feat: add enforce_namespace to the spec of the sopssecret

isindir · Jun 12, 2024 · 9d51150 · 9d51150
1 parent 828301c
commit 9d51150
Show file tree

Hide file tree

Showing 11 changed files with 154 additions and 107 deletions.
diff --git a/Makefile b/Makefile
@@ -1,7 +1,7 @@
 # UPDATE_HERE
 # !!!!!!! NOTE: GOEXPERIMENT=nocoverageredesign is temp until 1.23.x
 GO := GOEXPERIMENT=nocoverageredesign GOPROXY=https://proxy.golang.org go
-SOPS_SEC_OPERATOR_VERSION := 0.13.0
+SOPS_SEC_OPERATOR_VERSION := 0.13.1
 
 # https://github.com/kubernetes-sigs/controller-tools/releases
 CONTROLLER_GEN_VERSION := "v0.15.0"

diff --git a/README.md b/README.md
@@ -23,7 +23,7 @@ encrypted files stored in `git` repository.
 
 | Kubernetes | Sops | Chart | Operator |
 |---|---|---|---|
-| v1.30.x | v3.8.1 | 0.19.0 | 0.13.0 |
+| v1.30.x | v3.8.1 | 0.19.1 | 0.13.1 |
 | v1.29.x | v3.8.1 | 0.18.6 | 0.12.6 |
 | v1.28.x | v3.8.1 | 0.17.4 | 0.11.4 |
 | v1.27.x | v3.7.3 | 0.15.5 | 0.9.5 |

diff --git a/api/v1alpha3/sopssecret_types.go b/api/v1alpha3/sopssecret_types.go
@@ -27,6 +27,15 @@ type SopsSecretSpec struct {
 	// This flag tells the controller to suspend the reconciliation of this source.
 	//+optional
 	Suspend bool `json:"suspend,omitempty"`
+
+	// EnforceNamespace can be used to enforce the creation of the secrets in the same namespace as the SopsSecret resource.
+	// Must be used together with Spec.Namespace
+	EnforceNamespace bool `json:"enforce_namespace,omitempty"`
+
+	// Namespace can be used to enforce the creation of the secrets in the same namespace as the SopsSecret resource.
+	// Must have same value as the SopsSecret resource namespace and EnforceNamespace must be set to true.
+	//+optional
+	Namespace string `json:"namespace,omitempty"`
 }
 
 // SopsSecretTemplate defines the map of secrets to create

diff --git a/chart/helm3/sops-secrets-operator/Chart.yaml b/chart/helm3/sops-secrets-operator/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 # UPDATE_HERE
-version: 0.19.0
-appVersion: 0.13.0
+version: 0.19.1
+appVersion: 0.13.1
 type: application
 description: Helm chart deploys sops-secrets-operator
 name: sops-secrets-operator

diff --git a/chart/helm3/sops-secrets-operator/README.md b/chart/helm3/sops-secrets-operator/README.md
@@ -134,7 +134,7 @@ The following table lists the configurable parameters of the Sops-secrets-operat
 | healthProbes.readiness | object | `{"initialDelaySeconds":5,"periodSeconds":10}` | Readiness probe configuration |
 | image.pullPolicy | string | `"Always"` | Operator image pull policy |
 | image.repository | string | `"isindir/sops-secrets-operator"` | Operator image name |
-| image.tag | string | `"0.13.0"` | Operator image tag |
+| image.tag | string | `"0.13.1"` | Operator image tag |
 | imagePullSecrets | list | `[]` | Secrets to pull image from private docker repository |
 | initImage.pullPolicy | string | `"Always"` | Init container image pull policy |
 | initImage.repository | string | `"ubuntu"` | Init container image name |

diff --git a/chart/helm3/sops-secrets-operator/tests/operator_test.yaml b/chart/helm3/sops-secrets-operator/tests/operator_test.yaml
@@ -31,8 +31,8 @@ tests:
             app.kubernetes.io/instance: sops
             app.kubernetes.io/managed-by: Helm
             app.kubernetes.io/name: sops-secrets-operator
-            app.kubernetes.io/version: 0.13.0
-            helm.sh/chart: sops-secrets-operator-0.19.0
+            app.kubernetes.io/version: 0.13.1
+            helm.sh/chart: sops-secrets-operator-0.19.1
 
   # custom name
   - it: should correctly render custome name
@@ -170,7 +170,7 @@ tests:
       # UPDATE_HERE
       - equal:
           path: spec.template.spec.containers[0].image
-          value: isindir/sops-secrets-operator:0.13.0
+          value: isindir/sops-secrets-operator:0.13.1
       - equal:
           path: spec.template.spec.containers[0].imagePullPolicy
           value: Always

diff --git a/chart/helm3/sops-secrets-operator/values.yaml b/chart/helm3/sops-secrets-operator/values.yaml
@@ -13,7 +13,7 @@ image:
   # -- Operator image name
   repository: isindir/sops-secrets-operator
   # -- Operator image tag
-  tag: 0.13.0
+  tag: 0.13.1
   # -- Operator image pull policy
   pullPolicy: Always
 

diff --git a/config/crd/bases/isindir.github.com_sopssecrets.yaml b/config/crd/bases/isindir.github.com_sopssecrets.yaml
@@ -535,6 +535,16 @@ spec:
           spec:
             description: SopsSecret Spec definition
             properties:
+              enforce_namespace:
+                description: |-
+                  EnforceNamespace can be used to enforce the creation of the secrets in the same namespace as the SopsSecret resource.
+                  Must be used together with Spec.Namespace
+                type: boolean
+              namespace:
+                description: |-
+                  Namespace can be used to enforce the creation of the secrets in the same namespace as the SopsSecret resource.
+                  Must have same value as the SopsSecret resource namespace and EnforceNamespace must be set to true.
+                type: string
               secretTemplates:
                 description: Secrets template is a list of definitions to create Kubernetes
                   Secrets