Fix certificate revisionHistoryLimit schema (#4534)

* fix invalid quote

Signed-off-by: Aran Shavit <Aranshavit@gmail.com>

* fix schema

Signed-off-by: Aran Shavit <Aranshavit@gmail.com>

* change implementation so that default value will work

Signed-off-by: Aran Shavit <Aranshavit@gmail.com>

* ran make test.crds.update

Signed-off-by: Aran Shavit <Aranshavit@gmail.com>

---------

Signed-off-by: Aran Shavit <Aranshavit@gmail.com>

deploy/charts/external-secrets/README.md

@@ -174,7 +174,7 @@ The command removes all the Kubernetes components associated with the chart and
 | webhook.certManager.cert.duration | string | `"8760h"` | Set the requested duration (i.e. lifetime) of the Certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec One year by default. |
 | webhook.certManager.cert.issuerRef | object | `{"group":"cert-manager.io","kind":"Issuer","name":"my-issuer"}` | For the Certificate created by this chart, setup the issuer. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.IssuerSpec |
 | webhook.certManager.cert.renewBefore | string | `""` | How long before the currently issued certificate’s expiry cert-manager should renew the certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec Note that renewBefore should be greater than .webhook.lookaheadInterval since the webhook will check this far in advance that the certificate is valid. |
-| webhook.certManager.cert.revisionHistoryLimit | string | `""` | Set the revisionHistoryLimit on the Certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec Defaults to nil. |
+| webhook.certManager.cert.revisionHistoryLimit | int | `0` | Set the revisionHistoryLimit on the Certificate. See https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec Defaults to 0 (ignored). |
 | webhook.certManager.enabled | bool | `false` | Enabling cert-manager support will disable the built in secret and switch to using cert-manager (installed separately) to automatically issue and renew the webhook certificate. This chart does not install cert-manager for you, See https://cert-manager.io/docs/ |
 | webhook.create | bool | `true` | Specifies whether a webhook deployment be created. |
 | webhook.deploymentAnnotations | object | `{}` | Annotations to add to Deployment |

deploy/charts/external-secrets/templates/webhook-certificate.yaml

@@ -26,8 +26,8 @@ spec:
   {{- with .Values.webhook.certManager.cert.renewBefore }}
   renewBefore: {{ . | quote }}
   {{- end }}
-  {{- with .Values.webhook.certManager.cert.revisionHistoryLimit }}
-  revisionHistoryLimit: {{ . }}
+  {{- if gt (.Values.webhook.certManager.cert.revisionHistoryLimit | int) 0 }}
+  revisionHistoryLimit: {{ .Values.webhook.certManager.cert.revisionHistoryLimit }}
   {{- end }}
   secretName: {{ include "external-secrets.fullname" . }}-webhook
 {{- end }}

deploy/charts/external-secrets/values.schema.json

@@ -661,7 +661,7 @@
                                     "type": "string"
                                 },
                                 "revisionHistoryLimit": {
-                                    "type": "string"
+                                    "type": "integer"
                                 }
                             },
                             "type": "object"

deploy/charts/external-secrets/values.yaml

@@ -317,8 +317,8 @@ webhook:
       duration: "8760h"
       # -- Set the revisionHistoryLimit on the Certificate. See
       # https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec
-      # Defaults to nil.
-      revisionHistoryLimit: ""
+      # Defaults to 0 (ignored).
+      revisionHistoryLimit: 0
       # -- How long before the currently issued certificate’s expiry
       # cert-manager should renew the certificate. See
       # https://cert-manager.io/docs/reference/api-docs/#cert-manager.io/v1.CertificateSpec

tests/__snapshot__/clustergenerator-v1alpha1.yaml

@@ -221,7 +221,7 @@ spec:
             name: string
             namespace: string
           userPass:
-            path: "user"
+            path: "userpass"
             secretRef:
               key: string
               name: string

tests/__snapshot__/clustersecretstore-v1beta1.yaml

@@ -336,6 +336,7 @@ spec:
       hostAPI: "https://app.infisical.com/api"
       secretsScope:
         environmentSlug: string
+        expandSecretReferences: true
         projectSlug: string
         recursive: false
         secretsPath: "/"
@@ -585,7 +586,7 @@ spec:
           name: string
           namespace: string
         userPass:
-          path: "user"
+          path: "userpass"
           secretRef:
             key: string
             name: string

tests/__snapshot__/secretstore-v1beta1.yaml

@@ -336,6 +336,7 @@ spec:
       hostAPI: "https://app.infisical.com/api"
       secretsScope:
         environmentSlug: string
+        expandSecretReferences: true
         projectSlug: string
         recursive: false
         secretsPath: "/"
@@ -585,7 +586,7 @@ spec:
           name: string
           namespace: string
         userPass:
-          path: "user"
+          path: "userpass"
           secretRef:
             key: string
             name: string

tests/__snapshot__/vaultdynamicsecret-v1alpha1.yaml

@@ -92,7 +92,7 @@ spec:
         name: string
         namespace: string
       userPass:
-        path: "user"
+        path: "userpass"
         secretRef:
           key: string
           name: string