Merge pull request #4582 from Infisical/fix/small-patch

feat: fixed broken access-list and update on k8s doc

Author: akhilmhdh

backend/src/ee/routes/v1/secret-router.ts

@@ -34,7 +34,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
         secretName: z.string().trim().describe(RAW_SECRETS.GET_ACCESS_LIST.secretName)
       }),
       querystring: z.object({
-        workspaceId: z.string().trim().describe(RAW_SECRETS.GET_ACCESS_LIST.workspaceId),
+        projectId: z.string().trim().describe(RAW_SECRETS.GET_ACCESS_LIST.projectId),
         environment: z.string().trim().describe(RAW_SECRETS.GET_ACCESS_LIST.environment),
         secretPath: z
           .string()
@@ -54,7 +54,7 @@ export const registerSecretRouter = async (server: FastifyZodProvider) => {
     onRequest: verifyAuth([AuthMode.JWT]),
     handler: async (req) => {
       const { secretName } = req.params;
-      const { secretPath, environment, workspaceId: projectId } = req.query;
+      const { secretPath, environment, projectId } = req.query;
 
       return server.services.secret.getSecretAccessList({
         actorId: req.permission.id,

backend/src/ee/services/secret-rotation-v2/redis-credentials/redis-credentials-rotation-fns.ts

@@ -10,12 +10,12 @@ import {
 } from "@app/ee/services/secret-rotation-v2/secret-rotation-v2-types";
 import { BadRequestError } from "@app/lib/errors";
 
+import { verifyHostInputValidity } from "../../dynamic-secret/dynamic-secret-fns";
 import { DEFAULT_PASSWORD_REQUIREMENTS, generatePassword } from "../shared/utils";
 import {
   TRedisCredentialsRotationGeneratedCredentials,
   TRedisCredentialsRotationWithConnection
 } from "./redis-credentials-rotation-types";
-import { verifyHostInputValidity } from "../../dynamic-secret/dynamic-secret-fns";
 
 const redactPasswords = (e: unknown, credentials: TRedisCredentialsRotationGeneratedCredentials) => {
   const error = e as Error;

backend/src/lib/api-docs/constants.ts

@@ -1049,7 +1049,7 @@ export const RAW_SECRETS = {
   },
   GET_ACCESS_LIST: {
     secretName: "The name of the secret to get the access list for.",
-    workspaceId: "The ID of the project where the secret is located.",
+    projectId: "The ID of the project where the secret is located.",
     environment: "The slug of the environment where the the secret is located.",
     secretPath: "The folder path where the secret is located."
   }

backend/src/services/certificate-authority/acme/acme-certificate-authority-fns.ts

@@ -24,8 +24,8 @@ import {
 import { TKmsServiceFactory } from "@app/services/kms/kms-service";
 import { TPkiSubscriberDALFactory } from "@app/services/pki-subscriber/pki-subscriber-dal";
 import { TPkiSyncDALFactory } from "@app/services/pki-sync/pki-sync-dal";
-import { triggerAutoSyncForSubscriber } from "@app/services/pki-sync/pki-sync-utils";
 import { TPkiSyncQueueFactory } from "@app/services/pki-sync/pki-sync-queue";
+import { triggerAutoSyncForSubscriber } from "@app/services/pki-sync/pki-sync-utils";
 import { TProjectDALFactory } from "@app/services/project/project-dal";
 import { getProjectKmsCertificateKeyId } from "@app/services/project/project-fns";
 

backend/src/services/certificate-authority/azure-ad-cs/azure-ad-cs-certificate-authority-fns.ts

@@ -27,8 +27,8 @@ import { TKmsServiceFactory } from "@app/services/kms/kms-service";
 import { TPkiSubscriberDALFactory } from "@app/services/pki-subscriber/pki-subscriber-dal";
 import { TPkiSubscriberProperties } from "@app/services/pki-subscriber/pki-subscriber-types";
 import { TPkiSyncDALFactory } from "@app/services/pki-sync/pki-sync-dal";
-import { triggerAutoSyncForSubscriber } from "@app/services/pki-sync/pki-sync-utils";
 import { TPkiSyncQueueFactory } from "@app/services/pki-sync/pki-sync-queue";
+import { triggerAutoSyncForSubscriber } from "@app/services/pki-sync/pki-sync-utils";
 import { TProjectDALFactory } from "@app/services/project/project-dal";
 import { getProjectKmsCertificateKeyId } from "@app/services/project/project-fns";
 

backend/src/services/certificate-authority/internal/internal-certificate-authority-fns.ts

@@ -20,8 +20,8 @@ import {
 } from "@app/services/certificate/certificate-types";
 import { TKmsServiceFactory } from "@app/services/kms/kms-service";
 import { TPkiSyncDALFactory } from "@app/services/pki-sync/pki-sync-dal";
-import { triggerAutoSyncForSubscriber } from "@app/services/pki-sync/pki-sync-utils";
 import { TPkiSyncQueueFactory } from "@app/services/pki-sync/pki-sync-queue";
+import { triggerAutoSyncForSubscriber } from "@app/services/pki-sync/pki-sync-utils";
 import { TProjectDALFactory } from "@app/services/project/project-dal";
 import { getProjectKmsCertificateKeyId } from "@app/services/project/project-fns";
 

backend/src/services/pki-subscriber/pki-subscriber-service.ts

@@ -38,8 +38,8 @@ import { TCertificateAuthoritySecretDALFactory } from "@app/services/certificate
 import { TKmsServiceFactory } from "@app/services/kms/kms-service";
 import { TPkiSubscriberDALFactory } from "@app/services/pki-subscriber/pki-subscriber-dal";
 import { TPkiSyncDALFactory } from "@app/services/pki-sync/pki-sync-dal";
-import { triggerAutoSyncForSubscriber } from "@app/services/pki-sync/pki-sync-utils";
 import { TPkiSyncQueueFactory } from "@app/services/pki-sync/pki-sync-queue";
+import { triggerAutoSyncForSubscriber } from "@app/services/pki-sync/pki-sync-utils";
 import { TProjectDALFactory } from "@app/services/project/project-dal";
 import { getProjectKmsCertificateKeyId } from "@app/services/project/project-fns";
 

backend/src/services/secret-v2-bridge/secret-v2-bridge-fns.ts

@@ -782,7 +782,7 @@ export const expandSecretReferencesFactory = ({
 };
 
 export const reshapeBridgeSecret = (
-  workspaceId: string,
+  projectId: string,
   environment: string,
   secretPath: string,
   secret: Omit<TSecretsV2, "encryptedValue" | "encryptedComment"> & {
@@ -809,7 +809,8 @@ export const reshapeBridgeSecret = (
 ) => ({
   secretKey: secret.key,
   secretPath,
-  workspace: workspaceId,
+  workspace: projectId,
+  projectId,
   environment,
   secretComment: secret.comment || "",
   version: secret.version,

backend/src/services/webhook/webhook-fns.ts

@@ -94,6 +94,7 @@ export const getWebhookPayload = (event: TWebhookPayloads) => {
           event: event.type,
           project: {
             workspaceId: projectId,
+            projectId,
             projectName,
             environment,
             secretPath
@@ -147,6 +148,7 @@ export const getWebhookPayload = (event: TWebhookPayloads) => {
         event: event.type,
         project: {
           workspaceId: projectId,
+          projectId,
           projectName,
           environment,
           secretPath,

docs/integrations/platforms/kubernetes/infisical-secret-crd.mdx

@@ -68,6 +68,22 @@ When `hostAPI` is not defined the operator fetches secrets from Infisical Cloud.
   available on paid plans. Default re-sync interval is every 1 minute.
 </Accordion>
 
+<Accordion title="instantUpdates">
+  This property enables instant updates from Infisical. When set to true,
+  changes made to secrets in Infisical will be immediately pushed to the
+  operator, triggering a configuration update. This reduces the need for
+  periodic re-syncs.
+
+<Info>
+    Note that `Instant Updates` is a paid feature.
+
+    If you're using Infisical Cloud, then it is available under the **Pro**,
+    and **Enterprise Tier** with varying retention periods. If you're self-hosting Infisical,
+    then you should contact [email protected] to purchase an enterprise license to use it.
+
+</Info>
+</Accordion>
+
 <Accordion title="tls">
   This block defines the TLS settings to use for connecting to the Infisical
   instance.