Implementation of Chef External Secrets Provider #3073

sourav977 · 2024-01-24T09:55:49Z

Problem Statement

Introducing Chef External Secrets Provider.
This will enable users to seamlessly integrate Chef-based secret management with Kubernetes through the existing External Secrets framework.

Related Issue

issue: #2905

Related work

documentation: docs/provider/chef.md
api: apis/externalsecrets/v1beta1/secretstore_chef_types.go
implementation: pkg/provider/chef

Checklist

I have read the contribution guidelines
All commits are signed with git commit --signoff
My changes have reasonable test coverage
All tests pass with make test
I ensured my PR is ready for review with make reviewable

apis/externalsecrets/v1beta1/secretstore_chef_types.go

pkg/provider/chef/chef.go

Skarlso

Generally looks okay. The branch needs a go mod tidy and a signed commit. :)

Issue: external-secrets#2905 This commit intends to add the chef provider structure to the existing list of external-secrets providers. It defines the structure of the SecretStore and ClusterSecretStore for chef Provider. The yaml resource will contain 3 important parts to identify and connect to chef server to reconcile secrets. They are: 1. serverurl: This is the URL to the chef server. 2. username: The username to connect to the chef server. 3. auth: The password to connect to the chef server. It is a reference to an already existing kubernetes secret containing the password. This commit also contains the auto generated CRDs using the `make generate` command. Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>

Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>

- added unit test cases - added sample documentation Issue: external-secrets#2905 Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com>

Signed-off-by: Allen Conlon <allen@conlon.dev>

…al-secrets#2646) * feat: add PushSecret and DeleteSecret to onepassword provider Signed-off-by: Bryce Thuilot <bryce@thuilot.io> * refactor: clean code based on suggestions Signed-off-by: Bryce Thuilot <bryce@thuilot.io> * refactor: make suggested sonar cube changes Signed-off-by: Bryce Thuilot <bryce@thuilot.io> --------- Signed-off-by: Bryce Thuilot <bryce@thuilot.io>

* Configure codevov Signed-off-by: shuheiktgw <s-kitagawa@mercari.com> * Disable annotations Signed-off-by: shuheiktgw <s-kitagawa@mercari.com> * Set ignore Signed-off-by: shuheiktgw <s-kitagawa@mercari.com> --------- Signed-off-by: shuheiktgw <s-kitagawa@mercari.com>

Signed-off-by: Robert Paschedag <robert.paschedag@sap.com> Co-authored-by: Robert Paschedag <robert.paschedag@sap.com>

…barucoh <20933964+barucoh@users.noreply.github.com> (external-secrets#3013) Signed-off-by: “barucoh” <“ohadbaruch1@gmail.com”>

Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>

Signed-off-by: Subroto Roy <subrotoroy007@gmail.com>

* update dependencies (external-secrets#3005) Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> * feat: allow keeper to work with complex types Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> --------- Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Signed-off-by: Pedro Parra Ortega <parraortega.pedro@gmail.com> Co-authored-by: eso-service-account-app[bot] <85832941+eso-service-account-app[bot]@users.noreply.github.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Moritz Johner <moolen@users.noreply.github.com>

…cs (external-secrets#3043) Bumps [mkdocs-material](https://github.com/squidfunk/mkdocs-material) from 9.5.3 to 9.5.4. - [Release notes](https://github.com/squidfunk/mkdocs-material/releases) - [Changelog](https://github.com/squidfunk/mkdocs-material/blob/master/CHANGELOG) - [Commits](squidfunk/mkdocs-material@9.5.3...9.5.4) --- updated-dependencies: - dependency-name: mkdocs-material dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…-secrets#3045) Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.3.1. - [Release notes](https://github.com/ossf/scorecard-action/releases) - [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md) - [Commits](ossf/scorecard-action@e38b190...0864cf1) --- updated-dependencies: - dependency-name: ossf/scorecard-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

…ernal-secrets#3054) The snippet[1] was not aligning with the schema defined in CRD. [1] https://external-secrets.io/latest/guides/security-best-practices/ Signed-off-by: kyasbal <kyasbal1994@gmail.com>

* chore: refactor/centralise secretKeyRef usage Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

…secrets#3058) This allows providers to issue warnings, e.g. during a migration/deprecation period Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

…l-secrets#3039) Bumps alpine from 3.18 to 3.19. --- updated-dependencies: - dependency-name: alpine dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Signed-off-by: Moritz Johner <beller.moritz@googlemail.com>

…crets#3063) Bumps [mkdocs-minify-plugin](https://github.com/byrnereese/mkdocs-minify-plugin) from 0.5.0 to 0.7.2. - [Release notes](https://github.com/byrnereese/mkdocs-minify-plugin/releases) - [Commits](byrnereese/mkdocs-minify-plugin@0.5.0...0.7.2) --- updated-dependencies: - dependency-name: mkdocs-minify-plugin dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

…xternal-secrets#3062) Bumps [markupsafe](https://github.com/pallets/markupsafe) from 2.1.3 to 2.1.4. - [Release notes](https://github.com/pallets/markupsafe/releases) - [Changelog](https://github.com/pallets/markupsafe/blob/main/CHANGES.rst) - [Commits](pallets/markupsafe@2.1.3...2.1.4) --- updated-dependencies: - dependency-name: markupsafe dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* update dependencies Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> * fix: re-generate CRDs with new controller-runtime version Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> --------- Signed-off-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Signed-off-by: Moritz Johner <beller.moritz@googlemail.com> Co-authored-by: External Secrets Operator <ExternalSecretsOperator@users.noreply.github.com> Co-authored-by: Moritz Johner <beller.moritz@googlemail.com>

Issue: external-secrets#2905 Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

Signed-off-by: vardhanreddy13 <vvv.vardhanreddy@gmail.com>

Issue: external-secrets#2905 Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

sourav977 · 2024-02-07T16:11:29Z

The missed unsigned commits have been signed by me and my teammates but DCO check now complaining about other commits . @Skarlso Could you help me in resolving DCO check issue ?

Signed-off-by: Sourav Patnaik <souravpatnaik123@gmail.com>

sonarcloud · 2024-02-08T07:56:18Z

Quality Gate passed

Kudos, no new issues were introduced!

0 New issues
0 Security Hotspots
No data about Coverage
0.0% Duplication on New Code

See analysis details on SonarCloud

Skarlso · 2024-02-08T09:37:57Z

The commits seem to be containing some merge issues or something? Could you please squash these?

There are 19 commits incorrectly signed off.

The problem is that the commit needs to contain your signature since you are the author. And there are commits for which this isn't true. Like the merge commits.

Alternatively, take the diff, and create another PR and start off fresh if squashing is too complicated.

sourav977 · 2024-02-09T07:12:49Z

@Skarlso @sebagomez

Alternatively, take the diff, and create another PR and start off fresh if squashing is too complicated.

As suggested, we are closing this PR as we are unable to resolve unsigned commits , latest PR: #3127

sourav977 requested a review from a team as a code owner January 24, 2024 09:55

sourav977 requested a review from sebagomez January 24, 2024 09:55

sourav977 force-pushed the chef_eso_issue_2905 branch 2 times, most recently from 91c4b2e to 64661a1 Compare January 24, 2024 10:17