Merge branch 'main' into VAULT-28156/add-scale-tests

hashicorp · Sep 20, 2024 · a55a5d7 · a55a5d7
2 parents f4f5cc9 + 41f038f
commit a55a5d7
Show file tree

Hide file tree

Showing 10 changed files with 639 additions and 18 deletions.
diff --git a/.github/dependabot.yaml b/.github/dependabot.yaml
@@ -11,6 +11,14 @@ updates:
     directory: "/"
     schedule:
       interval: "weekly"
+    groups:
+      gomod-breaking:
+        update-types:
+          - major
+      gomod-backward-compatible:
+        update-types:
+          - minor
+          - patch
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:

diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml
@@ -143,8 +143,9 @@ jobs:
           make ci-build BUILD_DIR="${BUILD_DIR}"
           OUT_DIR="${BUILD_DIR}/out"
           mkdir -p "${OUT_DIR}"
+          cp -a LICENSE "${BUILD_DIR}/LICENSE.txt"
           ZIP_FILE="${OUT_DIR}/${{ env.PKG_NAME }}_${{ needs.get-product-version.outputs.product-version }}_linux_${{ matrix.arch }}.zip"
-          zip -r -j "${ZIP_FILE}" dist/${{ env.GOOS }}/${{ env.GOARCH }}/${{ env.PKG_NAME }} LICENSE
+          zip -r -j "${ZIP_FILE}" dist/${{ env.GOOS }}/${{ env.GOARCH }}/${{ env.PKG_NAME }} ${BUILD_DIR}/LICENSE.txt
           echo "path=${ZIP_FILE}" >> $GITHUB_OUTPUT
           echo "name=$(basename ${ZIP_FILE})" >> $GITHUB_OUTPUT
       - name: Upload binary

diff --git a/api/v1beta1/hcpvaultsecretsapp_types.go b/api/v1beta1/hcpvaultsecretsapp_types.go
@@ -32,6 +32,37 @@ type HCPVaultSecretsAppSpec struct {
 	// Destination provides configuration necessary for syncing the HCP Vault
 	// Application secrets to Kubernetes.
 	Destination Destination `json:"destination"`
+	// SyncConfig configures sync behavior from HVS to VSO
+	SyncConfig *HVSSyncConfig `json:"syncConfig,omitempty"`
+}
+
+// HVSSyncConfig configures sync behavior from HVS to VSO
+type HVSSyncConfig struct {
+	// Dynamic configures sync behavior for dynamic secrets.
+	Dynamic *HVSDynamicSyncConfig `json:"dynamic,omitempty"`
+}
+
+// HVSDynamicSyncConfig configures sync behavior for HVS dynamic secrets.
+type HVSDynamicSyncConfig struct {
+	// RenewalPercent is the percent out of 100 of a dynamic secret's TTL when
+	// new secrets are generated. Defaults to 67 percent minus jitter.
+	// +kubebuilder:default=67
+	// +kubebuilder:validation:Minimum=0
+	// +kubebuilder:validation:Maximum=100
+	RenewalPercent int `json:"renewalPercent,omitempty"`
+}
+
+// HVSDynamicStatus defines the observed state of a dynamic secret within an HCP
+// Vault Secrets App
+type HVSDynamicStatus struct {
+	// Name of the dynamic secret
+	Name string `json:"name,omitempty"`
+	// CreatedAt is the timestamp string of when the dynamic secret was created
+	CreatedAt string `json:"createdAt,omitempty"`
+	// ExpiresAt is the timestamp string of when the dynamic secret will expire
+	ExpiresAt string `json:"expiresAt,omitempty"`
+	// TTL is the time-to-live of the dynamic secret in seconds
+	TTL string `json:"ttl,omitempty"`
 }
 
 // HCPVaultSecretsAppStatus defines the observed state of HCPVaultSecretsApp
@@ -47,6 +78,9 @@ type HCPVaultSecretsAppStatus struct {
 	// The SecretMac is also used to detect drift in the Destination Secret's Data.
 	// If drift is detected the data will be synced to the Destination.
 	SecretMAC string `json:"secretMAC,omitempty"`
+	// DynamicSecrets lists the last observed state of any dynamic secrets
+	// within the HCP Vault Secrets App
+	DynamicSecrets []HVSDynamicStatus `json:"dynamicSecrets,omitempty"`
 }
 
 //+kubebuilder:object:root=true

diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go
diff --git a/chart/crds/secrets.hashicorp.com_hcpvaultsecretsapps.yaml b/chart/crds/secrets.hashicorp.com_hcpvaultsecretsapps.yaml
@@ -244,13 +244,55 @@ spec:
                   - name
                   type: object
                 type: array
+              syncConfig:
+                description: SyncConfig configures sync behavior from HVS to VSO
+                properties:
+                  dynamic:
+                    description: Dynamic configures sync behavior for dynamic secrets.
+                    properties:
+                      renewalPercent:
+                        default: 67
+                        description: |-
+                          RenewalPercent is the percent out of 100 of a dynamic secret's TTL when
+                          new secrets are generated. Defaults to 67 percent minus jitter.
+                        maximum: 100
+                        minimum: 0
+                        type: integer
+                    type: object
+                type: object
             required:
             - appName
             - destination
             type: object
           status:
             description: HCPVaultSecretsAppStatus defines the observed state of HCPVaultSecretsApp
             properties:
+              dynamicSecrets:
+                description: |-
+                  DynamicSecrets lists the last observed state of any dynamic secrets
+                  within the HCP Vault Secrets App
+                items:
+                  description: |-
+                    HVSDynamicStatus defines the observed state of a dynamic secret within an HCP
+                    Vault Secrets App
+                  properties:
+                    createdAt:
+                      description: CreatedAt is the timestamp string of when the dynamic
+                        secret was created
+                      type: string
+                    expiresAt:
+                      description: ExpiresAt is the timestamp string of when the dynamic
+                        secret will expire
+                      type: string
+                    name:
+                      description: Name of the dynamic secret
+                      type: string
+                    ttl:
+                      description: TTL is the time-to-live of the dynamic secret in
+                        seconds
+                      type: string
+                  type: object
+                type: array
               lastGeneration:
                 description: LastGeneration is the Generation of the last reconciled
                   resource.

diff --git a/config/crd/bases/secrets.hashicorp.com_hcpvaultsecretsapps.yaml b/config/crd/bases/secrets.hashicorp.com_hcpvaultsecretsapps.yaml
@@ -244,13 +244,55 @@ spec:
                   - name
                   type: object
                 type: array
+              syncConfig:
+                description: SyncConfig configures sync behavior from HVS to VSO
+                properties:
+                  dynamic:
+                    description: Dynamic configures sync behavior for dynamic secrets.
+                    properties:
+                      renewalPercent:
+                        default: 67
+                        description: |-
+                          RenewalPercent is the percent out of 100 of a dynamic secret's TTL when
+                          new secrets are generated. Defaults to 67 percent minus jitter.
+                        maximum: 100
+                        minimum: 0
+                        type: integer
+                    type: object
+                type: object
             required:
             - appName
             - destination
             type: object
           status:
             description: HCPVaultSecretsAppStatus defines the observed state of HCPVaultSecretsApp
             properties:
+              dynamicSecrets:
+                description: |-
+                  DynamicSecrets lists the last observed state of any dynamic secrets
+                  within the HCP Vault Secrets App
+                items:
+                  description: |-
+                    HVSDynamicStatus defines the observed state of a dynamic secret within an HCP
+                    Vault Secrets App
+                  properties:
+                    createdAt:
+                      description: CreatedAt is the timestamp string of when the dynamic
+                        secret was created
+                      type: string
+                    expiresAt:
+                      description: ExpiresAt is the timestamp string of when the dynamic
+                        secret will expire
+                      type: string
+                    name:
+                      description: Name of the dynamic secret
+                      type: string
+                    ttl:
+                      description: TTL is the time-to-live of the dynamic secret in
+                        seconds
+                      type: string
+                  type: object
+                type: array
               lastGeneration:
                 description: LastGeneration is the Generation of the last reconciled
                   resource.