[DEVOPS-18799 - Update to v0.7.0 #2
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.169.0 to 0.170.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.169.0...v0.170.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.29.2 to 0.29.3. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.29.2...v0.29.3) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.12.0 to 1.12.1. - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](hashicorp/vault@v1.12.0...v1.12.1) --- updated-dependencies: - dependency-name: github.com/hashicorp/vault/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault) from 0.11.0 to 0.11.1. - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-v0.md) - [Commits](hashicorp/vault@v0.11.0...v0.11.1) --- updated-dependencies: - dependency-name: github.com/hashicorp/vault/sdk dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.170.0 to 0.171.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.170.0...v0.171.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…corp#669) Bumps [github.com/gruntwork-io/terratest](https://github.com/gruntwork-io/terratest) from 0.46.11 to 0.46.13. - [Release notes](https://github.com/gruntwork-io/terratest/releases) - [Commits](gruntwork-io/terratest@v0.46.11...v0.46.13) --- updated-dependencies: - dependency-name: github.com/gruntwork-io/terratest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [github.com/hashicorp/vault/api](https://github.com/hashicorp/vault) from 1.12.1 to 1.12.2. - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](hashicorp/vault@v1.12.1...v1.12.2) --- updated-dependencies: - dependency-name: github.com/hashicorp/vault/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.31.1 to 1.32.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.31.1...v1.32.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/cenkalti/backoff/v4](https://github.com/cenkalti/backoff) from 4.2.1 to 4.3.0. - [Commits](cenkalti/backoff@v4.2.1...v4.3.0) --- updated-dependencies: - dependency-name: github.com/cenkalti/backoff/v4 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.171.0 to 0.172.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.171.0...v0.172.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Update the google terraform provider and module to the latest versions so they match between the infra setup and auth method tests. Set gke deletion_protection=false so the cluster can be deleted in CI (new for v5). Bump vault-helm default to 0.27.0. Separate build-push from integration-test-gke so we can build-push once and then run community and enterprise vault tests.
Bumps [github.com/hashicorp/go-hclog](https://github.com/hashicorp/go-hclog) from 1.6.2 to 1.6.3. - [Release notes](https://github.com/hashicorp/go-hclog/releases) - [Commits](hashicorp/go-hclog@v1.6.2...v1.6.3) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-hclog dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…p#678) Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.6.0 to 0.6.1. - [Release notes](https://github.com/prometheus/client_model/releases) - [Commits](prometheus/client_model@v0.6.0...v0.6.1) --- updated-dependencies: - dependency-name: github.com/prometheus/client_model dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Requires an upgrade to: - controller-tools - crd-ref-docs Other fixes: * Ensure the correct crd-ref-docs tools is installed * Report when the repo is unclean.
) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.17.2 to 0.17.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.17.2...v0.17.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault) from 0.11.1 to 0.12.0. - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG-v0.md) - [Commits](hashicorp/vault@v0.11.1...sdk/v0.12.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/vault/sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…icorp#691) Ensure the integration tests exist with the correct status code
Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.32.0 to 1.33.0. - [Release notes](https://github.com/onsi/gomega/releases) - [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md) - [Commits](onsi/gomega@v1.32.0...v1.33.0) --- updated-dependencies: - dependency-name: github.com/onsi/gomega dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Since they're no longer needed in the next release.
In the case where a lifetimeWatcher fails to renew the Vault client lease, we want all related VDS instances to be synced. This helps to mitigate the issue where an external revocation of the client token causes the issued secret leases to be revoked. In that case VSO would have no idea that the token has been revoked. The ideal TTL for the client token should be relatively short, e.g. 1m, so as to trigger the lifetimeWatcher earlier. In the future, VSO will be able to subscribe to lease revocation events from Vault. In that case, VSO will be able to perform the sync immediately. This fix adds a the ability for the ClientFactory call back into the VDS reconciler whenever the lifetime watcher has completed. The VDS reconciler will then perform a force sync on all VDS instances having the Client's cache key. The Vault client cache key and ID persisted to the VDS instances status. Iterative enhancement: * Replace the SyncController with source.Channel (hashicorp#704) Update the VaultDynamicSecretReconciler to rely on the controller-runtime's source.Channel that is watched as a raw source. This ensures that there is only one reconciler work queue required to handle external reconciliation requests. Other fixes: * No longer restore all clients from storage (hashicorp#684) Previously, the client factory would restore all stored clients to warm its client cache. Some issues with that: - restore all is blocking and can lead to a failure of the VSO pod to become ready if there a large number of clients to be restored - restore all is unnecessary, since the client factory will always attempt a restoration upon resource reconciliation. All resources are reconciled when VSO starts up. * Test infra: install metrics-server (hashicorp#694) It is nice to have k8s cluster metrics during integration testing.
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.172.0 to 0.176.1. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.172.0...v0.176.1) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.1 to 1.7.4. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](hashicorp/go-getter@v1.7.1...v1.7.4) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…r-runtime from v0.17.3 to v0.18.0 (hashicorp#714)
…corp#713) Bumps [github.com/gruntwork-io/terratest](https://github.com/gruntwork-io/terratest) from 0.46.13 to 0.46.14. - [Release notes](https://github.com/gruntwork-io/terratest/releases) - [Commits](gruntwork-io/terratest@v0.46.13...v0.46.14) --- updated-dependencies: - dependency-name: github.com/gruntwork-io/terratest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Move integration tests to a common action which removes the need to maintain includes/excludes filters.
Previously, the back off duration was based on a fixed duration + some jitter. This PR introduces exponential back offs for all secret syncing controllers. The back off will be calculated and honored whenever an error is encountered while fetching from a secret source e.g: Vault, HCPVS. - add new metric runtime configuration gauge - unify sync reasons between VDS and VPS controllers
Previously, upon the first application of a VaultStaticSecret instance that had spec.hmacSecretData explicitly set to false, the K8s API would replace that value with default as is defined in the CRD's schema. This fix makes HMACSecretData a pointer receiver, which make K8s do the right thing.
Reduce the randomization factor to ensure that each backoff duration is greater than the last. With the underlying backoff library it is possible to have new backoff durations that are less than a previous one.
Extends the Helm chart to create ClusterRole aggregates based off of the resource specific viewer and editor roles.
Co-authored-by: Ben Ash <[email protected]>
Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.30.0 to 0.30.1. - [Commits](kubernetes/api@v0.30.0...v0.30.1) --- updated-dependencies: - dependency-name: k8s.io/api dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…orp#766) Skip storing kind cluster logs on main Temporary workaround for CRT build prepare issue ref: hashicorp/bob#189.
Backoff is one word. Update all command line args to reflect that.
Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.30.0 to 0.30.1. - [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md) - [Commits](kubernetes/client-go@v0.30.0...v0.30.1) --- updated-dependencies: - dependency-name: k8s.io/client-go dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [google.golang.org/api](https://github.com/googleapis/google-api-go-client) from 0.180.0 to 0.181.0. - [Release notes](https://github.com/googleapis/google-api-go-client/releases) - [Changelog](https://github.com/googleapis/google-api-go-client/blob/main/CHANGES.md) - [Commits](googleapis/google-api-go-client@v0.180.0...v0.181.0) --- updated-dependencies: - dependency-name: google.golang.org/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…icorp#709) Co-authored-by: Ben Ash <[email protected]>
Result of tsccr-helper -log-level=info gha update -latest . Co-authored-by: hashicorp-tsccr[bot] <hashicorp-tsccr[bot]@users.noreply.github.com>
…corp#776) Bumps [github.com/gruntwork-io/terratest](https://github.com/gruntwork-io/terratest) from 0.46.14 to 0.46.15. - [Release notes](https://github.com/gruntwork-io/terratest/releases) - [Commits](gruntwork-io/terratest@v0.46.14...v0.46.15) --- updated-dependencies: - dependency-name: github.com/gruntwork-io/terratest dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.18.2 to 0.18.3. - [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases) - [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md) - [Commits](kubernetes-sigs/controller-runtime@v0.18.2...v0.18.3) --- updated-dependencies: - dependency-name: sigs.k8s.io/controller-runtime dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…s.io/tls for VaultPKISecret (hashicorp#658) (hashicorp#659) Skip overwriting tls.crt and tls.key when transformation templates are configured. --------- Co-authored-by: Ben Ash <[email protected]>
Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.4.1 to 1.4.2. - [Release notes](https://github.com/go-logr/logr/releases) - [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md) - [Commits](go-logr/logr@v1.4.1...v1.4.2) --- updated-dependencies: - dependency-name: github.com/go-logr/logr dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) Bumps [github.com/hashicorp/vault/sdk](https://github.com/hashicorp/vault) from 0.12.0 to 0.13.0. - [Release notes](https://github.com/hashicorp/vault/releases) - [Changelog](https://github.com/hashicorp/vault/blob/main/CHANGELOG.md) - [Commits](hashicorp/vault@sdk/v0.12.0...sdk/v0.13.0) --- updated-dependencies: - dependency-name: github.com/hashicorp/vault/sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update to v0.7.0.
Our changes can be viewed here
https://salesloft.atlassian.net/browse/DEVOPS-18799