Merge branch 'main' into chore/install-securitycontext-initcontainer

.github/dependabot.yml

@@ -0,0 +1,7 @@
+---
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "weekly"

.github/workflows/codeql.yml

@@ -20,13 +20,13 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v1
+      uses: github/codeql-action/init@v2
       with:
         languages: ${{ matrix.language }}
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v1
+      uses: github/codeql-action/analyze@v2

.github/workflows/pipeline.yml

@@ -14,10 +14,10 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Set up Docker
-        uses: docker/setup-buildx-action@v1
+        uses: docker/setup-buildx-action@v2
 
       - name: Download deps
         run: docker build . -t ci
@@ -27,7 +27,7 @@ jobs:
         run: docker run --network none --env GOPATH="" --rm -v $PWD:/go/work ci make quality
 
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v1
+        uses: codecov/codecov-action@v3
 
       - name: Build and test plugin
         run: docker run --network none --env GOPATH="" --rm -v $PWD:/go/work ci make e2e
@@ -37,10 +37,10 @@ jobs:
     runs-on: macos-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
 
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
         with:
           go-version: 1.17.8
 

.github/workflows/release.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 0
 
@@ -19,12 +19,12 @@ jobs:
         run: echo ::set-output name=tag::${GITHUB_REF#refs/*/}
 
       - name: Set up Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v4
         with:
           go-version: 1.17.8
 
       - name: Install git-chglog
-        run: GO111MODULE=off go get github.com/git-chglog/git-chglog/cmd/git-chglog
+        run: go install github.com/git-chglog/git-chglog/cmd/git-chglog@latest
 
       - name: generate changelog
         run: |
@@ -34,7 +34,7 @@ jobs:
             ${{ steps.tag.outputs.tag }}
 
       - name: Run GoReleaser
-        uses: goreleaser/goreleaser-action@v2
+        uses: goreleaser/goreleaser-action@v4
         with:
           distribution: goreleaser
           version: latest

Dockerfile

@@ -1,13 +1,9 @@
-# golang:1.17-alpine
-FROM golang@sha256:f4ece20984a30d1065b04653bf6781f51ab63421b4b8f011565de0401cfe58d7
-
-RUN apk add make git
+FROM index.docker.io/golang:1.17@sha256:55636cf1983628109e569690596b85077f45aca810a77904e8afad48b49aa500
 
 ADD go.mod go.mod
 ADD go.sum go.sum
 
 ENV GOPATH=""
-ENV CGO_ENABLED=0
 RUN go mod download
 
 VOLUME work

Makefile

@@ -4,7 +4,7 @@ default: build
 
 quality:
 	go vet github.com/argoproj-labs/argocd-vault-plugin
-	go test -v -coverprofile cover.out ./...
+	go test -race -v -coverprofile cover.out ./...
 
 build:
 	go build -o ${BINARY} .

USERS.md

@@ -4,6 +4,8 @@ Currently, the following organizations are using argocd-vault-plugin:
 
 * [Aveniq](https://aveniq.ch/)
 * [Boozt](https://www.booztgroup.com/)
+* [Close](https://www.close.com/)
 * [Everly Health](https://www.everlyhealth.com/)
 * [IBM](https://www.ibm.com/)
 * [Orange](https://www.orange.com)
+* [SAP](https://www.sap.com)

cmd/generate.go

@@ -2,6 +2,7 @@ package cmd
 
 import (
 	"fmt"
+	"regexp"
 	"strconv"
 	"strings"
 
@@ -76,8 +77,15 @@ func NewGenerateCommand() *cobra.Command {
 			}
 
 			for _, manifest := range manifests {
+				var pathValidation *regexp.Regexp
+				if rexp := v.GetString(types.EnvPathValidation); rexp != "" {
+					pathValidation, err = regexp.Compile(rexp)
+					if err != nil {
+						return fmt.Errorf("%s is not a valid regular expression: %s", rexp, err)
+					}
+				}
 
-				template, err := kube.NewTemplate(manifest, cmdConfig.Backend)
+				template, err := kube.NewTemplate(manifest, cmdConfig.Backend, pathValidation)
 				if err != nil {
 					return err
 				}

cmd/generate_test.go

@@ -224,10 +224,37 @@ func TestMain(t *testing.T) {
 		}
 	})
 
+	t.Run("will return that path validation env is not valid", func(t *testing.T) {
+		args := []string{"../fixtures/input/nonempty"}
+		cmd := NewGenerateCommand()
+
+		// set specific env and register cleanup func
+		os.Setenv("AVP_PATH_VALIDATION", `^\/(?!\/)(.*?)`)
+		t.Cleanup(func() {
+			os.Unsetenv("AVP_PATH_VALIDATION")
+		})
+
+		b := bytes.NewBufferString("")
+		cmd.SetArgs(args)
+		cmd.SetErr(b)
+		cmd.SetOut(bytes.NewBufferString(""))
+		cmd.Execute()
+		out, err := ioutil.ReadAll(b) // Read buffer to bytes
+		if err != nil {
+			t.Fatal(err)
+		}
+
+		expected := "^\\/(?!\\/)(.*?) is not a valid regular expression: error parsing regexp: invalid or unsupported Perl syntax: `(?!`"
+		if !strings.Contains(string(out), expected) {
+			t.Fatalf("expected to contain: %s but got %s", expected, out)
+		}
+	})
+
 	os.Unsetenv("AVP_TYPE")
 	os.Unsetenv("VAULT_ADDR")
 	os.Unsetenv("AVP_AUTH_TYPE")
 	os.Unsetenv("AVP_SECRET_ID")
 	os.Unsetenv("AVP_ROLE_ID")
 	os.Unsetenv("VAULT_SKIP_VERIFY")
+	os.Unsetenv("AVP_PATH_VALIDATION")
 }