openshift
diff --git a/‎api/v1alpha1/external_secrets_manager_types.go‎
Lines changed: 2 additions & 1 deletion b/‎api/v1alpha1/external_secrets_manager_types.go‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎api/v1alpha1/external_secrets_types.go‎
Lines changed: 13 additions & 10 deletions b/‎api/v1alpha1/external_secrets_types.go‎
Lines changed: 13 additions & 10 deletions
diff --git a/‎api/v1alpha1/meta.go‎
Lines changed: 4 additions & 2 deletions b/‎api/v1alpha1/meta.go‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎api/v1alpha1/zz_generated.deepcopy.go‎
Lines changed: 5 additions & 5 deletions b/‎api/v1alpha1/zz_generated.deepcopy.go‎
Lines changed: 5 additions & 5 deletions
diff --git a/‎bindata/external-secrets/resources/certificate_bitwarden-tls-certs.yml‎ renamed to ‎bindata/external-secrets/certificate_bitwarden-tls-certs.yml‎ b/‎bindata/external-secrets/resources/certificate_bitwarden-tls-certs.yml‎ renamed to ‎bindata/external-secrets/certificate_bitwarden-tls-certs.yml‎
diff --git a/‎bundle/manifests/external-secrets-operator.clusterserviceversion.yaml‎
Lines changed: 9 additions & 3 deletions b/‎bundle/manifests/external-secrets-operator.clusterserviceversion.yaml‎
Lines changed: 9 additions & 3 deletions
@@ -61,6 +61,7 @@ type ExternalSecretsManagerSpec struct {
 	GlobalConfig *GlobalConfig `json:"globalConfig,omitempty"`
 
 	// features is for enabling the optional operator features.
+	// +kubebuilder:validation:Optional
 	Features []Feature `json:"features,omitempty"`
 }
 
@@ -153,7 +154,7 @@ type Condition struct {
 	Type string `json:"type"`
 
 	// status of the condition
-	Status metav1.ConditionStatus `json:"status" `
+	Status metav1.ConditionStatus `json:"status"`
 
 	// message provides details about the state.
 	Message string `json:"message"`
 
@@ -81,19 +81,24 @@ type ExternalSecretsConfig struct {
 	// +kubebuilder:validation:Optional
 	LogLevel int32 `json:"logLevel,omitempty"`
 
-	// bitwardenSecretManagerProvider is for enabling the bitwarden secrets manager provider and
-	// for setting up the additional service required for connecting with the bitwarden server.
-	// +kubebuilder:validation:Optional
-	BitwardenSecretManagerProvider *BitwardenSecretManagerProvider `json:"bitwardenSecretManagerProvider,omitempty"`
-
 	// operatingNamespace is for restricting the external-secrets operations to provided namespace.
 	// And when enabled `ClusterSecretStore` and `ClusterExternalSecret` are implicitly disabled.
 	// +kubebuilder:validation:Optional
 	OperatingNamespace string `json:"operatingNamespace,omitempty"`
 
+	// bitwardenSecretManagerProvider is for enabling the bitwarden secrets manager provider and
+	// for setting up the additional service required for connecting with the bitwarden server.
+	// +kubebuilder:validation:Optional
+	BitwardenSecretManagerProvider *BitwardenSecretManagerProvider `json:"bitwardenSecretManagerProvider,omitempty"`
+
 	// webhookConfig is for configuring external-secrets webhook specifics.
 	WebhookConfig *WebhookConfig `json:"webhookConfig,omitempty"`
 
+	// CertManagerConfig is for configuring cert-manager specifics, which will be used for generating
+	// certificates for webhook and bitwarden-sdk-server components.
+	// +kubebuilder:validation:Optional
+	CertManagerConfig *CertManagerConfig `json:"certManagerConfig,omitempty"`
+
 	// resources is for defining the resource requirements.
 	// Cannot be updated.
 	// ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
@@ -159,19 +164,16 @@ type WebhookConfig struct {
 	// +kubebuilder:default:="5m"
 	// +kubebuilder:validation:Optional
 	CertificateCheckInterval metav1.Duration `json:"certificateCheckInterval,omitempty"`
-
-	// CertManagerConfig is for configuring cert-manager specifics.
-	// +kubebuilder:validation:Optional
-	CertManagerConfig *CertManagerConfig `json:"certManagerConfig,omitempty"`
 }
 
 // CertManagerConfig is for configuring cert-manager specifics.
-// +kubebuilder:validation:XValidation:rule="!has(oldSelf.issuerRef) && !has(self.issuerRef) || has(oldSelf.issuerRef) && has(self.issuerRef)",message="issuerRef may only be configured during creation"
+// +kubebuilder:validation:XValidation:rule="has(self.addInjectorAnnotations) && self.addInjectorAnnotations != 'false' ? self.enabled != 'false' : true",message="certManagerConfig must have enabled set, to set addInjectorAnnotations"
 type CertManagerConfig struct {
 	// enabled is for enabling the use of cert-manager for obtaining and renewing the
 	// certificates used for webhook server, instead of built-in certificates.
 	// Use `true` or `false` to indicate the preference.
 	// +kubebuilder:default:="false"
+	// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="enabled is immutable once set"
 	// +kubebuilder:validation:Enum:="true";"false"
 	// +kubebuilder:validation:Required
 	Enabled string `json:"enabled,omitempty"`
@@ -198,6 +200,7 @@ type CertManagerConfig struct {
 
 	// certificateRenewBefore is the ahead time to renew the webhook certificate
 	// before expiry.
+	// +kubebuilder:default:="30m"
 	// +kubebuilder:validation:Optional
 	CertificateRenewBefore *metav1.Duration `json:"certificateRenewBefore,omitempty"`
 }
@@ -16,18 +16,20 @@ type ConditionalStatus struct {
 // ObjectReference is a reference to an object with a given name, kind and group.
 type ObjectReference struct {
 	// Name of the resource being referred to.
+	// +kubebuilder:validation:Required
 	Name string `json:"name"`
 	// Kind of the resource being referred to.
-	// +optional
+	// +kubebuilder:validation:Optional
 	Kind string `json:"kind,omitempty"`
 	// Group of the resource being referred to.
-	// +optional
+	// +kubebuilder:validation:Optional
 	Group string `json:"group,omitempty"`
 }
 
 // SecretReference is a reference to the secret with the given name, which should exist
 // in the same namespace where it will be utilized.
 type SecretReference struct {
 	// Name of the secret resource being referred to.
+	// +kubebuilder:validation:Required
 	Name string `json:"name"`
 }
@@ -33,7 +33,7 @@ metadata:
     categories: Security
     console.openshift.io/disable-operand-delete: "true"
     containerImage: ""
-    createdAt: "2025-06-13T05:51:30Z"
+    createdAt: "2025-06-17T11:54:07Z"
     features.operators.openshift.io/cnf: "false"
     features.operators.openshift.io/cni: "false"
     features.operators.openshift.io/csi: "false"
@@ -164,7 +164,7 @@ spec:
     Secrets Manager, HashiCorp Vault, Google Secrets Manager, Azure Key Vault, IBM
     Cloud Secrets Manager to name a few, stores them as secrets in OpenShift. It provides
     APIs to define authentication and the details of the secret to fetch.
-  displayName: external secrets operator for Red Hat OpenShift
+  displayName: External Secrets Operator for Red Hat OpenShift
   icon:
   - base64data: iVBORw0KGgoAAAANSUhEUgAAAVQAAAC1CAYAAAAA/QcmAAARRElEQVR4nO3dTWgjaWLG8cfuj2n3eKbkpqGHkNmqueSwJJH6kLlkEtVcwkII1pLLHhYkJ7AJ5OC6DCQnqZlDAlmwOqfksLgMCSTsBMuBXSZLQGXYHLJM4nKyl82lS9tZyGZMS/J0tz1utyuHXgvbbX2/Ukny/weCGUuqel1tPXq/ay6O41gAgKHNJ10AAJgVBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgAoAhBCoAGEKgYqxehqFOoqiv13/huqrPzak+N6cvXFfPPU/HQTCyMgKDmovjOE66EJhtcaOhg1JJR76vuNmUJM1Zlm4WCrrleZp3nEvfdxqmp++5aM6ydCOX081cTjdyuVEVH+gZgYqR289k9HJ3t+3zN/N53fI8XctkWj/7slzWQanUNkwvmrdt3cjlOgY0MGoEKkbqoFTS4YMHPb123rY17zg6iSKd1GoDn/N6Nqs3CgXdLBQGPgYwCAIVI3MSRWq+915i55+37Va3wlwqlVg5cHUwKIWR+dL3Ez3/Sa2mwwcP1HScV90HjUai5cHso4aKkWk6zlBNd9PmLEtveJ4WSqWki4IZRaBiJF6Gofbv30+6GJeat20tVirnBsEAE2jyYyQOy+Wki9DWSa2m/fv3dZRwlwRmDzVUjEQjlep5ylOS3qpWdd11ky4GZgQ1VBj3olKZijCVpGdMrYJBBCqMO6pUki5Cz05qNb0Mw6SLgRlBoMK4F1MUqNJ0fQFgshGoMOrsev1pwUYrMIVAhVHTWNujyQ9TGOWHMXGjocbSUtLFGMjbOzvMS8XQqKHCmGnrOz2LZj9MIFBhzLPvfjfpIgzsmGY/DKDJDyOiKNLtr35VNw4Oki7KQOZtW1YfdxIALkMNFUb4vq+DmzeTLsbATmq1vm7NAlyGQIURvu/r46OjpIsxFEb7MSwCFQM7iSIdB4H+ZW1NtVpN3zk40E/u3k26WAN7wcAUhnQ96QJg8r0MQx0HgY5/ccfS4+3tc88fvvtu67+/trenf71zR7/05Mm4izk0RvoxLAalcKmXYajDcrmnjU4+WljQd84MRlnS1IbqEh8HDIEmP845iSJ94bqv9gvd2OhpGelPLozsNyX95pMnemxZIyrl6FBLxTAIVLS8qFS0n8m81qQfRFNSutnUD+7cGb5gY0Q/KoZBoELSq5rZ069/faCNTX67w3LTbzx5om/dvq2jW7eGKd7YPPv006SLgClGoELScBstf/PatY7Pf/L8ud4/PNSPpmAGwOd7e0kXAVOMQIWOfH+ou5O+s7enD7q85qd6NQPgW7dva3+C+1bv/OxnCpmPigERqDCy5d7fWpZ6iclPnj9XutnU31iWXiwsDH1e0/7v3j0F9KNiQAQqjKwQervZ1D/02KRvSvqzZlO/cnAwccH6b8+e6cff/77iRiPpomAKEagYqrl/1vt7e/r7Pkb1zwbrRwsLarz1lpFyDOr49m19vLene599pqbj6KBUIljRFyb2Q/W5OaPH+8GdO/rGgJP6P5Dk3bun39rfH/vOVacLFD6Q9E+/+NmcZel2uayb3B0VPSBQoS9c18jc07OGCdVTvyvpj999V7/x+ee6eXhopmCX2LcsfbPZ1A/P/Oxiya9ns3rT9zXvOCMrB6YfTX6M5NYfv/PkiX58546+MsQxvifp9x4/1juHh8pK+vbSkv7jnXeMzRL437t39dHCgpwLYSpJe/funfv/4+1t7WcyU31XAoweNVToZRhq//79kRz7xcKC/mRuTp88f2782B9I+oqkD2xbbx4f69clXbvefr+f2smJHs/P63u1mn6oV3247fynbeuX2/Qtv7m+ThcALkWgQtJomv1n/ejuXX1rb08/HdkZzOrWWUGo4jI0+SFJWiiVRnr89/f29Nnt2/rzHuerJqnbIgVJerayoiPfH3VRMGWooaLlaS6nF1tbIz/PvmXp46Ojc1v+TZJP797V+z0uQeX20ziLQEVL3GhoP5MxNi+1m6dLS/q7kxP9RbPZsT9znP5wYUF/2UfQc3M/nEWTHy1zqZQWKxXNjWmt/WK9rj9qNvXfCwv65N49/dpYztpev2EqvVoUcTDi7hJMD2qoeM2R7+vZykoi5366tKR/vnZNf7W3p/8a0zktSd++e1e/P+BOU3OWpRQrqiACFW0kGaqnni4taXdxUX/9+HHXaU6DsCT9qWXpD46Ohl6Vxag/JAIVHRz5vp573kCbTo/C06UlRYuL+vejI/3jz3+uptR3LfYDvdoQ+2uLi/rVx4+Nle1mPq83GfW/8ghUdPQyDPWF605MqLbzP7bd8fnU/r4W6/WRnf9aOq232Uf1yiNQ0dVJFOlpLqeXu7tJF2WiccdUMMqPruYdR28FgW7m80kXBZhoBCp6MpdK6U3f1+Lm5timVU0TrgkkAhV9upHLyYoi3VheTrooE4XVUpAIVAzgdAHA4uam5rsMBl0VBCokAhVDuJHL6e0w1K1i8co3eW+4btJFwARglB9GnESRDkolHW1sJF2UsWOlFE5RQ4UR846jN31f1qNHV242wBuel3QRMCGooWIkrkqNdd629XYYai6VSroomAAEKkbqJIr0pe/ry3J54ldbDYL9UHEWgYqxOfJ9HZbLM7Piig1RcBGBirE7iSIdlst6UamMbTNr0whTXIZARaJeVCo6qlT0olKZii6BedvWYqVCMx+XIlAxMV6Gob70fR0HwcR1C8xZlt7wvJHfzBDTjUDFRDqJIh0HgV4EgY6DILGugXnb1s1CQbc8j5F8dEWgYiqcRJFehqGOw/BVDTYMR9ZFcC2d1nXX1RuFAk179IVAxVQ7DoJXYRtFihsNvTyzyfPx9nbb911Lp1s1zuuuq/lUStcyGV1nCSmGQKACgCEsPQUAQwhUADCEQAUAQwhUADCEQAUAQwhUADCEQAUAQwhUADCEQAUAQwhUADDketIFAM4Kw/DcIwiCpIsE9IxAHSFTYeA4jhzHMXKsSRNFkXzfVxAECsNQzQF3kIqiSFEUtX1+kGsYhqEaHW4PnclklJrALf3CMJTjOBNZtpkXY2QkGXtYlhUvLy/Hm5ubSf9aRhWLxY6/t6njFIvFvsuWzWY7HrNarfZ9TNPq9Xq8ubkZF4vFOJvNxpZlTUzZriJqqFOi2Wxqa2tLW1tbSqfT8n1fGfbqvLLCMFQul1NtSu/JNasYlJpCu7u7un//vnzfT7ooSEij0SBMJxCBOsVWVlYIVWCCEKhTzvO8joMxAMaHQJ1yzWZTJe7ECUwEBqUSVCwW2z7XaDRaczG7TSXa2NhQuVxmmgyQMAI1Qb3ULBuNhgqFgra2tjq+rlKpqFAodDxOpVJpzffcPXPf+3Q6LcdxlMvllMvljATz2XNd5LqucrnczM9SOF2YEIahoii69Msxm80qk8m0rkk7F/9WunXznM7t7eVYMCjpeVuzTF3mlvaqXq/Htm0PNM+yXq/HxWKxNT+x28OyrLhYLMb1er3v37ffc9m23XWuZ68mZR7qzs5OnM/nu/57tbse6+vrl5al32OZuKboH1d3hEz+Ya+urvYdGDs7O3E6nR7oQ2fbdryzs9Nz+XZ2dgYKEVPXKOlArVarxn7/fD7/WlkI1OnAoNSU6LcZHoahXNc917TvR61Wk+u6lzbZL/J9X/fv37/y8yJN/f4bGxsdu28wuehDnRL9zDc9DdNB18WfajabrVBttw4+CAKtrKwMdZ5xiKKo770VOq3jv8h1XWWzWW1vb/dZssudhqrrukaOhzFJuoo8y2So6ZXP57se6+wa/0Gb+e0e2Wz20nLV6/We+0sHffSqW5N/FI+LfajVatXo8ZeXl3v+WxrFNUX/qKEmqNto62mtqltT0rKs1ghxqVTq2szP5/NyXVeO47R2e+pUs9re3lalUnltFNrzvJ5qwbZtnzvfxVkGs6JdLfV0JN9xHGUyGQVBoCiKtLGx0fF4Z2d2ZLPZc881Go2O1zCdTjONLglJJ/os05hqSmcHXDrVGC3LarsL0fr6esdzXKylPnr0qGu5bNtue75qtdp10KefP89JqKHGcRxvbm62rtf6+nrH2RI7Oztda/idrt8g78NoEagjNI4PtW3brQ/t6Ye53WNtba1jedfW1jq+/9GjRz2/Np1O9zT1qlv3RK8mJVDjOD53nbrp9kVGoE4XmvxTzLIsVSqVVtOuUql0fO1pc7OdTCYjy7LaNuODIGiNPnc6l/RqEK2XJucsNkv72ch6VjcOv6oI1Cll27Yqlcq51UadVs80m019+OGHQ53z7BSqTn2uy8vLM78KqpsoilSpVFqrpC7DCP7sIVCnjGVZ8jxPnue9VrvrZc7oMHo9/lUOijAM5XleT9OnTE2xwuQgUKdMs9lUoVC4tKk87LxTUyaxdprP5/ueLO95Xl+zEXzfn4o5uRgdAjVBcRy/9rNGoyHHcTqGY6lUunSif6f+z3E6XVgwSRzH6btM/fTvVioVwhTshzppUqmUPM/r+JqNjY1LB5cmpWZ4FW/93O3fDFcDgTqBPM+TZVkdX3PZooBugfro0SPFr6bKDfQ4G5QXJ5qftbW1NfL+3EkShmHHxRf5fF7ValX1el1xHGtnZ0fValVra2uybXuMJcWoEagTqJda6vb29ms1wW5N2lwu19P69F5eM85zTbpOXx7FYlG+78t13VYXwun+p57njWza1Cxc12lEoE6oXmqpFwdZcrlcxxrP7u6uXNdtO42n0Wi0PuTdapjdBnhqtZocx2m7qUsQBMpkMjOxBLXTdLWkumG4eWMyCNQJ1UsttVarvfbB6fae3d1dvffee8rlciqXywqCQOVyWYVCQY7j6OHDh61dpjp9KB3HUT6f73iuZrOplZUVpVKpVo0sl8vJcRx9+OGHMxGmUufJ+aVSqW1tMYqikd1gcWtrS47jyPM8lUoleZ4n13UnbrBw5ox9bdYVoi5LF3vRbdNiy7JeW+JpcrepdjvIx/F07TY1yg2md3Z2Or7Otu14dXU1LhaLcbFYjFdXV3v+N2q3hLRerw90PdvtHAYzqKFOuG47UjWbTZXL5XM/q1QqXbsLerWystK2eZ9KpWha6lWzPp1Ot32+Vqvp4cOHevDggR48eKCHDx8OXTtPpVIdBwaRDAJ1whUKha4jweVy+Vyz0nEcBUFgLFQrlUrbpmkul9P6+rqR80yzi19q48DN9iYPgToFeqmlXuw7zWQyiqJo6FpMNptVFEUd+wkLhYKq1aqxAJ9GruuO/YvFdV2trq6O9ZzojECdAr3UUjc2Nl6rRaZSKQVBoPX19b7nO6bTaVWrVQVB0NOKodPZA8VisedgXV1dnalAKBQK2tzc7PlaW5al5eXloc5ZLpe1trZ2pb/MJslcHF+y/hFGdKtZ9tNkC4Kg6wqkbqO4YRjK932FYfjaPeJt224tz8zlckNN92k0Gq2dli5Ovzp7jtPA7/R79XqNuh1nkBFu3/c7jsKfzoxo994gCF67O0E2mz13DRqNRsd+6E7nOKvTNZfUumOA67oTs6JuFhGoAGAITX4AMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBDCFQAMIRABQBD/h+fh1Gb7+ZNngAAAABJRU5ErkJggg==
     mediatype: image/png
@@ -443,6 +443,10 @@ spec:
                   value: oci.external-secrets.io/external-secrets/external-secrets:v0.14.0
                 - name: OPERAND_EXTERNAL_SECRETS_IMAGE_VERSION
                   value: 0.14.0
+                - name: RELATED_IMAGE_BITWARDEN_SDK_SERVER
+                  value: ghcr.io/external-secrets/bitwarden-sdk-server:v0.4.2
+                - name: BITWARDEN_SDK_SERVER_IMAGE_VERSION
+                  value: 0.4.2
                 image: openshift.io/external-secrets-operator:latest
                 livenessProbe:
                   httpGet:
@@ -496,7 +500,7 @@ spec:
   - external-secrets-operator
   links:
   - name: Documentation
-    url: https://docs.openshift.com/container-platform/latest/security/external_secrets_operator/index.html
+    url: https://docs.redhat.com/en/documentation/openshift_container_platform/latest/html/security_and_compliance/external-secrets-operator-for-red-hat-openshift
   - name: External Secrets Operator
     url: https://github.com/openshift/external-secrets-operator/blob/master/README.md
   maintainers:
@@ -509,4 +513,6 @@ spec:
   relatedImages:
   - image: oci.external-secrets.io/external-secrets/external-secrets:v0.14.0
     name: external-secrets
+  - image: ghcr.io/external-secrets/bitwarden-sdk-server:v0.4.2
+    name: bitwarden-sdk-server
   version: 0.1.0