Merge branch 'main' into VAULT-22198/truncate-resource-names-v2

CHANGELOG.md

@@ -1,3 +1,13 @@
+## 0.4.2 (December 7th, 2023)
+
+Fix:
+* Include viewer and editor RBAC roles in the chart: [GH-501](https://github.com/hashicorp/vault-secrets-operator/pull/501)
+* Build: image/ubi: add separate target and build job for RedHat: [GH-503](https://github.com/hashicorp/vault-secrets-operator/pull/503)
+
+Dependency Updates:
+* Bump github.com/go-openapi/strfmt from 0.21.7 to 0.21.8: [GH-490](https://github.com/hashicorp/vault-secrets-operator/pull/490)
+* Bump google.golang.org/api from 0.151.0 to 0.152.0: [GH-489](https://github.com/hashicorp/vault-secrets-operator/pull/489)
+
 ## 0.4.1 (December 4th, 2023)
 
 Improvements:

chart/Chart.yaml

@@ -3,8 +3,8 @@
 
 apiVersion: v2
 name: vault-secrets-operator
-version: 0.4.1
-appVersion: "0.4.1"
+version: 0.4.2
+appVersion: "0.4.2"
 kubeVersion: ">=1.22.0-0"
 description: Official Vault Secrets Operator Chart
 type: application

chart/values.yaml

@@ -100,7 +100,7 @@ controller:
     # Image sets the repo and tag of the vault-secrets-operator image to use for the controller.
     image:
       repository: hashicorp/vault-secrets-operator
-      tag: 0.4.1
+      tag: 0.4.2
 
     # Configures the client cache which is used by the controller to cache (and potentially persist) vault tokens that
     # are the result of using the VaultAuthMethod. This enables re-use of Vault Tokens

config/manager/kustomization.yaml

@@ -16,4 +16,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: hashicorp/vault-secrets-operator
-  newTag: 0.4.1
+  newTag: 0.4.2

config/manifests/bases/vault-secrets-operator.clusterserviceversion.yaml

@@ -128,4 +128,7 @@ spec:
   provider:
     name: HashiCorp
     url: https://www.hashicorp.com/
+  replaces: vault-secrets-operator.v0.4.0
+  skips:
+  - vault-secrets-operator.v0.4.1
   version: 0.0.0-dev

controllers/vaultdynamicsecret_controller.go

@@ -210,8 +210,11 @@ func (r *VaultDynamicSecretReconciler) Reconcile(ctx context.Context, req ctrl.R
 	secretLease, staticCredsUpdated, err := r.syncSecret(ctx, vClient, o)
 	if err != nil {
 		_, jitter := computeMaxJitterWithPercent(requeueDurationOnError, 0.5)
+		horizon := requeueDurationOnError + time.Duration(jitter)
+		r.Recorder.Eventf(o, corev1.EventTypeWarning, consts.ReasonSecretSyncError,
+			"Failed to sync the secret, horizon=%s, err=%s", horizon, err)
 		return ctrl.Result{
-			RequeueAfter: requeueDurationOnError + time.Duration(jitter),
+			RequeueAfter: horizon,
 		}, nil
 	}
 
@@ -274,9 +277,10 @@ func (r *VaultDynamicSecretReconciler) syncSecret(ctx context.Context, c vault.C
 	}
 
 	method := o.Spec.RequestHTTPMethod
+	logger := log.FromContext(ctx).WithName("syncSecret")
 	if params != nil {
 		if !(method == http.MethodPost || method == http.MethodPut) {
-			log.FromContext(ctx).V(consts.LogLevelWarning).Info(
+			logger.V(consts.LogLevelWarning).Info(
 				"Params provided, ignoring specified method",
 				"requestHTTPMethod", o.Spec.RequestHTTPMethod)
 		}
@@ -286,6 +290,7 @@ func (r *VaultDynamicSecretReconciler) syncSecret(ctx context.Context, c vault.C
 		method = http.MethodGet
 	}
 
+	logger = logger.WithValues("path", path, "method", method)
 	switch method {
 	case http.MethodPut, http.MethodPost:
 		resp, err = c.Write(ctx, vault.NewWriteRequest(path, params))
@@ -296,6 +301,7 @@ func (r *VaultDynamicSecretReconciler) syncSecret(ctx context.Context, c vault.C
 	}
 
 	if err != nil {
+		logger.Error(err, "Vault request failed")
 		return nil, false, err
 	}
 
@@ -360,6 +366,7 @@ func (r *VaultDynamicSecretReconciler) syncSecret(ctx context.Context, c vault.C
 	}
 
 	if err := helpers.SyncSecret(ctx, r.Client, o, data); err != nil {
+		logger.Error(err, "Destination sync failed")
 		return nil, false, err
 	}