Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Part 9/n - Add kubernetes secret plugin #107

Merged
merged 45 commits into from
Feb 2, 2024
Merged

Part 9/n - Add kubernetes secret plugin #107

merged 45 commits into from
Feb 2, 2024

Commits on Apr 6, 2022

  1. repo init

    @tvoran
    tvoran committed Apr 6, 2022
    Configuration menu
    Copy the full SHA
    6491b65 View commit details
    Browse the repository at this point in the history

Commits on Apr 11, 2022

  1. Basic plugin setup (#1) 

    Adds license, readme, basic secrets plugin skeleton, and CI tests and
integration tests. Most of the non-code parts were copied from
hashicorp/vault-plugin-auth-kubernetes and s/auth/secrets/. Notable
changes include using gofumpt instead of gofmt (like hashicorp/vault
does), and an additional local_dev.sh script.
    @tvoran
    tvoran committed Apr 11, 2022
    Configuration menu
    Copy the full SHA
    dca0c35 View commit details
    Browse the repository at this point in the history

Commits on Apr 19, 2022

  1. config endpoint implementation (#2) 

    Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
    @tvoran @tomhjp
    tvoran and tomhjp committed Apr 19, 2022
    Configuration menu
    Copy the full SHA
    4a1591f View commit details
    Browse the repository at this point in the history

Commits on May 3, 2022

  1. adding roles endpoint (#3) 

    And updating fileutil, and the integration test's vault version

Co-authored-by: Christopher Swenson <swenson@swenson.io>
Co-authored-by: Calvin Leung Huang <1883212+calvn@users.noreply.github.com>
    @tvoran @swenson @calvn
    3 people committed May 3, 2022
    Configuration menu
    Copy the full SHA
    709eb57 View commit details
    Browse the repository at this point in the history

Commits on May 20, 2022

  1. creds endpoint (#4) 

    Generates k8s service accounts for the three operation modes: existing
service account, existing role, and creating all objects from given
role rules. Includes a WAL-based rollback to cleanup create failures.

Co-authored-by: Tom Proctor <tomhjp@users.noreply.github.com>
    @tvoran @tomhjp
    tvoran and tomhjp committed May 20, 2022
    Configuration menu
    Copy the full SHA
    f61499d View commit details
    Browse the repository at this point in the history

  2. add changelog (openbao#5)

    @tvoran
    tvoran committed May 20, 2022
    Configuration menu
    Copy the full SHA
    2f60824 View commit details
    Browse the repository at this point in the history

Commits on May 25, 2022

  1. Split additional annotations (openbao#7) 

    * Split additional_metadata into extra_labels and extra_annotations
* Reduce WAL integration test time
* Speed up WAL tests by a further 3x, delete unused test code, tidy test type conversions a little
* Check service account isn't created, port across some doc tweaks

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
    @tomhjp @tvoran
    tomhjp and tvoran committed May 25, 2022
    Configuration menu
    Copy the full SHA
    e38a909 View commit details
    Browse the repository at this point in the history

Commits on May 26, 2022

  1. changelog++

    @tvoran
    tvoran committed May 26, 2022
    Configuration menu
    Copy the full SHA
    498edce View commit details
    Browse the repository at this point in the history

Commits on Jun 8, 2022

  1. test with kubernetes 1.24 (openbao#9) 

    Update the CI tests to use kubernetes 1.24, and drop 1.20. Remove
unused KUBERNETES_JWT env.
    @tvoran
    tvoran committed Jun 8, 2022
    Configuration menu
    Copy the full SHA
    aab96f5 View commit details
    Browse the repository at this point in the history

Commits on Jul 19, 2022

  1. Test against Vault Enterprise (openbao#11) 

    Test against Vault Enterprise

We run the tests again but overwrite the `vault:dev` image with the
Enterprise image and ensure that the license is loaded.
    Christopher Swenson committed Jul 19, 2022
    Configuration menu
    Copy the full SHA
    dee9534 View commit details
    Browse the repository at this point in the history

Commits on Aug 5, 2022

  1. Update jira sync (openbao#12)

    @benashz
    benashz committed Aug 5, 2022
    Configuration menu
    Copy the full SHA
    b617757 View commit details
    Browse the repository at this point in the history

Commits on Aug 8, 2022

  1. Update team to be 'foundations' (openbao#13)

    @benashz
    benashz committed Aug 8, 2022
    Configuration menu
    Copy the full SHA
    b423467 View commit details
    Browse the repository at this point in the history

Commits on Sep 16, 2022

  1. Role namespace configuration possible via LabelSelector (openbao#10) 

    * add new parameter allowed_kubernetes_namespace_selector to
  external plugin api
* add logic to handle a namespace label selector if configured in
  role
* change validation that both namespace parameters can be
  supplied on roles, add integration tests for
  allowed_kubernetes_namespace_selector
    @f4z3r
    f4z3r committed Sep 16, 2022
    Configuration menu
    Copy the full SHA
    bc53143 View commit details
    Browse the repository at this point in the history

  2. Repo hygiene (openbao#14) 

    test with k8s 1.22-25, vault 1.11.3, vault-helm 0.22.0, and go 1.19.1

gofumpt format fixes, and updated dependencies to avoid CVEs:
- golang.org/x/crypto@v0.0.0-20220314234659-1baeb1ce4c0b
- golang.org/x/net@v0.0.0-20220906165146-f3363e06e74c
- golang.org/x/sys@v0.0.0-20220728004956-3c1f35247d10
- github.com/stretchr/testify@v1.8.0

updated vault/api and vault/sdk
- github.com/hashicorp/vault/api@v1.7.2
- github.com/hashicorp/vault/sdk@v0.5.3
    @tvoran
    tvoran committed Sep 16, 2022
    Configuration menu
    Copy the full SHA
    f9cb9f0 View commit details
    Browse the repository at this point in the history

  3. changelog++

    @tvoran
    tvoran committed Sep 16, 2022
    Configuration menu
    Copy the full SHA
    3d24bd2 View commit details
    Browse the repository at this point in the history

Commits on Nov 8, 2022

  1. Update dependencies (openbao#15) 

    By running:

```sh
go list -u -m -json all | jq -r 'select(.Indirect != true and .Update != null) | .Path+"@"+.Update.Version' | xargs -L1 go get
go mod tidy
```
    Christopher Swenson committed Nov 8, 2022
    Configuration menu
    Copy the full SHA
    02f0219 View commit details
    Browse the repository at this point in the history

Commits on Nov 9, 2022

  1. [COMPLIANCE] Update MPL-2.0 LICENSE (openbao#16) 

    Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
    @hashicorp-copywrite
    hashicorp-copywrite[bot] committed Nov 9, 2022
    Configuration menu
    Copy the full SHA
    47eab73 View commit details
    Browse the repository at this point in the history

Commits on Dec 15, 2022

  1. Add /check endpoint to verify env variable setup (openbao#18) 

    Adds a `/check` endpoint that will return a 204 if the
required environment variables are present, and otherwise
returns a 400 with a list of what variables are missing.

Co-authored-by: Theron Voran <tvoran@users.noreply.github.com>
    @tvoran
    Christopher Swenson and tvoran committed Dec 15, 2022
    Configuration menu
    Copy the full SHA
    6b1994e View commit details
    Browse the repository at this point in the history

Commits on Feb 8, 2023

  1. CreateOperation should only be implemented alongside ExistenceCheck (o… 

    …penbao#19)

See hashicorp/vault#18492
    @maxb
    maxb committed Feb 8, 2023
    Configuration menu
    Copy the full SHA
    077bb00 View commit details
    Browse the repository at this point in the history

  2. change test to use update operation after removal of create operation ( 

    …openbao#20)
    @kpcraig
    kpcraig committed Feb 8, 2023
    Configuration menu
    Copy the full SHA
    17938cf View commit details
    Browse the repository at this point in the history

Commits on Feb 28, 2023

  1. [COMPLIANCE] Add Copyright and License Headers (openbao#22) 

    Co-authored-by: hashicorp-copywrite[bot] <110428419+hashicorp-copywrite[bot]@users.noreply.github.com>
    @hashicorp-copywrite
    hashicorp-copywrite[bot] committed Feb 28, 2023
    Configuration menu
    Copy the full SHA
    a0e8750 View commit details
    Browse the repository at this point in the history

  2. changelog++ (openbao#21)

    @kpcraig
    kpcraig committed Feb 28, 2023
    Configuration menu
    Copy the full SHA
    5fd13ac View commit details
    Browse the repository at this point in the history

  3. enable plugin multiplexing (openbao#23) 

    * enable plugin multiplexing

- the plugin will be multiplexed when run as an external plugin
  against vault versions that support plugin multiplexing
- we continue to set the TLSProviderFunc to maintain backwards
  compatibility with vault versions that don't support AutoMTLS (< 1.12)

* update changelog and readme
    @fairclothjm
    fairclothjm committed Feb 28, 2023
    Configuration menu
    Copy the full SHA
    1f51056 View commit details
    Browse the repository at this point in the history

Commits on Mar 10, 2023

  1. feat: add audiences option on token create and token_default_audience… 

    …s option on role create (openbao#24)
    @thyton
    thyton committed Mar 10, 2023
    Configuration menu
    Copy the full SHA
    fb49b9f View commit details
    Browse the repository at this point in the history

Commits on Mar 23, 2023

  1. Update go, k8s, and Vault (openbao#25) 

    Use go 1.20.2, and update x/net to v0.8.0:

golang.org/x/net v0.5.0 => v0.8.0
golang.org/x/sys v0.4.0 => v0.6.0
golang.org/x/term v0.4.0 => v0.6.0
golang.org/x/text v0.6.0 => v0.8.0

Update k8s versions and add 1.26.2. Use known GHA SHAs in the test
workflow, update helm/kind-action's version and remove
azure/setup-kubectl in favor of the kubectl_version option on
helm/kind-action.

Removes the extra caching steps in favor of setup-go@v3's built-in
caching support.
    @tvoran
    tvoran committed Mar 23, 2023
    Configuration menu
    Copy the full SHA
    724c9f3 View commit details
    Browse the repository at this point in the history

Commits on Mar 30, 2023

  1. Prep for independent release; update deps (openbao#26) 

    Prep for release; update deps
    Christopher Swenson committed Mar 30, 2023
    Configuration menu
    Copy the full SHA
    9b6ea73 View commit details
    Browse the repository at this point in the history

Commits on Apr 7, 2023

  1. feat: kubernetes_namespace omittable on token create for single names… 

    …pace Vault role (openbao#27)
    @thyton
    thyton committed Apr 7, 2023
    Configuration menu
    Copy the full SHA
    1340266 View commit details
    Browse the repository at this point in the history

Commits on Apr 18, 2023

  1. Add display attributes for OpenAPI OperationID's (openbao#28)

    @averche
    averche committed Apr 18, 2023
    Configuration menu
    Copy the full SHA
    9f0a487 View commit details
    Browse the repository at this point in the history

Commits on Apr 21, 2023

  1. Result of tsccr-helper -pin-all-workflows . (openbao#29) 

    Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
    @hashicorp-tsccr
    hashicorp-tsccr[bot] and hashicorp-tsccr[bot] committed Apr 21, 2023
    Configuration menu
    Copy the full SHA
    ce061dc View commit details
    Browse the repository at this point in the history

Commits on May 25, 2023

  1. update dependencies (openbao#30) 

    * update dependencies

* update go-version; update changelog
    @fairclothjm
    fairclothjm committed May 25, 2023
    Configuration menu
    Copy the full SHA
    a5db793 View commit details
    Browse the repository at this point in the history

  2. make changelog correction for release v0.5.0 (openbao#31)

    @fairclothjm
    fairclothjm committed May 25, 2023
    Configuration menu
    Copy the full SHA
    ad634b0 View commit details
    Browse the repository at this point in the history

Commits on Jun 15, 2023

  1. repo hygiene (openbao#32) 

    Use the common jira-sync with the correct team name, update actions to
latest trusted versions, test with k8s 1.23-1.27 and vault 1.13.3, use
go 1.20.5.
    @tvoran
    tvoran committed Jun 15, 2023
    Configuration menu
    Copy the full SHA
    fe4b949 View commit details
    Browse the repository at this point in the history

Commits on Jul 26, 2023

  1. workflows: add bulk dep update job (openbao#34) 

    * workflows: add bulk dep update job

* update reviewer team
    @fairclothjm
    fairclothjm committed Jul 26, 2023
    Configuration menu
    Copy the full SHA
    e1d2312 View commit details
    Browse the repository at this point in the history

Commits on Sep 6, 2023

  1. Bump google.golang.org/grpc from 1.41.0 to 1.53.0 (openbao#33) 

    Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.41.0 to 1.53.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.41.0...v1.53.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] committed Sep 6, 2023
    Configuration menu
    Copy the full SHA
    e62408f View commit details
    Browse the repository at this point in the history

  2. Update dependencies and release tag (openbao#35) 

    * Update deps

* update changelog
    @robmonte
    robmonte committed Sep 6, 2023
    Configuration menu
    Copy the full SHA
    17019ff View commit details
    Browse the repository at this point in the history

Commits on Oct 12, 2023

  1. go, k8s, and actions updates (openbao#37) 

    Build with go 1.21.3, and update related packages. Pin github actions
to the latest trusted versions, and test with k8s 1.24-1.28 and Vault
1.15.0.
    @tvoran
    tvoran committed Oct 12, 2023
    Configuration menu
    Copy the full SHA
    5903c1e View commit details
    Browse the repository at this point in the history

Commits on Oct 27, 2023

  1. Bump google.golang.org/grpc from 1.57.0 to 1.57.1 (openbao#38) 

    * Bump google.golang.org/grpc from 1.57.0 to 1.57.1

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.57.0 to 1.57.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.57.0...v1.57.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
    @dependabot
    dependabot[bot] committed Oct 27, 2023
    Configuration menu
    Copy the full SHA
    2f75db6 View commit details
    Browse the repository at this point in the history

Commits on Nov 2, 2023

  1. Bump github.com/docker/docker from 24.0.5+incompatible to 24.0.7+inco… 

    …mpatible (openbao#39)

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.5+incompatible to 24.0.7+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](moby/moby@v24.0.5...v24.0.7)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] committed Nov 2, 2023
    Configuration menu
    Copy the full SHA
    8af09a9 View commit details
    Browse the repository at this point in the history

  2. Automated dependency upgrades (openbao#40) 

    Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
    @hc-github-team-secure-vault-ecosystem
    hc-github-team-secure-vault-ecosystem and hc-github-team-secure-vault-ecosystem committed Nov 2, 2023
    Configuration menu
    Copy the full SHA
    1e7a059 View commit details
    Browse the repository at this point in the history

Commits on Nov 28, 2023

  1. Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (openbao#41) 

    Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/go-jose/go-jose/releases)
- [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md)
- [Commits](go-jose/go-jose@v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: github.com/go-jose/go-jose/v3
  dependency-type: indirect
...

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
    @dependabot
    dependabot[bot] committed Nov 28, 2023
    Configuration menu
    Copy the full SHA
    fdc0f88 View commit details
    Browse the repository at this point in the history

Commits on Dec 1, 2023

  1. Automated dependency upgrades (openbao#42) 

    Co-authored-by: hc-github-team-secure-vault-ecosystem <hc-github-team-secure-vault-ecosystem@users.noreply.github.com>
    @hc-github-team-secure-vault-ecosystem
    hc-github-team-secure-vault-ecosystem and hc-github-team-secure-vault-ecosystem committed Dec 1, 2023
    Configuration menu
    Copy the full SHA
    0074a52 View commit details
    Browse the repository at this point in the history

Commits on Feb 2, 2024

  1. Replace hashicorp/vault -> openbao/openbao in secret/kubernetes 

    Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
    @cipherboy
    cipherboy committed Feb 2, 2024
    Configuration menu
    Copy the full SHA
    d3d8789 View commit details
    Browse the repository at this point in the history

  2. Add 'builtin/logical/kubernetes/' from commit 'd3d8789fbd26469e969899… 

    …364a098f4e3870b085'

git-subtree-dir: builtin/logical/kubernetes
git-subtree-mainline: 3f07265
git-subtree-split: d3d8789
    @cipherboy
    cipherboy committed Feb 2, 2024
    Configuration menu
    Copy the full SHA
    477aea6 View commit details
    Browse the repository at this point in the history

  3. Rename cmd/vault-plugin-secrets-kubernetes -> kubernetes 

    Cherry-pick of d0dbf8b.

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
    @cipherboy
    cipherboy committed Feb 2, 2024
    Configuration menu
    Copy the full SHA
    be8fd13 View commit details
    Browse the repository at this point in the history

  4. Use builtin/logical/kubernetes over hashicorp/vault-plugin-secrets-ku… 

    …bernetes

Cherry-pick of f63514f
             + 93c9508.

Signed-off-by: Alexander Scheel <alexander.m.scheel@gmail.com>
    @cipherboy
    cipherboy committed Feb 2, 2024
    Configuration menu
    Copy the full SHA
    0eb372a View commit details
    Browse the repository at this point in the history