Browse Source

docs(pulumi): correct find/referent matrix cells and fix headings (#6578)

The support matrix marked Pulumi ESC with find by name, but GetAllSecrets is not
supported, so find does not work; set it blank. It also left referent
authentication blank, but ValidateStore uses the relaxed referent validator, so
referent works; set it x. Also promote the page headings one level (H2 title to H1,
H3 sections to H2, H4 to H3).

Signed-off-by: Alexander Chernov <alexander@chernov.it>
Alexander Chernov 21 hours ago
parent
commit
29eb3d5d97
2 changed files with 13 additions and 13 deletions
  1. 1 1
      docs/introduction/stability-support.md
  2. 12 12
      docs/provider/pulumi.md

+ 1 - 1
docs/introduction/stability-support.md

@@ -130,7 +130,7 @@ The following table show the support for features across different providers.
 | Delinea                   |      x       |              |                      |                         |        x         |             |                             |
 | Delinea                   |      x       |              |                      |                         |        x         |             |                             |
 | Beyondtrust               |              |              |                      |                         |        x         |      x      |                             |
 | Beyondtrust               |              |              |                      |                         |        x         |      x      |                             |
 | SecretServer              |      x       |              |                      |                         |        x         |      x      |              x              |
 | SecretServer              |      x       |              |                      |                         |        x         |      x      |              x              |
-| Pulumi ESC                |      x       |              |                      |                         |        x         |             |                             |
+| Pulumi ESC                |              |              |                      |            x            |        x         |             |                             |
 | Passbolt                  |      x       |              |                      |                         |        x         |             |                             |
 | Passbolt                  |      x       |              |                      |                         |        x         |             |                             |
 | Infisical                 |      x       |              |                      |            x            |        x         |      x      |              x              |
 | Infisical                 |      x       |              |                      |            x            |        x         |      x      |              x              |
 | Bitwarden Secrets Manager |      x       |              |                      |                         |        x         |      x      |              x              |
 | Bitwarden Secrets Manager |      x       |              |                      |                         |        x         |      x      |              x              |

+ 12 - 12
docs/provider/pulumi.md

@@ -1,4 +1,4 @@
-## Pulumi ESC
+# Pulumi ESC
 
 
 Sync environments, configs and secrets from [Pulumi ESC](https://www.pulumi.com/product/esc/) to Kubernetes using the External Secrets Operator.
 Sync environments, configs and secrets from [Pulumi ESC](https://www.pulumi.com/product/esc/) to Kubernetes using the External Secrets Operator.
 
 
@@ -6,16 +6,16 @@ Sync environments, configs and secrets from [Pulumi ESC](https://www.pulumi.com/
 
 
 More information about setting up [Pulumi](https://www.pulumi.com/) ESC can be found in the [Pulumi ESC documentation](https://www.pulumi.com/docs/esc/).
 More information about setting up [Pulumi](https://www.pulumi.com/) ESC can be found in the [Pulumi ESC documentation](https://www.pulumi.com/docs/esc/).
 
 
-### Authentication
+## Authentication
 
 
 The Pulumi provider supports two authentication methods:
 The Pulumi provider supports two authentication methods:
 
 
 1. **Access Token** (recommended for most use cases): Use Pulumi [Access Tokens](https://www.pulumi.com/docs/pulumi-cloud/access-management/access-tokens/) stored in Kubernetes secrets.
 1. **Access Token** (recommended for most use cases): Use Pulumi [Access Tokens](https://www.pulumi.com/docs/pulumi-cloud/access-management/access-tokens/) stored in Kubernetes secrets.
 2. **OIDC** (recommended for workload identity): Use Kubernetes ServiceAccount tokens to authenticate via OIDC, eliminating the need to store static credentials.
 2. **OIDC** (recommended for workload identity): Use Kubernetes ServiceAccount tokens to authenticate via OIDC, eliminating the need to store static credentials.
 
 
-### Creating a SecretStore
+## Creating a SecretStore
 
 
-#### Using Access Token
+### Using Access Token
 
 
 A Pulumi `SecretStore` can be created by specifying the `organization`, `project` and `environment` and referencing a Kubernetes secret containing the `accessToken`.
 A Pulumi `SecretStore` can be created by specifying the `organization`, `project` and `environment` and referencing a Kubernetes secret containing the `accessToken`.
 
 
@@ -39,7 +39,7 @@ spec:
 
 
 **Note:** The deprecated `accessToken` field at the root level is still supported for backward compatibility, but using `auth.accessToken` is recommended.
 **Note:** The deprecated `accessToken` field at the root level is still supported for backward compatibility, but using `auth.accessToken` is recommended.
 
 
-#### Using OIDC
+### Using OIDC
 
 
 Alternatively, you can use OIDC authentication with Kubernetes ServiceAccount tokens. This method eliminates the need to store static credentials.
 Alternatively, you can use OIDC authentication with Kubernetes ServiceAccount tokens. This method eliminates the need to store static credentials.
 
 
@@ -55,9 +55,9 @@ The `expirationSeconds` field is optional and defaults to 600 seconds (10 minute
 
 
 If required, the API URL (`apiUrl`) can be customized as well. If not specified, the default value is `https://api.pulumi.com/api/esc`.
 If required, the API URL (`apiUrl`) can be customized as well. If not specified, the default value is `https://api.pulumi.com/api/esc`.
 
 
-### Creating a ClusterSecretStore
+## Creating a ClusterSecretStore
 
 
-#### Using Access Token
+### Using Access Token
 
 
 Similarly, a `ClusterSecretStore` can be created by specifying the `namespace` and referencing a Kubernetes secret containing the `accessToken`.
 Similarly, a `ClusterSecretStore` can be created by specifying the `namespace` and referencing a Kubernetes secret containing the `accessToken`.
 
 
@@ -80,7 +80,7 @@ spec:
             namespace: <NAMESPACE>
             namespace: <NAMESPACE>
 ```
 ```
 
 
-#### Using OIDC
+### Using OIDC
 
 
 For ClusterSecretStore with OIDC, you need to specify the ServiceAccount namespace:
 For ClusterSecretStore with OIDC, you need to specify the ServiceAccount namespace:
 
 
@@ -110,7 +110,7 @@ spec:
           expirationSeconds: 600
           expirationSeconds: 600
 ```
 ```
 
 
-### Referencing Secrets
+## Referencing Secrets
 
 
 Secrets can be referenced by defining the `key` containing the JSON path to the secret. Pulumi ESC secrets are internally organized as a JSON object.
 Secrets can be referenced by defining the `key` containing the JSON path to the secret. Pulumi ESC secrets are internally organized as a JSON object.
 
 
@@ -132,7 +132,7 @@ spec:
 
 
 **Note:** `key` is not following the JSON Path syntax, but rather the Pulumi path syntax.
 **Note:** `key` is not following the JSON Path syntax, but rather the Pulumi path syntax.
 
 
-#### Examples
+### Examples
 
 
 * root
 * root
 * root.nested
 * root.nested
@@ -154,7 +154,7 @@ spec:
 
 
 See [Pulumi's documentation](https://www.pulumi.com/docs/concepts/options/ignorechanges/) for more information.
 See [Pulumi's documentation](https://www.pulumi.com/docs/concepts/options/ignorechanges/) for more information.
 
 
-### PushSecrets
+## PushSecrets
 
 
 With the latest release of Pulumi ESC, secrets can be pushed to the Pulumi service. This can be done by creating a `PushSecrets` object.
 With the latest release of Pulumi ESC, secrets can be pushed to the Pulumi service. This can be done by creating a `PushSecrets` object.
 
 
@@ -182,7 +182,7 @@ spec:
 
 
 This will then push the secret to the Pulumi service. If the secret already exists, it will be updated.
 This will then push the secret to the Pulumi service. If the secret already exists, it will be updated.
 
 
-### Limitations
+## Limitations
 
 
 Currently, the Pulumi provider only supports nested objects up to a depth of 1. Any nested objects beyond this depth will be stored as a string with the JSON representation.
 Currently, the Pulumi provider only supports nested objects up to a depth of 1. Any nested objects beyond this depth will be stored as a string with the JSON representation.