Merge pull request #2 from projectsyn/commodore-renovate/dependency-external-secrets

Update Helm release external-secrets to v0.18.0

Author: DebakelOrakel

class/defaults.yml

@@ -13,7 +13,7 @@ parameters:
     charts:
       external-secrets:
         source: https://charts.external-secrets.io
-        version: v0.17.0
+        version: 0.18.0
 
     helm_values:
       image:

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/cert-controller-deployment.yaml

@@ -5,8 +5,8 @@ metadata:
     app.kubernetes.io/instance: external-secrets
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: external-secrets-cert-controller
-    app.kubernetes.io/version: v0.17.0
-    helm.sh/chart: external-secrets-0.17.0
+    app.kubernetes.io/version: v0.18.0
+    helm.sh/chart: external-secrets-0.18.0
   name: external-secrets-cert-controller
   namespace: syn-external-secrets-operator
 spec:
@@ -22,8 +22,8 @@ spec:
         app.kubernetes.io/instance: external-secrets
         app.kubernetes.io/managed-by: Helm
         app.kubernetes.io/name: external-secrets-cert-controller
-        app.kubernetes.io/version: v0.17.0
-        helm.sh/chart: external-secrets-0.17.0
+        app.kubernetes.io/version: v0.18.0
+        helm.sh/chart: external-secrets-0.18.0
     spec:
       automountServiceAccountToken: true
       containers:
@@ -39,7 +39,7 @@ spec:
             - --loglevel=info
             - --zap-time-encoding=epoch
             - --enable-partial-cache=true
-          image: oci.external-secrets.io/external-secrets/external-secrets:v0.17.0
+          image: oci.external-secrets.io/external-secrets/external-secrets:v0.18.0
           imagePullPolicy: IfNotPresent
           name: cert-controller
           ports:

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/cert-controller-rbac.yaml

@@ -5,8 +5,8 @@ metadata:
     app.kubernetes.io/instance: external-secrets
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: external-secrets-cert-controller
-    app.kubernetes.io/version: v0.17.0
-    helm.sh/chart: external-secrets-0.17.0
+    app.kubernetes.io/version: v0.18.0
+    helm.sh/chart: external-secrets-0.18.0
   name: external-secrets-cert-controller
 rules:
   - apiGroups:
@@ -79,8 +79,8 @@ metadata:
     app.kubernetes.io/instance: external-secrets
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: external-secrets-cert-controller
-    app.kubernetes.io/version: v0.17.0
-    helm.sh/chart: external-secrets-0.17.0
+    app.kubernetes.io/version: v0.18.0
+    helm.sh/chart: external-secrets-0.18.0
   name: external-secrets-cert-controller
 roleRef:
   apiGroup: rbac.authorization.k8s.io

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/cert-controller-serviceaccount.yaml

@@ -5,7 +5,7 @@ metadata:
     app.kubernetes.io/instance: external-secrets
     app.kubernetes.io/managed-by: Helm
     app.kubernetes.io/name: external-secrets-cert-controller
-    app.kubernetes.io/version: v0.17.0
-    helm.sh/chart: external-secrets-0.17.0
+    app.kubernetes.io/version: v0.18.0
+    helm.sh/chart: external-secrets-0.18.0
   name: external-secrets-cert-controller
   namespace: syn-external-secrets-operator

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/crds/clusterexternalsecret.yaml

@@ -175,6 +175,7 @@ spec:
                                       - VaultDynamicSecret
                                       - Webhook
                                       - Grafana
+                                      - MFA
                                     type: string
                                   name:
                                     description: Specify the name of the generator
@@ -375,6 +376,7 @@ spec:
                                       - VaultDynamicSecret
                                       - Webhook
                                       - Grafana
+                                      - MFA
                                     type: string
                                   name:
                                     description: Specify the name of the generator
@@ -1380,9 +1382,8 @@ spec:
                       type: object
                   type: object
                 namespaceSelector:
-                  description: |-
-                    The labels to select by to find the Namespaces to create the ExternalSecrets in.
-                    Deprecated: Use NamespaceSelectors instead.
+                  description: The labels to select by to find the Namespaces to create
+                    the ExternalSecrets in
                   properties:
                     matchExpressions:
                       description: matchExpressions is a list of label selector requirements.

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/crds/clustergenerator.yaml

@@ -619,6 +619,57 @@ spec:
                         - serviceAccount
                         - url
                       type: object
+                    mfaSpec:
+                      description: MFASpec controls the behavior of the mfa generator.
+                      properties:
+                        algorithm:
+                          description: Algorithm to use for encoding. Defaults to
+                            SHA1 as per the RFC.
+                          type: string
+                        length:
+                          description: Length defines the token length. Defaults to
+                            6 characters.
+                          type: integer
+                        secret:
+                          description: Secret is a secret selector to a secret containing
+                            the seed secret to generate the TOTP value from.
+                          properties:
+                            key:
+                              description: |-
+                                A key in the referenced Secret.
+                                Some instances of this field may be defaulted, in others it may be required.
+                              maxLength: 253
+                              minLength: 1
+                              pattern: ^[-._a-zA-Z0-9]+$
+                              type: string
+                            name:
+                              description: The name of the Secret resource being referred
+                                to.
+                              maxLength: 253
+                              minLength: 1
+                              pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                              type: string
+                            namespace:
+                              description: |-
+                                The namespace of the Secret resource being referred to.
+                                Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                              maxLength: 63
+                              minLength: 1
+                              pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                              type: string
+                          type: object
+                        timePeriod:
+                          description: TimePeriod defines how long the token can be
+                            active. Defaults to 30 seconds.
+                          type: integer
+                        when:
+                          description: When defines a time parameter that can be used
+                            to pin the origin time of the generated token.
+                          format: date-time
+                          type: string
+                      required:
+                        - secret
+                      type: object
                     passwordSpec:
                       description: PasswordSpec controls the behavior of the password
                         generator.
@@ -847,11 +898,7 @@ spec:
                                 (such as arn:aws:iam::123456789012:mfa/user)
                               type: string
                             sessionDuration:
-                              description: |-
-                                SessionDuration The duration, in seconds, that the credentials should remain valid. Acceptable durations for
-                                IAM user sessions range from 900 seconds (15 minutes) to 129,600 seconds (36 hours), with 43,200 seconds
-                                (12 hours) as the default.
-                              format: int64
+                              format: int32
                               type: integer
                             tokenCode:
                               description: TokenCode is the value provided by the

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/crds/clusterpushsecret.yaml

@@ -275,6 +275,7 @@ spec:
                                 - VaultDynamicSecret
                                 - Webhook
                                 - Grafana
+                                - MFA
                               type: string
                             name:
                               description: Specify the name of the generator resource

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/crds/clustersecretstore.yaml

@@ -2709,8 +2709,8 @@ spec:
                               type: string
                           type: object
                         vault:
-                          description: Vault defines the vault's name to access. Do
-                            NOT add op:// prefix. This will be done automatically.
+                          description: Vault defines the vault's name or uuid to access.
+                            Do NOT add op:// prefix. This will be done automatically.
                           type: string
                       required:
                         - auth

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/crds/externalsecret.yaml

@@ -154,6 +154,7 @@ spec:
                                   - VaultDynamicSecret
                                   - Webhook
                                   - Grafana
+                                  - MFA
                                 type: string
                               name:
                                 description: Specify the name of the generator resource
@@ -351,6 +352,7 @@ spec:
                                   - VaultDynamicSecret
                                   - Webhook
                                   - Grafana
+                                  - MFA
                                 type: string
                               name:
                                 description: Specify the name of the generator resource

tests/golden/defaults/external-secrets-operator/external-secrets-operator/10_helm_chart/external-secrets/templates/crds/mfa.yaml

@@ -0,0 +1,97 @@
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  annotations:
+    controller-gen.kubebuilder.io/version: v0.18.0
+  labels:
+    external-secrets.io/component: controller
+  name: mfas.generators.external-secrets.io
+spec:
+  group: generators.external-secrets.io
+  names:
+    categories:
+      - external-secrets
+      - external-secrets-generators
+    kind: MFA
+    listKind: MFAList
+    plural: mfas
+    singular: mfa
+  scope: Namespaced
+  versions:
+    - name: v1alpha1
+      schema:
+        openAPIV3Schema:
+          description: MFA generates a new TOTP token that is compliant with RFC 6238.
+          properties:
+            apiVersion:
+              description: |-
+                APIVersion defines the versioned schema of this representation of an object.
+                Servers should convert recognized schemas to the latest internal value, and
+                may reject unrecognized values.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+              type: string
+            kind:
+              description: |-
+                Kind is a string value representing the REST resource this object represents.
+                Servers may infer this from the endpoint the client submits requests to.
+                Cannot be updated.
+                In CamelCase.
+                More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: MFASpec controls the behavior of the mfa generator.
+              properties:
+                algorithm:
+                  description: Algorithm to use for encoding. Defaults to SHA1 as
+                    per the RFC.
+                  type: string
+                length:
+                  description: Length defines the token length. Defaults to 6 characters.
+                  type: integer
+                secret:
+                  description: Secret is a secret selector to a secret containing
+                    the seed secret to generate the TOTP value from.
+                  properties:
+                    key:
+                      description: |-
+                        A key in the referenced Secret.
+                        Some instances of this field may be defaulted, in others it may be required.
+                      maxLength: 253
+                      minLength: 1
+                      pattern: ^[-._a-zA-Z0-9]+$
+                      type: string
+                    name:
+                      description: The name of the Secret resource being referred
+                        to.
+                      maxLength: 253
+                      minLength: 1
+                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+                      type: string
+                    namespace:
+                      description: |-
+                        The namespace of the Secret resource being referred to.
+                        Ignored if referent is not cluster-scoped, otherwise defaults to the namespace of the referent.
+                      maxLength: 63
+                      minLength: 1
+                      pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+                      type: string
+                  type: object
+                timePeriod:
+                  description: TimePeriod defines how long the token can be active.
+                    Defaults to 30 seconds.
+                  type: integer
+                when:
+                  description: When defines a time parameter that can be used to pin
+                    the origin time of the generated token.
+                  format: date-time
+                  type: string
+              required:
+                - secret
+              type: object
+          type: object
+      served: true
+      storage: true
+      subresources:
+        status: {}