Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implementation of Chef External Secrets Provider #3127

Merged
merged 11 commits into from Feb 14, 2024
Merged

Implementation of Chef External Secrets Provider #3127

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
08d24fe
Adding the details for chef provider secret store.
SubrotoRoy Jan 2, 2024
421ef0b
Implementation for Chef ESO provided
vardhanreddy13 Jan 4, 2024
f48e359
- implemented Chef eso, added required methods
sourav977 Jan 5, 2024
44bced7
Added Documentation for Authentication
SubrotoRoy Jan 11, 2024
14e6594
added documentation for Chef eso
sourav977 Jan 24, 2024
8bcdd79
Updated chef ESO documentation
vardhanreddy13 Jan 24, 2024
4e7c634
updated ValidateStore method signature
sourav977 Jan 24, 2024
53b306f
made changes in chef provider to satisfy 'make docs'
sourav977 Jan 30, 2024
3e0e189
- updated code as per review comment, make reviewable suggestions
sourav977 Feb 2, 2024
0898520
modified chef provider code as per review comment
sourav977 Feb 14, 2024
c8130ac
Merge branch 'external-secrets:main' into dev_eso_chef_2905
sourav977 Feb 14, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
38 changes: 38 additions & 0 deletions apis/externalsecrets/v1beta1/secretstore_chef_types.go
View file
Open in desktop
@@ -0,0 +1,38 @@
/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package v1beta1

import (
esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
)

// ChefAuth contains a secretRef for credentials.
type ChefAuth struct {
SecretRef ChefAuthSecretRef `json:"secretRef"`
}

// ChefAuthSecretRef holds secret references for chef server login credentials.
type ChefAuthSecretRef struct {
// SecretKey is the Signing Key in PEM format, used for authentication.
SecretKey esmeta.SecretKeySelector `json:"privateKeySecretRef"`
}

// ChefProvider configures a store to sync secrets using basic chef server connection credentials.
type ChefProvider struct {
// Auth defines the information necessary to authenticate against chef Server
Auth *ChefAuth `json:"auth"`
// UserName should be the user ID on the chef server
UserName string `json:"username"`
// ServerURL is the chef server URL used to connect to. If using orgs you should include your org in the url and terminate the url with a "/"
ServerURL string `json:"serverUrl"`
}
4 changes: 4 additions & 0 deletions apis/externalsecrets/v1beta1/secretstore_types.go
View file
Open in desktop
Expand Up @@ -141,6 +141,10 @@ type SecretStoreProvider struct {
// https://docs.delinea.com/online-help/products/devops-secrets-vault/current
// +optional
Delinea *DelineaProvider `json:"delinea,omitempty"`

// Chef configures this store to sync secrets with chef server
// +optional
Chef *ChefProvider `json:"chef,omitempty"`
}

type CAProviderType string
Expand Down
57 changes: 57 additions & 0 deletions apis/externalsecrets/v1beta1/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

50 changes: 50 additions & 0 deletions config/crds/bases/external-secrets.io_clustersecretstores.yaml
View file
Open in desktop
Expand Up @@ -2202,6 +2202,56 @@ spec:
required:
- vaultUrl
type: object
chef:
description: Chef configures this store to sync secrets with chef
server
properties:
auth:
description: Auth defines the information necessary to authenticate
against chef Server
properties:
secretRef:
description: ChefAuthSecretRef holds secret references
for chef server login credentials.
properties:
privateKeySecretRef:
description: SecretKey is the Signing Key in PEM format,
used for authentication.
properties:
key:
description: |-
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being
referred to.
type: string
namespace:
description: |-
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
to the namespace of the referent.
type: string
type: object
required:
- privateKeySecretRef
type: object
required:
- secretRef
type: object
serverUrl:
description: ServerURL is the chef server URL used to connect
to. If using orgs you should include your org in the url
and terminate the url with a "/"
type: string
username:
description: UserName should be the user ID on the chef server
type: string
required:
- auth
- serverUrl
- username
type: object
conjur:
description: Conjur configures this store to sync secrets using
conjur provider
Expand Down
50 changes: 50 additions & 0 deletions config/crds/bases/external-secrets.io_secretstores.yaml
View file
Open in desktop
Expand Up @@ -2202,6 +2202,56 @@ spec:
required:
- vaultUrl
type: object
chef:
description: Chef configures this store to sync secrets with chef
server
properties:
auth:
description: Auth defines the information necessary to authenticate
against chef Server
properties:
secretRef:
description: ChefAuthSecretRef holds secret references
for chef server login credentials.
properties:
privateKeySecretRef:
description: SecretKey is the Signing Key in PEM format,
used for authentication.
properties:
key:
description: |-
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being
referred to.
type: string
namespace:
description: |-
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
to the namespace of the referent.
type: string
type: object
required:
- privateKeySecretRef
type: object
required:
- secretRef
type: object
serverUrl:
description: ServerURL is the chef server URL used to connect
to. If using orgs you should include your org in the url
and terminate the url with a "/"
type: string
username:
description: UserName should be the user ID on the chef server
type: string
required:
- auth
- serverUrl
- username
type: object
conjur:
description: Conjur configures this store to sync secrets using
conjur provider
Expand Down
86 changes: 86 additions & 0 deletions deploy/crds/bundle.yaml
View file
Open in desktop
Expand Up @@ -2665,6 +2665,49 @@ spec:
required:
- vaultUrl
type: object
chef:
description: Chef configures this store to sync secrets with chef server
properties:
auth:
description: Auth defines the information necessary to authenticate against chef Server
properties:
secretRef:
description: ChefAuthSecretRef holds secret references for chef server login credentials.
properties:
privateKeySecretRef:
description: SecretKey is the Signing Key in PEM format, used for authentication.
properties:
key:
description: |-
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being referred to.
type: string
namespace:
description: |-
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
to the namespace of the referent.
type: string
type: object
required:
- privateKeySecretRef
type: object
required:
- secretRef
type: object
serverUrl:
description: ServerURL is the chef server URL used to connect to. If using orgs you should include your org in the url and terminate the url with a "/"
type: string
username:
description: UserName should be the user ID on the chef server
type: string
required:
- auth
- serverUrl
- username
type: object
conjur:
description: Conjur configures this store to sync secrets using conjur provider
properties:
Expand Down Expand Up @@ -7639,6 +7682,49 @@ spec:
required:
- vaultUrl
type: object
chef:
description: Chef configures this store to sync secrets with chef server
properties:
auth:
description: Auth defines the information necessary to authenticate against chef Server
properties:
secretRef:
description: ChefAuthSecretRef holds secret references for chef server login credentials.
properties:
privateKeySecretRef:
description: SecretKey is the Signing Key in PEM format, used for authentication.
properties:
key:
description: |-
The key of the entry in the Secret resource's `data` field to be used. Some instances of this field may be
defaulted, in others it may be required.
type: string
name:
description: The name of the Secret resource being referred to.
type: string
namespace:
description: |-
Namespace of the resource being referred to. Ignored if referent is not cluster-scoped. cluster-scoped defaults
to the namespace of the referent.
type: string
type: object
required:
- privateKeySecretRef
type: object
required:
- secretRef
type: object
serverUrl:
description: ServerURL is the chef server URL used to connect to. If using orgs you should include your org in the url and terminate the url with a "/"
type: string
username:
description: UserName should be the user ID on the chef server
type: string
required:
- auth
- serverUrl
- username
type: object
conjur:
description: Conjur configures this store to sync secrets using conjur provider
properties:
Expand Down