Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package kubeseal for openSUSE:Factory checked in at 2023-06-16 16:55:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/kubeseal (Old) and /work/SRC/openSUSE:Factory/.kubeseal.new.15902 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "kubeseal" Fri Jun 16 16:55:27 2023 rev:19 rq:1093427 version:0.22.0 Changes: -------- --- /work/SRC/openSUSE:Factory/kubeseal/kubeseal.changes 2023-05-17 10:53:15.899390628 +0200 +++ /work/SRC/openSUSE:Factory/.kubeseal.new.15902/kubeseal.changes 2023-06-16 16:56:31.146300285 +0200 @@ -1,0 +2,26 @@ +Fri Jun 16 05:16:45 UTC 2023 - [email protected] + +- Update to version 0.22.0: + * Update maintainers list (#1237) + * Bump github.com/onsi/gomega from 1.27.7 to 1.27.8 (#1234) + * Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 (#1235) + * Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 (#1231) + * Feature allow to skip set owner references (#1200) + * Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 (#1229) + * Update generated code (#1228) + * Fix doc generated code directory (#1227) + * Create SECURITY.md (#1226) + * Bump k8s.io/client-go from 0.27.1 to 0.27.2 (#1222) + * Bump k8s.io/code-generator from 0.27.1 to 0.27.2 (#1225) + * Bump github.com/mattn/go-isatty from 0.0.18 to 0.0.19 (#1223) + * Bump k8s.io/apimachinery from 0.27.1 to 0.27.2 (#1221) + * feat: add replicas default value to the deployment manifest + (#1219) + * Add additionalPrinterColumns for status and age (#1217) + * Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 (#1215) + * Bump golang.org/x/crypto from 0.8.0 to 0.9.0 (#1216) + * Release Carvel from Helm Chart v2.9.0 (#1213) + * Allow Helm Chart release v2.9.0 (#1212) + * Release Helm Chart to use v0.21.0 (#1211) + +------------------------------------------------------------------- Old: ---- sealed-secrets-0.21.0.obscpio New: ---- sealed-secrets-0.22.0.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ kubeseal.spec ++++++ --- /var/tmp/diff_new_pack.VxYdgt/_old 2023-06-16 16:56:32.026305477 +0200 +++ /var/tmp/diff_new_pack.VxYdgt/_new 2023-06-16 16:56:32.030305500 +0200 @@ -21,7 +21,7 @@ %define archive_name sealed-secrets Name: kubeseal -Version: 0.21.0 +Version: 0.22.0 Release: 0 Summary: CLI for encrypting secrets to SealedSecrets License: Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.VxYdgt/_old 2023-06-16 16:56:32.070305736 +0200 +++ /var/tmp/diff_new_pack.VxYdgt/_new 2023-06-16 16:56:32.074305760 +0200 @@ -3,7 +3,7 @@ <param name="url">https://github.com/bitnami-labs/sealed-secrets</param> <param name="scm">git</param> <param name="exclude">.git</param> - <param name="revision">v0.21.0</param> + <param name="revision">v0.22.0</param> <param name="versionformat">@PARENT_TAG@</param> <param name="changesgenerate">enable</param> <param name="versionrewrite-pattern">v(.*)</param> @@ -17,7 +17,7 @@ <param name="compression">gz</param> </service> <service name="go_modules" mode="disabled"> - <param name="archive">sealed-secrets-0.21.0.obscpio</param> + <param name="archive">sealed-secrets-0.22.0.obscpio</param> </service> </services> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.VxYdgt/_old 2023-06-16 16:56:32.094305878 +0200 +++ /var/tmp/diff_new_pack.VxYdgt/_new 2023-06-16 16:56:32.098305901 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/bitnami-labs/sealed-secrets</param> - <param name="changesrevision">d33d45c5fc53fb582ff312bb670e66799d91713c</param></service></servicedata> + <param name="changesrevision">96575962d7c2f3e5165f72f97c82b242ecc344af</param></service></servicedata> (No newline at EOF) ++++++ sealed-secrets-0.21.0.obscpio -> sealed-secrets-0.22.0.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/.github/CODEOWNERS new/sealed-secrets-0.22.0/.github/CODEOWNERS --- old/sealed-secrets-0.21.0/.github/CODEOWNERS 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/.github/CODEOWNERS 2023-06-15 12:01:06.000000000 +0200 @@ -1,5 +1,5 @@ # These owners will be the default owners for everything in # the repo. Unless a later match takes precedence, -# @alvneiayu @agarcia-oss @alemorcuq @josvazg will be requested for +# @alvneiayu @agarcia-oss @alemorcuq will be requested for # review when someone opens a pull request. -* @alvneiayu @agarcia-oss @alemorcuq @josvazg +* @alvneiayu @agarcia-oss @alemorcuq diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/.gitignore new/sealed-secrets-0.22.0/.gitignore --- old/sealed-secrets-0.21.0/.gitignore 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/.gitignore 2023-06-15 12:01:06.000000000 +0200 @@ -37,7 +37,6 @@ /docker/controller *.iml .idea -gentmp/ # GoReleaser output dir dist/ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/MAINTAINERS.md new/sealed-secrets-0.22.0/MAINTAINERS.md --- old/sealed-secrets-0.21.0/MAINTAINERS.md 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/MAINTAINERS.md 2023-06-15 12:01:06.000000000 +0200 @@ -7,13 +7,14 @@ | Alvaro Neira Ayuso | [alvneiayu](https://github.com/alvneiayu) | [VMware](https://www.github.com/vmware/) | | Alejandro Moreno | [alemorcuq](https://github.com/alemorcuq) | [VMware](https://www.github.com/vmware/) | | Alfredo Garcia | [agarcia-oss](https://github.com/agarcia-oss) | [VMware](https://www.github.com/vmware/) | -| Jose Vazquez | [josvazg](https://github.com/josvazg) | [VMware](https://www.github.com/vmware/) | ## Emeritus Maintainers - Angus Lees ([anguslees](https://github.com/anguslees)) - Marko Mikulicic ([mkmik](https://github.com/mkmik)) - Juan Ariza ([juan131](https://github.com/juan131)) +- Jose Vazquez ([josvazg](https://github.com/josvazg)) + +--- -======= Full list of [Sealed Secrets contributors](https://github.com/bitnami-labs/sealed-secrets/graphs/contributors). diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/Makefile new/sealed-secrets-0.22.0/Makefile --- old/sealed-secrets-0.21.0/Makefile 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/Makefile 2023-06-15 12:01:06.000000000 +0200 @@ -46,13 +46,7 @@ all: controller kubeseal generate: $(GO_FILES) - $(GO) mod vendor && $(GO) generate $(GO_PACKAGES) - @# TODO: remove as soon as a proper way forward is found: - @# code-generator insists in generating the file under directory: - @# github.com/bitnami-labs/sealeds-secrets/... - @# instead of just updating ./pkg - @# for that reason we generate at gentmp and then move it all to ./pkg - cp -r gentmp/github.com/bitnami-labs/sealed-secrets/pkg . && rm -rf gentmp/ + $(GO) generate $(GO_PACKAGES) manifests: $(CONTROLLER_GEN) crd:generateEmbeddedObjectMeta=true paths="./pkg/apis/..." output:stdout | tail -n +2 > helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/README.md new/sealed-secrets-0.22.0/README.md --- old/sealed-secrets-0.21.0/README.md 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/README.md 2023-06-15 12:01:06.000000000 +0200 @@ -450,6 +450,11 @@ If you want `SealedSecret` controller to take management of an existing `Secret` (i.e. overwrite it when unsealing a `SealedSecret` with the same name and namespace), then you have to annotate that `Secret` with the annotation `sealedsecrets.bitnami.com/managed: "true"` ahead applying the [Usage](#usage) steps. + +### Seal secret which can skip set owner references + +If you want `SealedSecret` and the `Secret` to be independent, which mean when you delete the `SealedSecret` the `Secret` won't disappear with it, then you have to annotate that Secret with the annotation `sealedsecrets.bitnami.com/skip-set-owner-references: "true"` ahead of applying the Usage steps. You still may also add `sealedsecrets.bitnami.com/managed: "true"` to your `Secret` so that your secret will be updated when `SealedSecret` is updated. + ### Update existing secrets If you want to add or update existing sealed secrets without having the cleartext for the other items, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/RELEASE-NOTES.md new/sealed-secrets-0.22.0/RELEASE-NOTES.md --- old/sealed-secrets-0.21.0/RELEASE-NOTES.md 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/RELEASE-NOTES.md 2023-06-15 12:01:06.000000000 +0200 @@ -4,6 +4,28 @@ [](https://github.com/bitnami-labs/sealed-secrets/releases/latest) +## v0.22.0 + +### Changelog + +- Feature allow to skip set owner references ([#1200](https://github.com/bitnami-labs/sealed-secrets/pull/1200)) +- Add additionalPrinterColumns for status and age ([#1217](https://github.com/bitnami-labs/sealed-secrets/pull/1217)) +- Add replicas default value to the deployment manifest ([#1219](https://github.com/bitnami-labs/sealed-secrets/pull/1219)) +- Create SECURITY.md ([#1226](https://github.com/bitnami-labs/sealed-secrets/pull/1226)) +- Fix doc generated code directory ([#1227](https://github.com/bitnami-labs/sealed-secrets/pull/1227)) +- Update generated code ([#1228](https://github.com/bitnami-labs/sealed-secrets/pull/1228)) +- Update maintainers list ([#1237](https://github.com/bitnami-labs/sealed-secrets/pull/1237)) +- Bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5 ([#1215](https://github.com/bitnami-labs/sealed-secrets/pull/1215)) +- Bump golang.org/x/crypto from 0.8.0 to 0.9.0 ([#1216](https://github.com/bitnami-labs/sealed-secrets/pull/1216)) +- Bump k8s.io/apimachinery from 0.27.1 to 0.27.2 ([#1221](https://github.com/bitnami-labs/sealed-secrets/pull/1221)) +- Bump k8s.io/client-go from 0.27.1 to 0.27.2 ([#1222](https://github.com/bitnami-labs/sealed-secrets/pull/1222)) +- Bump github.com/mattn/go-isatty from 0.0.18 to 0.0.19 ([#1223](https://github.com/bitnami-labs/sealed-secrets/pull/1223)) +- Bump k8s.io/code-generator from 0.27.1 to 0.27.2 ([#1225](https://github.com/bitnami-labs/sealed-secrets/pull/1225)) +- Bump github.com/onsi/gomega from 1.27.6 to 1.27.7 ([#1229](https://github.com/bitnami-labs/sealed-secrets/pull/1229)) +- Bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7 ([#1231](https://github.com/bitnami-labs/sealed-secrets/pull/1231)) +- Bump github.com/onsi/gomega from 1.27.7 to 1.27.8 ([#1234](https://github.com/bitnami-labs/sealed-secrets/pull/1234)) +- Bump github.com/onsi/ginkgo/v2 from 2.9.7 to 2.10.0 ([#1235](https://github.com/bitnami-labs/sealed-secrets/pull/1235)) + ## v0.21.0 ### Changelog @@ -85,7 +107,7 @@ ### Changelog - Automated controller test on Openshift platforms (using ([VMware Image Builder](https://tanzu.vmware.com/image-builder)) ([#1107](https://github.com/bitnami-labs/sealed-secrets/pull/1107)). -- We now generate a Carvel package distrinbution of the controller ([#1104](https://github.com/bitnami-labs/sealed-secrets/pull/1104)). +- We now generate a Carvel package distribution of the controller ([#1104](https://github.com/bitnami-labs/sealed-secrets/pull/1104)). - Bump golang.org/x/crypto from 0.5.0 to 0.6.0 ([#1108](https://github.com/bitnami-labs/sealed-secrets/pull/1108)). - Bump github.com/onsi/gomega from 1.25.0 to 1.26.0 ([#1103](https://github.com/bitnami-labs/sealed-secrets/pull/1103)). - Bump k8s.io/code-generator from 0.26.0 to 0.26.1 ([#1102](https://github.com/bitnami-labs/sealed-secrets/pull/1102)). @@ -207,7 +229,7 @@ - Unseal templates even when encryptedData is empty ([#653](https://github.com/bitnami-labs/sealed-secrets/pull/653)) - Add new RBAC rules to make Sealed Secret compatible with K8s environments with RBAC enabled ([#715](https://github.com/bitnami-labs/sealed-secrets/pull/715)) -- Allow rencrypt/validate functionalities to work with named ports defined in the Sealed Secret service ([#726](https://github.com/bitnami-labs/sealed-secrets/pull/726)) +- Allow re-encrypt/validate functionalities to work with named ports defined in the Sealed Secret service ([#726](https://github.com/bitnami-labs/sealed-secrets/pull/726)) - Fix verbose logging ([#727](https://github.com/bitnami-labs/sealed-secrets/pull/727)) ## v0.17.2 @@ -623,7 +645,7 @@ Please check your existing sealed secret sources for any annotation `kubectl.kubernetes.io/last-applied-configuration`, because that annotation would contain your original secrets in clear. -This release strips this annotation (and a similar annotation created by the `kubcfg` tool) +This release strips this annotation (and a similar annotation created by the `kubecfg` tool) ### Changelog @@ -699,7 +721,7 @@ - Add CRD definition and TPR->CRD migration documentation - Add `kubeseal --fetch-cert` to dump server cert to stdout, for later offline use with `kubeseal --cert` -- Better sanitisation of input object to `kubeseal` +- Better sanitization of input object to `kubeseal` (v0.5.1 fixes a travis/github release issue with v0.5.0) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/SECURITY.md new/sealed-secrets-0.22.0/SECURITY.md --- old/sealed-secrets-0.21.0/SECURITY.md 1970-01-01 01:00:00.000000000 +0100 +++ new/sealed-secrets-0.22.0/SECURITY.md 2023-06-15 12:01:06.000000000 +0200 @@ -0,0 +1,71 @@ +# Security Release Process + +The community has adopted this security disclosure and response policy to ensure we responsibly handle critical issues. + + +## Supported Versions + +For a list of support versions that this project will potentially create security fixes for, please refer to the Releases page on this project's GitHub and/or project related documentation on release cadence and support. + + +## Reporting a Vulnerability - Private Disclosure Process + +Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to this project privately, to minimize attacks against current users before they are fixed. Vulnerabilities will be investigated and patched on the next patch (or minor) release as soon as possible. This information could be kept entirely internal to the project. + +If you know of a publicly disclosed security vulnerability for this project, please **IMMEDIATELY** contact the maintainers of this project privately. The use of encrypted email is encouraged. + + +**IMPORTANT: Do not file public issues on GitHub for security vulnerabilities** + +To report a vulnerability or a security-related issue, please contact the maintainers with enough details through one of the following channels: +* Directly via their individual email addresses +* Open a [GitHub Security Advisory](https://docs.github.com/en/code-security/security-advisories/guidance-on-reporting-and-writing/privately-reporting-a-security-vulnerability). This allows for anyone to report security vulnerabilities directly and privately to the maintainers via GitHub. Note that this option may not be present for every repository. + +The report will be fielded by the maintainers who have committer and release permissions. Feedback will be sent within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime. + +Do not report non-security-impacting bugs through this channel. Use GitHub issues for all non-security-impacting bugs. + + +## Proposed Report Content + +Provide a descriptive title and in the description of the report include the following information: + +* Basic identity information, such as your name and your affiliation or company. +* Detailed steps to reproduce the vulnerability (POC scripts, screenshots, and logs are all helpful to us). +* Description of the effects of the vulnerability on this project and the related hardware and software configurations, so that the maintainers can reproduce it. +* How the vulnerability affects this project's usage and an estimation of the attack surface, if there is one. +* List other projects or dependencies that were used in conjunction with this project to produce the vulnerability. + + +## When to report a vulnerability + +* When you think this project has a potential security vulnerability. +* When you suspect a potential vulnerability but you are unsure that it impacts this project. +* When you know of or suspect a potential vulnerability on another project that is used by this project. + + +## Patch, Release, and Disclosure + +The maintainers will respond to vulnerability reports as follows: + +1. The maintainers will investigate the vulnerability and determine its effects and criticality. +2. If the issue is not deemed to be a vulnerability, the maintainers will follow up with a detailed reason for rejection. +3. The maintainers will initiate a conversation with the reporter within 3 business days. +4. If a vulnerability is acknowledged and the timeline for a fix is determined, the maintainers will work on a plan to communicate with the appropriate community, including identifying mitigating steps that affected users can take to protect themselves until the fix is rolled out. +5. The maintainers will also create a [Security Advisory](https://docs.github.com/en/code-security/repository-security-advisories/publishing-a-repository-security-advisory) using the [CVSS Calculator](https://www.first.org/cvss/calculator/3.0), if it is not created yet. The maintainers make the final call on the calculated CVSS; it is better to move quickly than making the CVSS perfect. Issues may also be reported to [Mitre](https://cve.mitre.org/) using this [scoring calculator](https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator). The draft advisory will initially be set to private. +6. The maintainers will work on fixing the vulnerability and perform internal testing before preparing to roll out the fix. +7. Once the fix is confirmed, the maintainers will patch the vulnerability in the next patch or minor release, and backport a patch release into all earlier supported releases. + + +## Public Disclosure Process + +The maintainers publish the public advisory to this project's community via GitHub. In most cases, additional communication via Slack, Twitter, mailing lists, blog, and other channels will assist in educating the project's users and rolling out the patched release to affected users. + +The maintainers will also publish any mitigating steps users can take until the fix can be applied to their instances. This project's distributors will handle creating and publishing their own security advisories. + + +## Confidentiality, integrity and availability + +We consider vulnerabilities leading to the compromise of data confidentiality, elevation of privilege, or integrity to be our highest priority concerns. Availability, in particular in areas relating to DoS and resource exhaustion, is also a serious security concern. The maintainer team takes all vulnerabilities, potential vulnerabilities, and suspected vulnerabilities seriously and will investigate them in an urgent and expeditious manner. + +Note that we do not currently consider the default settings for this project to be secure-by-default. It is necessary for operators to explicitly configure settings, role based access control, and other resource related features in this project to provide a hardened environment. We will not act on any security disclosure that relates to a lack of safe defaults. Over time, we will work towards improved safe-by-default configuration, taking into account backwards compatibility. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/carvel/package.yaml new/sealed-secrets-0.22.0/carvel/package.yaml --- old/sealed-secrets-0.21.0/carvel/package.yaml 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/carvel/package.yaml 2023-06-15 12:01:06.000000000 +0200 @@ -1,10 +1,10 @@ apiVersion: data.packaging.carvel.dev/v1alpha1 kind: Package metadata: - name: "sealedsecrets.bitnami.com.2.8.2" + name: "sealedsecrets.bitnami.com.2.9.0" spec: refName: "sealedsecrets.bitnami.com" - version: "2.8.2" + version: "2.9.0" valuesSchema: openAPIv3: title: Chart Values @@ -45,7 +45,7 @@ tag: type: string description: Sealed Secrets image tag (immutable tags are recommended) - default: v0.20.5 + default: v0.21.0 pullPolicy: type: string description: Sealed Secrets image pull policy @@ -424,7 +424,7 @@ spec: fetch: - imgpkgBundle: - image: ghcr.io/bitnami-labs/sealed-secrets-carvel:sha256-367bf2772f9be7c53e49dfb696d7b4344a86589b9c2d35487237d8861006ad4e.imgpkg + image: ghcr.io/bitnami-labs/sealed-secrets-carvel:sha256-024e3595e6109ede34ad6802dbafd1d84ce88bbf2362bada9d61a18f030947e7.imgpkg template: - helmTemplate: path: sealed-secrets diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/go.mod new/sealed-secrets-0.22.0/go.mod --- old/sealed-secrets-0.21.0/go.mod 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/go.mod 2023-06-15 12:01:06.000000000 +0200 @@ -5,19 +5,19 @@ require ( github.com/google/go-cmp v0.5.9 github.com/google/renameio v0.1.0 - github.com/mattn/go-isatty v0.0.18 + github.com/mattn/go-isatty v0.0.19 github.com/mkmik/multierror v0.3.0 - github.com/onsi/ginkgo/v2 v2.9.4 - github.com/onsi/gomega v1.27.6 + github.com/onsi/ginkgo/v2 v2.10.0 + github.com/onsi/gomega v1.27.8 github.com/prometheus/client_golang v1.15.1 github.com/spf13/pflag v1.0.5 github.com/throttled/throttled v2.2.5+incompatible - golang.org/x/crypto v0.8.0 + golang.org/x/crypto v0.9.0 gopkg.in/yaml.v2 v2.4.0 - k8s.io/api v0.27.1 - k8s.io/apimachinery v0.27.1 - k8s.io/client-go v0.27.1 - k8s.io/code-generator v0.27.1 + k8s.io/api v0.27.2 + k8s.io/apimachinery v0.27.2 + k8s.io/client-go v0.27.2 + k8s.io/code-generator v0.27.2 k8s.io/klog v1.0.0 k8s.io/klog/v2 v2.100.1 ) @@ -55,19 +55,19 @@ github.com/prometheus/common v0.42.0 // indirect github.com/prometheus/procfs v0.9.0 // indirect golang.org/x/mod v0.10.0 // indirect - golang.org/x/net v0.9.0 // indirect + golang.org/x/net v0.10.0 // indirect golang.org/x/oauth2 v0.5.0 // indirect - golang.org/x/sys v0.7.0 // indirect - golang.org/x/term v0.7.0 // indirect + golang.org/x/sys v0.8.0 // indirect + golang.org/x/term v0.8.0 // indirect golang.org/x/text v0.9.0 // indirect golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect - golang.org/x/tools v0.8.0 // indirect + golang.org/x/tools v0.9.3 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/protobuf v1.30.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/gengo v0.0.0-20220902162205-c0856e24416d // indirect - k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a // indirect + k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f // indirect k8s.io/utils v0.0.0-20230209194617-a36077c30491 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/go.sum new/sealed-secrets-0.22.0/go.sum --- old/sealed-secrets-0.21.0/go.sum 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/go.sum 2023-06-15 12:01:06.000000000 +0200 @@ -113,8 +113,8 @@ github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= -github.com/mattn/go-isatty v0.0.18 h1:DOKFKCQ7FNG2L1rbrmstDN4QVRdS89Nkh85u68Uwp98= -github.com/mattn/go-isatty v0.0.18/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= +github.com/mattn/go-isatty v0.0.19 h1:JITubQf0MOLdlGRuRq+jtsDlekdYPia9ZFsB8h/APPA= +github.com/mattn/go-isatty v0.0.19/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y= github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/mkmik/multierror v0.3.0 h1:FHr3n5BEVlzlTz8GRbuwimkL2zbdD2gTPcSh0wpRpUg= @@ -126,10 +126,10 @@ github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/onsi/ginkgo/v2 v2.9.4 h1:xR7vG4IXt5RWx6FfIjyAtsoMAtnc3C/rFXBBd2AjZwE= -github.com/onsi/ginkgo/v2 v2.9.4/go.mod h1:gCQYp2Q+kSoIj7ykSVb9nskRSsR6PUj4AiLywzIhbKM= -github.com/onsi/gomega v1.27.6 h1:ENqfyGeS5AX/rlXDd/ETokDz93u0YufY1Pgxuy/PvWE= -github.com/onsi/gomega v1.27.6/go.mod h1:PIQNjfQwkP3aQAH7lf7j87O/5FiNr+ZR8+ipb+qQlhg= +github.com/onsi/ginkgo/v2 v2.10.0 h1:sfUl4qgLdvkChZrWCYndY2EAu9BRIw1YphNAzy1VNWs= +github.com/onsi/ginkgo/v2 v2.10.0/go.mod h1:UDQOh5wbQUlMnkLfVaIUMtQ1Vus92oM+P2JX1aulgcE= +github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc= +github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= @@ -170,8 +170,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.8.0 h1:pd9TJtTueMTVQXzk8E2XESSMQDj/U7OUu0PqJqPXQjQ= -golang.org/x/crypto v0.8.0/go.mod h1:mRqEX+O9/h5TFCrQhkgjo2yKi0yYA+9ecGkdQoHrywE= +golang.org/x/crypto v0.9.0 h1:LF6fAI+IutBocDJ2OT0Q1g8plpYljMZ4+lty+dsqw3g= +golang.org/x/crypto v0.9.0/go.mod h1:yrmDGqONDYtNj3tH8X9dzUun2m2lzPa9ngI6/RUPGR0= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= @@ -193,8 +193,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d/go.mod h1:9nx3DQGgdP8bBQD5qxJ1jj9UTztislL4KSBs9R2vV5Y= -golang.org/x/net v0.9.0 h1:aWJ/m6xSmxWBx+V0XRHTlrYrPG56jKsLdTFmsSsCzOM= -golang.org/x/net v0.9.0/go.mod h1:d48xBJpPfHeWQsugry2m+kC02ZBRGRgulfHnEXEuWns= +golang.org/x/net v0.10.0 h1:X2//UzNDwYmtCLn7To6G58Wr6f5ahEAQgKNzv9Y951M= +golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.5.0 h1:HuArIo48skDwlrvM3sEdHXElYslAMsf3KwRkkW4MC4s= @@ -216,11 +216,11 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.7.0 h1:3jlCCIQZPdOYu1h8BkNvLz8Kgwtae2cagcG/VamtZRU= -golang.org/x/sys v0.7.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= +golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= -golang.org/x/term v0.7.0 h1:BEvjmm5fURWqcfbSKTdpkDXYBrUS1c0m8agp14W48vQ= -golang.org/x/term v0.7.0/go.mod h1:P32HKFT3hSsZrRxla30E9HqToFYAQPCMs/zFMBUFqPY= +golang.org/x/term v0.8.0 h1:n5xxQn2i3PC0yLAbjTpNT85q/Kgzcr2gIoX9OrJUols= +golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= @@ -239,8 +239,8 @@ golang.org/x/tools v0.0.0-20200505023115-26f46d2f7ef8/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.8.0 h1:vSDcovVPld282ceKgDimkRSC8kpaH1dgyc9UMzlt84Y= -golang.org/x/tools v0.8.0/go.mod h1:JxBZ99ISMI5ViVkT1tr6tdNmXeTrcpVSD3vZ1RsRdN4= +golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM= +golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -292,14 +292,14 @@ gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -k8s.io/api v0.27.1 h1:Z6zUGQ1Vd10tJ+gHcNNNgkV5emCyW+v2XTmn+CLjSd0= -k8s.io/api v0.27.1/go.mod h1:z5g/BpAiD+f6AArpqNjkY+cji8ueZDU/WV1jcj5Jk4E= -k8s.io/apimachinery v0.27.1 h1:EGuZiLI95UQQcClhanryclaQE6xjg1Bts6/L3cD7zyc= -k8s.io/apimachinery v0.27.1/go.mod h1:5ikh59fK3AJ287GUvpUsryoMFtH9zj/ARfWCo3AyXTM= -k8s.io/client-go v0.27.1 h1:oXsfhW/qncM1wDmWBIuDzRHNS2tLhK3BZv512Nc59W8= -k8s.io/client-go v0.27.1/go.mod h1:f8LHMUkVb3b9N8bWturc+EDtVVVwZ7ueTVquFAJb2vA= -k8s.io/code-generator v0.27.1 h1:GrfUeUrJ/RtPskIsnChcXOW6h0EGNqty0VxxQ9qYKlM= -k8s.io/code-generator v0.27.1/go.mod h1:iWtpm0ZMG6Gc4daWfITDSIu+WFhFJArYDhj242zcbnY= +k8s.io/api v0.27.2 h1:+H17AJpUMvl+clT+BPnKf0E3ksMAzoBBg7CntpSuADo= +k8s.io/api v0.27.2/go.mod h1:ENmbocXfBT2ADujUXcBhHV55RIT31IIEvkntP6vZKS4= +k8s.io/apimachinery v0.27.2 h1:vBjGaKKieaIreI+oQwELalVG4d8f3YAMNpWLzDXkxeg= +k8s.io/apimachinery v0.27.2/go.mod h1:XNfZ6xklnMCOGGFNqXG7bUrQCoR04dh/E7FprV6pb+E= +k8s.io/client-go v0.27.2 h1:vDLSeuYvCHKeoQRhCXjxXO45nHVv2Ip4Fe0MfioMrhE= +k8s.io/client-go v0.27.2/go.mod h1:tY0gVmUsHrAmjzHX9zs7eCjxcBsf8IiNe7KQ52biTcQ= +k8s.io/code-generator v0.27.2 h1:RmK0CnU5qRaK6WRtSyWNODmfTZNoJbrizpVcsgbtrvI= +k8s.io/code-generator v0.27.2/go.mod h1:DPung1sI5vBgn4AGKtlPRQAyagj/ir/4jI55ipZHVww= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d h1:U9tB195lKdzwqicbJvyJeOXV7Klv+wNAWENRnXEGi08= k8s.io/gengo v0.0.0-20220902162205-c0856e24416d/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E= k8s.io/klog v1.0.0 h1:Pt+yjF5aB1xDSVbau4VsWe+dQNzA0qv1LlXdC2dF6Q8= @@ -307,8 +307,8 @@ k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y= k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg= k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0= -k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a h1:gmovKNur38vgoWfGtP5QOGNOA7ki4n6qNYoFAgMlNvg= -k8s.io/kube-openapi v0.0.0-20230308215209-15aac26d736a/go.mod h1:y5VtZWM9sHHc2ZodIH/6SHzXj+TPU5USoA8lcIeKEKY= +k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f h1:2kWPakN3i/k81b0gvD5C5FJ2kxm1WrQFanWchyKuqGg= +k8s.io/kube-openapi v0.0.0-20230501164219-8b0f38b5fd1f/go.mod h1:byini6yhqGC14c3ebc/QwanvYwhuMWF6yz2F8uwW8eg= k8s.io/utils v0.0.0-20230209194617-a36077c30491 h1:r0BAOLElQnnFhE/ApUsg3iHdVYYPBjNSSOMowRZxxsY= k8s.io/utils v0.0.0-20230209194617-a36077c30491/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/helm/sealed-secrets/Chart.yaml new/sealed-secrets-0.22.0/helm/sealed-secrets/Chart.yaml --- old/sealed-secrets-0.21.0/helm/sealed-secrets/Chart.yaml 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/helm/sealed-secrets/Chart.yaml 2023-06-15 12:01:06.000000000 +0200 @@ -1,7 +1,7 @@ annotations: category: DeveloperTools apiVersion: v2 -appVersion: v0.20.5 +appVersion: v0.21.0 description: Helm chart for the sealed-secrets controller. home: https://github.com/bitnami-labs/sealed-secrets icon: https://bitnami.com/assets/stacks/sealed-secrets/img/sealed-secrets-stack-220x234.png @@ -14,4 +14,4 @@ url: https://github.com/bitnami-labs/sealed-secrets name: sealed-secrets type: application -version: 2.8.2 +version: 2.9.0 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/helm/sealed-secrets/README.md new/sealed-secrets-0.22.0/helm/sealed-secrets/README.md --- old/sealed-secrets-0.21.0/helm/sealed-secrets/README.md 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/helm/sealed-secrets/README.md 2023-06-15 12:01:06.000000000 +0200 @@ -85,7 +85,7 @@ | ------------------------------------------------- | -------------------------------------------------------------------------------------- | ----------------------------------- | | `image.registry` | Sealed Secrets image registry | `docker.io` | | `image.repository` | Sealed Secrets image repository | `bitnami/sealed-secrets-controller` | -| `image.tag` | Sealed Secrets image tag (immutable tags are recommended) | `v0.20.5` | +| `image.tag` | Sealed Secrets image tag (immutable tags are recommended) | `v0.21.0` | | `image.pullPolicy` | Sealed Secrets image pull policy | `IfNotPresent` | | `image.pullSecrets` | Sealed Secrets image pull secrets | `[]` | | `createController` | Specifies whether the Sealed Secrets controller should be created | `true` | diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml new/sealed-secrets-0.22.0/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml --- old/sealed-secrets-0.21.0/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/helm/sealed-secrets/crds/bitnami.com_sealedsecrets.yaml 2023-06-15 12:01:06.000000000 +0200 @@ -2,8 +2,7 @@ kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - creationTimestamp: null + controller-gen.kubebuilder.io/version: v0.12.0 name: sealedsecrets.bitnami.com spec: group: bitnami.com @@ -14,7 +13,17 @@ singular: sealedsecret scope: Namespaced versions: - - name: v1alpha1 + - additionalPrinterColumns: + - jsonPath: .status.conditions[0].message + name: Status + type: string + - jsonPath: .status.conditions[0].status + name: Synced + type: string + - jsonPath: .metadata.creationTimestamp + name: Age + type: date + name: v1alpha1 schema: openAPIV3Schema: description: SealedSecret is the K8s representation of a "sealed Secret" - diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/helm/sealed-secrets/templates/deployment.yaml new/sealed-secrets-0.22.0/helm/sealed-secrets/templates/deployment.yaml --- old/sealed-secrets-0.21.0/helm/sealed-secrets/templates/deployment.yaml 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/helm/sealed-secrets/templates/deployment.yaml 2023-06-15 12:01:06.000000000 +0200 @@ -9,6 +9,7 @@ annotations: {{- toYaml .Values.commonAnnotations | nindent 4 }} {{- end }} spec: + replicas: 1 selector: matchLabels: {{- include "sealed-secrets.matchLabels" . | nindent 6 }} template: diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/helm/sealed-secrets/values.yaml new/sealed-secrets-0.22.0/helm/sealed-secrets/values.yaml --- old/sealed-secrets-0.21.0/helm/sealed-secrets/values.yaml 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/helm/sealed-secrets/values.yaml 2023-06-15 12:01:06.000000000 +0200 @@ -33,7 +33,7 @@ image: registry: docker.io repository: bitnami/sealed-secrets-controller - tag: v0.20.5 + tag: v0.21.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/pkg/apis/sealedsecrets/v1alpha1/doc.go new/sealed-secrets-0.22.0/pkg/apis/sealedsecrets/v1alpha1/doc.go --- old/sealed-secrets-0.21.0/pkg/apis/sealedsecrets/v1alpha1/doc.go 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/pkg/apis/sealedsecrets/v1alpha1/doc.go 2023-06-15 12:01:06.000000000 +0200 @@ -1,5 +1,5 @@ // go mod vendor doesn't preserve executable perm bits -//go:generate bash -c "go mod download && bash $(go list -m -f '{{.Dir}}' k8s.io/code-generator)/generate-groups.sh all github.com/bitnami-labs/sealed-secrets/pkg/client github.com/bitnami-labs/sealed-secrets/pkg/apis sealedsecrets:v1alpha1 --go-header-file boilerplate.go.txt --output-base ../../../../gentmp" +//go:generate bash -c "go mod download && cd ../../../.. && bash $(go list -mod=mod -m -f '{{.Dir}}' k8s.io/code-generator)/generate-groups.sh deepcopy,client,informer,lister github.com/bitnami-labs/sealed-secrets/pkg/client github.com/bitnami-labs/sealed-secrets/pkg/apis sealedsecrets:v1alpha1 --go-header-file pkg/apis/sealedsecrets/v1alpha1/boilerplate.go.txt --trim-path-prefix github.com/bitnami-labs/sealed-secrets" // +k8s:deepcopy-gen=package,register // +groupName=bitnami.com diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go new/sealed-secrets-0.22.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go --- old/sealed-secrets-0.21.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_expansion.go 2023-06-15 12:01:06.000000000 +0200 @@ -13,8 +13,9 @@ "k8s.io/apimachinery/pkg/runtime" runtimeserializer "k8s.io/apimachinery/pkg/runtime/serializer" - "github.com/bitnami-labs/sealed-secrets/pkg/crypto" "github.com/mkmik/multierror" + + "github.com/bitnami-labs/sealed-secrets/pkg/crypto" ) const ( @@ -323,18 +324,19 @@ secret.SetName(smeta.GetName()) gvk := s.GetObjectKind().GroupVersionKind() - - // Refer back to owning SealedSecret - ownerRefs := []metav1.OwnerReference{ - { - APIVersion: gvk.GroupVersion().String(), - Kind: gvk.Kind, - Name: smeta.GetName(), - UID: smeta.GetUID(), - Controller: &boolTrue, - }, + if anno, ok := s.Spec.Template.Annotations[SealedSecretSkipSetOwnerReferencesAnnotation]; !ok || anno != "true" { + // Refer back to owning SealedSecret + ownerRefs := []metav1.OwnerReference{ + { + APIVersion: gvk.GroupVersion().String(), + Kind: gvk.Kind, + Name: smeta.GetName(), + UID: smeta.GetUID(), + Controller: &boolTrue, + }, + } + secret.SetOwnerReferences(ownerRefs) } - secret.SetOwnerReferences(ownerRefs) return &secret, nil } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_test.go new/sealed-secrets-0.22.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_test.go --- old/sealed-secrets-0.21.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_test.go 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/pkg/apis/sealedsecrets/v1alpha1/sealedsecret_test.go 2023-06-15 12:01:06.000000000 +0200 @@ -10,7 +10,6 @@ "strings" "testing" - "github.com/bitnami-labs/sealed-secrets/pkg/crypto" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" @@ -18,6 +17,8 @@ utilruntime "k8s.io/apimachinery/pkg/util/runtime" "k8s.io/client-go/kubernetes/scheme" + "github.com/bitnami-labs/sealed-secrets/pkg/crypto" + // Install standard API types _ "k8s.io/client-go/kubernetes" ) @@ -397,6 +398,65 @@ } } +func TestSkipSetOwnerReference(t *testing.T) { + + testCases := []struct { + sealedSecret SealedSecret + skipSetOwnerReference bool + secret v1.Secret + }{ + { + sealedSecret: SealedSecret{ + Spec: SealedSecretSpec{ + Template: SecretTemplateSpec{ + Data: map[string]string{"foo": "bar"}, + }, + }, + }, + skipSetOwnerReference: true, + secret: v1.Secret{ + ObjectMeta: metav1.ObjectMeta{}, + }, + }, + { + sealedSecret: SealedSecret{ + Spec: SealedSecretSpec{ + Template: SecretTemplateSpec{ + Data: map[string]string{"foo": "bar"}, + }, + }, + }, + skipSetOwnerReference: false, + secret: v1.Secret{ + ObjectMeta: metav1.ObjectMeta{ + OwnerReferences: []metav1.OwnerReference{}, + }, + }, + }, + } + + for _, tc := range testCases { + if tc.skipSetOwnerReference { + if tc.sealedSecret.Spec.Template.Annotations == nil { + tc.sealedSecret.Spec.Template.Annotations = make(map[string]string) + } + tc.sealedSecret.Spec.Template.Annotations[SealedSecretSkipSetOwnerReferencesAnnotation] = "true" + } + unsealed, err := tc.sealedSecret.Unseal(serializer.CodecFactory{}, nil) + if err != nil { + t.Fatalf("Unseal returned error: %v", err) + } + if tc.sealedSecret.Spec.Template.Annotations[SealedSecretSkipSetOwnerReferencesAnnotation] == "true" && + len(unsealed.ObjectMeta.OwnerReferences) > 0 { + t.Errorf("got: owner, want: no owner") + + } else if (tc.sealedSecret.Spec.Template.Annotations[SealedSecretSkipSetOwnerReferencesAnnotation] != "true") && + len(unsealed.ObjectMeta.OwnerReferences) == 0 { + t.Errorf("got: no owner, want: owner") + } + } +} + func TestSealMetadataPreservation(t *testing.T) { scheme := runtime.NewScheme() codecs := serializer.NewCodecFactory(scheme) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/pkg/apis/sealedsecrets/v1alpha1/types.go new/sealed-secrets-0.22.0/pkg/apis/sealedsecrets/v1alpha1/types.go --- old/sealed-secrets-0.21.0/pkg/apis/sealedsecrets/v1alpha1/types.go 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/pkg/apis/sealedsecrets/v1alpha1/types.go 2023-06-15 12:01:06.000000000 +0200 @@ -27,6 +27,10 @@ // SealedSecretManagedAnnotation is the name for the annotation for // flaging the existing secrets be managed by SealedSecret controller. SealedSecretManagedAnnotation = annoNs + "managed" + + // SealedSecretSkipSetOwnerReferencesAnnotation is the name for the annotation for + // flagging the controller not to set owner reference to secret. + SealedSecretSkipSetOwnerReferencesAnnotation = annoNs + "skip-set-owner-references" ) // SecretTemplateSpec describes the structure a Secret should have @@ -114,6 +118,9 @@ // +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object // +kubebuilder:subresource:status +// +kubebuilder:printcolumn:name="Status",type="string",JSONPath=".status.conditions[0].message" +// +kubebuilder:printcolumn:name="Synced",type="string",JSONPath=".status.conditions[0].status" +// +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" // +genclient // SealedSecret is the K8s representation of a "sealed Secret" - a diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/pkg/client/clientset/versioned/typed/sealedsecrets/v1alpha1/fake/fake_sealedsecret.go new/sealed-secrets-0.22.0/pkg/client/clientset/versioned/typed/sealedsecrets/v1alpha1/fake/fake_sealedsecret.go --- old/sealed-secrets-0.21.0/pkg/client/clientset/versioned/typed/sealedsecrets/v1alpha1/fake/fake_sealedsecret.go 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/pkg/client/clientset/versioned/typed/sealedsecrets/v1alpha1/fake/fake_sealedsecret.go 2023-06-15 12:01:06.000000000 +0200 @@ -8,7 +8,6 @@ v1alpha1 "github.com/bitnami-labs/sealed-secrets/pkg/apis/sealedsecrets/v1alpha1" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" labels "k8s.io/apimachinery/pkg/labels" - schema "k8s.io/apimachinery/pkg/runtime/schema" types "k8s.io/apimachinery/pkg/types" watch "k8s.io/apimachinery/pkg/watch" testing "k8s.io/client-go/testing" @@ -20,9 +19,9 @@ ns string } -var sealedsecretsResource = schema.GroupVersionResource{Group: "bitnami.com", Version: "v1alpha1", Resource: "sealedsecrets"} +var sealedsecretsResource = v1alpha1.SchemeGroupVersion.WithResource("sealedsecrets") -var sealedsecretsKind = schema.GroupVersionKind{Group: "bitnami.com", Version: "v1alpha1", Kind: "SealedSecret"} +var sealedsecretsKind = v1alpha1.SchemeGroupVersion.WithKind("SealedSecret") // Get takes name of the sealedSecret, and returns the corresponding sealedSecret object, and an error if there is any. func (c *FakeSealedSecrets) Get(ctx context.Context, name string, options v1.GetOptions) (result *v1alpha1.SealedSecret, err error) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/sealed-secrets-0.21.0/site/content/contributors/josvazg.md new/sealed-secrets-0.22.0/site/content/contributors/josvazg.md --- old/sealed-secrets-0.21.0/site/content/contributors/josvazg.md 2023-05-15 13:12:43.000000000 +0200 +++ new/sealed-secrets-0.22.0/site/content/contributors/josvazg.md 1970-01-01 01:00:00.000000000 +0100 @@ -1,7 +0,0 @@ ---- -first_name: Jose -last_name: Vazquez -image: /img/team/josvazg.png -github_handle: josvazg ---- -Maintainer \ No newline at end of file ++++++ sealed-secrets.obsinfo ++++++ --- /var/tmp/diff_new_pack.VxYdgt/_old 2023-06-16 16:56:32.382307576 +0200 +++ /var/tmp/diff_new_pack.VxYdgt/_new 2023-06-16 16:56:32.386307601 +0200 @@ -1,5 +1,5 @@ name: sealed-secrets -version: 0.21.0 -mtime: 1684149163 -commit: d33d45c5fc53fb582ff312bb670e66799d91713c +version: 0.22.0 +mtime: 1686823266 +commit: 96575962d7c2f3e5165f72f97c82b242ecc344af ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/kubeseal/vendor.tar.gz /work/SRC/openSUSE:Factory/.kubeseal.new.15902/vendor.tar.gz differ: char 5, line 1
