diff --git a/README.md b/README.md index f67018ec..eedc557b 100644 --- a/README.md +++ b/README.md @@ -343,7 +343,7 @@ Labels: app=raw release=apikeynspace1-es-docker-uc Annotations: meta.helm.sh/release-name: apikeynspace1-es-docker-uc meta.helm.sh/release-namespace: apikeynspace1 -API Version: external-secrets.io/v1beta1 +API Version: external-secrets.io/v1 Kind: ExternalSecret Metadata: (...) @@ -469,23 +469,10 @@ data: ## Usage ```hcl -module "es_kubernetes_secret" { - source = "../modules/eso-external-secret" - es_kubernetes_secret_type = "dockerconfigjson" - sm_secret_type = "iam_credentials" - sm_secret_id = module.docker_config.serviceid_apikey_secret_id - eso_setup = true - es_kubernetes_namespaces = var.es_kubernetes_namespaces - es_docker_email = "terraform@ibm.com" - eso_generic_secret_apikey = data.ibm_secrets_manager_secret.secret_puller_secret.api_key # pragma: allowlist secret - secrets_manager_guid = module.secrets_manager_iam_configuration.secrets_manager_guid - region = "us-south" - es_kubernetes_secret_name = "dockerconfigjson-iam" - depends_on = [ - kubernetes_namespace.cluster_namespaces - ] - es_kubernetes_secret_data_key = "apiKey" - es_helm_rls_name = "es-docker-iam" +# Replace "master" with a GIT release version to lock into a specific release +module "external_secrets_operator" { + source = "git::https://github.com/terraform-ibm-modules/terraform-ibm-external-secrets-operator.git?ref=master" + eso_namespace = var.eso_namespace } ``` diff --git a/examples/all-combined/main.tf b/examples/all-combined/main.tf index 2ae47d6c..b4107a6f 100644 --- a/examples/all-combined/main.tf +++ b/examples/all-combined/main.tf @@ -186,7 +186,7 @@ module "network_acl" { # OCP CLUSTER creation module "ocp_base" { source = "terraform-ibm-modules/base-ocp-vpc/ibm" - version = "3.46.17" + version = "3.48.3" cluster_name = "${var.prefix}-vpc" resource_group_id = module.resource_group.resource_group_id region = var.region diff --git a/examples/all-combined/privatecertificate.tf b/examples/all-combined/privatecertificate.tf index 13c4d3e8..ddc0370f 100644 --- a/examples/all-combined/privatecertificate.tf +++ b/examples/all-combined/privatecertificate.tf @@ -13,7 +13,7 @@ locals { # private certificate engine module "secrets_manager_private_secret_engine" { source = "terraform-ibm-modules/secrets-manager-private-cert-engine/ibm" - version = "1.4.0" + version = "1.5.2" secrets_manager_guid = local.sm_guid region = local.sm_region root_ca_name = var.pvt_ca_name != null ? var.pvt_ca_name : "pvt-${var.prefix}-project-root-ca" diff --git a/examples/all-combined/secretsmanager.tf b/examples/all-combined/secretsmanager.tf index 23bc2feb..5c83ac60 100644 --- a/examples/all-combined/secretsmanager.tf +++ b/examples/all-combined/secretsmanager.tf @@ -36,7 +36,7 @@ resource "ibm_resource_instance" "secrets_manager" { # create secrets group for secrets module "secrets_manager_group" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.3.5" + version = "1.3.7" region = local.sm_region secrets_manager_guid = local.sm_guid secret_group_name = "${var.prefix}-secret-group" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value @@ -49,7 +49,7 @@ module "secrets_manager_group" { # additional secrets manager secret group for service level secrets module "secrets_manager_group_acct" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.3.5" + version = "1.3.7" region = local.sm_region secrets_manager_guid = local.sm_guid #tfsec:ignore:general-secrets-no-plaintext-exposure diff --git a/examples/all-combined/tpauth_cluster_sstore.tf b/examples/all-combined/tpauth_cluster_sstore.tf index 81f94da6..4c5d4f34 100644 --- a/examples/all-combined/tpauth_cluster_sstore.tf +++ b/examples/all-combined/tpauth_cluster_sstore.tf @@ -7,7 +7,7 @@ # creating a secrets group for clustersecretstore with trustedprofile auth module "tp_clusterstore_secrets_manager_group" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.3.5" + version = "1.3.7" region = local.sm_region secrets_manager_guid = local.sm_guid secret_group_name = "${var.prefix}-cpstore-tp-secret-group" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value diff --git a/examples/all-combined/tpauth_namespaced_sstore.tf b/examples/all-combined/tpauth_namespaced_sstore.tf index b814b308..b7e3d912 100644 --- a/examples/all-combined/tpauth_namespaced_sstore.tf +++ b/examples/all-combined/tpauth_namespaced_sstore.tf @@ -40,7 +40,7 @@ module "eso_tp_namespace_secretstores" { # creating a secrets group for each namespace to be used for namespaced secretstores with trustedprofile auth module "tp_secrets_manager_groups" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.3.5" + version = "1.3.7" count = length(var.es_namespaces_tp) region = local.sm_region secrets_manager_guid = local.sm_guid @@ -140,7 +140,7 @@ module "eso_tp_namespace_secretstore_multisg" { # creating two secrets groups for a single namespace to test trusted profile policy on multiple secrets groups module "tp_secrets_manager_group_multi_1" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.3.5" + version = "1.3.7" region = local.sm_region secrets_manager_guid = local.sm_guid secret_group_name = "${var.prefix}-tp-secret-group-multisg-1" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value @@ -152,7 +152,7 @@ module "tp_secrets_manager_group_multi_1" { module "tp_secrets_manager_group_multi_2" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.3.5" + version = "1.3.7" region = local.sm_region secrets_manager_guid = local.sm_guid secret_group_name = "${var.prefix}-tp-secret-group-multisg-21" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value @@ -285,7 +285,7 @@ module "eso_tp_namespace_secretstore_nosecgroup" { # creating secrets group for a single namespace to test trusted profile policy without any secret group in the TP policy module "tp_secrets_manager_group_not_for_policy" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.3.5" + version = "1.3.7" region = local.sm_region secrets_manager_guid = local.sm_guid secret_group_name = "${var.prefix}-tp-secret-group-not-for-policy" #checkov:skip=CKV_SECRET_6: does not require high entropy string as is static value diff --git a/examples/basic/main.tf b/examples/basic/main.tf index 9855be9b..bbec78d4 100644 --- a/examples/basic/main.tf +++ b/examples/basic/main.tf @@ -198,7 +198,7 @@ module "network_acl" { # OCP CLUSTER creation module "ocp_base" { source = "terraform-ibm-modules/base-ocp-vpc/ibm" - version = "3.46.17" + version = "3.48.3" cluster_name = "${var.prefix}-vpc" resource_group_id = module.resource_group.resource_group_id region = var.region @@ -267,7 +267,7 @@ resource "ibm_resource_instance" "secrets_manager" { # Additional Secrets-Manager Secret-Group for SERVICE level secrets module "secrets_manager_group_acct" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.3.5" + version = "1.3.7" region = local.sm_region secrets_manager_guid = local.sm_guid #tfsec:ignore:general-secrets-no-plaintext-exposure diff --git a/examples/basic/version.tf b/examples/basic/version.tf index b55f4153..310c4b01 100644 --- a/examples/basic/version.tf +++ b/examples/basic/version.tf @@ -15,7 +15,7 @@ terraform { } ibm = { source = "IBM-Cloud/ibm" - version = "= 1.76.0" + version = "= 1.78.2" } null = { source = "hashicorp/null" diff --git a/examples/trusted-profiles-authentication/main.tf b/examples/trusted-profiles-authentication/main.tf index 830d1726..1b4caa28 100644 --- a/examples/trusted-profiles-authentication/main.tf +++ b/examples/trusted-profiles-authentication/main.tf @@ -41,7 +41,7 @@ resource "ibm_resource_instance" "secrets_manager" { module "secrets_manager_groups" { source = "terraform-ibm-modules/secrets-manager-secret-group/ibm" - version = "1.3.5" + version = "1.3.7" count = length(kubernetes_namespace.examples) region = local.sm_region secrets_manager_guid = local.sm_guid diff --git a/modules/eso-clusterstore/main.tf b/modules/eso-clusterstore/main.tf index ab6d0f4a..916475cf 100644 --- a/modules/eso-clusterstore/main.tf +++ b/modules/eso-clusterstore/main.tf @@ -36,7 +36,7 @@ resource "helm_release" "cluster_secret_store_apikey" { values = [ <<-EOF resources: - - apiVersion: external-secrets.io/v1beta1 + - apiVersion: external-secrets.io/v1 kind: ClusterSecretStore metadata: name: "${var.clusterstore_name}" @@ -70,7 +70,7 @@ resource "helm_release" "cluster_secret_store_tp" { values = [ <<-EOF resources: - - apiVersion: external-secrets.io/v1beta1 + - apiVersion: external-secrets.io/v1 kind: ClusterSecretStore metadata: name: "${var.clusterstore_name}" diff --git a/modules/eso-external-secret/main.tf b/modules/eso-external-secret/main.tf index a64596ee..19fc3cd2 100644 --- a/modules/eso-external-secret/main.tf +++ b/modules/eso-external-secret/main.tf @@ -112,7 +112,7 @@ resource "helm_release" "kubernetes_secret" { values = [ <<-EOF resources: - - apiVersion: external-secrets.io/v1beta1 + - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: "${var.es_kubernetes_secret_name}" @@ -151,7 +151,7 @@ resource "helm_release" "kubernetes_secret_chain_list" { values = [ <<-EOF resources: - - apiVersion: external-secrets.io/v1beta1 + - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: "${var.es_kubernetes_secret_name}" @@ -193,7 +193,7 @@ resource "helm_release" "kubernetes_secret_user_pw" { values = [ <<-EOF resources: - - apiVersion: external-secrets.io/v1beta1 + - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: "${var.es_kubernetes_secret_name}" @@ -237,7 +237,7 @@ resource "helm_release" "kubernetes_secret_certificate" { values = [ <<-EOF resources: - - apiVersion: external-secrets.io/v1beta1 + - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: "${var.es_kubernetes_secret_name}" @@ -274,7 +274,7 @@ resource "helm_release" "kubernetes_secret_kv_key" { values = [ <<-EOF resources: - - apiVersion: external-secrets.io/v1beta1 + - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: "${var.es_kubernetes_secret_name}" @@ -314,7 +314,7 @@ resource "helm_release" "kubernetes_secret_kv_all" { values = [ <<-EOF resources: - - apiVersion: external-secrets.io/v1beta1 + - apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: "${var.es_kubernetes_secret_name}" diff --git a/modules/eso-secretstore/main.tf b/modules/eso-secretstore/main.tf index 77c3d755..a5772431 100644 --- a/modules/eso-secretstore/main.tf +++ b/modules/eso-secretstore/main.tf @@ -31,7 +31,7 @@ resource "helm_release" "external_secret_store_apikey" { values = [ <<-EOF resources: - - apiVersion: external-secrets.io/v1beta1 + - apiVersion: external-secrets.io/v1 kind: SecretStore metadata: name: "${var.sstore_store_name}" @@ -60,7 +60,7 @@ resource "helm_release" "external_secret_store_tp" { values = [ <<-EOF resources: - - apiVersion: external-secrets.io/v1beta1 + - apiVersion: external-secrets.io/v1 kind: SecretStore metadata: name: "${var.sstore_store_name}"