fix: the secret is now found

DelineaXPM · Sep 5, 2023 · f4ce3c6 · f4ce3c6
1 parent fbc112d
commit f4ce3c6
Show file tree

Hide file tree

Showing 10 changed files with 35 additions and 20 deletions.
diff --git a/.aqua/aqua.yaml b/.aqua/aqua.yaml
@@ -6,7 +6,7 @@ checksum:
   require_checksum: false
 registries:
   - type: standard
-    ref: v4.39.0 # renovate: depName=aquaproj/aqua-registry
+    ref: v4.44.1 # renovate: depName=aquaproj/aqua-registry
   - name: local
     type: local
     path: registry.yaml
@@ -43,3 +43,4 @@ packages:
     registry: local
     tags: ['goinstall']
   - name: DelineaXPM/dsv-cli@v1.40.5
+  - name: gitleaks/gitleaks@v8.18.0
diff --git a/.trunk/.gitignore b/.trunk/.gitignore
@@ -2,7 +2,7 @@
 *logs
 *actions
 *notifications
+*tools
 plugins
 user_trunk.yaml
 user.yaml
-tools
diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml
@@ -2,7 +2,7 @@ version: 0.1
 plugins:
   sources:
     - id: trunk
-      ref: v1.0.0
+      ref: v1.2.1
       uri: https://github.com/trunk-io/plugins
 actions:
   enabled:
@@ -30,7 +30,7 @@ actions:
     - id: helm-lint
       # runtime: go
       description: run helm lint on pre-push
-      run: 'helm lint --quiet --strict charts/*'
+      run: 'helm lint --quiet charts/*'
       triggers:
         - git_hooks: [pre-push]
 runtimes:
@@ -39,7 +39,7 @@ runtimes:
     - node@18.12.1
     - python@3.10.8
 cli:
-  version: 1.13.0
+  version: 1.15.0
 lint:
   threshold:
     - linters: [gitleaks]
@@ -48,16 +48,22 @@ lint:
     - cspell
     - gofmt
   enabled:
+    - checkov@2.4.9
+    - gokart@0.5.1
+    - osv-scanner@1.3.6
+    - terrascan@1.18.3
+    - trivy@0.44.1
+    - trufflehog@3.54.3
     - gofumpt@0.5.0
-    - renovate@36.49.0
+    - renovate@36.81.0
     - golangci-lint@SYSTEM
     - git-diff-check
     - taplo@0.8.1
-    - markdownlint@0.35.0
-    - prettier@3.0.2
+    - markdownlint@0.36.0
+    - prettier@3.0.3
     - actionlint@1.6.25
     - hadolint@2.12.0
-    - gitleaks@8.17.0
+    - gitleaks@8.18.0
     - shellcheck@0.9.0
     - shfmt@3.6.0
     - yamllint@1.32.0
@@ -69,7 +75,7 @@ lint:
     - actionlint@1.6.25
     - gitleaks@8.15.3
     - hadolint@2.12.0
-    - markdownlint@0.35.0
+    - markdownlint@0.36.0
     - shellcheck@0.9.0
     - shfmt@3.6.0
 

diff --git a/Tiltfile b/Tiltfile
@@ -175,7 +175,7 @@ local_resource(
   deps=['.cache/'],
   resource_deps=[
     "job:init",
-    "job:rebuildimages"
+    # "job:rebuildimages"
   ],
   auto_init=False,
   labels=["deploy"],
@@ -217,4 +217,4 @@ local_resource(
   labels=["setup"],
 )
 
-# k8s_resource('injector', resource_deps='minikube:init', pod_readiness='ignore')
+# k8s_resource('injector', resource_deps='minikube:init', pod_readiness='ignore')
diff --git a/charts/dsv-syncer/templates/syncer-cronjob.yaml b/charts/dsv-syncer/templates/syncer-cronjob.yaml
@@ -43,4 +43,4 @@ spec:
           volumes:
             - name: credentials
               secret:
-                secretName: {{ .Values.dsvInjectorCredentialsSecretName }}
+                secretName: {{ .Values.dsvInjectorCredentialsSecretName }}
diff --git a/docs/setup-developer.md b/docs/setup-developer.md
@@ -15,6 +15,11 @@
 
 As always, the source of truth is `mage` so if the task names in the doc don't work, check the CLI for the proper commands.
 
+## Optional
+
+If you are using codespaces, most of the tooling should be ready out of the box as long as you open `zsh` terminal.
+Run `tilt up` and then you can invoke much of this (including watch the logs stream) from the terminal.
+
 ## Reference
 
 - Optional: [devcontainer/codespaces](devcontainer.md)

diff --git a/examples/add-to-secret.yml b/examples/add-to-secret.yml
@@ -1,10 +1,11 @@
+# trunk-ignore-all(trivy,checkov,gitleaks): ignore, examples file with hard coded values
 ---
 apiVersion: v1
 kind: Secret
 metadata:
   name: user-domain
   annotations:
-    dsv.delinea.com/add-to-secret: 'tests:dsv-k8s'
+    dsv.delinea.com/add-to-secret: 'tests:dsv-k8s:food'
 type: Opaque
 data:
   username: dW5tb2RpZmllZC11c2VybmFtZQ==

diff --git a/examples/set-secret.yml b/examples/set-secret.yml
@@ -1,11 +1,12 @@
+# trunk-ignore-all(trivy,checkov,gitleaks): ignore, examples file with hard coded values
 ---
 apiVersion: v1
 kind: Secret
 metadata:
   name: user-domain-pass
   annotations:
     # dsv.delinea.com/credentials: app1 # or default if not using multiple credentials
-    dsv.delinea.com/set-secret: 'tests:dsv-k8s'
+    dsv.delinea.com/set-secret: 'tests:dsv-k8s:food'
 type: Opaque
 data:
   username: dW5tb2RpZmllZC11c2VybmFtZQ==

diff --git a/examples/update-secret.yml b/examples/update-secret.yml
@@ -1,10 +1,11 @@
+# trunk-ignore-all(trivy,checkov,gitleaks): ignore, examples file with hard coded values
 ---
 apiVersion: v1
 kind: Secret
 metadata:
   name: pass-domain
   annotations:
-    dsv.delinea.com/update-secret: 'tests:dsv-k8s'
+    dsv.delinea.com/update-secret: 'tests:dsv-k8s:food'
 type: Opaque
 data:
   password: dW5tb2RpZmllZC1wYXNzd29yZA==

diff --git a/magefiles/vault/vault.mage.go b/magefiles/vault/vault.mage.go
@@ -194,14 +194,14 @@ func (DSV) ConvertClientToCredentials() error {
 	}{
 		Default: struct {
 			Credentials struct {
-				ClientID     string `json:"clientId"`
-				ClientSecret string `json:"clientSecret"`
+				ClientID     string `json:"clientId"`     //nolint:tagliatelle // json tag required as is
+				ClientSecret string `json:"clientSecret"` //nolint:tagliatelle // json tag required as is
 			} `json:"credentials"`
 			Tenant string `json:"tenant"`
 		}{
 			Credentials: struct {
-				ClientID     string `json:"clientId"`
-				ClientSecret string `json:"clientSecret"`
+				ClientID     string `json:"clientId"`     //nolint:tagliatelle // json tag required as is
+				ClientSecret string `json:"clientSecret"` //nolint:tagliatelle // json tag required as is
 			}{
 				ClientID:     data.ClientID,
 				ClientSecret: data.ClientSecret,