bump: v0.21.4 (#334)

* intermediate

Signed-off-by: Volkan Özçelik <[email protected]>

* refactoring

Signed-off-by: Volkan Özçelik <[email protected]>

* Squashed commit of the following:

commit e856f8f
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date:   Mon Nov 27 19:18:53 2023 -0800

    Bump github.com/go-jose/go-jose/v3 from 3.0.0 to 3.0.1 (#333)

    Bumps [github.com/go-jose/go-jose/v3](https://github.com/go-jose/go-jose) from 3.0.0 to 3.0.1.
    - [Release notes](https://github.com/go-jose/go-jose/releases)
    - [Changelog](https://github.com/go-jose/go-jose/blob/v3/CHANGELOG.md)
    - [Commits](go-jose/go-jose@v3.0.0...v3.0.1)

    ---
    updated-dependencies:
    - dependency-name: github.com/go-jose/go-jose/v3
      dependency-type: indirect
    ...

    Signed-off-by: dependabot[bot] <[email protected]>
    Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

commit f7d9588
Merge: 9bf2d49 56d453b
Author: Abhishek <[email protected]>
Date:   Mon Nov 13 15:54:19 2023 +0530

    Merge pull request #332 from huseyingulec/fix

    Update the links for `edit this page on GitHub`

commit 56d453b
Author: Huseyin Gulec <[email protected]>
Date:   Sun Nov 12 12:48:30 2023 +0100

    update links

    Signed-off-by: Huseyin Gulec <[email protected]>

commit 9bf2d49
Author: Huseyin Gulec <[email protected]>
Date:   Sun Nov 12 04:23:01 2023 +0100

    resolves #328 (#330)

    Signed-off-by: Huseyin Gulec <[email protected]>

Signed-off-by: Volkan Özçelik <[email protected]>

* before running make helm-chart-release

Signed-off-by: Volkan Özçelik <[email protected]>

* added helm charts and k8s manifests

Signed-off-by: Volkan Özçelik <[email protected]>

* list secrets

Signed-off-by: Volkan Özçelik <[email protected]>

* Dockerfile updates

Signed-off-by: Volkan Özçelik <[email protected]>

* remove 0.21.4 helm chart

I‘ll add it to gh-pages branch instead.

Signed-off-by: Volkan Özçelik <[email protected]>

* what do I need to know?

This was a community question — addressing here.

Signed-off-by: Volkan Özçelik <[email protected]>

* minor.

Signed-off-by: Volkan Özçelik <[email protected]>

* Doc order change

Signed-off-by: Volkan Özçelik <[email protected]>

* add 0.21.4 remove 0.21.3

Signed-off-by: Volkan Özçelik <[email protected]>

---------

Signed-off-by: Volkan Özçelik <[email protected]>

Makefile

@@ -12,7 +12,7 @@
 ifdef VSECM_VERSION
 	VERSION := $(VSECM_VERSION)
 else
-	VERSION := 0.21.3
+	VERSION := 0.21.4
 endif
 
 IMAGE=distroless

app/sentinel/cmd/help.go

@@ -0,0 +1,57 @@
+/*
+|    Protect your secrets, protect your sensitive data.
+:    Explore VMware Secrets Manager docs at https://vsecm.com/
+</
+<>/  keep your secrets… secret
+>/
+<>/' Copyright 2023–present VMware, Inc.
+>/'  SPDX-License-Identifier: BSD-2-Clause
+*/
+
+package main
+
+import (
+	"fmt"
+	"github.com/akamensky/argparse"
+)
+
+func printUsage(parser *argparse.Parser) {
+	fmt.Print(parser.Usage("safe"))
+}
+
+func printWorkloadNameNeeded() {
+	fmt.Println("Please provide a workload name.")
+	fmt.Println("")
+	fmt.Println("type `safe -h` (without backticks) and press return for help.")
+	fmt.Println("")
+}
+
+func printSecretNeeded() {
+	fmt.Println("Please provide a secret.")
+	fmt.Println("")
+	fmt.Println("type `safe -h` (without backticks) and press return for help.")
+	fmt.Println("")
+}
+
+func inputValidationFailure(workload *string, encrypt *bool, inputKeys *string, secret *string, deleteSecret *bool) bool {
+
+	// You need to provide a workload name if you are not encrypting a secret,
+	// or if you are not providing input keys.
+	if *workload == "" &&
+		!*encrypt &&
+		*inputKeys == "" {
+		printWorkloadNameNeeded()
+		return true
+	}
+
+	// You need to provide a secret value if you are not deleting a secret,
+	// or if you are not providing input keys.
+	if *secret == "" &&
+		!*deleteSecret &&
+		*inputKeys == "" {
+		printSecretNeeded()
+		return true
+	}
+
+	return false
+}

app/sentinel/cmd/main.go

@@ -21,138 +21,6 @@ import (
 	"github.com/vmware-tanzu/secrets-manager/app/sentinel/internal/safe"
 )
 
-func parseList(parser *argparse.Parser) *bool {
-	return parser.Flag("l", "list", &argparse.Options{
-		Required: false, Help: "lists all registered workloads.",
-	})
-}
-
-func parseUseKubernetes(parser *argparse.Parser) *bool {
-	return parser.Flag("k", "use-k8s", &argparse.Options{
-		Required: false, Default: false,
-		Help: "update an associated Kubernetes secret upon save. " +
-			"Overrides VSECM_SAFE_USE_KUBERNETES_SECRETS.",
-	})
-}
-
-func parseDeleteSecret(parser *argparse.Parser) *bool {
-	return parser.Flag("d", "delete", &argparse.Options{
-		Required: false, Default: false,
-		Help: "delete the secret associated with the workload.",
-	})
-}
-
-func parseAppendSecret(parser *argparse.Parser) *bool {
-	return parser.Flag("a", "append", &argparse.Options{
-		Required: false, Default: false,
-		Help: "append the secret to the existing secret collection" +
-			" associated with the workload.",
-	})
-}
-
-func parseNamespace(parser *argparse.Parser) *string {
-	return parser.String("n", "namespace", &argparse.Options{
-		Required: false, Default: "default",
-		Help: "the namespace of the Kubernetes Secret to create.",
-	})
-}
-
-func parseInputKeys(parser *argparse.Parser) *string {
-	return parser.String("i", "input-keys", &argparse.Options{
-		Required: false,
-		Help:     "A string containing the private and public Age keys and AES seed, each separated by '\\n'.",
-	})
-}
-
-func parseBackingStore(parser *argparse.Parser) *string {
-	return parser.String("b", "store", &argparse.Options{
-		Required: false,
-		Help: "backing store type (file|memory) (default: file). " +
-			"Overrides VSECM_SAFE_BACKING_STORE.",
-	})
-}
-
-func parseWorkload(parser *argparse.Parser) *string {
-	return parser.String("w", "workload", &argparse.Options{
-		Required: false,
-		Help: "name of the workload (i.e. the '$name' segment of its " +
-			"ClusterSPIFFEID ('spiffe://trustDomain/workload/$name/…')).",
-	})
-}
-
-func parseSecret(parser *argparse.Parser) *string {
-	return parser.String("s", "secret", &argparse.Options{
-		Required: false,
-		Help:     "the secret to store for the workload.",
-	})
-}
-
-func parseTemplate(parser *argparse.Parser) *string {
-	return parser.String("t", "template", &argparse.Options{
-		Required: false,
-		Help:     "the template used to transform the secret stored.",
-	})
-}
-
-func parseFormat(parser *argparse.Parser) *string {
-	return parser.String("f", "format", &argparse.Options{
-		Required: false,
-		Help: "the format to display the secrets in." +
-			" Has effect only when `-t` is provided. " +
-			"Valid values: yaml, json, and none. Defaults to none.",
-	})
-}
-
-func parseEncrypt(parser *argparse.Parser) *bool {
-	return parser.Flag("e", "encrypt", &argparse.Options{
-		Required: false, Default: false,
-		Help: "returns an encrypted version of the secret if used with `-s`; " +
-			"decrypts the secret before registering it to the workload if used " +
-			"with `-s` and `-w`.",
-	})
-}
-
-func printUsage(parser *argparse.Parser) {
-	fmt.Print(parser.Usage("safe"))
-}
-
-func printWorkloadNameNeeded() {
-	fmt.Println("Please provide a workload name.")
-	fmt.Println("")
-	fmt.Println("type `safe -h` (without backticks) and press return for help.")
-	fmt.Println("")
-}
-
-func printSecretNeeded() {
-	fmt.Println("Please provide a secret.")
-	fmt.Println("")
-	fmt.Println("type `safe -h` (without backticks) and press return for help.")
-	fmt.Println("")
-}
-
-func inputValidationFailure(workload *string, encrypt *bool, inputKeys *string, secret *string, deleteSecret *bool) bool {
-
-	// You need to provide a workload name if you are not encrypting a secret,
-	// or if you are not providing input keys.
-	if *workload == "" &&
-		!*encrypt &&
-		*inputKeys == "" {
-		printWorkloadNameNeeded()
-		return true
-	}
-
-	// You need to provide a secret value if you are not deleting a secret,
-	// or if you are not providing input keys.
-	if *secret == "" &&
-		!*deleteSecret &&
-		*inputKeys == "" {
-		printSecretNeeded()
-		return true
-	}
-
-	return false
-}
-
 func main() {
 	parser := argparse.NewParser("safe", "Assigns secrets to workloads.")
 

app/sentinel/cmd/parse.go

@@ -0,0 +1,104 @@
+/*
+|    Protect your secrets, protect your sensitive data.
+:    Explore VMware Secrets Manager docs at https://vsecm.com/
+</
+<>/  keep your secrets… secret
+>/
+<>/' Copyright 2023–present VMware, Inc.
+>/'  SPDX-License-Identifier: BSD-2-Clause
+*/
+
+package main
+
+import "github.com/akamensky/argparse"
+
+func parseList(parser *argparse.Parser) *bool {
+	return parser.Flag("l", "list", &argparse.Options{
+		Required: false, Help: "lists all registered workloads.",
+	})
+}
+
+func parseUseKubernetes(parser *argparse.Parser) *bool {
+	return parser.Flag("k", "use-k8s", &argparse.Options{
+		Required: false, Default: false,
+		Help: "update an associated Kubernetes secret upon save. " +
+			"Overrides VSECM_SAFE_USE_KUBERNETES_SECRETS.",
+	})
+}
+
+func parseDeleteSecret(parser *argparse.Parser) *bool {
+	return parser.Flag("d", "delete", &argparse.Options{
+		Required: false, Default: false,
+		Help: "delete the secret associated with the workload.",
+	})
+}
+
+func parseAppendSecret(parser *argparse.Parser) *bool {
+	return parser.Flag("a", "append", &argparse.Options{
+		Required: false, Default: false,
+		Help: "append the secret to the existing secret collection" +
+			" associated with the workload.",
+	})
+}
+
+func parseNamespace(parser *argparse.Parser) *string {
+	return parser.String("n", "namespace", &argparse.Options{
+		Required: false, Default: "default",
+		Help: "the namespace of the Kubernetes Secret to create.",
+	})
+}
+
+func parseInputKeys(parser *argparse.Parser) *string {
+	return parser.String("i", "input-keys", &argparse.Options{
+		Required: false,
+		Help:     "A string containing the private and public Age keys and AES seed, each separated by '\\n'.",
+	})
+}
+
+func parseBackingStore(parser *argparse.Parser) *string {
+	return parser.String("b", "store", &argparse.Options{
+		Required: false,
+		Help: "backing store type (file|memory) (default: file). " +
+			"Overrides VSECM_SAFE_BACKING_STORE.",
+	})
+}
+
+func parseWorkload(parser *argparse.Parser) *string {
+	return parser.String("w", "workload", &argparse.Options{
+		Required: false,
+		Help: "name of the workload (i.e. the '$name' segment of its " +
+			"ClusterSPIFFEID ('spiffe://trustDomain/workload/$name/…')).",
+	})
+}
+
+func parseSecret(parser *argparse.Parser) *string {
+	return parser.String("s", "secret", &argparse.Options{
+		Required: false,
+		Help:     "the secret to store for the workload.",
+	})
+}
+
+func parseTemplate(parser *argparse.Parser) *string {
+	return parser.String("t", "template", &argparse.Options{
+		Required: false,
+		Help:     "the template used to transform the secret stored.",
+	})
+}
+
+func parseFormat(parser *argparse.Parser) *string {
+	return parser.String("f", "format", &argparse.Options{
+		Required: false,
+		Help: "the format to display the secrets in." +
+			" Has effect only when `-t` is provided. " +
+			"Valid values: yaml, json, and none. Defaults to none.",
+	})
+}
+
+func parseEncrypt(parser *argparse.Parser) *bool {
+	return parser.Flag("e", "encrypt", &argparse.Options{
+		Required: false, Default: false,
+		Help: "returns an encrypted version of the secret if used with `-s`; " +
+			"decrypts the secret before registering it to the workload if used " +
+			"with `-s` and `-w`.",
+	})
+}

dockerfiles/vsecm-ist-fips/sentinel.Dockerfile

@@ -18,7 +18,8 @@ COPY go.mod /build/go.mod
 WORKDIR /build
 
 # GOEXPERIMENT=boringcrypto is required for FIPS compliance.
-RUN CGO_ENABLED=0 GOEXPERIMENT=boringcrypto GOOS=linux go build -mod vendor -a -o safe ./app/sentinel/cmd/main.go
+RUN CGO_ENABLED=0 GOEXPERIMENT=boringcrypto GOOS=linux go build -mod vendor -a -o safe \
+    ./app/sentinel/cmd/main.go ./app/sentinel/cmd/help.go ./app/sentinel/cmd/parse.go
 RUN CGO_ENABLED=0 GOEXPERIMENT=boringcrypto GOOS=linux go build -mod vendor -a -o sloth ./app/sentinel/busywait/main.go
 
 # generate clean, final image for end users

dockerfiles/vsecm-ist/sentinel.Dockerfile

@@ -16,7 +16,8 @@ COPY core /build/core
 COPY vendor /build/vendor
 COPY go.mod /build/go.mod
 WORKDIR /build
-RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o safe ./app/sentinel/cmd/main.go
+RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o safe \
+    ./app/sentinel/cmd/main.go ./app/sentinel/cmd/help.go ./app/sentinel/cmd/parse.go
 RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o sloth ./app/sentinel/busywait/main.go
 
 # generate clean, final image for end users

dockerfiles/vsecm-photon-fips/sentinel.Dockerfile

@@ -18,7 +18,8 @@ COPY go.mod /build/go.mod
 WORKDIR /build
 
 # GOEXPERIMENT=boringcrypto is required for FIPS compliance.
-RUN CGO_ENABLED=0 GOEXPERIMENT=boringcrypto GOOS=linux go build -mod vendor -a -o safe ./app/sentinel/cmd/main.go
+RUN CGO_ENABLED=0 GOEXPERIMENT=boringcrypto GOOS=linux go build -mod vendor -a -o safe \
+    ./app/sentinel/cmd/main.go ./app/sentinel/cmd/help.go ./app/sentinel/cmd/parse.go
 RUN CGO_ENABLED=0 GOEXPERIMENT=boringcrypto GOOS=linux go build -mod vendor -a -o sloth ./app/sentinel/busywait/main.go
 
 # generate clean, final image for end users

dockerfiles/vsecm-photon/sentinel.Dockerfile

@@ -16,7 +16,8 @@ COPY core /build/core
 COPY vendor /build/vendor
 COPY go.mod /build/go.mod
 WORKDIR /build
-RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o safe ./app/sentinel/cmd/main.go
+RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o safe \
+    ./app/sentinel/cmd/main.go ./app/sentinel/cmd/help.go ./app/sentinel/cmd/parse.go
 RUN CGO_ENABLED=0 GOOS=linux go build -mod vendor -a -o sloth ./app/sentinel/busywait/main.go
 
 # generate clean, final image for end users

docs/_includes/notification.html

@@ -22,6 +22,6 @@
     <p>The next <strong><a href="/docs/contributor-sync/"
     style="text-decoration: underline; color: #0946EC"
     >VSecM Contributor Sync</a></strong> will be on…<br>
-    <strong>Thursday, 2023-10-26</strong>
+    <strong>Thursday, 2024-01-25</strong>
     at <strong>8:00am</strong> Pacific time.</p>
 </div>