fix: PR changes

docker-compose.dev.yml

@@ -6,7 +6,7 @@ services:
     image: nginx
     restart: "always"
     ports:
-      - 8085:80
+      - 8080:80
       - 8443:443
     volumes:
       - ./nginx/default.dev.conf:/etc/nginx/conf.d/default.conf:ro
@@ -35,16 +35,16 @@ services:
     volumes:
       - redis_data:/data
 
-  # redis-commander:
-  #   container_name: infisical-dev-redis-commander
-  #   image: rediscommander/redis-commander
-  #   restart: always
-  #   depends_on:
-  #     - redis
-  #   environment:
-  #     - REDIS_HOSTS=local:redis:6379
-  #   ports:
-  #     - "8085:8081"
+  redis-commander:
+    container_name: infisical-dev-redis-commander
+    image: rediscommander/redis-commander
+    restart: always
+    depends_on:
+      - redis
+    environment:
+      - REDIS_HOSTS=local:redis:6379
+    ports:
+      - "8085:8081"
 
   db-test:
     profiles: ["test"]
@@ -129,18 +129,18 @@ services:
       - ./frontend/public:/app/public
     env_file: .env
 
-  # pgadmin:
-  #   image: dpage/pgadmin4
-  #   restart: always
-  #   volumes:
-  #     - ./servers.json:/pgadmin4/servers.json
-  #   environment:
-  #     PGADMIN_DEFAULT_EMAIL: admin@example.com
-  #     PGADMIN_DEFAULT_PASSWORD: pass
-  #   ports:
-  #     - 5050:80
-  #   depends_on:
-  #     - db
+  pgadmin:
+    image: dpage/pgadmin4
+    restart: always
+    volumes:
+      - ./servers.json:/pgadmin4/servers.json
+    environment:
+      PGADMIN_DEFAULT_EMAIL: admin@example.com
+      PGADMIN_DEFAULT_PASSWORD: pass
+    ports:
+      - 5050:80
+    depends_on:
+      - db
 
   smtp-server:
     container_name: infisical-dev-smtp-server
@@ -197,4 +197,4 @@ volumes:
     driver: local
   ldap_data:
   ldap_config:
-  grafana_storage:
+  grafana_storage:

k8-operator/api/v1alpha1/infisicalsecret_types.go

@@ -161,7 +161,7 @@ type InfisicalSecretSpec struct {
 	// +kubebuilder:validation:Optional
 	TLS TLSConfig `json:"tls"`
 
-	// +kubebuilder:default:=true
+	// +kubebuilder:default:=false
 	InstantUpdates bool `json:"instantUpdates"`
 }
 

k8-operator/config/samples/crd/infisicalsecret/infisicalSecretCrd.yaml

@@ -7,39 +7,100 @@ metadata:
   annotations:
     example.com/annotation-to-be-passed-to-managed-secret: "sample-value"
 spec:
-  hostAPI: http://localhost:8085/api
+  hostAPI: http://localhost:8080/api
   resyncInterval: 10
-  instantUpdates: true
+  instantUpdates: false
   # tls:
   #   caRef:
   #     secretName: custom-ca-certificate
   #     secretNamespace: default
   #     key: ca.crt
   authentication:
-    # Make sure to only have 1 authentication method defined, serviceToken/universalAuth.
-    # If you have multiple authentication methods defined, it may cause issues.
-
-    # (Deprecated) Service Token Auth
-    # serviceToken:
-    #   serviceTokenSecretReference:
-    #     secretName: service-token
-    #     secretNamespace: default
-    #   secretsScope:
-    #     envSlug: <env-slug>
-    #     secretsPath: <secrets-path>
-    #     recursive: true
-
     # Universal Auth
     universalAuth:
       secretsScope:
-        projectSlug: test-j7-kx
+        projectSlug: hello-9zkr
         envSlug: dev # "dev", "staging", "prod", etc..
         secretsPath: "/" # Root is "/"
-        recursive: true # Whether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false
+        recursive: true # Wether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false
       credentialsRef:
         secretName: universal-auth-credentials
         secretNamespace: default
 
+    # Native Kubernetes Auth
+    kubernetesAuth:
+      serviceAccountRef:
+        name: <secret-name>
+        namespace: <secret-namespace>
+      identityId: <machine-identity-id>
+      serviceAccountTokenPath: "/path/to/your/service-account/token" # Optional, defaults to /var/run/secrets/kubernetes.io/serviceaccount/token
+
+      # secretsScope is identical to the secrets scope in the universalAuth field in this sample.
+      secretsScope:
+        projectSlug: your-project-slug
+        envSlug: prod
+        secretsPath: "/path"
+        recursive: true
+
+    # AWS IAM Auth
+    awsIamAuth:
+      identityId: <your-machine-identity-id>
+
+      # secretsScope is identical to the secrets scope in the universalAuth field in this sample.
+      secretsScope:
+        projectSlug: your-project-slug
+        envSlug: prod
+        secretsPath: "/path"
+        recursive: true
+
+    ldapAuth:
+      identityId: <machine-identity-id>
+      credentialsRef:
+        secretName: <secret-name> # ldap-auth-credentials
+        secretNamespace: <secret-namespace> # default
+
+      # secretsScope is identical to the secrets scope in the universalAuth field in this sample.
+      secretsScope:
+        projectSlug: your-project-slug
+        envSlug: prod
+        secretsPath: "/path"
+        recursive: true
+
+    # Azure Auth
+    azureAuth:
+      identityId: <your-machine-identity-id>
+      resource: https://management.azure.com/&client_id=your_client_id # This field is optional, and will default to "https://management.azure.com/" if nothing is provided.
+
+      # secretsScope is identical to the secrets scope in the universalAuth field in this sample.
+      secretsScope:
+        projectSlug: your-project-slug
+        envSlug: prod
+        secretsPath: "/path"
+        recursive: true
+
+    # GCP ID Token Auth
+    gcpIdTokenAuth:
+      identityId: <your-machine-identity-id>
+
+      # secretsScope is identical to the secrets scope in the universalAuth field in this sample.
+      secretsScope:
+        projectSlug: your-project-slug
+        envSlug: prod
+        secretsPath: "/path"
+        recursive: true
+
+    # GCP IAM Auth
+    gcpIamAuth:
+      identityId: <your-machine-identity-id>
+      serviceAccountKeyFilePath: "/path/to-service-account-key-file-path.json"
+
+      # secretsScope is identical to the secrets scope in the universalAuth field in this sample.
+      secretsScope:
+        projectSlug: your-project-slug
+        envSlug: prod
+        secretsPath: "/path"
+        recursive: true
+
   managedKubeSecretReferences:
     - secretName: managed-secret
       secretNamespace: default

k8-operator/config/samples/k8s-auth/sample.yaml

@@ -1,28 +1,32 @@
 apiVersion: secrets.infisical.com/v1alpha1
 kind: InfisicalSecret
 metadata:
-  name: infisicalsecret-sample
-  labels:
-    label-to-be-passed-to-managed-secret: sample-value
-  annotations:
-    example.com/annotation-to-be-passed-to-managed-secret: "sample-value"
+    name: infisicalsecret-sample
+    labels:
+        label-to-be-passed-to-managed-secret: sample-value
+    annotations:
+        example.com/annotation-to-be-passed-to-managed-secret: "sample-value"
 spec:
-  hostAPI: http://localhost:8085/api
-  resyncInterval: 10
-  authentication:
-    # Universal Auth
-    universalAuth:
-      secretsScope:
-        projectSlug: test-j7-kx
-        envSlug: dev # "dev", "staging", "prod", etc..
-        secretsPath: "/" # Root is "/"
-        recursive: true # Wether or not to use recursive mode (Fetches all secrets in an environment from a given secret path, and all folders inside the path) / defaults to false
-      credentialsRef:
-        secretName: universal-auth-credentials
-        secretNamespace: default
+    hostAPI: https://app.infisical.com/api
+    resyncInterval: 10
+    authentication:
+        # Native Kubernetes Auth
+        kubernetesAuth:
+            identityId: <>
+            serviceAccountRef:
+              name: infisical-auth
+              namespace: default
 
-  managedSecretReference:
-    secretName: managed-secret-k8s
-    secretNamespace: default
-    creationPolicy: "Orphan" ## Owner | Orphan
-    # secretType: kubernetes.io/dockerconfigjson
+            # secretsScope is identical to the secrets scope in the universalAuth field in this sample.
+            secretsScope:
+                projectSlug: dsf-gpb-t
+                envSlug: dev
+                secretsPath: "/"
+                recursive: true
+
+
+    managedSecretReference:
+        secretName: managed-secret-k8s
+        secretNamespace: default
+        creationPolicy: "Orphan" ## Owner | Orphan
+        # secretType: kubernetes.io/dockerconfigjson

k8-operator/config/samples/universalAuthIdentitySecret.yaml

@@ -4,5 +4,5 @@ metadata:
   name: universal-auth-credentials
 type: Opaque
 stringData:
-    clientId: your-client-id-here
-    clientSecret: your-client-secret-here
+  clientId: your-client-id-here
+  clientSecret: your-client-secret-here

k8-operator/internal/api/models.go

@@ -207,19 +207,19 @@ type GetProjectByIDResponse struct {
 	Project model.Project `json:"workspace"`
 }
 
-type SubProjectEventsRequestRegister struct {
-	Event      string                            `json:"event"`
-	Conditions *SubProjectEventsRequestCondition `json:"conditions"`
+type SubscribeProjectEventsRequestRegister struct {
+	Event      string                                  `json:"event"`
+	Conditions *SubscribeProjectEventsRequestCondition `json:"conditions"`
 }
 
-type SubProjectEventsRequestCondition struct {
+type SubscribeProjectEventsRequestCondition struct {
 	EnvironmentSlug string `json:"environmentSlug"`
 	SecretPath      string `json:"secretPath"`
 }
 
-type SubProjectEventsRequest struct {
-	ProjectID string                            `json:"projectId"`
-	Register  []SubProjectEventsRequestRegister `json:"register"`
+type SubscribeProjectEventsRequest struct {
+	ProjectID string                                  `json:"projectId"`
+	Register  []SubscribeProjectEventsRequestRegister `json:"register"`
 }
 
-type SubProjectEventsResponse struct{}
+type SubscribeProjectEventsResponse struct{}

k8-operator/internal/controller/infisicalsecret_controller.go

@@ -79,8 +79,6 @@ func (r *InfisicalSecretReconciler) GetLogger(req ctrl.Request) logr.Logger {
 func (r *InfisicalSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error) {
 	logger := r.GetLogger(req)
 
-	logger.Info("Reconcile called")
-
 	var infisicalSecretCRD secretsv1alpha1.InfisicalSecret
 	requeueTime := time.Minute // seconds
 

k8-operator/internal/services/infisicalsecret/reconciler.go

@@ -567,7 +567,7 @@ func (r *InfisicalSecretReconciler) OpenInstantUpdatesStream(ctx context.Context
 	envSlug := variables.AuthDetails.MachineIdentityScope.EnvSlug
 
 	infiscalClient := variables.InfisicalClient
-	conn := variables.ServerSentEvents
+	sseRegistry := variables.ServerSentEvents
 
 	token := infiscalClient.Auth().GetAccessToken()
 
@@ -581,14 +581,14 @@ func (r *InfisicalSecretReconciler) OpenInstantUpdatesStream(ctx context.Context
 		secretsPath = fmt.Sprint(secretsPath, "**")
 	}
 
-	conditions := &api.SubProjectEventsRequestCondition{
+	conditions := &api.SubscribeProjectEventsRequestCondition{
 		SecretPath:      secretsPath,
 		EnvironmentSlug: envSlug,
 	}
 
-	body, err := json.Marshal(api.SubProjectEventsRequest{
+	body, err := json.Marshal(api.SubscribeProjectEventsRequest{
 		ProjectID: project.ID,
-		Register: []api.SubProjectEventsRequestRegister{
+		Register: []api.SubscribeProjectEventsRequestRegister{
 			{
 				Event:      "secret:create",
 				Conditions: conditions,
@@ -612,7 +612,7 @@ func (r *InfisicalSecretReconciler) OpenInstantUpdatesStream(ctx context.Context
 		return fmt.Errorf("CallSubscribeProjectEvents: unable to marshal body [err=%s]", err)
 	}
 
-	events, errors, err := conn.Subscribe(func() (*http.Request, error) {
+	events, errors, err := sseRegistry.Subscribe(func() (*http.Request, error) {
 		headers := map[string]string{
 			"User-Agent":    api.USER_AGENT_NAME,
 			"Authorization": fmt.Sprint("Bearer ", token),