From 554afcb80c264d618f7cdb198f226355bba3a843 Mon Sep 17 00:00:00 2001 From: Lucas Severo Alves Date: Sun, 15 Oct 2023 16:55:39 +0200 Subject: [PATCH] bump 0.9.6 Signed-off-by: Lucas Severo Alves --- Makefile | 2 +- bundle.Dockerfile | 2 +- ...ecrets-operator.clusterserviceversion.yaml | 12 +-- ...ternal-secrets.io_clustersecretstores.yaml | 91 ++++++++++++++++++- .../external-secrets.io_secretstores.yaml | 91 ++++++++++++++++++- bundle/metadata/annotations.yaml | 2 +- config/manager/kustomization.yaml | 2 +- ...ecrets-operator.clusterserviceversion.yaml | 2 +- config/manifests/crds/clustersecretstore.yml | 65 ++++++++++++- config/manifests/crds/secretstore.yml | 65 ++++++++++++- 10 files changed, 315 insertions(+), 19 deletions(-) diff --git a/Makefile b/Makefile index e4bff01..8896d48 100644 --- a/Makefile +++ b/Makefile @@ -3,7 +3,7 @@ # To re-generate a bundle for another specific version without changing the standard setup, you can: # - use the VERSION as arg of the bundle target (e.g make bundle VERSION=0.0.2) # - use environment variables to overwrite this value (e.g export VERSION=0.0.2) -VERSION ?= 0.9.5 +VERSION ?= 0.9.6 # CHANNELS define the bundle channels used in the bundle. # Add a new line here if you would like to change its default config. (E.g CHANNELS = "candidate,fast,stable") diff --git a/bundle.Dockerfile b/bundle.Dockerfile index eba8487..0b49578 100644 --- a/bundle.Dockerfile +++ b/bundle.Dockerfile @@ -7,7 +7,7 @@ LABEL operators.operatorframework.io.bundle.metadata.v1=metadata/ LABEL operators.operatorframework.io.bundle.package.v1=external-secrets-operator LABEL operators.operatorframework.io.bundle.channels.v1=alpha,stable LABEL operators.operatorframework.io.bundle.channel.default.v1=alpha -LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.18.0+git +LABEL operators.operatorframework.io.metrics.builder=operator-sdk-v1.32.0 LABEL operators.operatorframework.io.metrics.mediatype.v1=metrics+v1 LABEL operators.operatorframework.io.metrics.project_layout=helm.sdk.operatorframework.io/v1 diff --git a/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml b/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml index 9ada262..7ec4f7f 100644 --- a/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml +++ b/bundle/manifests/external-secrets-operator.clusterserviceversion.yaml @@ -671,18 +671,18 @@ metadata: capabilities: Deep Insights categories: Security certified: "false" - containerImage: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.5 - createdAt: "2021-11-22 00:00:00" + containerImage: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.6 + createdAt: "2023-10-15T14:54:33Z" description: Operator to configure external-secrets helm-chart based operator operatorframework.io/cluster-monitoring: "true" operators.openshift.io/infrastructure-features: '["Disconnected"]' - operators.operatorframework.io/builder: operator-sdk-v1.18.0+git + operators.operatorframework.io/builder: operator-sdk-v1.32.0 operators.operatorframework.io/project_layout: helm.sdk.operatorframework.io/v1 repository: https://github.com/external-secrets/external-secrets-helm-operator labels: operatorframework.io/arch.amd64: supported operatorframework.io/os.linux: supported - name: external-secrets-operator.v0.9.5 + name: external-secrets-operator.v0.9.6 namespace: external-secrets spec: apiservicedefinitions: {} @@ -968,7 +968,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.annotations['olm.targetNamespaces'] - image: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.5 + image: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.6 livenessProbe: httpGet: path: /healthz @@ -1066,4 +1066,4 @@ spec: provider: name: External Secrets url: https://external-secrets.io - version: 0.9.5 + version: 0.9.6 diff --git a/bundle/manifests/external-secrets.io_clustersecretstores.yaml b/bundle/manifests/external-secrets.io_clustersecretstores.yaml index fcb046e..7d8b220 100644 --- a/bundle/manifests/external-secrets.io_clustersecretstores.yaml +++ b/bundle/manifests/external-secrets.io_clustersecretstores.yaml @@ -2262,11 +2262,98 @@ spec: - apiKeyRef - userRef type: object - required: - - apikey + jwt: + properties: + account: + type: string + secretRef: + description: Optional SecretRef that refers to a key + in a Secret resource containing JWT token to authenticate + with Conjur using the JWT authentication method. + properties: + key: + description: The key of the entry in the Secret + resource's `data` field to be used. Some instances + of this field may be defaulted, in others it + may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: Namespace of the resource being referred + to. Ignored if referent is not cluster-scoped. + cluster-scoped defaults to the namespace of + the referent. + type: string + type: object + serviceAccountRef: + description: Optional ServiceAccountRef specifies + the Kubernetes service account for which to request + a token for with the `TokenRequest` API. + properties: + audiences: + description: Audience specifies the `aud` claim + for the service account token If the service + account uses a well-known annotation for e.g. + IRSA or GCP Workload Identity then this audiences + will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource + being referred to. + type: string + namespace: + description: Namespace of the resource being referred + to. Ignored if referent is not cluster-scoped. + cluster-scoped defaults to the namespace of + the referent. + type: string + required: + - name + type: object + serviceID: + description: The conjur authn jwt webservice id + type: string + required: + - account + - serviceID + type: object type: object caBundle: type: string + caProvider: + description: Used to provide custom certificate authority + (CA) certificates for a secret store. The CAProvider points + to a Secret or ConfigMap resource that contains a PEM-encoded + certificate. + properties: + key: + description: The key where the CA certificate can be found + in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the provider + type. + type: string + namespace: + description: The namespace the Provider type is in. Can + only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", + or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object url: type: string required: diff --git a/bundle/manifests/external-secrets.io_secretstores.yaml b/bundle/manifests/external-secrets.io_secretstores.yaml index 3209f9b..95ce390 100644 --- a/bundle/manifests/external-secrets.io_secretstores.yaml +++ b/bundle/manifests/external-secrets.io_secretstores.yaml @@ -2262,11 +2262,98 @@ spec: - apiKeyRef - userRef type: object - required: - - apikey + jwt: + properties: + account: + type: string + secretRef: + description: Optional SecretRef that refers to a key + in a Secret resource containing JWT token to authenticate + with Conjur using the JWT authentication method. + properties: + key: + description: The key of the entry in the Secret + resource's `data` field to be used. Some instances + of this field may be defaulted, in others it + may be required. + type: string + name: + description: The name of the Secret resource being + referred to. + type: string + namespace: + description: Namespace of the resource being referred + to. Ignored if referent is not cluster-scoped. + cluster-scoped defaults to the namespace of + the referent. + type: string + type: object + serviceAccountRef: + description: Optional ServiceAccountRef specifies + the Kubernetes service account for which to request + a token for with the `TokenRequest` API. + properties: + audiences: + description: Audience specifies the `aud` claim + for the service account token If the service + account uses a well-known annotation for e.g. + IRSA or GCP Workload Identity then this audiences + will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource + being referred to. + type: string + namespace: + description: Namespace of the resource being referred + to. Ignored if referent is not cluster-scoped. + cluster-scoped defaults to the namespace of + the referent. + type: string + required: + - name + type: object + serviceID: + description: The conjur authn jwt webservice id + type: string + required: + - account + - serviceID + type: object type: object caBundle: type: string + caProvider: + description: Used to provide custom certificate authority + (CA) certificates for a secret store. The CAProvider points + to a Secret or ConfigMap resource that contains a PEM-encoded + certificate. + properties: + key: + description: The key where the CA certificate can be found + in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the provider + type. + type: string + namespace: + description: The namespace the Provider type is in. Can + only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", + or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object url: type: string required: diff --git a/bundle/metadata/annotations.yaml b/bundle/metadata/annotations.yaml index d6b99f7..e846447 100644 --- a/bundle/metadata/annotations.yaml +++ b/bundle/metadata/annotations.yaml @@ -6,7 +6,7 @@ annotations: operators.operatorframework.io.bundle.package.v1: external-secrets-operator operators.operatorframework.io.bundle.channels.v1: alpha,stable operators.operatorframework.io.bundle.channel.default.v1: alpha - operators.operatorframework.io.metrics.builder: operator-sdk-v1.18.0+git + operators.operatorframework.io.metrics.builder: operator-sdk-v1.32.0 operators.operatorframework.io.metrics.mediatype.v1: metrics+v1 operators.operatorframework.io.metrics.project_layout: helm.sdk.operatorframework.io/v1 diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml index 2ce26be..4756a32 100644 --- a/config/manager/kustomization.yaml +++ b/config/manager/kustomization.yaml @@ -13,4 +13,4 @@ kind: Kustomization images: - name: controller newName: ghcr.io/external-secrets/external-secrets-helm-operator - newTag: v0.9.5 + newTag: v0.9.6 diff --git a/config/manifests/bases/external-secrets-operator.clusterserviceversion.yaml b/config/manifests/bases/external-secrets-operator.clusterserviceversion.yaml index 41fcb7b..73452b7 100644 --- a/config/manifests/bases/external-secrets-operator.clusterserviceversion.yaml +++ b/config/manifests/bases/external-secrets-operator.clusterserviceversion.yaml @@ -6,7 +6,7 @@ metadata: capabilities: Deep Insights categories: Security certified: "false" - containerImage: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.5 + containerImage: ghcr.io/external-secrets/external-secrets-helm-operator:v0.9.6 createdAt: "2021-11-22 00:00:00" description: Operator to configure external-secrets helm-chart based operator operatorframework.io/cluster-monitoring: "true" diff --git a/config/manifests/crds/clustersecretstore.yml b/config/manifests/crds/clustersecretstore.yml index 21cce2d..ec1a2ac 100644 --- a/config/manifests/crds/clustersecretstore.yml +++ b/config/manifests/crds/clustersecretstore.yml @@ -1633,11 +1633,72 @@ spec: - apiKeyRef - userRef type: object - required: - - apikey + jwt: + properties: + account: + type: string + secretRef: + description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + serviceAccountRef: + description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object + serviceID: + description: The conjur authn jwt webservice id + type: string + required: + - account + - serviceID + type: object type: object caBundle: type: string + caProvider: + description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate. + properties: + key: + description: The key where the CA certificate can be found in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the provider type. + type: string + namespace: + description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object url: type: string required: diff --git a/config/manifests/crds/secretstore.yml b/config/manifests/crds/secretstore.yml index f713305..735bd9a 100644 --- a/config/manifests/crds/secretstore.yml +++ b/config/manifests/crds/secretstore.yml @@ -1633,11 +1633,72 @@ spec: - apiKeyRef - userRef type: object - required: - - apikey + jwt: + properties: + account: + type: string + secretRef: + description: Optional SecretRef that refers to a key in a Secret resource containing JWT token to authenticate with Conjur using the JWT authentication method. + properties: + key: + description: The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be defaulted, in others it may be required. + type: string + name: + description: The name of the Secret resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + type: object + serviceAccountRef: + description: Optional ServiceAccountRef specifies the Kubernetes service account for which to request a token for with the `TokenRequest` API. + properties: + audiences: + description: Audience specifies the `aud` claim for the service account token If the service account uses a well-known annotation for e.g. IRSA or GCP Workload Identity then this audiences will be appended to the list + items: + type: string + type: array + name: + description: The name of the ServiceAccount resource being referred to. + type: string + namespace: + description: Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults to the namespace of the referent. + type: string + required: + - name + type: object + serviceID: + description: The conjur authn jwt webservice id + type: string + required: + - account + - serviceID + type: object type: object caBundle: type: string + caProvider: + description: Used to provide custom certificate authority (CA) certificates for a secret store. The CAProvider points to a Secret or ConfigMap resource that contains a PEM-encoded certificate. + properties: + key: + description: The key where the CA certificate can be found in the Secret or ConfigMap. + type: string + name: + description: The name of the object located at the provider type. + type: string + namespace: + description: The namespace the Provider type is in. Can only be defined when used in a ClusterSecretStore. + type: string + type: + description: The type of provider to use such as "Secret", or "ConfigMap". + enum: + - Secret + - ConfigMap + type: string + required: + - name + - type + type: object url: type: string required: