Update Helm release vault-secrets-operator to v0.7.1 - autoclosed

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
vault-secrets-operator	helm_release	minor	0.4.2 -> 0.7.1

---

Release Notes

hashicorp/vault-secrets-operator (vault-secrets-operator)

v0.7.1

Compare Source

0.7.1 (May 30th, 2024)

Fix:

• Helm: fix invalid value name for telemetry.serviceMonitor.enabled (#​786): GH-790

v0.7.0

Compare Source

Important: this release contains CRD schema changes that must be applied manually when deploying VSO with Helm.
Please see updating-crds for more details.

Behavioral changes:

• Core: Controller logs are now JSON encoded by default.

Features:

• Core: support argo.Rollout as a rolloutRestartTarget for all secret type custom resources: GH-702
• Helm: add support for cluster role aggregates: GH-752
• Helm: adds values for setting VSO logging options: GH-778
• Helm: add support for configuring strategy on controller deployment : GH-709

Improvements:

• CachingClientFactory: lock by client cache key: GH-716
• Transformations: add support for the htpasswd Sprig function: GH-708
• VPS: skip overwriting tls.crt and tls.key whenever transformation templates are configured: GH-659
• Core: Use exponential backoff on secret source errors: GH-732

Fix:

• Core: call VDS callbacks on VaultAuth and VaultConnection changes: GH-739
• Core: skip LifetimeWatcher validation for non-renewable auth tokens: GH-722
• Core: disable development logger mode by default: GH-751
• VSS: that spec.hmacSecretData's value is honoured: GH-753
• VDS: Selectively log calls to SyncRegistry.Delete(): GH-718

Build:

• CI: test against vault-1.16.2: GH-715
• Bump GH actions for node 16 obsolescence: GH-738

Dependency Updates:

• Bump TF provider versions: GH-737
• Bump github.com/go-logr/logr from 1.4.1 to 1.4.2: GH-775
• Bump github.com/hashicorp/go-getter from 1.7.1 to 1.7.4: GH-711
• Bump github.com/hashicorp/vault/api from 1.12.2 to 1.13.0: GH-725
• Bump github.com/hashicorp/vault/sdk from 0.12.0 to 0.13.0: GH-773
• Bump github.com/onsi/gomega from 1.33.0 to 1.33.1: GH-727
• Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1: GH-741
• Bump golang.org/x/crypto from 0.22.0 to 0.23.0: GH-744
• Bump google.golang.org/api from 0.176.1 to 0.177.0: GH-724
• Bump google.golang.org/api from 0.180.0 to 0.181.0: GH-758
• Bump k8s.io/api from 0.30.0 to 0.30.1: GH-761
• Bump k8s.io/client-go from 0.30.0 to 0.30.1: GH-760
• Bump sigs.k8s.io/controller-runtime from 0.18.2 to 0.18.3: GH-772
• Bump ubi9/ubi-micro from 9.3-15 to 9.4-6: GH-719
• Bump ubi9/ubi-minimal from 9.4-949 to 9.4-949.1714662671: GH-728

v0.6.0

Compare Source

Fix:

• VDS: reconcile instances on lifetimeWatcher done events and other Vault client rotation events: GH-665

Improvements:

• Core: no longer restore all clients from storage: GH-684
• Helm: lower min k8s version to 1.21: GH-656

Build:

• Upgrade to go 1.22.2: GH-683
• CI: fix tests in GKE: GH-675
• OLM: remove the skips from the last release: GH-703

Dependency Updates:

• Bump github.com/cenkalti/backoff/v4 from 4.2.1 to 4.3.0: GH-673
• Bump github.com/gruntwork-io/terratest from 0.46.11 to 0.46.13: GH-669
• Bump github.com/hashicorp/go-hclog from 1.6.2 to 1.6.3: GH-679
• Bump github.com/hashicorp/vault/api from 1.12.1 to 1.12.2: GH-667
• Bump github.com/hashicorp/vault/sdk from 0.11.1 to 0.12.0: GH-687
• Bump github.com/onsi/gomega from 1.32.0 to 1.33.0: GH-696
• Bump github.com/prometheus/client_model from 0.6.0 to 0.6.1: GH-678
• Bump google.golang.org/api from 0.171.0 to 0.172.0: GH-672
• Bump k8s.io/client-go from 0.29.2 to 0.29.3: GH-660
• Bump sigs.k8s.io/controller-runtime from 0.17.2 to 0.17.3: GH-688

v0.5.2

Compare Source

Improvements:

• VDS: support configuring an explicit sync delay for non-renewable leases without an explicit TTL: GH-641
• OLM: add newly required ClusterServiceVersion annotations: GH-628
• Helm: mention global transformation option env variable: GH-626

Fix:

• API: make some required bool parameters optional: GH-650
• VDS: make rotationSchedule status field optional: GH-621
• VPS: return an error when the PKI secret is nil: GH-636
• Core: ensure VaultConnection headers are set on the vault client: GH-629

Build:

• Use Go 1.21.8: GH-651

Dependency Updates:

• Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3: GH-646
• Bump github.com/go-openapi/runtime from 0.27.1 to 0.28.0: GH-648
• Bump github.com/go-openapi/strfmt from 0.22.1 to 0.23.0: GH-649
• Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0: GH-634
• Bump github.com/stretchr/testify from 1.8.4 to 1.9.0: GH-633
• Bump google.golang.org/api from 0.167.0 to 0.169.0: GH-647
• Bump google.golang.org/protobuf from 1.32.0 to 1.33.0: GH-642
• Bump sigs.k8s.io/controller-runtime from 0.17.1 to 0.17.2: GH-625
• Bump ubi9/ubi-micro from 9.3-13 to 9.3-15: GH-640
• Bump ubi9/ubi-minimal from 9.3-1552 to 9.3-1612: GH-639

v0.5.1

Compare Source

Fix:

• Sync: mitigate potential schema validation failures by only adding finalizers after a status update: GH-609

Dependency Updates:

• Bump github.com/prometheus/client_model from 0.5.0 to 0.6.0: GH-613
• Bump google.golang.org/api from 0.163.0 to 0.165.0: GH-614
• Bump k8s.io/api from 0.29.1 to 0.29.2: GH-612
• Bump k8s.io/apimachinery from 0.29.1 to 0.29.2: GH-615
• Bump k8s.io/client-go from 0.29.1 to 0.29.2: GH-611

v0.5.0

Compare Source

KNOWN ISSUES:

• Upgrades via OperatorHub may fail due to some new required fields in VaultConnection and the Secret types as described in GH-631

Features:

• Sync: add support for secret data transformation: GH-437

Improvements:

• Core: set CLI options from VSO_ environment variables: GH-551
• Sync: Reconcile on secret deletion: GH-587
• Sync: support excluding _raw from the destination: GH-546
• Sync: take ownership of an existing destination secret: GH-545
• Sync: add support for userIDs in VaultPKISecret: GH-552
• OLM: set OLM bundle to "Seamless Upgrades": GH-581
• Helm: add annotations to the cleanup job: GH-284
• Helm: support setting imagePullPolicy: GH-601
• Helm: support setting VaultAuth allowedNamespaces: GH-602

Fix:

• Sync: sync HCPVaultSecretsApp on lastGeneration change: GH-591
• Sync: properly handle secret type changes: GH-605

Build:

• Install the operator-sdk CLI and check sdk-generate in CI: GH-590
• Bump some GH action versions: GH-583

Dependency Updates:

• Bump github.com/go-openapi/runtime from 0.26.2 to 0.27.1: GH-572
• Bump github.com/google/uuid from 1.5.0 to 1.6.0: GH-570
• Bump github.com/gruntwork-io/terratest from 0.46.8 to 0.46.11: GH-550
• Bump github.com/hashicorp/go-secure-stdlib/awsutil from 0.2.3-0.20230606170242-1a4b95565d57 to 0.3.0: GH-579
• Bump github.com/hashicorp/vault/api from 1.11.0 to 1.12.0: GH-595
• Bump github.com/hashicorp/vault/sdk from 0.10.2 to 0.11.0: GH-596
• Bump github.com/onsi/gomega from 1.30.0 to 1.31.1: GH-558
• Bump google.golang.org/api from 0.161.0 to 0.163.0: GH-594
• Bump k8s.io/api from 0.29.0 to 0.29.1: GH-556
• Bump k8s.io/client-go from 0.29.0 to 0.29.1: GH-554
• Bump sigs.k8s.io/controller-runtime from 0.17.0 to 0.17.1: GH-597
• Bump ubi9/ubi-micro from 9.3-9 to 9.3-13: GH-566
• Bump ubi9/ubi-minimal from 9.3-1475 to 9.3-1552: GH-565

v0.4.3

Compare Source

Fix:

• Helm: rename and truncate the pre-delete cleanup job to 63 characters: GH-506
• VDS: remediate deleted destination secret: GH-532
• Update paused deployment error message: GH-528
• VC: provide default value for spec.skipTLSVerify: GH-527
• CCS: ensure invalid storage objects are deleted: GH-525
• VDS: Log and record Vault request failures: GH-508
• VPS: Sync on any update: GH-479

Dependency Updates:

• update go version to fix CVE-2023-45284,CVE-2023-39326,CVE-2023-48795: GH-541
• Bump google.golang.org/api from 0.154.0 to 0.155.0: GH-542
• Bump github.com/prometheus/client_golang from 1.17.0 to 1.18.0: GH-540
• Bump github.com/go-openapi/strfmt from 0.21.9 to 0.22.0: GH-539
• Bump github.com/go-logr/logr from 1.3.0 to 1.4.1: GH-536
• Bump golang.org/x/crypto from 0.16.0 to 0.17.0: GH-524
• Bump k8s.io/client-go from 0.28.4 to 0.29.0: GH-523
• Bump google.golang.org/api from 0.153.0 to 0.154.0: GH-522
• Bump github.com/hashicorp/go-hclog from 1.6.1 to 1.6.2: GH-521
• Bump github.com/google/uuid from 1.4.0 to 1.5.0: GH-520
• Bump ubi9/ubi-minimal from 9.3-1361.1699548032 to 9.3-1475: GH-516
• Bump ubi9/ubi-micro from 9.3-6 to 9.3-9: GH-515
• Bump github.com/go-openapi/strfmt from 0.21.8 to 0.21.9: GH-514
• Bump github.com/hashicorp/go-hclog from 1.5.0 to 1.6.1: GH-513
• Bump github.com/go-openapi/runtime from 0.26.0 to 0.26.2: GH-512
• Bump github.com/gruntwork-io/terratest from 0.46.6 to 0.46.8: GH-497
• Bump google.golang.org/api from 0.152.0 to 0.153.0: GH-496

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.