From 28be7b3ca1bf8c49ab34c1a101bf2a3042b613c7 Mon Sep 17 00:00:00 2001
From: Ben Ash <32777270+benashz@users.noreply.github.com>
Date: Thu, 7 Dec 2023 15:04:46 -0500
Subject: [PATCH 1/2] Update docs for v0.4.2 release (#505)

* Add replaces/skips directives to clusterserviceversion.
---
 CHANGELOG.md                                           | 10 ++++++++++
 chart/Chart.yaml                                       |  4 ++--
 chart/values.yaml                                      |  2 +-
 config/manager/kustomization.yaml                      |  2 +-
 .../vault-secrets-operator.clusterserviceversion.yaml  |  3 +++
 5 files changed, 17 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d084e932..06e5446e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,13 @@
+## 0.4.2 (December 7th, 2023)
+
+Fix:
+* Include viewer and editor RBAC roles in the chart: [GH-501](https://github.com/hashicorp/vault-secrets-operator/pull/501)
+* Build: image/ubi: add separate target and build job for RedHat: [GH-503](https://github.com/hashicorp/vault-secrets-operator/pull/503)
+
+Dependency Updates:
+* Bump github.com/go-openapi/strfmt from 0.21.7 to 0.21.8: [GH-490](https://github.com/hashicorp/vault-secrets-operator/pull/490)
+* Bump google.golang.org/api from 0.151.0 to 0.152.0: [GH-489](https://github.com/hashicorp/vault-secrets-operator/pull/489)
+
 ## 0.4.1 (December 4th, 2023)
 
 Improvements:
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 40a89364..8f42a924 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -3,8 +3,8 @@
 
 apiVersion: v2
 name: vault-secrets-operator
-version: 0.4.1
-appVersion: "0.4.1"
+version: 0.4.2
+appVersion: "0.4.2"
 kubeVersion: ">=1.22.0-0"
 description: Official Vault Secrets Operator Chart
 type: application
diff --git a/chart/values.yaml b/chart/values.yaml
index 7f4879ba..8ded33ce 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -100,7 +100,7 @@ controller:
     # Image sets the repo and tag of the vault-secrets-operator image to use for the controller.
     image:
       repository: hashicorp/vault-secrets-operator
-      tag: 0.4.1
+      tag: 0.4.2
 
     # Configures the client cache which is used by the controller to cache (and potentially persist) vault tokens that
     # are the result of using the VaultAuthMethod. This enables re-use of Vault Tokens
diff --git a/config/manager/kustomization.yaml b/config/manager/kustomization.yaml
index 638221c0..07e37fcc 100644
--- a/config/manager/kustomization.yaml
+++ b/config/manager/kustomization.yaml
@@ -16,4 +16,4 @@ kind: Kustomization
 images:
 - name: controller
   newName: hashicorp/vault-secrets-operator
-  newTag: 0.4.1
+  newTag: 0.4.2
diff --git a/config/manifests/bases/vault-secrets-operator.clusterserviceversion.yaml b/config/manifests/bases/vault-secrets-operator.clusterserviceversion.yaml
index 9908a125..bc2bfd8d 100644
--- a/config/manifests/bases/vault-secrets-operator.clusterserviceversion.yaml
+++ b/config/manifests/bases/vault-secrets-operator.clusterserviceversion.yaml
@@ -128,4 +128,7 @@ spec:
   provider:
     name: HashiCorp
     url: https://www.hashicorp.com/
+  replaces: vault-secrets-operator.v0.4.0
+  skips:
+  - vault-secrets-operator.v0.4.1
   version: 0.0.0-dev

From b4a741621211b76077b0ea78f93de3ae57eb9994 Mon Sep 17 00:00:00 2001
From: Ben Ash <32777270+benashz@users.noreply.github.com>
Date: Fri, 8 Dec 2023 10:12:40 -0500
Subject: [PATCH 2/2] VDS: Log and record Vault request failures (#508)

---
 controllers/vaultdynamicsecret_controller.go | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/controllers/vaultdynamicsecret_controller.go b/controllers/vaultdynamicsecret_controller.go
index 63848c7e..04affd7c 100644
--- a/controllers/vaultdynamicsecret_controller.go
+++ b/controllers/vaultdynamicsecret_controller.go
@@ -210,8 +210,11 @@ func (r *VaultDynamicSecretReconciler) Reconcile(ctx context.Context, req ctrl.R
 	secretLease, staticCredsUpdated, err := r.syncSecret(ctx, vClient, o)
 	if err != nil {
 		_, jitter := computeMaxJitterWithPercent(requeueDurationOnError, 0.5)
+		horizon := requeueDurationOnError + time.Duration(jitter)
+		r.Recorder.Eventf(o, corev1.EventTypeWarning, consts.ReasonSecretSyncError,
+			"Failed to sync the secret, horizon=%s, err=%s", horizon, err)
 		return ctrl.Result{
-			RequeueAfter: requeueDurationOnError + time.Duration(jitter),
+			RequeueAfter: horizon,
 		}, nil
 	}
 
@@ -274,9 +277,10 @@ func (r *VaultDynamicSecretReconciler) syncSecret(ctx context.Context, c vault.C
 	}
 
 	method := o.Spec.RequestHTTPMethod
+	logger := log.FromContext(ctx).WithName("syncSecret")
 	if params != nil {
 		if !(method == http.MethodPost || method == http.MethodPut) {
-			log.FromContext(ctx).V(consts.LogLevelWarning).Info(
+			logger.V(consts.LogLevelWarning).Info(
 				"Params provided, ignoring specified method",
 				"requestHTTPMethod", o.Spec.RequestHTTPMethod)
 		}
@@ -286,6 +290,7 @@ func (r *VaultDynamicSecretReconciler) syncSecret(ctx context.Context, c vault.C
 		method = http.MethodGet
 	}
 
+	logger = logger.WithValues("path", path, "method", method)
 	switch method {
 	case http.MethodPut, http.MethodPost:
 		resp, err = c.Write(ctx, vault.NewWriteRequest(path, params))
@@ -296,6 +301,7 @@ func (r *VaultDynamicSecretReconciler) syncSecret(ctx context.Context, c vault.C
 	}
 
 	if err != nil {
+		logger.Error(err, "Vault request failed")
 		return nil, false, err
 	}
 
@@ -360,6 +366,7 @@ func (r *VaultDynamicSecretReconciler) syncSecret(ctx context.Context, c vault.C
 	}
 
 	if err := helpers.SyncSecret(ctx, r.Client, o, data); err != nil {
+		logger.Error(err, "Destination sync failed")
 		return nil, false, err
 	}