034,6 +3067,14 @@ spec: - tenancy - user type: object + compartment: + description: Compartment is the vault compartment OCID. Required + for PushSecret + type: string + encryptionKey: + description: EncryptionKey is the OCID of the encryption key + within the vault. Required for PushSecret + type: string principalType: description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal @@ -3043,6 +3084,31 @@ spec: region: description: Region is the region where vault is located. type: string + serviceAccountRef: + description: ServiceAccountRef specified the service account + that should be used when authenticating with WorkloadIdentity. + properties: + audiences: + description: Audience specifies the `aud` claim for the + service account token If the service account uses a + well-known annotation for e.g. IRSA or GCP Workload + Identity then this audiences will be appended to the + list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being + referred to. + type: string + namespace: + description: Namespace of the resource being referred + to. Ignored if referent is not cluster-scoped. cluster-scoped + defaults to the namespace of the referent. + type: string + required: + - name + type: object vault: description: Vault is the vault's OCID of the specific vault where secret is located. diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 266c98c..8b97675 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,4 +13,4 @@ kind: Kustomization images: - name: controller newName: ghcr.io/external-secrets/external-secrets-helm-operator - newTag: v0.9.8 + newTag: v0.9.9 diff --git a/config/manifests/bases/external-secrets-operator.clusterserviceversion.yaml b/config/manifests/bases/external-secrets-operator.clusterserviceversion.yaml index 919c33e..dd95a58 100644 --- a/config/manifests/bases/external-secrets-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/external-secrets-operator.clusterserviceversion.yaml @@ -6,7 +6,7 @@ metadata: capabilities: Deep Insights categories: Security certified: "false" - containerImage: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.8 + containerImage: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.9 createdAt: "2021-11-22 00:00:00" description: Operator to configure external-secrets helm-chart based operator operatorframework.io/cluster-monitoring: "true" diff --git a/config/manifests/crds/clusterexternalsecret.yml b/config/manifests/crds/clusterexternalsecret.yml index 38f7550..8660a19 100644 --- a/config/manifests/crds/clusterexternalsecret.yml +++ b/config/manifests/crds/clusterexternalsecret.yml @@ -112,7 +112,7 @@ spec: maxProperties: 1 properties: generatorRef: - description: GeneratorRef points to a generator custom resource in + description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1." properties: apiVersion: default: generators.external-secrets.io/v1alpha1 @@ -256,7 +256,7 @@ spec: maxProperties: 1 properties: generatorRef: - description: GeneratorRef points to a generator custom resource in + description: GeneratorRef points to a generator custom resource. properties: apiVersion: default: generators.external-secrets.io/v1alpha1 diff --git a/config/manifests/crds/clustersecretstore.yml b/config/manifests/crds/clustersecretstore.yml index 8db60da..ebdabd0 100644 --- a/config/manifests/crds/clustersecretstore.yml +++ b/config/manifests/crds/clustersecretstore.yml @@ -696,12 +696,35 @@ spec: - tenancy - user type: object + compartment: + description: Compartment is the vault compartment OCID. Required for PushSecret + type: string + encryptionKey: + description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret + type: string principalType: description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. type: string region: description: Region is the region where vault is located. type: string + serviceAccountRef: + description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object vault: description: Vault is the vault's OCID of the specific vault where secret is located. type: string @@ -2217,12 +2240,35 @@ spec: - tenancy - user type: object + compartment: + description: Compartment is the vault compartment OCID. Required for PushSecret + type: string + encryptionKey: + description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret + type: string principalType: description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. type: string region: description: Region is the region where vault is located. type: string + serviceAccountRef: + description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object vault: description: Vault is the vault's OCID of the specific vault where secret is located. type: string diff --git a/config/manifests/crds/externalsecret.yml b/config/manifests/crds/externalsecret.yml index 2a2c6ef..09bf707 100644 --- a/config/manifests/crds/externalsecret.yml +++ b/config/manifests/crds/externalsecret.yml @@ -334,7 +334,7 @@ spec: maxProperties: 1 properties: generatorRef: - description: GeneratorRef points to a generator custom resource in + description: "GeneratorRef points to a generator custom resource. \n Deprecated: The generatorRef is not implemented in .data[]. this will be removed with v1." properties: apiVersion: default: generators.external-secrets.io/v1alpha1 @@ -478,7 +478,7 @@ spec: maxProperties: 1 properties: generatorRef: - description: GeneratorRef points to a generator custom resource in + description: GeneratorRef points to a generator custom resource. properties: apiVersion: default: generators.external-secrets.io/v1alpha1 diff --git a/config/manifests/crds/secretstore.yml b/config/manifests/crds/secretstore.yml index 7636f57..33d4cc0 100644 --- a/config/manifests/crds/secretstore.yml +++ b/config/manifests/crds/secretstore.yml @@ -696,12 +696,35 @@ spec: - tenancy - user type: object + compartment: + description: Compartment is the vault compartment OCID. Required for PushSecret + type: string + encryptionKey: + description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret + type: string principalType: description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. type: string region: description: Region is the region where vault is located. type: string + serviceAccountRef: + description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object vault: description: Vault is the vault's OCID of the specific vault where secret is located. type: string @@ -2217,12 +2240,35 @@ spec: - tenancy - user type: object + compartment: + description: Compartment is the vault compartment OCID. Required for PushSecret + type: string + encryptionKey: + description: EncryptionKey is the OCID of the encryption key within the vault. Required for PushSecret + type: string principalType: description: The type of principal to use for authentication. If left blank, the Auth struct will determine the principal type. This optional field must be specified if using workload identity. type: string region: description: Region is the region where vault is located. type: string + serviceAccountRef: + description: ServiceAccountRef specified the service account that should be used when authenticating with WorkloadIdentity. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object vault: description: Vault is the vault's OCID of the specific vault where secret is located. type: string