initial docs commit

Signed-off-by: Bill Hamilton <bill.hamilton@delinea.com>

apis/externalsecrets/v1beta1/secretsstore_secretserver_types.go

@@ -27,7 +27,7 @@ type SecretServerProviderRef struct {
 	SecretRef *esmeta.SecretKeySelector `json:"secretRef,omitempty"`
 }
 
-// See https://github.com/DelineaXPM/dsv-sdk-go/blob/main/vault/vault.go.
+// See https://github.com/DelineaXPM/tss-sdk-go/blob/main/server/server.go.
 type SecretServerProvider struct {
 
 	// UserName is the secret server account userName.

docs/api/spec.md

@@ -5341,6 +5341,107 @@ External Secrets meta/v1.SecretKeySelector
 </tr>
 </tbody>
 </table>
+<h3 id="external-secrets.io/v1beta1.SecretServerProvider">SecretServerProvider
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1beta1.SecretStoreProvider">SecretStoreProvider</a>)
+</p>
+<p>
+<p>See <a href="https://github.com/DelineaXPM/dsv-sdk-go/blob/main/vault/vault.go">https://github.com/DelineaXPM/dsv-sdk-go/blob/main/vault/vault.go</a>.</p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>username</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.SecretServerProviderRef">
+SecretServerProviderRef
+</a>
+</em>
+</td>
+<td>
+<p>UserName is the secret server account userName.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>password</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.SecretServerProviderRef">
+SecretServerProviderRef
+</a>
+</em>
+</td>
+<td>
+<p>PassWord is the secret server account passWord.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>serverURL</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<p>ServerURL
+URL to your secret server installation</p>
+</td>
+</tr>
+</tbody>
+</table>
+<h3 id="external-secrets.io/v1beta1.SecretServerProviderRef">SecretServerProviderRef
+</h3>
+<p>
+(<em>Appears on:</em>
+<a href="#external-secrets.io/v1beta1.SecretServerProvider">SecretServerProvider</a>)
+</p>
+<p>
+</p>
+<table>
+<thead>
+<tr>
+<th>Field</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>
+<code>value</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>Value can be specified directly to set a value without using a secret.</p>
+</td>
+</tr>
+<tr>
+<td>
+<code>secretRef</code></br>
+<em>
+<a href="https://pkg.go.dev/github.com/external-secrets/external-secrets/apis/meta/v1#SecretKeySelector">
+External Secrets meta/v1.SecretKeySelector
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>SecretRef references a key in a secret that will be used as value.</p>
+</td>
+</tr>
+</tbody>
+</table>
 <h3 id="external-secrets.io/v1beta1.SecretStore">SecretStore
 </h3>
 <p>
@@ -5835,6 +5936,21 @@ DelineaProvider
 </tr>
 <tr>
 <td>
+<code>secretserver</code></br>
+<em>
+<a href="#external-secrets.io/v1beta1.SecretServerProvider">
+SecretServerProvider
+</a>
+</em>
+</td>
+<td>
+<em>(Optional)</em>
+<p>SecretServer configures this store to sync secrets using SecretServer provider
+<a href="https://docs.delinea.com/online-help/secret-server/start.htm">https://docs.delinea.com/online-help/secret-server/start.htm</a></p>
+</td>
+</tr>
+<tr>
+<td>
 <code>chef</code></br>
 <em>
 <a href="#external-secrets.io/v1beta1.ChefProvider">

docs/introduction/stability-support.md

@@ -53,6 +53,7 @@ The following table describes the stability level of each provider and who's res
 | [Scaleway](https://external-secrets.io/latest/provider/scaleway)                                           |   alpha   |                                                                                                                                                   [@azert9](https://github.com/azert9/) |
 | [Conjur](https://external-secrets.io/latest/provider/conjur)                                               |   alpha   |                                                                                                                                 [@davidh-cyberark](https://github.com/davidh-cyberark/) |
 | [Delinea](https://external-secrets.io/latest/provider/delinea)                                             |   alpha   |                                                                                                                                     [@michaelsauter](https://github.com/michaelsauter/) |
+| [SecretServer](https://external-secrets.io/latest/provider/secretserver)                                   |   alpha   |                                                                                                                                     [@billhamilton](https://github.com/pacificcode/) |
 | [Pulumi ESC](https://external-secrets.io/latest/provider/pulumi)                                           |   alpha   |                                                                                                                                                  [@dirien](https://github.com/dirien) |
 
 ## Provider Feature Support
@@ -81,6 +82,7 @@ The following table show the support for features across different providers.
 | Scaleway                  |      x       |      x       |                      |                         |        x         |      x      |              x              |
 | Conjur                    |              |              |                      |                         |        x         |             |                             |
 | Delinea                   |      x       |              |                      |                         |        x         |             |                             |
+| SecretServer              |      x       |              |                      |                         |        x         |             |                             |
 | Pulumi ESC                |      x       |              |                      |                         |        x         |             |                             |
 
 ## Support Policy

docs/provider/secretserver.md

@@ -0,0 +1,101 @@
+## Delinea Secret Server
+
+External Secrets Operator integrates with [Delinea Secret Server](https://docs.delinea.com/online-help/secret-server/start.htm).
+
+### Creating a SecretStore
+
+You need a username, password and a fully qualified Secret Server tenant URL to authenticate i.e. `https://yourTenantName.secretservercloud.com`.
+
+Both username and password can be specified either directly in the `SecretStore`, or by referencing a kubernetes secret.
+
+To acquire a username and password, refer to the  [user management](https://docs.delinea.com/online-help/secret-server/users/creating-users/index.htm) documentation.
+
+```yaml
+apiVersion: external-secrets.io/v1beta1
+kind: SecretStore
+metadata:
+  name: secret-server-store
+spec:
+  provider:
+    secretserver:
+      serverURL: <SERVER_URL>
+      username:
+        value: <USERNAME>
+      password:
+        secretRef:
+          name: <NAME_OF_KUBE_SECRET>
+          key: <KEY_IN_KUBE_SECRET>
+```
+
+Both `username` and `password` can either be specified directly via the `value` field or can reference a kubernetes secret.
+
+
+### Referencing Secrets
+
+Secrets must be referenced by ID. `Getting a specific version of a secret is not yet supported.`
+
+Note that because all Secret Server secrets are JSON objects, you must specify `remoteRef.property`. You can access nested values or arrays using [gjson syntax](https://github.com/tidwall/gjson/blob/master/SYNTAX.md).
+
+```yaml
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+    name: secret-server-external-secret
+spec:
+    refreshInterval: 15s
+    secretStoreRef:
+        kind: SecretStore
+        name: secret-server-store
+    data:
+      - secretKey: SecretServerValue #<KEY_IN_KUBE_SECRET>
+        remoteRef:
+          key: "52622" #<SECRET_ID>
+          property: "Items.0.ItemValue" #<GJSON_PROPERTY>
+```
+### Example
+Using the json formatted secret below to retrieve the "ItemValue" for "FieldName" .. "Data"
+
+spec.data.remoteRef.key = 52622 (id of the secret)
+
+spec.data.remoteRef.property = Items.0.ItemValue (gjson path )
+
+```JSON
+{
+  "Name": "external secret testing",
+  "FolderID": 73,
+  "ID": 52622,
+  "SiteID": 1,
+  "SecretTemplateID": 6098,
+  "SecretPolicyID": -1,
+  "PasswordTypeWebScriptID": -1,
+  "LauncherConnectAsSecretID": -1,
+  "CheckOutIntervalMinutes": -1,
+  "Active": true,
+  "CheckedOut": false,
+  "CheckOutEnabled": false,
+  "AutoChangeEnabled": false,
+  "CheckOutChangePasswordEnabled": false,
+  "DelayIndexing": false,
+  "EnableInheritPermissions": true,
+  "EnableInheritSecretPolicy": true,
+  "ProxyEnabled": false,
+  "RequiresComment": false,
+  "SessionRecordingEnabled": false,
+  "WebLauncherRequiresIncognitoMode": false,
+  "Items": [
+    {
+      "ItemID": 280265,
+      "FieldID": 439,
+      "FileAttachmentID": 0,
+      "FieldName": "Data",
+      "Slug": "data",
+      "FieldDescription": "json text field",
+      "Filename": "",
+      "ItemValue": "{\"key\":\"value\"}",
+      "IsFile": false,
+      "IsNotes": false,
+      "IsPassword": false
+    }
+  ]
+}
+```

e2e/suites/provider/cases/secretserver/provider.go

@@ -2,8 +2,8 @@ package secretserver
 
 import (
 	"encoding/json"
-	"fmt"
-	"strconv"
+	_"fmt"
+	_"strconv"
 
 	"github.com/DelineaXPM/tss-sdk-go/v2/server"
 /*	"github.com/DelineaXPM/dsv-sdk-go/v2/vault"*/
@@ -11,15 +11,18 @@ import (
 	"github.com/onsi/gomega"
 )
 
+
 type secretStoreProvider struct {
 	api *server.Server
 	cfg *config
+	secretID map[string]int
 }
 
+
 func (p *secretStoreProvider) init(cfg *config) {
 
 	p.cfg = cfg
-
+	p.secretID = make(map[string]int)
 	secretserverClient, err := server.New(server.Configuration{
 		Credentials: server.UserCredential{
 			Username: cfg.username,
@@ -32,37 +35,42 @@ func (p *secretStoreProvider) init(cfg *config) {
 	p.api = secretserverClient
 }
 
+/*
+Make sure and look this up
+https://rasteamdev.qa.devsecretservercloud.com/Documents/restapi/TokenAuth/#tag/Secrets/operation/SecretsService_SearchV2
+*/
+
 func (p *secretStoreProvider) CreateSecret(key string, val framework.SecretEntry) {
 	var data map[string]interface{}
 	err := json.Unmarshal([]byte(val.Value), &data)
 	gomega.Expect(err).ToNot(gomega.HaveOccurred())
 
-	fields := make([]server.SecretField, 3)
+	fields := make([]server.SecretField, 1)
+/*
 		fields[0].FieldID = 108 // machine
 		fields[0].ItemValue = "Secret Server TEST MACHINE"
 		fields[1].FieldID = 111 // username
 		fields[1].ItemValue = "secretserver_username"
 		fields[2].FieldID = 110 // password
 		fields[2].ItemValue = "secretserver_password"
+*/
+
+		fields[0].FieldID = 439 // Data
+		fields[0].ItemValue = "{\"key\":\"foo\"}"
 
-	_, err = p.api.CreateSecret(server.Secret{
-		SecretTemplateID: 6007,
+
+	s, err := p.api.CreateSecret(server.Secret{
+		SecretTemplateID: 6098,
 		SiteID: 1,
 		FolderID: 73,
 		Name: key,
 		Fields: fields,
 	})
 	gomega.Expect(err).ToNot(gomega.HaveOccurred())
+	p.secretID[key] = s.ID
 }
 
 func (p *secretStoreProvider) DeleteSecret(key string) {
-	fmt.Println("DELETE SECRET KEY = ", key)
-	id, _ := strconv.Atoi(key)
-/*
-	if err != nil {
-		return nil, errors.New("incorrect string to integer conversion")
-	}
-*/
-	err := p.api.DeleteSecret(id)
+	err := p.api.DeleteSecret(p.secretID[key])
 	gomega.Expect(err).ToNot(gomega.HaveOccurred())
 }

hack/api-docs/mkdocs.yml

@@ -113,6 +113,7 @@ nav:
     - Cloak End 2 End Encrypted Secrets: provider/cloak.md
     - Scaleway: provider/scaleway.md
     - Delinea: provider/delinea.md
+    - Secret Server: provider/secretserver.md
     - Pulumi ESC: provider/pulumi.md
     - Onboardbase: provider/onboardbase.md
   - Examples:

pkg/provider/secretserver/client.go

@@ -114,7 +114,7 @@ func (c *client) getSecret(_ context.Context, ref esv1beta1.ExternalSecretDataRe
 	}
 	id, err := strconv.Atoi(ref.Key)
 	if err != nil {
-		return nil, errors.New("invalid string to integer conversion")
+		return nil, fmt.Errorf("get secret key = %+v ........ ", ref) //errors.New("invalid string to integer conversion")
 	}
 	return c.api.Secret(id)
 }