-
Notifications
You must be signed in to change notification settings - Fork 85
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #107 from cipherboy/add-kubernetes-secret-plugin
Part 9/n - Add kubernetes secret plugin
- Loading branch information
Showing
39 changed files
with
5,447 additions
and
1 deletion.
There are no files selected for viewing
24 changes: 24 additions & 0 deletions
24
builtin/logical/kubernetes/.github/PULL_REQUEST_TEMPLATE.md
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
# Overview | ||
|
||
A high level description of the contribution, including: | ||
Who the change affects or is for (stakeholders)? | ||
What is the change? | ||
Why is the change needed? | ||
How does this change affect the user experience (if at all)? | ||
|
||
# Design of Change | ||
|
||
How was this change implemented? | ||
|
||
# Related Issues/Pull Requests | ||
|
||
[ ] [Issue #1234](https://github.com/hashicorp/vault/issues/1234) | ||
[ ] [PR #1234](https://github.com/hashicorp/vault/pr/1234) | ||
|
||
# Contributor Checklist | ||
|
||
[ ] Add relevant docs to upstream Vault repository, or sufficient reasoning why docs won’t be added yet | ||
[My Docs PR Link](link) | ||
[Example](https://github.com/hashicorp/vault/commit/2715f5cec982aabc7b7a6ae878c547f6f475bba6) | ||
[ ] Add output for any tests not ran in CI to the PR description (eg, acceptance tests) | ||
[ ] Backwards compatible |
17 changes: 17 additions & 0 deletions
17
builtin/logical/kubernetes/.github/workflows/bulk-dep-upgrades.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
name: Upgrade dependencies | ||
on: | ||
workflow_dispatch: | ||
schedule: | ||
# Runs 12:00AM on the first of every month | ||
- cron: '0 0 1 * *' | ||
jobs: | ||
upgrade: | ||
# using `main` as the ref will keep your workflow up-to-date | ||
uses: hashicorp/vault-workflows-common/.github/workflows/bulk-dependency-updates.yaml@main | ||
secrets: | ||
VAULT_ECO_GITHUB_TOKEN: ${{ secrets.VAULT_ECO_GITHUB_TOKEN }} | ||
with: | ||
# either hashicorp/vault-ecosystem-applications or hashicorp/vault-ecosystem-foundations | ||
reviewer-team: hashicorp/vault-ecosystem-foundations | ||
repository: ${{ github.repository }} | ||
run-id: ${{ github.run_id }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
name: Jira Sync | ||
on: | ||
issues: | ||
types: [opened, closed, deleted, reopened] | ||
pull_request_target: | ||
types: [opened, closed, reopened] | ||
issue_comment: # Also triggers when commenting on a PR from the conversation view | ||
types: [created] | ||
jobs: | ||
sync: | ||
uses: hashicorp/vault-workflows-common/.github/workflows/jira.yaml@main | ||
secrets: | ||
JIRA_SYNC_BASE_URL: ${{ secrets.JIRA_SYNC_BASE_URL }} | ||
JIRA_SYNC_USER_EMAIL: ${{ secrets.JIRA_SYNC_USER_EMAIL }} | ||
JIRA_SYNC_API_TOKEN: ${{ secrets.JIRA_SYNC_API_TOKEN }} | ||
with: | ||
teams-array: '["ecosystem", "foundations-eco"]' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
name: Tests | ||
|
||
on: [push, workflow_dispatch] | ||
|
||
jobs: | ||
fmtcheck: | ||
runs-on: ubuntu-latest | ||
env: | ||
GOFUMPT_VERSION: 0.3.1 | ||
steps: | ||
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | ||
with: | ||
go-version-file: .go-version | ||
- run: | | ||
go install "mvdan.cc/gofumpt@v${GOFUMPT_VERSION}" | ||
make fmtcheck | ||
test: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | ||
with: | ||
go-version-file: .go-version | ||
- run: make test | ||
|
||
integrationTest: | ||
runs-on: ubuntu-latest | ||
needs: [fmtcheck, test] | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
kind-k8s-version: [1.24.15, 1.25.11, 1.26.6, 1.27.3, 1.28.0] | ||
enterprise: ["", "-ent"] | ||
name: Integration test ${{ matrix.enterprise }} kind ${{ matrix.kind-k8s-version }} | ||
steps: | ||
- uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4.1.0 | ||
- name: Create K8s Kind Cluster | ||
uses: helm/kind-action@dda0770415bac9fc20092cacbc54aa298604d140 # v1.8.0 | ||
with: | ||
version: v0.20.0 | ||
cluster_name: vault-plugin-secrets-kubernetes | ||
config: integrationtest/kind/config.yaml | ||
node_image: kindest/node:v${{ matrix.kind-k8s-version }} | ||
- uses: actions/setup-go@93397bea11091df50f3d7e59dc26a7711a8bcfbe # v4.1.0 | ||
with: | ||
go-version-file: .go-version | ||
- env: | ||
VAULT_LICENSE_CI: ${{ secrets.VAULT_LICENSE_CI }} | ||
run: make setup-integration-test${{ matrix.enterprise }} | ||
- env: | ||
INTEGRATION_TESTS: true | ||
run: make integration-test TESTARGS="-v" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,5 @@ | ||
.DS_Store | ||
.idea | ||
.vscode | ||
pkg/* | ||
bin/* |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1 @@ | ||
1.21.3 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,114 @@ | ||
## Unreleased | ||
|
||
### Changes | ||
|
||
* Building with go 1.21.3 | ||
* Testing with k8s 1.24-1.28 | ||
* Dependency updates | ||
* golang.org/x/crypto v0.13.0 -> v0.14.0 | ||
* golang.org/x/net v0.15.0 -> v0.17.0 | ||
* golang.org/x/sys v0.12.0 -> v0.13.0 | ||
* golang.org/x/term v0.12.0 -> v0.13.0 | ||
* github.com/docker/docker v24.0.5 -> v24.0.7 | ||
* github.com/hashicorp/vault/sdk v0.10.0 -> v0.10.2 | ||
* k8s.io/api v0.28.1 -> v0.28.3 | ||
* k8s.io/apimachinery v0.28.1 -> v0.28.3 | ||
* k8s.io/client-go v0.28.1 -> v0.28.3 | ||
* github.com/go-jose/go-jose/v3 v3.0.0 -> v3.0.1 | ||
|
||
## 0.6.0 (September 6th, 2023) | ||
|
||
### Features: | ||
|
||
* update dependencies [GH-35](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/35) | ||
* github.com/hashicorp/vault/api v1.10.0 | ||
* github.com/hashicorp/vault/sdk v0.10.0 | ||
* github.com/stretchr/testify v1.8.4 | ||
* k8s.io/api v0.28.1 | ||
* k8s.io/apimachinery v0.28.1 | ||
* k8s.io/client-go v0.28.1 | ||
* golang.org/x/net v0.15.0 | ||
|
||
### Changes | ||
|
||
* Testing with K8s versions 1.23-1.27 | ||
* Building with Go 1.20.5 | ||
|
||
## 0.5.0 (May 25, 2023) | ||
|
||
### Features: | ||
|
||
* allow omitting `kubernetes_namespace` on token create for single namespace Vault roles [GH-27](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/27) | ||
* update dependencies [GH-196](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/30) | ||
* github.com/hashicorp/vault/api v1.9.1 | ||
* github.com/stretchr/testify v1.8.3 | ||
* k8s.io/api v0.27.2 | ||
* k8s.io/apimachinery v0.27.2 | ||
* k8s.io/client-go v0.27.2 | ||
|
||
## 0.4.0 (March 30, 2023) | ||
|
||
### Features: | ||
|
||
* add `audiences` option to set audiences for the k8s token created from the TokenRequest API, and add `token_default_audiences` | ||
option to set the default audiences on role write [GH-24](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/24) | ||
|
||
### Changes: | ||
|
||
* enable plugin multiplexing [GH-23](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/23) | ||
* update dependencies | ||
* `github.com/hashicorp/vault/api` v1.9.0 | ||
* `github.com/hashicorp/vault/sdk` v0.8.1 | ||
* `github.com/hashicorp/go-hclog` v1.3.1 -> v1.5.0 | ||
* `github.com/stretchr/testify` v1.8.1 -> v1.8.2 | ||
* `k8s.io/api` v0.25.3 -> v0.26.3 | ||
* `k8s.io/apimachinery` v0.25.3 -> v0.26.3 | ||
* `k8s.io/client-go` v0.25.3 -> v0.26.3 | ||
|
||
## 0.3.0 (February 9, 2023) | ||
|
||
* Add `/check` endpoint to determine if environment variables are set [GH-18](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/18) | ||
|
||
### Changes | ||
|
||
* Update to Go 1.19 [GH-15](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/15) | ||
* Update dependencies [GH-15](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/15): | ||
| MODULE | VERSION | NEW VERSION | DIRECT | VALID TIMESTAMPS | | ||
|---------------------------------|---------|-------------|--------|------------------| | ||
| github.com/cenkalti/backoff/v3 | v3.0.0 | v3.2.2 | true | true | | ||
| github.com/hashicorp/go-hclog | v0.16.2 | v1.3.1 | true | true | | ||
| github.com/hashicorp/go-version | v1.2.0 | v1.6.0 | true | true | | ||
| github.com/hashicorp/vault/api | v1.7.2 | v1.8.2 | true | true | | ||
| github.com/hashicorp/vault/sdk | v0.5.3 | v0.6.1 | true | true | | ||
| github.com/stretchr/testify | v1.8.0 | v1.8.1 | true | true | | ||
| gopkg.in/square/go-jose.v2 | v2.5.1 | v2.6.0 | true | true | | ||
| k8s.io/api | v0.22.2 | v0.25.3 | true | true | | ||
| k8s.io/apimachinery | v0.22.2 | v0.25.3 | true | true | | ||
| k8s.io/client-go | v0.22.2 | v0.25.3 | true | true | | ||
|
||
## 0.2.0 (September 15, 2022) | ||
|
||
### Changes | ||
|
||
* Test against k8s versions 1.22-25, vault-helm 0.22.0, and Vault 1.11.3 [[GH-14](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/14)] | ||
* Use go 1.19.1 [[GH-14](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/14)] | ||
|
||
### Improvements | ||
|
||
* Test against Vault Enterprise [[GH-11](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/11)] | ||
* Role namespace configuration possible via LabelSelector [[GH-10](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/10)] | ||
* Update golang dependencies to avoid CVEs [[GH-14](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/14)] | ||
* golang.org/x/crypto@v0.0.0-20220314234659-1baeb1ce4c0b | ||
* golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c | ||
* golang.org/x/sys@v0.0.0-20220728004956-3c1f35247d10 | ||
* github.com/stretchr/testify@v1.8.0 | ||
|
||
## 0.1.1 (May 26th, 2022) | ||
|
||
### Changes | ||
|
||
* Split `additional_metadata` into `extra_annotations` and `extra_labels` parameters [[GH-7](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/7)] | ||
|
||
## 0.1.0 (May 20th, 2022) | ||
|
||
Initial implementation [[GH-2](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/2)][[GH-3](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/3)][[GH-4](https://github.com/hashicorp/vault-plugin-secrets-kubernetes/pull/4)] |
Oops, something went wrong.