diff --git a/LICENSES b/LICENSES index 137f4974..d27cf6dd 100644 --- a/LICENSES +++ b/LICENSES @@ -61,6 +61,7 @@ github.com/go418/concurrentcache,Apache-2.0 github.com/go418/concurrentcache/logger,Apache-2.0 github.com/gogo/protobuf,BSD-3-Clause github.com/golang-jwt/jwt/v4,MIT +github.com/golang-jwt/jwt/v5,MIT github.com/google/btree,Apache-2.0 github.com/google/cel-go,Apache-2.0 github.com/google/cel-go,BSD-3-Clause diff --git a/README.md b/README.md index f877ffd8..83ebe80a 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Venafi Kubernetes Agent +# Discovery Agent [![tests](https://github.com/jetstack/jetstack-secure/actions/workflows/tests.yaml/badge.svg?branch=master&event=push)](https://github.com/jetstack/jetstack-secure/actions/workflows/tests.yaml) [![Go Reference](https://pkg.go.dev/badge/github.com/jetstack/jetstack-secure.svg)](https://pkg.go.dev/github.com/jetstack/jetstack-secure) @@ -30,6 +30,7 @@ go run . agent \ ``` > Some examples of agent configuration files: +> > - [./agent.yaml](./agent.yaml). > - [./examples/one-shot-secret.yaml](./examples/one-shot-secret.yaml). > - [./examples/cert-manager-agent.yaml](./examples/cert-manager-agent.yaml). @@ -61,5 +62,5 @@ The following metrics are collected: An end to end test script is available in the [./hack/e2e/test.sh](./hack/e2e/test.sh) directory. It is configured to run in CI in the tests.yaml GitHub Actions workflow. To run the script you will need to add the `test-e2e` label to the PR. -The script creates a cluster in GKE and cleanups after itself unless the `keep-e2e-cluster` label is set on the PR. Adding that -label will leave the cluster running for further debugging but it will incur costs so manually delete the cluster when done. \ No newline at end of file +The script creates a cluster in GKE and cleanups after itself unless the `keep-e2e-cluster` label is set on the PR. Adding that +label will leave the cluster running for further debugging but it will incur costs so manually delete the cluster when done. diff --git a/RELEASE.md b/RELEASE.md index 529f7e65..6cce6548 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -10,6 +10,7 @@ The release process is semi-automated. > [!NOTE] > > Upon pushing the tag, a GitHub Action will do the following: +> > - Build and publish the container image: `quay.io/jetstack/venafi-agent`, > - Build and publish the Helm chart: `oci://quay.io/jetstack/charts/venafi-kubernetes-agent`, > - Build and publish the container image: `quay.io/jetstack/disco-agent`, @@ -20,28 +21,30 @@ The release process is semi-automated. You will need to install `go-mod-upgrade`: - ```bash - go install github.com/oligot/go-mod-upgrade@latest - ``` + ```bash + go install github.com/oligot/go-mod-upgrade@latest + ``` - Then, run the following: + Then, run the following: - ```bash - go-mod-upgrade - make generate - ``` + ```bash + go-mod-upgrade + make generate + ``` - Finally, create a PR with the changes and merge it. + Finally, create a PR with the changes and merge it. 2. Open the [tests GitHub Actions workflow][tests-workflow] and verify that it succeeds on the master branch. 3. Run govulncheck: + ```bash make verify-govulncheck ``` 4. Create a tag for the new release: + ```sh export VERSION=v1.1.0 git tag --annotate --message="Release ${VERSION}" "${VERSION}" @@ -51,6 +54,7 @@ The release process is semi-automated. 5. Wait until the GitHub Actions finishes. 6. Navigate to the GitHub Releases page and select the draft release to edit. + 1. Click on “Generate release notes” to automatically compile the changelog. 2. Review and refine the generated notes to ensure they’re clear and useful for end users. @@ -59,7 +63,7 @@ The release process is semi-automated. 7. Publish the release. -8. Inform the `#venctl` channel that a new version of Venafi Kubernetes Agent has been +8. Inform the `#venctl` channel that a new version of Discovery Agent has been released. Make sure to share any breaking change that may affect `venctl connect` or `venctl generate`. @@ -73,7 +77,7 @@ The release process is semi-automated. For context, the new tag will create the following images: | Image | Automation | -|-----------------------------------------------------------|----------------------------------------------------------------------------------------------| +| --------------------------------------------------------- | -------------------------------------------------------------------------------------------- | | `quay.io/jetstack/venafi-agent` | Automatically built by the [release action](.github/workflows/release.yml) on Git tag pushes | | `quay.io/jetstack/disco-agent` | Automatically built by the [release action](.github/workflows/release.yml) on Git tag pushes | | `registry.venafi.cloud/venafi-agent/venafi-agent` | Automatically mirrored by Harbor Replication rule | @@ -83,7 +87,7 @@ For context, the new tag will create the following images: and the following OCI Helm charts: | Helm Chart | Automation | -|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------| +| -------------------------------------------------------------------- | -------------------------------------------------------------------------------------------- | | `oci://quay.io/jetstack/charts/venafi-kubernetes-agent` | Automatically built by the [release action](.github/workflows/release.yml) on Git tag pushes | | `oci://quay.io/jetstack/charts/disco-agent` | Automatically built by the [release action](.github/workflows/release.yml) on Git tag pushes | | `oci://registry.venafi.cloud/charts/venafi-kubernetes-agent` | Automatically mirrored by Harbor Replication rule | diff --git a/deploy/charts/venafi-kubernetes-agent/Chart.yaml b/deploy/charts/venafi-kubernetes-agent/Chart.yaml index 59294b58..45efd93a 100644 --- a/deploy/charts/venafi-kubernetes-agent/Chart.yaml +++ b/deploy/charts/venafi-kubernetes-agent/Chart.yaml @@ -3,7 +3,7 @@ name: venafi-kubernetes-agent type: application description: |- - The Venafi Kubernetes Agent connects your Kubernetes or Openshift cluster to the Venafi Control Plane. + The Discovery Agent connects your Kubernetes or OpenShift cluster to the CyberArk Certificate Manager. maintainers: - name: Venafi diff --git a/deploy/charts/venafi-kubernetes-agent/README.md b/deploy/charts/venafi-kubernetes-agent/README.md index 457bbb05..25259e3f 100644 --- a/deploy/charts/venafi-kubernetes-agent/README.md +++ b/deploy/charts/venafi-kubernetes-agent/README.md @@ -1,11 +1,12 @@ # venafi-kubernetes-agent -The Venafi Kubernetes Agent connects your Kubernetes or OpenShift cluster to the Venafi Control Plane. -You will require a Venafi Control Plane account to connect your cluster. +The Discovery Agent connects your Kubernetes or OpenShift cluster to the CyberArk Certificate Manager (formerly Venafi Control Plane). +You will require a CyberArk Certificate Manager account to connect your cluster. If you do not have one, you can sign up for a free trial now at: + - https://venafi.com/try-venafi/tls-protect/ -> 📖 Read the [Venafi Kubernetes Agent documentation](https://docs.venafi.cloud/vaas/k8s-components/c-tlspk-agent-overview/), +> 📖 Read the [Discovery Agent documentation](https://docs.venafi.cloud/vaas/k8s-components/c-tlspk-agent-overview/), > to learn how install and configure this Helm chart. ## Values @@ -104,7 +105,7 @@ default replicas, do not scale up > registry.venafi.cloud/venafi-agent/venafi-agent > ``` -The container image for the Venafi Enhanced Issuer manager. +The container image for the Discovery Agent. #### **image.pullPolicy** ~ `string` > Default value: > ```yaml @@ -282,7 +283,7 @@ extraArgs: > [] > ``` -Additional volumes to add to the Venafi Kubernetes Agent container. This is useful for mounting a custom CA bundle. For example: +Additional volumes to add to the Discovery Agent container. This is useful for mounting a custom CA bundle. For example: ```yaml volumes: @@ -303,7 +304,7 @@ In order to create the ConfigMap, you can use the following command: > [] > ``` -Additional volume mounts to add to the Venafi Kubernetes Agent container. This is useful for mounting a custom CA bundle. Any PEM certificate mounted under /etc/ssl/certs will be loaded by the Venafi Kubernetes Agent. For +Additional volume mounts to add to the Discovery Agent container. This is useful for mounting a custom CA bundle. Any PEM certificate mounted under /etc/ssl/certs will be loaded by the Discovery Agent. For ```yaml example: @@ -342,8 +343,8 @@ Configure VenafiConnection authentication > false > ``` -When set to true, the Venafi Kubernetes Agent will authenticate to. Venafi using the configuration in a VenafiConnection resource. Use `venafiConnection.enabled=true` for [secretless authentication](https://docs.venafi.cloud/vaas/k8s-components/t-install-tlspk-agent/). When set to true, the `authentication.secret` values will be ignored and the. Secret with `authentication.secretName` will _not_ be mounted into the -Venafi Kubernetes Agent Pod. +When set to true, the Discovery Agent will authenticate to. Venafi using the configuration in a VenafiConnection resource. Use `venafiConnection.enabled=true` for [secretless authentication](https://docs.venafi.cloud/vaas/k8s-components/t-install-tlspk-agent/). When set to true, the `authentication.secret` values will be ignored and the. Secret with `authentication.secretName` will _not_ be mounted into the +Discovery Agent Pod. #### **authentication.venafiConnection.name** ~ `string` > Default value: > ```yaml @@ -364,7 +365,7 @@ The namespace of a VenafiConnection resource which contains the configuration fo > https://api.venafi.cloud/ > ``` -API URL of the Venafi Control Plane API. For EU tenants, set this value to https://api.venafi.eu/. If you are using the VenafiConnection authentication method, you must set the API URL using the field `spec.vcp.url` on the +API URL of the CyberArk Certificate Manager API. For EU tenants, set this value to https://api.venafi.eu/. If you are using the VenafiConnection authentication method, you must set the API URL using the field `spec.vcp.url` on the VenafiConnection resource instead. #### **config.clientId** ~ `string` > Default value: @@ -373,7 +374,7 @@ VenafiConnection resource instead. > ``` The client-id to be used for authenticating with the Venafi Control. Plane. Only useful when using a Key Pair Service Account in the Venafi. Control Plane. You can obtain the cliend ID by creating a Key Pair Service -Account in the Venafi Control Plane. +Account in the CyberArk Certificate Manager. #### **config.period** ~ `string` > Default value: > ```yaml @@ -438,7 +439,7 @@ Control Plane. > [] > ``` -You can configure Venafi Kubernetes Agent to exclude some annotations or labels from being pushed to the Venafi Control Plane. All Kubernetes objects are affected. The objects are still pushed, but the specified annotations and labels are removed before being sent to the Venafi Control Plane. +You can configure Discovery Agent to exclude some annotations or labels from being pushed to the CyberArk Certificate Manager. All Kubernetes objects are affected. The objects are still pushed, but the specified annotations and labels are removed before being sent to the CyberArk Certificate Manager. Dots is the only character that needs to be escaped in the regex. Use either double quotes with escaped single quotes or unquoted strings for the regex to avoid YAML parsing issues with `\.`. @@ -501,4 +502,4 @@ This option makes it so that the "helm.sh/resource-policy": keep annotation is a When set to false, the rendered output does not contain the. VenafiConnection CRDs and RBAC. This is useful for when the. Venafi Connection resources are already installed separately. - \ No newline at end of file + diff --git a/deploy/charts/venafi-kubernetes-agent/crd_bases/jetstack.io_venaficonnections.yaml b/deploy/charts/venafi-kubernetes-agent/crd_bases/jetstack.io_venaficonnections.yaml index 2321284a..962e44fb 100644 --- a/deploy/charts/venafi-kubernetes-agent/crd_bases/jetstack.io_venaficonnections.yaml +++ b/deploy/charts/venafi-kubernetes-agent/crd_bases/jetstack.io_venaficonnections.yaml @@ -4,7 +4,7 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: - controller-gen.kubebuilder.io/version: v0.18.0 + controller-gen.kubebuilder.io/version: v0.19.0 name: venaficonnections.jetstack.io spec: group: jetstack.io @@ -261,7 +261,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -273,13 +273,13 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: description: TenantID is the tenant ID used to authenticate - with VCP. + with Certificate Manager, SaaS. type: string type: object type: object @@ -293,7 +293,8 @@ spec: type: array x-kubernetes-list-type: atomic url: - description: The URL to connect to the Venafi Firefly instance. + description: The URL to connect to the Workload Identity Manager + instance. type: string required: - url @@ -463,7 +464,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -475,13 +476,13 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: description: TenantID is the tenant ID used to authenticate - with VCP. + with Certificate Manager, SaaS. type: string type: object type: object @@ -496,7 +497,7 @@ spec: x-kubernetes-list-type: atomic url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by venafi-connection-lib. @@ -511,7 +512,7 @@ spec: accessToken: description: |- The list of steps to retrieve the Access Token that will be used to connect - to VCP. + to Certificate Manager, SaaS. items: properties: hashicorpVaultLDAP: @@ -673,7 +674,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -685,13 +686,13 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: description: TenantID is the tenant ID used to authenticate - with VCP. + with Certificate Manager, SaaS. type: string type: object type: object @@ -707,7 +708,7 @@ spec: apiKey: description: |- The list of steps to retrieve the API key that will be used to connect to - VCP. + Certificate Manager, SaaS. items: properties: hashicorpVaultLDAP: @@ -869,7 +870,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -881,13 +882,13 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: description: TenantID is the tenant ID used to authenticate - with VCP. + with Certificate Manager, SaaS. type: string type: object type: object @@ -902,7 +903,7 @@ spec: x-kubernetes-list-type: atomic url: description: |- - The URL to connect to the Venafi VCP instance. If not set, the default + The URL to connect to the Certificate Manager, SaaS instance. If not set, the default value https://api.venafi.cloud is used. type: string type: object @@ -916,7 +917,7 @@ spec: accessToken: description: |- The list of steps to retrieve the Access Token that will be used to connect - to VCP. + to Certificate Manager, SaaS. items: properties: hashicorpVaultLDAP: @@ -1078,7 +1079,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -1090,13 +1091,13 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: description: TenantID is the tenant ID used to authenticate - with VCP. + with Certificate Manager, SaaS. type: string type: object type: object @@ -1112,7 +1113,7 @@ spec: apiKey: description: |- The list of steps to retrieve the API key that will be used to connect to - VCP. + Certificate Manager, SaaS. items: properties: hashicorpVaultLDAP: @@ -1274,7 +1275,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -1286,13 +1287,13 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: description: TenantID is the tenant ID used to authenticate - with VCP. + with Certificate Manager, SaaS. type: string type: object type: object @@ -1307,7 +1308,7 @@ spec: x-kubernetes-list-type: atomic url: description: |- - The URL to connect to the Venafi VCP instance. If not set, the default + The URL to connect to the Certificate Manager, SaaS instance. If not set, the default value https://api.venafi.cloud is used. type: string type: object @@ -1367,8 +1368,8 @@ spec: type: string tokenValidUntil: description: |- - The ValidUntil time of the token used to authenticate with the Venafi - Control Plane server. + The ValidUntil time of the token used to authenticate with the + Certificate Manager, SaaS. format: date-time type: string type: diff --git a/deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.without-validations.yaml b/deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.without-validations.yaml index 7750112e..b04312ef 100644 --- a/deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.without-validations.yaml +++ b/deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.without-validations.yaml @@ -261,7 +261,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -273,12 +273,12 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: - description: TenantID is the tenant ID used to authenticate with VCP. + description: TenantID is the tenant ID used to authenticate with Certificate Manager, SaaS. type: string type: object type: object @@ -286,7 +286,7 @@ spec: type: array x-kubernetes-list-type: atomic url: - description: The URL to connect to the Venafi Firefly instance. + description: The URL to connect to the Workload Identity Manager instance. type: string required: - url @@ -451,7 +451,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -463,12 +463,12 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: - description: TenantID is the tenant ID used to authenticate with VCP. + description: TenantID is the tenant ID used to authenticate with Certificate Manager, SaaS. type: string type: object type: object @@ -477,7 +477,7 @@ spec: x-kubernetes-list-type: atomic url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by venafi-connection-lib. @@ -491,7 +491,7 @@ spec: accessToken: description: |- The list of steps to retrieve the Access Token that will be used to connect - to VCP. + to Certificate Manager, SaaS. items: properties: hashicorpVaultLDAP: @@ -648,7 +648,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -660,12 +660,12 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: - description: TenantID is the tenant ID used to authenticate with VCP. + description: TenantID is the tenant ID used to authenticate with Certificate Manager, SaaS. type: string type: object type: object @@ -675,7 +675,7 @@ spec: apiKey: description: |- The list of steps to retrieve the API key that will be used to connect to - VCP. + Certificate Manager, SaaS. items: properties: hashicorpVaultLDAP: @@ -832,7 +832,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -844,12 +844,12 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: - description: TenantID is the tenant ID used to authenticate with VCP. + description: TenantID is the tenant ID used to authenticate with Certificate Manager, SaaS. type: string type: object type: object @@ -858,7 +858,7 @@ spec: x-kubernetes-list-type: atomic url: description: |- - The URL to connect to the Venafi VCP instance. If not set, the default + The URL to connect to the Certificate Manager, SaaS instance. If not set, the default value https://api.venafi.cloud is used. type: string type: object @@ -867,7 +867,7 @@ spec: accessToken: description: |- The list of steps to retrieve the Access Token that will be used to connect - to VCP. + to Certificate Manager, SaaS. items: properties: hashicorpVaultLDAP: @@ -1024,7 +1024,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -1036,12 +1036,12 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: - description: TenantID is the tenant ID used to authenticate with VCP. + description: TenantID is the tenant ID used to authenticate with Certificate Manager, SaaS. type: string type: object type: object @@ -1051,7 +1051,7 @@ spec: apiKey: description: |- The list of steps to retrieve the API key that will be used to connect to - VCP. + Certificate Manager, SaaS. items: properties: hashicorpVaultLDAP: @@ -1208,7 +1208,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -1220,12 +1220,12 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: - description: TenantID is the tenant ID used to authenticate with VCP. + description: TenantID is the tenant ID used to authenticate with Certificate Manager, SaaS. type: string type: object type: object @@ -1234,7 +1234,7 @@ spec: x-kubernetes-list-type: atomic url: description: |- - The URL to connect to the Venafi VCP instance. If not set, the default + The URL to connect to the Certificate Manager, SaaS instance. If not set, the default value https://api.venafi.cloud is used. type: string type: object @@ -1280,8 +1280,8 @@ spec: type: string tokenValidUntil: description: |- - The ValidUntil time of the token used to authenticate with the Venafi - Control Plane server. + The ValidUntil time of the token used to authenticate with the + Certificate Manager, SaaS. format: date-time type: string type: diff --git a/deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.yaml b/deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.yaml index 9cf8eefe..74647373 100644 --- a/deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.yaml +++ b/deploy/charts/venafi-kubernetes-agent/templates/venafi-connection-crd.yaml @@ -261,7 +261,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -273,12 +273,12 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: - description: TenantID is the tenant ID used to authenticate with VCP. + description: TenantID is the tenant ID used to authenticate with Certificate Manager, SaaS. type: string type: object type: object @@ -289,7 +289,7 @@ spec: type: array x-kubernetes-list-type: atomic url: - description: The URL to connect to the Venafi Firefly instance. + description: The URL to connect to the Workload Identity Manager instance. type: string required: - url @@ -454,7 +454,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -466,12 +466,12 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: - description: TenantID is the tenant ID used to authenticate with VCP. + description: TenantID is the tenant ID used to authenticate with Certificate Manager, SaaS. type: string type: object type: object @@ -483,7 +483,7 @@ spec: x-kubernetes-list-type: atomic url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by venafi-connection-lib. @@ -497,7 +497,7 @@ spec: accessToken: description: |- The list of steps to retrieve the Access Token that will be used to connect - to VCP. + to Certificate Manager, SaaS. items: properties: hashicorpVaultLDAP: @@ -654,7 +654,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -666,12 +666,12 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: - description: TenantID is the tenant ID used to authenticate with VCP. + description: TenantID is the tenant ID used to authenticate with Certificate Manager, SaaS. type: string type: object type: object @@ -684,7 +684,7 @@ spec: apiKey: description: |- The list of steps to retrieve the API key that will be used to connect to - VCP. + Certificate Manager, SaaS. items: properties: hashicorpVaultLDAP: @@ -841,7 +841,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -853,12 +853,12 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: - description: TenantID is the tenant ID used to authenticate with VCP. + description: TenantID is the tenant ID used to authenticate with Certificate Manager, SaaS. type: string type: object type: object @@ -870,7 +870,7 @@ spec: x-kubernetes-list-type: atomic url: description: |- - The URL to connect to the Venafi VCP instance. If not set, the default + The URL to connect to the Certificate Manager, SaaS instance. If not set, the default value https://api.venafi.cloud is used. type: string type: object @@ -882,7 +882,7 @@ spec: accessToken: description: |- The list of steps to retrieve the Access Token that will be used to connect - to VCP. + to Certificate Manager, SaaS. items: properties: hashicorpVaultLDAP: @@ -1039,7 +1039,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -1051,12 +1051,12 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: - description: TenantID is the tenant ID used to authenticate with VCP. + description: TenantID is the tenant ID used to authenticate with Certificate Manager, SaaS. type: string type: object type: object @@ -1069,7 +1069,7 @@ spec: apiKey: description: |- The list of steps to retrieve the API key that will be used to connect to - VCP. + Certificate Manager, SaaS. items: properties: hashicorpVaultLDAP: @@ -1226,7 +1226,7 @@ spec: type: string url: description: |- - The URL to connect to the Venafi TPP instance. The two URLs + The URL to connect to the Certificate Manager, Self-Hosted instance. The two URLs https://tpp.example.com and https://tpp.example.com/vedsdk are equivalent. The ending `/vedsdk` is optional and is stripped out by our client. @@ -1238,12 +1238,12 @@ spec: type: object vcpOAuth: description: |- - VCPOAuth is a SecretSource step that authenticates to the Venafi Control - Plane. This step is meant to be the last step and requires a prior step + VCPOAuth is a SecretSource step that authenticates to the + Certificate Manager, SaaS. This step is meant to be the last step and requires a prior step that outputs a JWT token. properties: tenantID: - description: TenantID is the tenant ID used to authenticate with VCP. + description: TenantID is the tenant ID used to authenticate with Certificate Manager, SaaS. type: string type: object type: object @@ -1255,7 +1255,7 @@ spec: x-kubernetes-list-type: atomic url: description: |- - The URL to connect to the Venafi VCP instance. If not set, the default + The URL to connect to the Certificate Manager, SaaS instance. If not set, the default value https://api.venafi.cloud is used. type: string type: object @@ -1307,8 +1307,8 @@ spec: type: string tokenValidUntil: description: |- - The ValidUntil time of the token used to authenticate with the Venafi - Control Plane server. + The ValidUntil time of the token used to authenticate with the + Certificate Manager, SaaS. format: date-time type: string type: diff --git a/deploy/charts/venafi-kubernetes-agent/values.schema.json b/deploy/charts/venafi-kubernetes-agent/values.schema.json index 1301063f..876f4b5c 100644 --- a/deploy/charts/venafi-kubernetes-agent/values.schema.json +++ b/deploy/charts/venafi-kubernetes-agent/values.schema.json @@ -131,7 +131,7 @@ }, "helm-values.authentication.venafiConnection.enabled": { "default": false, - "description": "When set to true, the Venafi Kubernetes Agent will authenticate to. Venafi using the configuration in a VenafiConnection resource. Use `venafiConnection.enabled=true` for [secretless authentication](https://docs.venafi.cloud/vaas/k8s-components/t-install-tlspk-agent/). When set to true, the `authentication.secret` values will be ignored and the. Secret with `authentication.secretName` will _not_ be mounted into the\nVenafi Kubernetes Agent Pod.", + "description": "When set to true, the Discovery Agent will authenticate to. Venafi using the configuration in a VenafiConnection resource. Use `venafiConnection.enabled=true` for [secretless authentication](https://docs.venafi.cloud/vaas/k8s-components/t-install-tlspk-agent/). When set to true, the `authentication.secret` values will be ignored and the. Secret with `authentication.secretName` will _not_ be mounted into the\nDiscovery Agent Pod.", "type": "boolean" }, "helm-values.authentication.venafiConnection.name": { @@ -185,7 +185,7 @@ }, "helm-values.config.clientId": { "default": "", - "description": "The client-id to be used for authenticating with the Venafi Control. Plane. Only useful when using a Key Pair Service Account in the Venafi. Control Plane. You can obtain the cliend ID by creating a Key Pair Service\nAccount in the Venafi Control Plane.", + "description": "The client-id to be used for authenticating with the Venafi Control. Plane. Only useful when using a Key Pair Service Account in the Venafi. Control Plane. You can obtain the cliend ID by creating a Key Pair Service\nAccount in the CyberArk Certificate Manager.", "type": "string" }, "helm-values.config.clusterDescription": { @@ -214,7 +214,7 @@ "helm-values.config.configmap.name": {}, "helm-values.config.excludeAnnotationKeysRegex": { "default": [], - "description": "You can configure Venafi Kubernetes Agent to exclude some annotations or labels from being pushed to the Venafi Control Plane. All Kubernetes objects are affected. The objects are still pushed, but the specified annotations and labels are removed before being sent to the Venafi Control Plane.\n\nDots is the only character that needs to be escaped in the regex. Use either double quotes with escaped single quotes or unquoted strings for the regex to avoid YAML parsing issues with `\\.`.\n\nExample: excludeAnnotationKeysRegex: ['^kapp\\.k14s\\.io/original.*']", + "description": "You can configure Discovery Agent to exclude some annotations or labels from being pushed to the CyberArk Certificate Manager. All Kubernetes objects are affected. The objects are still pushed, but the specified annotations and labels are removed before being sent to the CyberArk Certificate Manager.\n\nDots is the only character that needs to be escaped in the regex. Use either double quotes with escaped single quotes or unquoted strings for the regex to avoid YAML parsing issues with `\\.`.\n\nExample: excludeAnnotationKeysRegex: ['^kapp\\.k14s\\.io/original.*']", "items": {}, "type": "array" }, @@ -264,7 +264,7 @@ }, "helm-values.config.server": { "default": "https://api.venafi.cloud/", - "description": "API URL of the Venafi Control Plane API. For EU tenants, set this value to https://api.venafi.eu/. If you are using the VenafiConnection authentication method, you must set the API URL using the field `spec.vcp.url` on the\nVenafiConnection resource instead.", + "description": "API URL of the CyberArk Certificate Manager API. For EU tenants, set this value to https://api.venafi.eu/. If you are using the VenafiConnection authentication method, you must set the API URL using the field `spec.vcp.url` on the\nVenafiConnection resource instead.", "type": "string" }, "helm-values.crds": { @@ -350,7 +350,7 @@ }, "helm-values.image.repository": { "default": "registry.venafi.cloud/venafi-agent/venafi-agent", - "description": "The container image for the Venafi Enhanced Issuer manager.", + "description": "The container image for the Discovery Agent.", "type": "string" }, "helm-values.image.tag": { @@ -583,13 +583,13 @@ }, "helm-values.volumeMounts": { "default": [], - "description": "Additional volume mounts to add to the Venafi Kubernetes Agent container. This is useful for mounting a custom CA bundle. Any PEM certificate mounted under /etc/ssl/certs will be loaded by the Venafi Kubernetes Agent. For\nexample:\n\nvolumeMounts:\n - name: cabundle\n mountPath: /etc/ssl/certs/cabundle\n subPath: cabundle\n readOnly: true", + "description": "Additional volume mounts to add to the Discovery Agent container. This is useful for mounting a custom CA bundle. Any PEM certificate mounted under /etc/ssl/certs will be loaded by the Discovery Agent. For\nexample:\n\nvolumeMounts:\n - name: cabundle\n mountPath: /etc/ssl/certs/cabundle\n subPath: cabundle\n readOnly: true", "items": {}, "type": "array" }, "helm-values.volumes": { "default": [], - "description": "Additional volumes to add to the Venafi Kubernetes Agent container. This is useful for mounting a custom CA bundle. For example:\nvolumes:\n - name: cabundle\n configMap:\n name: cabundle\n optional: false\n defaultMode: 0644\nIn order to create the ConfigMap, you can use the following command:\n\n kubectl create configmap cabundle \\\n --from-file=cabundle=./your/custom/ca/bundle.pem", + "description": "Additional volumes to add to the Discovery Agent container. This is useful for mounting a custom CA bundle. For example:\nvolumes:\n - name: cabundle\n configMap:\n name: cabundle\n optional: false\n defaultMode: 0644\nIn order to create the ConfigMap, you can use the following command:\n\n kubectl create configmap cabundle \\\n --from-file=cabundle=./your/custom/ca/bundle.pem", "items": {}, "type": "array" } diff --git a/deploy/charts/venafi-kubernetes-agent/values.yaml b/deploy/charts/venafi-kubernetes-agent/values.yaml index d84a48f6..75010de4 100644 --- a/deploy/charts/venafi-kubernetes-agent/values.yaml +++ b/deploy/charts/venafi-kubernetes-agent/values.yaml @@ -51,7 +51,7 @@ metrics: replicaCount: 1 image: - # The container image for the Venafi Enhanced Issuer manager. + # The container image for the Discovery Agent. repository: registry.venafi.cloud/venafi-agent/venafi-agent # Kubernetes imagePullPolicy on Deployment. @@ -162,7 +162,7 @@ command: [] # - --log-level=6 # To enable HTTP request logging extraArgs: [] -# Additional volumes to add to the Venafi Kubernetes Agent container. This is +# Additional volumes to add to the Discovery Agent container. This is # useful for mounting a custom CA bundle. For example: # # volumes: @@ -178,9 +178,9 @@ extraArgs: [] # --from-file=cabundle=./your/custom/ca/bundle.pem volumes: [] -# Additional volume mounts to add to the Venafi Kubernetes Agent container. +# Additional volume mounts to add to the Discovery Agent container. # This is useful for mounting a custom CA bundle. Any PEM certificate mounted -# under /etc/ssl/certs will be loaded by the Venafi Kubernetes Agent. For +# under /etc/ssl/certs will be loaded by the Discovery Agent. For # example: # # volumeMounts: @@ -190,7 +190,7 @@ volumes: [] # readOnly: true volumeMounts: [] -# Authentication details for the Venafi Kubernetes Agent +# Authentication details for the Discovery Agent authentication: # Name of the secret containing the private key secretName: agent-credentials @@ -200,12 +200,12 @@ authentication: # +docs:section=Venafi Connection # Configure VenafiConnection authentication venafiConnection: - # When set to true, the Venafi Kubernetes Agent will authenticate to + # When set to true, the Discovery Agent will authenticate to # Venafi using the configuration in a VenafiConnection resource. # Use `venafiConnection.enabled=true` for [secretless authentication](https://docs.venafi.cloud/vaas/k8s-components/t-install-tlspk-agent/). # When set to true, the `authentication.secret` values will be ignored and the # Secret with `authentication.secretName` will _not_ be mounted into the - # Venafi Kubernetes Agent Pod. + # Discovery Agent Pod. enabled: false # The name of a VenafiConnection resource which contains the configuration # for authenticating to Venafi. @@ -214,9 +214,9 @@ authentication: # configuration for authenticating to Venafi. namespace: venafi -# Configuration section for the Venafi Kubernetes Agent itself +# Configuration section for the Discovery Agent itself config: - # API URL of the Venafi Control Plane API. For EU tenants, set this value to + # API URL of the CyberArk Certificate Manager API. For EU tenants, set this value to # https://api.venafi.eu/. If you are using the VenafiConnection authentication # method, you must set the API URL using the field `spec.vcp.url` on the # VenafiConnection resource instead. @@ -224,7 +224,7 @@ config: # The client-id to be used for authenticating with the Venafi Control # Plane. Only useful when using a Key Pair Service Account in the Venafi # Control Plane. You can obtain the cliend ID by creating a Key Pair Service - # Account in the Venafi Control Plane. + # Account in the CyberArk Certificate Manager. clientId: "" # Send data back to the platform every minute unless changed. period: "0h1m0s" @@ -251,10 +251,10 @@ config: - bootstrap.kubernetes.io/token - helm.sh/release.v1 - # You can configure Venafi Kubernetes Agent to exclude some annotations or - # labels from being pushed to the Venafi Control Plane. All Kubernetes objects + # You can configure Discovery Agent to exclude some annotations or + # labels from being pushed to the CyberArk Certificate Manager. All Kubernetes objects # are affected. The objects are still pushed, but the specified annotations - # and labels are removed before being sent to the Venafi Control Plane. + # and labels are removed before being sent to the CyberArk Certificate Manager. # # Dots is the only character that needs to be escaped in the regex. Use either # double quotes with escaped single quotes or unquoted strings for the regex diff --git a/go.mod b/go.mod index 9fc73e99..2eabd2f0 100644 --- a/go.mod +++ b/go.mod @@ -9,7 +9,7 @@ require ( github.com/fatih/color v1.18.0 github.com/google/uuid v1.6.0 github.com/hashicorp/go-multierror v1.1.1 - github.com/jetstack/venafi-connection-lib v0.5.0 + github.com/jetstack/venafi-connection-lib v0.5.1 github.com/microcosm-cc/bluemonday v1.0.27 github.com/pmylund/go-cache v2.1.0+incompatible github.com/prometheus/client_golang v1.23.2 @@ -39,6 +39,7 @@ require ( github.com/go-logr/zapr v1.3.0 // indirect github.com/go418/concurrentcache v0.6.0 // indirect github.com/go418/concurrentcache/logger v0.0.0-20250207095056-c0b7f8cc8bc2 // indirect + github.com/golang-jwt/jwt/v5 v5.3.0 // indirect github.com/google/btree v1.1.3 // indirect github.com/google/cel-go v0.26.0 // indirect github.com/google/gnostic-models v0.7.0 // indirect @@ -106,6 +107,6 @@ require ( gopkg.in/yaml.v3 v3.0.1 k8s.io/klog/v2 v2.130.1 k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect - k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect + k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 // indirect sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect ) diff --git a/go.sum b/go.sum index 1bc1b4fd..13f8945b 100644 --- a/go.sum +++ b/go.sum @@ -103,8 +103,8 @@ github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+l github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/jetstack/venafi-connection-lib v0.5.0 h1:chxpeqJ0z35NYW9NOiNx+Q3hRkTwIcWgDN6W53kqSLw= -github.com/jetstack/venafi-connection-lib v0.5.0/go.mod h1:18NQcpxoYFbV7omOXyeg5pZIEYi9giVYVE9L+E58Ufw= +github.com/jetstack/venafi-connection-lib v0.5.1 h1:mS6sSSnLQDpSMZZ4tlju5D4q15eFnrs9StuGR4vDUtY= +github.com/jetstack/venafi-connection-lib v0.5.1/go.mod h1:Ph7uZeaeYldFIFC4vUcUQ3LSTVOLXvwgw5h1/6r1VMA= github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY= github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y= github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM= @@ -313,8 +313,8 @@ k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4 h1:SjGebBtkBqHFOli+05xYbK8YF1Dzkbzn+gDM4X9T4Ck= +k8s.io/utils v0.0.0-20251002143259-bc988d571ff4/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2 h1:jpcvIRr3GLoUoEKRkHKSmGjxb6lWwrBlJsXc+eUYQHM= sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.31.2/go.mod h1:Ve9uj1L+deCXFrPOk1LpFXqTg7LCFzFso6PA48q/XZw= sigs.k8s.io/controller-runtime v0.22.3 h1:I7mfqz/a/WdmDCEnXmSPm8/b/yRTy6JsKKENTijTq8Y= diff --git a/pkg/client/client_venafi_cloud.go b/pkg/client/client_venafi_cloud.go index d2b3b059..7e4a30d8 100644 --- a/pkg/client/client_venafi_cloud.go +++ b/pkg/client/client_venafi_cloud.go @@ -308,7 +308,7 @@ func (c *VenafiCloudClient) sendHTTPRequest(request *http.Request, responseObjec if response.StatusCode != http.StatusOK && response.StatusCode != http.StatusCreated { body, _ := io.ReadAll(response.Body) - return fmt.Errorf("failed to execute http request to Venafi Control Plane. Request %s, status code: %d, body: [%s]", request.URL, response.StatusCode, body) + return fmt.Errorf("failed to execute http request to the Control Plane. Request %s, status code: %d, body: [%s]", request.URL, response.StatusCode, body) } body, err := io.ReadAll(response.Body)