Merge branch 'main' into beach-team

# Conflicts:
#	go.mod
#	pkg/provider/gitlab/gitlab.go

.github/PAUL.yaml

@@ -4,6 +4,7 @@ maintainers:
 - moolen
 - sebagomez
 - rodrmartinez
+- IdanAdar
 # Emeritus Approvers
 - Flydiverny
 - silasbw
@@ -44,7 +45,7 @@ pull_requests:
     If this is your first time contributing, please make
     sure to read the [Developer](https://www.external-secrets.io/latest/contributing-devguide/) and [Contributing Process](https://www.external-secrets.io/latest/contributing-process/) guides.
     Please also mind and follow our [Code of Conduct](https://www.external-secrets.io/latest/contributing-coc/).
-    
+
     Useful commands:
       - `make fmt`: Formats the code
       - `make check-diff`: Ensures the branch is clean

.github/actions/sign/action.yml

@@ -0,0 +1,94 @@
+name: 'Provenance / SBOM / Sign'
+
+description: 'Creates SBOM & provenance files and signs the image'
+
+inputs:
+  image-name:
+    description: "name of the image"
+    required: true
+    default: ''
+  image-tag:
+    description: "image tag"
+    required: true
+    default: ""
+  GHCR_USERNAME:
+    description: "ghcr username"
+    required: true
+  GHCR_TOKEN:
+    description: "ghcr token"
+    required: true
+  GITHUB_TOKEN:
+    description: "gh token"
+    required: true
+
+runs:
+  using: "composite"
+
+  steps:
+
+    - name: Install cosign
+      uses: sigstore/cosign-installer@v2
+      with:
+        cosign-release: v1.12.1
+
+    - name: Install Syft
+      uses: anchore/sbom-action/download-syft@v0.7.0
+
+    - name: Check Cosign install
+      shell: bash
+      run: cosign version
+
+    - name: Login to ghcr.io
+      uses: docker/login-action@v1.14.1
+      with:
+        registry: ghcr.io
+        username: ${{ inputs.GHCR_USERNAME }}
+        password: ${{ inputs.GHCR_TOKEN }}
+
+    - name: Setup Go
+      uses: actions/setup-go@v3
+      with:
+        go-version-file: "go.mod"
+
+    - name: Set up crane
+      shell: bash
+      run: go install github.com/google/go-containerregistry/cmd/crane@v0.11.0
+
+    - name: Get docker image tag
+      id: container_info
+      shell: bash
+      run: echo "::set-output name=digest::$(crane digest ${{ inputs.image-name }}:${{ inputs.image-tag }})"
+
+    - name: Sign image
+      shell: bash
+      env:
+        COSIGN_EXPERIMENTAL: "1"
+      run: cosign sign -a GITHUB_ACTOR=${{ github.triggering_actor }} "${{ inputs.image-name }}@${{ steps.container_info.outputs.digest }}"
+
+    - name: Attach SBOM to image
+      shell: bash
+      env:
+        COSIGN_EXPERIMENTAL: "1"
+      run: |
+        syft "${{ inputs.image-name }}@${{ steps.container_info.outputs.digest }}" -o spdx-json=sbom-spdx.json
+        cosign attest --predicate sbom-spdx.json --type spdx "${{ inputs.image-name }}@${{ steps.container_info.outputs.digest }}"
+        cosign verify-attestation --type spdx ${{ inputs.image-name }}@${{ steps.container_info.outputs.digest }} | jq '.payload |= @base64d | .payload | fromjson'
+
+    - name: Generate provenance
+      uses: philips-labs/slsa-provenance-action@v0.7.2
+      with:
+        command: generate
+        subcommand: container
+        arguments: --repository "${{ inputs.image-name }}" --output-path provenance.att --digest "${{ steps.container_info.outputs.digest }}" --tags "${{ inputs.image-tag }}"
+      env:
+        COSIGN_EXPERIMENTAL: "0"
+        GITHUB_TOKEN: "${{ inputs.GITHUB_TOKEN }}"
+
+    - name: Attach provenance
+      shell: bash
+      env:
+        COSIGN_EXPERIMENTAL: "1"
+      run: |
+        jq '.predicate' provenance.att > provenance-predicate.att
+        cosign attest --predicate provenance-predicate.att --type slsaprovenance "${{ inputs.image-name }}@${{ steps.container_info.outputs.digest }}"
+        cosign verify-attestation --type slsaprovenance ${{ inputs.image-name }}@${{ steps.container_info.outputs.digest }}

.github/workflows/ci.yml

@@ -4,33 +4,25 @@ on:
   push:
     branches:
       - main
-      - release-*
   pull_request: {}
-  workflow_dispatch: {}
 
 env:
   # Common versions
   GOLANGCI_VERSION: 'v1.49.0'
   KUBERNETES_VERSION: '1.24.x'
-  DOCKER_BUILDX_VERSION: 'v0.4.2'
-
-  # Common users. We can't run a step 'if secrets.GHCR_USERNAME != ""' but we can run
-  # a step 'if env.GHCR_USERNAME' != ""', so we copy these to succinctly test whether
-  # credentials have been provided before trying to run steps that need them.
-  GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
 
   # Sonar
   SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
 
 jobs:
   detect-noop:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     outputs:
       noop: ${{ steps.noop.outputs.should_skip }}
     steps:
       - name: Detect No-op Changes
         id: noop
-        uses: fkirc/skip-duplicate-actions@v4.0.0
+        uses: fkirc/skip-duplicate-actions@v5.2.0
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           paths_ignore: '["**.md", "**.png", "**.jpg"]'
@@ -38,7 +30,7 @@ jobs:
           concurrent_skipping: false
 
   lint:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     needs: detect-noop
     if: needs.detect-noop.outputs.noop != 'true'
 
@@ -61,30 +53,23 @@ jobs:
         uses: actions/cache@v3
         with:
           path: ${{ steps.go.outputs.build-cache }}
-          key: ${{ runner.os }}-build-lint-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-build-lint-${{ github.sha }}-
+          key: ${{ runner.os }}-build-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
 
       - name: Cache Go Dependencies
         uses: actions/cache@v3
         with:
           path: ${{ steps.go.outputs.mod-cache }}
-          key: ${{ runner.os }}-pkg-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-pkg-${{ github.sha }}-
+          key: ${{ runner.os }}-mod-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
 
-      # This action uses its own setup-go, which always seems to use the latest
-      # stable version of Go. We could run 'make lint' to ensure our desired Go
-      # version, but we prefer this action because it leaves 'annotations' (i.e.
-      # it comments on PRs to point out linter violations).
       - name: Lint
-        uses: golangci/golangci-lint-action@v3.2.0
+        uses: golangci/golangci-lint-action@v3
         with:
           version: ${{ env.GOLANGCI_VERSION }}
           skip-pkg-cache: true
           skip-build-cache: true
-          skip-go-installation: true
 
   check-diff:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     needs: detect-noop
     if: needs.detect-noop.outputs.noop != 'true'
 
@@ -107,15 +92,13 @@ jobs:
         uses: actions/cache@v3
         with:
           path: ${{ steps.go.outputs.build-cache }}
-          key: ${{ runner.os }}-build-check-diff-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-build-check-diff-${{ github.sha }}-
+          key: ${{ runner.os }}-build-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
 
       - name: Cache Go Dependencies
         uses: actions/cache@v3
         with:
           path: ${{ steps.go.outputs.mod-cache }}
-          key: ${{ runner.os }}-pkg-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-pkg-${{ github.sha }}-
+          key: ${{ runner.os }}-mod-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
 
       # Check DIff also runs Reviewable which needs golangci-lint installed
       - name: Check Diff
@@ -125,7 +108,7 @@ jobs:
           make check-diff
 
   unit-tests:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     needs: detect-noop
     if: needs.detect-noop.outputs.noop != 'true'
 
@@ -151,15 +134,13 @@ jobs:
         uses: actions/cache@v3
         with:
           path: ${{ steps.go.outputs.build-cache }}
-          key: ${{ runner.os }}-build-unit-tests-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-build-unit-tests-${{ github.sha }}-
+          key: ${{ runner.os }}-build-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
 
       - name: Cache Go Dependencies
         uses: actions/cache@v3
         with:
           path: ${{ steps.go.outputs.mod-cache }}
-          key: ${{ runner.os }}-pkg-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-pkg-${{ github.sha }}-
+          key: ${{ runner.os }}-mod-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
 
       - name: Add setup-envtest
         run: |
@@ -171,7 +152,6 @@ jobs:
         with:
           path: /home/runner/.local/share/kubebuilder-envtest/
           key: ${{ runner.os }}-kubebuilder-${{env.KUBERNETES_VERSION}}
-          restore-keys: ${{ runner.os }}-kubebuilder-
 
       - name: Run Unit Tests
         run: |
@@ -179,106 +159,25 @@ jobs:
           source <(setup-envtest use ${{env.KUBERNETES_VERSION}} -p env --os $(go env GOOS) --arch $(go env GOARCH))
           make test
 
-
   publish-artifacts:
-    runs-on: ubuntu-18.04
     needs: detect-noop
     if: needs.detect-noop.outputs.noop != 'true'
-
+    uses: ./.github/workflows/publish.yml
     permissions:
       id-token: write
       contents: read
+    strategy:
+      matrix:
+        include:
+        - dockerfile: "Dockerfile"
+          tag-suffix: "" # distroless
+        - dockerfile: "Dockerfile.ubi"
+          tag-suffix: "-ubi"
+    with:
+      dockerfile: ${{ matrix.dockerfile }}
+      tag-suffix: ${{ matrix.tag-suffix }}
+      image-name: ghcr.io/${{ github.repository }}
+    secrets:
+      GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
+      GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
 
-    steps:
-      - name: Setup QEMU
-        uses: docker/setup-qemu-action@v2
-        with:
-          platforms: all
-
-      - name: Setup Docker Buildx
-        uses: docker/setup-buildx-action@v2
-        with:
-          version: ${{ env.DOCKER_BUILDX_VERSION }}
-          install: true
-
-      - name: Checkout
-        uses: actions/checkout@v3
-
-      - name: Fetch History
-        run: git fetch --prune --unshallow
-
-      - name: Setup Go
-        uses: actions/setup-go@v3
-        with:
-          go-version-file: "go.mod"
-
-      - name: Find the Go Cache
-        id: go
-        run: |
-          echo "::set-output name=build-cache::$(go env GOCACHE)"
-          echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
-
-      - name: Cache the Go Build Cache
-        uses: actions/cache@v3
-        with:
-          path: ${{ steps.go.outputs.build-cache }}
-          key: ${{ runner.os }}-build-publish-artifacts-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-build-publish-artifacts-${{ github.sha }}-
-
-      - name: Cache Go Dependencies
-        uses: actions/cache@v3
-        with:
-          path: ${{ steps.go.outputs.mod-cache }}
-          key: ${{ runner.os }}-pkg-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-pkg-${{ github.sha }}-
-
-      - name: Login to Docker
-        uses: docker/login-action@v2
-        if: env.GHCR_USERNAME != ''
-        with:
-          registry: ghcr.io
-          username: ${{ secrets.GHCR_USERNAME }}
-          password: ${{ secrets.GHCR_TOKEN }}
-
-      - name: Build & Publish Artifacts
-        if: env.GHCR_USERNAME != ''
-        env:
-          BUILD_ARGS: "--push --platform linux/amd64,linux/arm64"
-        run: make docker.build
-
-      - name: Get docker image tag
-        if: env.GHCR_USERNAME != ''
-        id: image_version
-        run: echo "::set-output name=image::$(make docker.image)"
-
-      - name: Run Trivy vulnerability scanner
-        if: env.GHCR_USERNAME != ''
-        uses: aquasecurity/trivy-action@master
-        with:
-          image-ref: '${{ steps.image_version.outputs.image }}'
-          format: 'table'
-          exit-code: '1'
-          ignore-unfixed: true
-          vuln-type: 'os,library'
-          severity: 'CRITICAL,HIGH'
-
-      - name: Promote Artifacts to main release channel
-        if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''
-        run: make docker.promote
-        env:
-          RELEASE_TAG: main
-
-      - name: Set up crane
-        if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''
-        run: go install github.com/google/go-containerregistry/cmd/crane@v0.8.0
-
-      - name: Install cosign
-        if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''
-        uses: sigstore/cosign-installer@v2.6.0
-
-      - name: Sign Artifacts to main release channel
-        if: github.ref == 'refs/heads/main' && env.GHCR_USERNAME != ''
-        run: make docker.sign
-        env:
-          RELEASE_TAG: main
-          COSIGN_EXPERIMENTAL: true

.github/workflows/codesee-arch-diagram.yml

@@ -57,7 +57,7 @@ jobs:
       # We need the rust toolchain because it uses rustc and cargo to inspect the package
       - name: Configure Rust 1.x stable
         uses: actions-rs/toolchain@v1
-        if: ${{ fromJSON(steps.detect-languages.outputs.languages).rust }} 
+        if: ${{ fromJSON(steps.detect-languages.outputs.languages).rust }}
         with:
           toolchain: stable
 

.github/workflows/dlc.yml

@@ -14,7 +14,7 @@ on:
 
 jobs:
   license-check:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -29,7 +29,6 @@ jobs:
         run: |
           echo "::set-output name=build-cache::$(go env GOCACHE)"
           echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
-
       - name: Cache the Go Build Cache
         uses: actions/cache@v3
         with:
@@ -47,4 +46,4 @@ jobs:
       - name: License Checks
         run: |
           go install github.com/google/go-licenses@latest
-          make license.check
+          make license.check

.github/workflows/docs.yml

@@ -7,7 +7,7 @@ on:
 
 jobs:
   deploy:
-    runs-on: ubuntu-18.04
+    runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
         with:
@@ -21,4 +21,4 @@ jobs:
       - name: Build Docs
         run: make docs.publish
         env:
-          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+          GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/helm.yml

@@ -24,7 +24,6 @@ jobs:
       - name: Generate chart
         run: |
           make helm.generate
-
       - name: Set up Helm
         uses: azure/setup-helm@v3.3
         with:
@@ -35,7 +34,7 @@ jobs:
           python-version: 3.7
 
       - name: Set up chart-testing
-        uses: helm/chart-testing-action@v2.3.0
+        uses: helm/chart-testing-action@v2.3.1
 
       - name: Run chart-testing (list-changed)
         id: list-changed
@@ -44,7 +43,6 @@ jobs:
           if [[ -n "$changed" ]]; then
             echo "::set-output name=changed::true"
           fi
-
       - name: Run chart-testing (lint)
         run: ct lint --config=.github/ci/ct.yaml
 
@@ -60,7 +58,6 @@ jobs:
         run: |
           git config user.name "$GITHUB_ACTOR"
           git config user.email "$GITHUB_ACTOR@users.noreply.github.com"
-
       - name: Set up Helm
         uses: azure/setup-helm@v3.3
         with:
@@ -69,9 +66,8 @@ jobs:
       - name: Generate chart
         run: |
           make helm.generate
-
       - name: Run chart-releaser
-        uses: helm/chart-releaser-action@v1.4.0
+        uses: helm/chart-releaser-action@v1.4.1
         if: github.ref == 'refs/heads/main'
         env:
           CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

.github/workflows/publish.yml

@@ -0,0 +1,140 @@
+name: Reusable workflow to run trivy scan
+
+on:
+  workflow_call:
+    inputs:
+      image-name:
+        required: true
+        type: string
+      tag-suffix:
+        required: true
+        type: string
+      dockerfile:
+        required: true
+        type: string
+    secrets:
+      GHCR_USERNAME:
+        required: true
+      GHCR_TOKEN:
+        required: true
+
+env:
+  IMAGE_NAME: ${{ inputs.image-name }}
+  TAG_SUFFIX: ${{ inputs.tag-suffix }}
+  DOCKERFILE: ${{ inputs.dockerfile }}
+  IS_FORK: ${{ secrets.GHCR_USERNAME == '' && 'true' || 'false' }}
+
+jobs:
+  build-publish:
+    name: Build and Publish
+    runs-on: ubuntu-latest
+    outputs:
+      image-tag: ${{ steps.container_info.outputs.image-tag }}
+    steps:
+
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Setup QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: all
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v2
+        with:
+          version: 'v0.4.2'
+          install: true
+
+      - name: Setup Go
+        uses: actions/setup-go@v3
+        with:
+          go-version-file: "go.mod"
+
+      - name: Fetch History
+        shell: bash
+        run: git fetch --prune --unshallow
+
+      - name: Find the Go Cache
+        shell: bash
+        id: go
+        run: |
+          echo "::set-output name=build-cache::$(go env GOCACHE)"
+          echo "::set-output name=mod-cache::$(go env GOMODCACHE)"
+
+      - name: Cache the Go Build Cache
+        uses: actions/cache@v3
+        with:
+          path: ${{ steps.go.outputs.build-cache }}
+          key: ${{ runner.os }}-build-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
+
+      - name: Cache Go Dependencies
+        uses: actions/cache@v3
+        with:
+          path: ${{ steps.go.outputs.mod-cache }}
+          key: ${{ runner.os }}-mod-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
+
+      - name: Login to Docker
+        uses: docker/login-action@v2
+        if: env.IS_FORK == 'false'
+        with:
+          registry: ghcr.io
+          username: ${{ secrets.GHCR_USERNAME }}
+          password: ${{ secrets.GHCR_TOKEN }}
+
+      - name: Get docker image tag
+        id: container_info
+        shell: bash
+        env:
+          GITHUB_REF: ${{ github.ref }}
+        run: |
+          if [ "$GITHUB_REF" == "refs/heads/main" ]; then
+            TAG=main
+          else
+            TAG=$(make docker.tag)
+          fi
+          echo "::set-output name=image-tag::${TAG}"
+
+      - name: Build & Publish Artifacts
+        if: env.IS_FORK == 'false'
+        shell: bash
+        env:
+          IMAGE_TAG: ${{ steps.container_info.outputs.image-tag }}${{ inputs.tag-suffix }}
+          BUILD_ARGS: >-
+            --push
+            --platform linux/amd64,linux/arm64
+        run: make docker.build
+
+      - name: Build & Publish Artifacts fork
+        if: env.IS_FORK == 'true'
+        shell: bash
+        env:
+          IMAGE_TAG: ${{ steps.container_info.outputs.image-tag }}${{ inputs.tag-suffix }}
+          BUILD_ARGS: --load
+        run: make docker.build
+
+      - name: Run Trivy vulnerability scanner
+        uses: aquasecurity/trivy-action@master
+        with:
+          image-ref: ${{ inputs.image-name }}:${{ steps.container_info.outputs.image-tag }}
+          format: 'table'
+          exit-code: '1'
+          ignore-unfixed: true
+          vuln-type: 'os,library'
+          severity: 'CRITICAL,HIGH'
+
+  sign:
+    runs-on: ubuntu-latest
+    needs: build-publish
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Sign image
+        if: env.IS_FORK == 'false'
+        uses: ./.github/actions/sign
+        with:
+          image-name: ${{ inputs.image-name }}
+          image-tag: ${{ needs.build-publish.outputs.image-tag }}
+          GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
+          GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release.yml

@@ -9,7 +9,7 @@ on:
         default: 'v0.1.0'
 
 env:
-  GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
+  IMAGE_NAME: ghcr.io/${{ github.repository }}
 
 jobs:
   release:
@@ -40,12 +40,10 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: create changelog file
-        env:
-          VERSION: ${{ github.event.inputs.version }}
-          CHANGELOG: ${{ steps.build_changelog.outputs.changelog }}
         run: |
-          echo "Image: \`ghcr.io/${GITHUB_REPOSITORY}:${VERSION}\`" >> .changelog
-          echo "${CHANGELOG}" >> .changelog
+          echo "Image: \`${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}\`" >> .changelog
+          echo "Image: \`${{ env.IMAGE_NAME }}:${{ github.event.inputs.version }}-ubi\`" >> .changelog
+          echo "${{ steps.build_changelog.outputs.changelog }}" >> .changelog
 
       - name: Update Release
         uses: softprops/action-gh-release@v1
@@ -68,11 +66,20 @@ jobs:
   promote:
     name: Promote Container Image
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        include:
+        - tag_suffix: "" # distroless image
+        - tag_suffix: "-ubi" # ubi image
 
     permissions:
       id-token: write
       contents: read
 
+    env:
+      SOURCE_TAG: main${{ matrix.tag_suffix }}
+      RELEASE_TAG: ${{ github.event.inputs.version }}${{ matrix.tag_suffix }}
+
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -94,43 +101,29 @@ jobs:
         uses: actions/cache@v3
         with:
           path: ${{ steps.go.outputs.build-cache }}
-          key: ${{ runner.os }}-build-publish-artifacts-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-build-publish-artifacts-${{ github.sha }}-
+          key: ${{ runner.os }}-build-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
 
       - name: Cache Go Dependencies
         uses: actions/cache@v3
         with:
           path: ${{ steps.go.outputs.mod-cache }}
-          key: ${{ runner.os }}-pkg-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
-          restore-keys: ${{ runner.os }}-pkg-${{ github.sha }}-
+          key: ${{ runner.os }}-mod-${{ github.sha }}-${{ hashFiles('**/go.sum') }}
 
       - name: Login to Docker
         uses: docker/login-action@v2
-        if: env.GHCR_USERNAME != ''
         with:
           registry: ghcr.io
           username: ${{ secrets.GHCR_USERNAME }}
           password: ${{ secrets.GHCR_TOKEN }}
 
       - name: Promote Container Image
-        if: env.GHCR_USERNAME != ''
         run: make docker.promote
-        env:
-          RELEASE_TAG: ${{ github.event.inputs.version }}
-          SOURCE_TAG: main
-
-      - name: Set up crane
-        if: env.GHCR_USERNAME != ''
-        run: go install github.com/google/go-containerregistry/cmd/crane@v0.8.0
 
-      - name: Install cosign
-        if: env.GHCR_USERNAME != ''
-        uses: sigstore/cosign-installer@v2.6.0
-
-      - name: Sign Container Image
-        if: env.GHCR_USERNAME != ''
-        run: make docker.sign
-        env:
-          RELEASE_TAG: ${{ github.event.inputs.version }}
-          SOURCE_TAG: main
-          COSIGN_EXPERIMENTAL: true
+      - name: Sign promoted image
+        uses: ./.github/actions/sign
+        with:
+          image-name: ${{ env.IMAGE_NAME }}
+          image-tag: ${{ env.RELEASE_TAG }}
+          GHCR_USERNAME: ${{ secrets.GHCR_USERNAME }}
+          GHCR_TOKEN: ${{ secrets.GHCR_TOKEN }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

ADOPTERS.md

@@ -16,5 +16,6 @@
 - [Polarpoint](https://www.polarpoint.io/)
 - [Radio France](https://www.radiofrance.fr/)
 - [Made People](https://madepeople.se/)
+- [Voiceflow](https://www.voiceflow.com/)
 
 Countless others that can't disclose that information! :)

Dockerfile.ubi

@@ -0,0 +1,9 @@
+FROM registry.access.redhat.com/ubi8/ubi-minimal
+ARG TARGETOS
+ARG TARGETARCH
+COPY bin/external-secrets-${TARGETOS}-${TARGETARCH} /bin/external-secrets
+
+# Run as UID for nobody
+USER 65534
+
+ENTRYPOINT ["/bin/external-secrets"]

Makefile

@@ -7,6 +7,7 @@ MAKEFLAGS     += --warn-undefined-variables
 
 ARCH = amd64 arm64
 BUILD_ARGS ?=
+DOCKERFILE ?= Dockerfile
 
 # default target is build
 .DEFAULT_GOAL := all
@@ -14,7 +15,9 @@ BUILD_ARGS ?=
 all: $(addprefix build-,$(ARCH))
 
 # Image registry for build/push image targets
-export IMAGE_REGISTRY ?= ghcr.io/external-secrets/external-secrets
+export IMAGE_REGISTRY ?= ghcr.io
+export IMAGE_REPO     ?= external-secrets/external-secrets
+export IMAGE_NAME ?= $(IMAGE_REGISTRY)/$(IMAGE_REPO)
 
 #Valid licenses for license.check
 LICENSES ?= Apache-2.0|MIT|BSD-3-Clause|ISC|MPL-2.0|BSD-2-Clause
@@ -42,6 +45,9 @@ else
 export VERSION := $(shell git describe --dirty --always --tags --exclude 'helm*' | sed 's/-/./2' | sed 's/-/./2')
 endif
 
+TAG_SUFFIX ?=
+export IMAGE_TAG ?= $(VERSION)$(TAG_SUFFIX)
+
 # ====================================================================================
 # Colors
 
@@ -67,7 +73,7 @@ FAIL	= (echo ${TIME} ${RED}[FAIL]${CNone} && false)
 # ====================================================================================
 # Conformance
 
-reviewable: generate helm.generate lint ## Ensure a PR is ready for review.
+reviewable: generate helm.generate helm.docs lint ## Ensure a PR is ready for review.
 	@go mod tidy
 
 golicenses.check: ## Check install of go-licenses
@@ -205,40 +211,37 @@ docs.serve: ## Serve docs
 build.all: docker.build helm.build ## Build all artifacts (docker image, helm chart)
 
 docker.image:
-	@echo $(IMAGE_REGISTRY):$(VERSION)
+	@echo $(IMAGE_NAME):$(IMAGE_TAG)
+
+docker.tag:
+	@echo $(IMAGE_TAG)
 
 docker.build: $(addprefix build-,$(ARCH)) ## Build the docker image
 	@$(INFO) docker build
-	@docker build . $(BUILD_ARGS) -t $(IMAGE_REGISTRY):$(VERSION)
+	@docker build -f $(DOCKERFILE) . $(BUILD_ARGS) -t $(IMAGE_NAME):$(IMAGE_TAG)
 	@$(OK) docker build
 
 docker.push: ## Push the docker image to the registry
 	@$(INFO) docker push
-	@docker push $(IMAGE_REGISTRY):$(VERSION)
+	@docker push $(IMAGE_NAME):$(IMAGE_TAG)
 	@$(OK) docker push
 
 # RELEASE_TAG is tag to promote. Default is promoting to main branch, but can be overriden
 # to promote a tag to a specific version.
-RELEASE_TAG ?= main
-SOURCE_TAG ?= $(VERSION)
+RELEASE_TAG ?= $(IMAGE_TAG)
+SOURCE_TAG ?= $(VERSION)$(TAG_SUFFIX)
 
 docker.promote: ## Promote the docker image to the registry
 	@$(INFO) promoting $(SOURCE_TAG) to $(RELEASE_TAG)
-	docker manifest inspect $(IMAGE_REGISTRY):$(SOURCE_TAG) > .tagmanifest
+	docker manifest inspect $(IMAGE_NAME):$(SOURCE_TAG) > .tagmanifest
 	for digest in $$(jq -r '.manifests[].digest' < .tagmanifest); do \
-		docker pull $(IMAGE_REGISTRY)@$$digest; \
+		docker pull $(IMAGE_NAME)@$$digest; \
 	done
-	docker manifest create $(IMAGE_REGISTRY):$(RELEASE_TAG) \
-		$$(jq -j '"--amend $(IMAGE_REGISTRY)@" + .manifests[].digest + " "' < .tagmanifest)
-	docker manifest push $(IMAGE_REGISTRY):$(RELEASE_TAG)
+	docker manifest create $(IMAGE_NAME):$(RELEASE_TAG) \
+		$$(jq -j '"--amend $(IMAGE_NAME)@" + .manifests[].digest + " "' < .tagmanifest)
+	docker manifest push $(IMAGE_NAME):$(RELEASE_TAG)
 	@$(OK) docker push $(RELEASE_TAG) \
 
-docker.sign: ## Sign
-	@$(INFO) signing $(IMAGE_REGISTRY):$(RELEASE_TAG)
-	crane digest $(IMAGE_REGISTRY):$(RELEASE_TAG) > .digest
-	cosign sign $(IMAGE_REGISTRY)@$$(cat .digest)
-	@$(OK) cosign sign $(IMAGE_REGISTRY):$(RELEASE_TAG)
-
 # ====================================================================================
 # Terraform
 

apis/externalsecrets/v1beta1/secretstore_gitlab_types.go

@@ -28,6 +28,9 @@ type GitlabProvider struct {
 
 	// ProjectID specifies a project where secrets are located.
 	ProjectID string `json:"projectID,omitempty"`
+
+	// Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments)
+	Environment string `json:"environment,omitempty"`
 }
 
 type GitlabAuth struct {

cmd/root.go

@@ -39,6 +39,7 @@ import (
 	"github.com/external-secrets/external-secrets/pkg/controllers/pushsecret"
 	"github.com/external-secrets/external-secrets/pkg/controllers/secretstore"
 	awsauth "github.com/external-secrets/external-secrets/pkg/provider/aws/auth"
+	"github.com/external-secrets/external-secrets/pkg/provider/vault"
 )
 
 var (
@@ -69,6 +70,8 @@ var (
 	certCheckInterval                     time.Duration
 	certLookaheadInterval                 time.Duration
 	enableAWSSession                      bool
+	enableVaultTokenCache                 bool
+	vaultTokenCacheSize                   int
 	tlsCiphers                            string
 	tlsMinVersion                         string
 )
@@ -190,6 +193,10 @@ var rootCmd = &cobra.Command{
 		if enableAWSSession {
 			awsauth.EnableCache = true
 		}
+		if enableVaultTokenCache {
+			vault.EnableCache = true
+			vault.VaultClientCache.Size = vaultTokenCacheSize
+		}
 		setupLog.Info("starting manager")
 		if err := mgr.Start(ctrl.SetupSignalHandler()); err != nil {
 			setupLog.Error(err, "problem running manager")
@@ -222,4 +229,6 @@ func init() {
 	rootCmd.Flags().DurationVar(&storeRequeueInterval, "store-requeue-interval", time.Minute*5, "Default Time duration between reconciling (Cluster)SecretStores")
 	rootCmd.Flags().BoolVar(&enableFloodGate, "enable-flood-gate", true, "Enable flood gate. External secret will be reconciled only if the ClusterStore or Store have an healthy or unknown state.")
 	rootCmd.Flags().BoolVar(&enableAWSSession, "experimental-enable-aws-session-cache", false, "Enable experimental AWS session cache. External secret will reuse the AWS session without creating a new one on each request.")
+	rootCmd.Flags().BoolVar(&enableVaultTokenCache, "experimental-enable-vault-token-cache", false, "Enable experimental Vault token cache. External secrets will reuse the Vault token without creating a new one on each request.")
+	rootCmd.Flags().IntVar(&vaultTokenCacheSize, "experimental-vault-token-cache-size", 100, "Maximum size of Vault token cache. Only used if --experimental-enable-vault-token-cache is set.")
 }

config/crds/bases/external-secrets.io_clusterexternalsecrets.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.10.0
   creationTimestamp: null
   name: clusterexternalsecrets.external-secrets.io
 spec:

config/crds/bases/external-secrets.io_clustersecretstores.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.10.0
   creationTimestamp: null
   name: clustersecretstores.external-secrets.io
 spec:
@@ -2190,6 +2190,11 @@ spec:
                         required:
                         - SecretRef
                         type: object
+                      environment:
+                        description: Environment environment_scope of gitlab CI/CD
+                          variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment
+                          on how to create environments)
+                        type: string
                       projectID:
                         description: ProjectID specifies a project where secrets are
                           located.

config/crds/bases/external-secrets.io_externalsecrets.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.10.0
   creationTimestamp: null
   name: externalsecrets.external-secrets.io
 spec:

config/crds/bases/external-secrets.io_secretstores.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.10.0
   creationTimestamp: null
   name: secretstores.external-secrets.io
 spec:
@@ -2190,6 +2190,11 @@ spec:
                         required:
                         - SecretRef
                         type: object
+                      environment:
+                        description: Environment environment_scope of gitlab CI/CD
+                          variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment
+                          on how to create environments)
+                        type: string
                       projectID:
                         description: ProjectID specifies a project where secrets are
                           located.

deploy/charts/external-secrets/Chart.yaml

@@ -2,8 +2,8 @@ apiVersion: v2
 name: external-secrets
 description: External secret management for Kubernetes
 type: application
-version: "0.6.0-rc1"
-appVersion: "v0.6.0-rc1"
+version: "0.6.0"
+appVersion: "v0.6.0"
 kubeVersion: ">= 1.19.0-0"
 keywords:
   - kubernetes-external-secrets

deploy/charts/external-secrets/README.md

@@ -4,7 +4,7 @@
 
 [//]: # (README.md generated by gotmpl. DO NOT EDIT.)
 
-![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.5.8](https://img.shields.io/badge/Version-0.5.8-informational?style=flat-square)
+![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square)
 
 External secret management for Kubernetes
 
@@ -87,7 +87,7 @@ The command removes all the Kubernetes components associated with the chart and
 | fullnameOverride | string | `""` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"ghcr.io/external-secrets/external-secrets"` |  |
-| image.tag | string | `""` | The image tag to use. The default is the chart appVersion. |
+| image.tag | string | `""` | The image tag to use. The default is the chart appVersion. There are different image flavours available, like distroless and ubi. Please see GitHub release notes for image tags for these flavors. By default the distroless image is used. |
 | imagePullSecrets | list | `[]` |  |
 | installCRDs | bool | `true` | If set, install and upgrade CRDs through helm chart. |
 | leaderElect | bool | `false` | If true, external-secrets will perform leader election between instances to ensure no more than one instance of external-secrets operates at a time. |
@@ -151,6 +151,8 @@ The command removes all the Kubernetes components associated with the chart and
 | webhook.prometheus.enabled | bool | `false` | deprecated. will be removed with 0.7.0, use serviceMonitor instead |
 | webhook.prometheus.service.port | int | `8080` | deprecated. will be removed with 0.7.0, use serviceMonitor instead |
 | webhook.rbac.create | bool | `true` | Specifies whether role and rolebinding resources should be created. |
+| webhook.readinessProbe.address | string | `""` | Address for readiness probe |
+| webhook.readinessProbe.port | int | `8081` | ReadinessProbe port for kubelet |
 | webhook.replicaCount | int | `1` |  |
 | webhook.resources | object | `{}` |  |
 | webhook.secretAnnotations | object | `{}` | Annotations to add to Secret |

deploy/charts/external-secrets/templates/webhook-deployment.yaml

@@ -51,6 +51,7 @@ spec:
           - --dns-name={{ include "external-secrets.fullname" . }}-webhook.{{ .Release.Namespace }}.svc
           - --cert-dir={{ .Values.webhook.certDir }}
           - --check-interval={{ .Values.webhook.certCheckInterval }}
+          - --healthz-addr={{ .Values.webhook.readinessProbe.address }}:{{ .Values.webhook.readinessProbe.port }}
           {{- if .Values.webhook.lookaheadInterval }}
           - --lookahead-interval={{ .Values.webhook.lookaheadInterval }}
           {{- end }}
@@ -70,7 +71,7 @@ spec:
               name: webhook
           readinessProbe:
             httpGet:
-              port: 8081
+              port: {{ .Values.webhook.readinessProbe.port }}
               path: /readyz
             initialDelaySeconds: 20
             periodSeconds: 5

deploy/charts/external-secrets/values.yaml

@@ -4,6 +4,9 @@ image:
   repository: ghcr.io/external-secrets/external-secrets
   pullPolicy: IfNotPresent
   # -- The image tag to use. The default is the chart appVersion.
+  # There are different image flavours available, like distroless and ubi.
+  # Please see GitHub release notes for image tags for these flavors.
+  # By default the distroless image is used.
   tag: ""
 
 # -- If set, install and upgrade CRDs through helm chart.
@@ -228,6 +231,14 @@ webhook:
       # -- Additional service annotations
       annotations: {}
 
+
+  readinessProbe:
+    # -- Address for readiness probe
+    address: ""
+    # -- ReadinessProbe port for kubelet
+    port: 8081
+
+
     ## -- Extra environment variables to add to container.
   extraEnv: []
 

deploy/crds/bundle.yaml

@@ -2,7 +2,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.10.0
   creationTimestamp: null
   name: clusterexternalsecrets.external-secrets.io
 spec:
@@ -380,7 +380,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.10.0
   creationTimestamp: null
   name: clustersecretstores.external-secrets.io
 spec:
@@ -1971,6 +1971,9 @@ spec:
                           required:
                             - SecretRef
                           type: object
+                        environment:
+                          description: Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments)
+                          type: string
                         projectID:
                           description: ProjectID specifies a project where secrets are located.
                           type: string
@@ -2769,7 +2772,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.10.0
   creationTimestamp: null
   name: externalsecrets.external-secrets.io
 spec:
@@ -3311,7 +3314,7 @@ apiVersion: apiextensions.k8s.io/v1
 kind: CustomResourceDefinition
 metadata:
   annotations:
-    controller-gen.kubebuilder.io/version: v0.9.2
+    controller-gen.kubebuilder.io/version: v0.10.0
   creationTimestamp: null
   name: pushsecrets.external-secrets.io
 spec:
@@ -5116,6 +5119,9 @@ spec:
                           required:
                             - SecretRef
                           type: object
+                        environment:
+                          description: Environment environment_scope of gitlab CI/CD variables (Please see https://docs.gitlab.com/ee/ci/environments/#create-a-static-environment on how to create environments)
+                          type: string
                         projectID:
                           description: ProjectID specifies a project where secrets are located.
                           type: string

docs/contributing/process.md

@@ -90,7 +90,7 @@ Then execute `tf.apply.aws` or `tf.apply.gcp` to create the infrastructure.
 make tf.apply.aws
 ```
 
-Then run the `managed` testsuite. You will need push permissions to the external-secrets ghcr repository. You can set `IMAGE_REGISTRY` to control which image registry is used to store the controller and e2e test images in.
+Then run the `managed` testsuite. You will need push permissions to the external-secrets ghcr repository. You can set `IMAGE_NAME` to control which image registry is used to store the controller and e2e test images in.
 
 You also have to setup a proper Kubeconfig so the e2e test pod gets deployed into the managed cluster.
 
@@ -104,7 +104,7 @@ Use [ginkgo labels](https://onsi.github.io/ginkgo/#spec-labels) to select the te
 you want to execute.
 
 ```
-# you may have to set IMAGE_REGISTRY=docker.io/your-user/external-secrets
+# you may have to set IMAGE_NAME=docker.io/your-user/external-secrets
 make test.e2e.managed GINKGO_LABELS='gcp'
 ```
 

docs/index.md

@@ -39,7 +39,7 @@ even opinions matter!
 
 How to get involved:
 
-- Bi-weekly Development Meeting every odd week at [5:30 PM Berlin Time](https://dateful.com/time-zone-converter?t=17:30&tz=Europe/Berlin)
+- Bi-weekly Development Meeting every odd week at [5:30 PM Berlin Time](https://dateful.com/time-zone-converter?t=17:30&tz=Europe/Berlin) on Wednesday
   ([agenda](https://hackmd.io/GSGEpTVdRZCP6LDxV3FHJA), [jitsi call](https://meet.jit.si/eso-community-meeting))
 - [Kubernetes Slack
   #external-secrets](https://kubernetes.slack.com/messages/external-secrets)

docs/provider/ibm-secrets-manager.md

@@ -1,6 +1,6 @@
 ## IBM Cloud Secret Manager
 
-External Secrets Operator integrates with [IBM Secret Manager](https://www.ibm.com/cloud/secrets-manager) for secret management.
+External Secrets Operator integrates with [IBM Cloud Secret Manager](https://www.ibm.com/cloud/secrets-manager) for secret management.
 
 ### Authentication
 
@@ -12,14 +12,10 @@ To generate your key (for test purposes we are going to generate from your user)
 
 ![iam](../pictures/screenshot_api_keys_iam.png)
 
-On the left, click "IBM Cloud API Keys":
+On the left, click "API Keys", then click on "Create"
 
 ![iam-left](../pictures/screenshot_api_keys_iam_left.png)
 
-Press "Create an IBM Cloud API Key":
-
-![iam-create-button](../pictures/screenshot_api_keys_create_button.png)
-
 Pick a name and description for your key:
 
 ![iam-create-key](../pictures/screenshot_api_keys_create.png)
@@ -48,7 +44,7 @@ Pick a name and description for your group:
 
 ![iam-left](../pictures/screenshot_container_auth_create_group_1.png)
 
-Click on "Access Policies":
+Click on "Access", and then on "Assign":
 
 ![iam-left](../pictures/screenshot_container_auth_create_group_2.png)
 
@@ -56,21 +52,21 @@ Click on "Assign Access", select "IAM services", and pick "Secrets Manager" from
 
 ![iam-left](../pictures/screenshot_container_auth_create_group_3.png)
 
-Scope to "All resources" or "Resources based on selected attributes", select "SecretsReader":
+Scope to "All resources" or "Resources based on selected attributes":
 
 ![iam-left](../pictures/screenshot_container_auth_create_group_4.png)
 
+Select the "SecretsReader" service access policy:
+
+![iam-left](../pictures/screenshot_container_auth_create_group_5.png)
+
 Click "Add" and "Assign" to save the access group.
 
 Next, on the left, click "Trusted profiles":
 
 ![iam-left](../pictures/screenshot_container_auth_iam_left.png)
 
-Press "Create":
-
-![iam-create-button](../pictures/screenshot_container_auth_create_button.png)
-
-Pick a name and description for your profile:
+Press "Create" and pick a name and description for your profile:
 
 ![iam-create-key](../pictures/screenshot_container_auth_create_1.png)
 
@@ -98,11 +94,10 @@ Be sure the `ibm` provider is listed in the `Kind=SecretStore`
 ```
 **NOTE:** In case of a `ClusterSecretStore`, Be sure to provide `namespace` in `secretApiKeySecretRef` with the namespace where the secret resides.
 
-**NOTE:** Only `secretApiKeySecretRef` or `containerAuth` should be specified, depending on authentication me
-thod being used.
+**NOTE:** Only `secretApiKeySecretRef` or `containerAuth` should be specified, depending on authentication method being used.
+
+To find your `serviceURL`, under your Secrets Manager resource, go to "Endpoints" on the left.
 
-To find your serviceURL, under your Secrets Manager resource, go to "Endpoints" on the left.
-Note: Use the url without the `/api` suffix that is presented in the UI.
 See here for a list of [publicly available endpoints](https://cloud.ibm.com/apidocs/secrets-manager#getting-started-endpoints).
 
 ![iam-create-success](../pictures/screenshot_service_url.png)
@@ -140,7 +135,7 @@ The behavior for the different secret types is as following:
 * `remoteRef` retrieves an apikey from secrets manager and sets it for specified `secretKey`
 * `dataFrom` retrieves an apikey from secrets manager and sets it for the `apikey` Kubernetes secret key
 
-#### imported_cert, public_cert and private_cert
+#### imported_cert, public_cert, and private_cert
 * `remoteRef` requires a `property` to be set for either `certificate`, `private_key` or `intermediate` to retrieve respective fields from the secrets manager secret and set in specified `secretKey`
 * `dataFrom` retrieves all `certificate`, `private_key` and `intermediate` fields from the secrets manager secret and sets appropriate key:value pairs in the resulting Kubernetes secret
 
@@ -193,7 +188,6 @@ data:
   keyB: ... #valB
 ```
 
-
 ### Creating external secret
 
 To create a kubernetes secret from the IBM Secrets Manager, a `Kind=ExternalSecret` is needed.

docs/snippets/1password-secret-store.yaml

@@ -12,6 +12,6 @@ spec:
         shared: 2   # next look in here. error if not found
       auth:
         secretRef:
-        connectTokenSecretRef:
-          name: onepassword-connect-token-staging
-          key: token
+          connectTokenSecretRef:
+            name: onepassword-connect-token-staging
+            key: token

docs/snippets/gitlab-secret-store.yaml

@@ -12,4 +12,5 @@ spec:
           accessToken:
             name: gitlab-secret
             key: token
-      projectID: "**project ID goes here**"
+      projectID: "**project ID goes here**"
+      environment: "**environment scope goes here**"

docs/stability-support.md

@@ -22,7 +22,7 @@ The following table describes the stability level of each provider and who's res
 | [GCP Secret Manager](https://external-secrets.io/latest/provider/google-secrets-manager/)                  |  stable   |                                                                                        [external-secrets](https://github.com/external-secrets) |
 | [Azure Keyvault](https://external-secrets.io/latest/provider/azure-key-vault/)                             |  stable   |                                                                                        [external-secrets](https://github.com/external-secrets) |
 | [Kubernetes](https://external-secrets.io/latest/provider/kubernetes)                                       |   alpha   |                                                                                        [external-secrets](https://github.com/external-secrets) |
-| [IBM Secrets Manager](https://external-secrets.io/latest/provider/ibm-secrets-manager/)                    |   alpha   | [@knelasevero](https://github.com/knelasevero) [@sebagomez](https://github.com/sebagomez) [@ricardoptcosta](https://github.com/ricardoptcosta) |
+| [IBM Secrets Manager](https://external-secrets.io/latest/provider/ibm-secrets-manager/)                    |   alpha   | [@knelasevero](https://github.com/knelasevero) [@sebagomez](https://github.com/sebagomez) [@ricardoptcosta](https://github.com/ricardoptcosta) [@IdanAdar](https://github.com/IdanAdar) |
 | [Yandex Lockbox](https://external-secrets.io/latest/provider/yandex-lockbox/)                              |   alpha   |                                            [@AndreyZamyslov](https://github.com/AndreyZamyslov) [@knelasevero](https://github.com/knelasevero) |
 | [Gitlab Project Variables](https://external-secrets.io/latest/provider/gitlab-project-variables/)          |   alpha   |                                                                                                         [@Jabray5](https://github.com/Jabray5) |
 | Alibaba Cloud KMS                                                                                          |   alpha   |                                                                                                 [@ElsaChelala](https://github.com/ElsaChelala) |

e2e/Makefile

@@ -5,7 +5,7 @@ SHELL       := /bin/bash
 KIND_IMG       = "kindest/node:v1.24.2@sha256:1f0cee2282f43150b52dc7933183ed96abdcfc8d293f30ec07082495874876f1"
 BUILD_ARGS     ?=
 
-export E2E_IMAGE_REGISTRY ?= ghcr.io/external-secrets/external-secrets-e2e
+export E2E_IMAGE_NAME ?= ghcr.io/external-secrets/external-secrets-e2e
 export GINKGO_LABELS ?= !managed
 export TEST_SUITES ?= provider flux argocd
 
@@ -18,12 +18,12 @@ start-kind: ## Start kind cluster
 
 test: e2e-image ## Run e2e tests against current kube context
 	$(MAKE) -C ../ docker.build \
-		IMAGE_REGISTRY=$(IMAGE_REGISTRY) \
+		IMAGE_NAME=$(IMAGE_NAME) \
 		VERSION=$(VERSION) \
 		ARCH=amd64 \
 		BUILD_ARGS="${BUILD_ARGS} --build-arg TARGETARCH=amd64 --build-arg TARGETOS=linux"
-	kind load docker-image --name="external-secrets" $(IMAGE_REGISTRY):$(VERSION)
-	kind load docker-image --name="external-secrets" $(E2E_IMAGE_REGISTRY):$(VERSION)
+	kind load docker-image --name="external-secrets" $(IMAGE_NAME):$(VERSION)
+	kind load docker-image --name="external-secrets" $(E2E_IMAGE_NAME):$(VERSION)
 	./run.sh
 
 test.managed: e2e-image ## Run e2e tests against current kube context
@@ -34,7 +34,7 @@ test.managed: e2e-image ## Run e2e tests against current kube context
 	$(MAKE) -C ../ docker.push \
 		VERSION=$(VERSION)
 	$(MAKE) -C ../ docker.push \
-		IMAGE_REGISTRY=$(E2E_IMAGE_REGISTRY) \
+		IMAGE_NAME=$(E2E_IMAGE_NAME) \
 		VERSION=$(VERSION)
 	./run.sh
 
@@ -46,7 +46,7 @@ e2e-image: e2e-bin
 	mkdir -p k8s
 	$(MAKE) -C ../ helm.generate
 	cp -r ../deploy ./k8s
-	docker build $(BUILD_ARGS) -t $(E2E_IMAGE_REGISTRY):$(VERSION) .
+	docker build $(BUILD_ARGS) -t $(E2E_IMAGE_NAME):$(VERSION) .
 
 stop-kind: ## Stop kind cluster
 	kind delete cluster \

e2e/framework/addon/addon.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -20,7 +20,7 @@ import (
 	"k8s.io/client-go/rest"
 	crclient "sigs.k8s.io/controller-runtime/pkg/client"
 
-	"github.com/external-secrets/external-secrets/e2e/framework/log"
+	"github.com/external-secrets/external-secrets-e2e/framework/log"
 )
 
 var globalAddons []Addon

e2e/framework/addon/chart.go

@@ -3,7 +3,9 @@ Copyright 2020 The cert-manager Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -21,7 +23,7 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	"github.com/external-secrets/external-secrets/e2e/framework/log"
+	"github.com/external-secrets/external-secrets-e2e/framework/log"
 )
 
 // HelmChart installs the specified Chart into the cluster.

e2e/framework/addon/eso.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -33,22 +33,10 @@ func NewESO(mutators ...MutationFunc) *ESO {
 			ReleaseName: "eso",
 			Chart:       "/k8s/deploy/charts/external-secrets",
 			Vars: []StringTuple{
-				{
-					Key:   "image.repository",
-					Value: os.Getenv("IMAGE_REGISTRY"),
-				},
 				{
 					Key:   "webhook.port",
 					Value: "9443",
 				},
-				{
-					Key:   "webhook.image.repository",
-					Value: os.Getenv("IMAGE_REGISTRY"),
-				},
-				{
-					Key:   "certController.image.repository",
-					Value: os.Getenv("IMAGE_REGISTRY"),
-				},
 				{
 					Key:   "webhook.image.tag",
 					Value: os.Getenv("VERSION"),

e2e/framework/addon/vault.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -36,7 +36,7 @@ import (
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
-	"github.com/external-secrets/external-secrets/e2e/framework/util"
+	"github.com/external-secrets/external-secrets-e2e/framework/util"
 )
 
 type Vault struct {

e2e/framework/framework.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -25,9 +25,9 @@ import (
 	"k8s.io/client-go/rest"
 	crclient "sigs.k8s.io/controller-runtime/pkg/client"
 
-	"github.com/external-secrets/external-secrets/e2e/framework/addon"
-	"github.com/external-secrets/external-secrets/e2e/framework/log"
-	"github.com/external-secrets/external-secrets/e2e/framework/util"
+	"github.com/external-secrets/external-secrets-e2e/framework/addon"
+	"github.com/external-secrets/external-secrets-e2e/framework/log"
+	"github.com/external-secrets/external-secrets-e2e/framework/util"
 )
 
 type Framework struct {

e2e/framework/testcase.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -22,9 +22,9 @@ import (
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework/log"
 	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework/log"
 )
 
 var TargetSecretName = "target-secret"

e2e/go.mod

@@ -1,76 +1,79 @@
 module github.com/external-secrets/external-secrets-e2e
 
-go 1.17
+go 1.18
 
 replace (
-	k8s.io/api => k8s.io/api v0.23.0
-	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.23.0
-	k8s.io/apimachinery => k8s.io/apimachinery v0.23.0
-	k8s.io/apiserver => k8s.io/apiserver v0.23.0
-	k8s.io/cli-runtime => k8s.io/cli-runtime v0.23.0
-	k8s.io/client-go => k8s.io/client-go v0.23.0
-	k8s.io/cloud-provider => k8s.io/cloud-provider v0.23.0
-	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.23.0
-	k8s.io/code-generator => k8s.io/code-generator v0.23.0
-	k8s.io/component-base => k8s.io/component-base v0.23.0
-	k8s.io/component-helpers => k8s.io/component-helpers v0.23.0
-	k8s.io/controller-manager => k8s.io/controller-manager v0.23.0
-	k8s.io/cri-api => k8s.io/cri-api v0.23.0
-	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.23.0
-	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.23.0
-	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.23.0
-	k8s.io/kube-proxy => k8s.io/kube-proxy v0.23.0
-	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.23.0
-	k8s.io/kubectl => k8s.io/kubectl v0.23.0
-	k8s.io/kubelet => k8s.io/kubelet v0.23.0
-	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.23.0
-	k8s.io/metrics => k8s.io/metrics v0.23.0
-	k8s.io/mount-utils => k8s.io/mount-utils v0.23.0
-	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.23.0
-	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.23.0
+	github.com/external-secrets/external-secrets v0.0.0 => ../
+	k8s.io/api => k8s.io/api v0.24.2
+	k8s.io/apiextensions-apiserver => k8s.io/apiextensions-apiserver v0.24.2
+	k8s.io/apimachinery => k8s.io/apimachinery v0.24.2
+	k8s.io/apiserver => k8s.io/apiserver v0.24.2
+	k8s.io/cli-runtime => k8s.io/cli-runtime v0.24.2
+	k8s.io/client-go => k8s.io/client-go v0.24.2
+	k8s.io/cloud-provider => k8s.io/cloud-provider v0.24.2
+	k8s.io/cluster-bootstrap => k8s.io/cluster-bootstrap v0.24.2
+	k8s.io/code-generator => k8s.io/code-generator v0.24.2
+	k8s.io/component-base => k8s.io/component-base v0.24.2
+	k8s.io/component-helpers => k8s.io/component-helpers v0.24.2
+	k8s.io/controller-manager => k8s.io/controller-manager v0.24.2
+	k8s.io/cri-api => k8s.io/cri-api v0.24.2
+	k8s.io/csi-translation-lib => k8s.io/csi-translation-lib v0.24.2
+	k8s.io/kube-aggregator => k8s.io/kube-aggregator v0.24.2
+	k8s.io/kube-controller-manager => k8s.io/kube-controller-manager v0.24.2
+	k8s.io/kube-proxy => k8s.io/kube-proxy v0.24.2
+	k8s.io/kube-scheduler => k8s.io/kube-scheduler v0.24.2
+	k8s.io/kubectl => k8s.io/kubectl v0.24.2
+	k8s.io/kubelet => k8s.io/kubelet v0.24.2
+
+	k8s.io/kubernetes => k8s.io/kubernetes v1.24.2
+	k8s.io/legacy-cloud-providers => k8s.io/legacy-cloud-providers v0.24.2
+	k8s.io/metrics => k8s.io/metrics v0.24.2
+	k8s.io/mount-utils => k8s.io/mount-utils v0.24.2
+	k8s.io/pod-security-admission => k8s.io/pod-security-admission v0.24.2
+	k8s.io/sample-apiserver => k8s.io/sample-apiserver v0.24.2
 	sigs.k8s.io/controller-runtime => sigs.k8s.io/controller-runtime v0.11.2
 )
 
 require (
-	cloud.google.com/go/secretmanager v1.5.0
+	cloud.google.com/go/secretmanager v1.7.0
 	github.com/Azure/azure-sdk-for-go v66.0.0+incompatible
 	github.com/Azure/go-autorest/autorest/azure/auth v0.5.11
 	github.com/akeylesslabs/akeyless-go-cloud-id v0.3.4
-	github.com/akeylesslabs/akeyless-go/v2 v2.16.12
-	github.com/aliyun/alibaba-cloud-sdk-go v1.61.1704
+	github.com/akeylesslabs/akeyless-go/v2 v2.20.0
+	github.com/aliyun/alibaba-cloud-sdk-go v1.61.1799
 	github.com/argoproj/argo-cd/v2 v2.4.8
-	github.com/aws/aws-sdk-go v1.44.66
-	github.com/external-secrets/external-secrets v0.5.8
+	github.com/aws/aws-sdk-go v1.44.101
+	github.com/external-secrets/external-secrets v0.0.0
 	github.com/fluxcd/helm-controller/api v0.22.2
 	github.com/fluxcd/pkg/apis/meta v0.14.2
 	github.com/fluxcd/source-controller/api v0.25.11
 	github.com/golang-jwt/jwt/v4 v4.4.2
-	github.com/hashicorp/vault/api v1.7.2
+	github.com/hashicorp/vault/api v1.8.0
 	github.com/onsi/ginkgo/v2 v2.1.6
-	github.com/onsi/gomega v1.20.1
+	github.com/onsi/gomega v1.20.2
 	github.com/oracle/oci-go-sdk/v56 v56.1.0
-	github.com/xanzy/go-gitlab v0.69.0
-	golang.org/x/oauth2 v0.0.0-20220722155238-128564f6959c
-	google.golang.org/api v0.90.0
-	google.golang.org/genproto v0.0.0-20220728213248-dd149ef739b9
-	k8s.io/api v0.24.2
-	k8s.io/apiextensions-apiserver v0.24.2
-	k8s.io/apimachinery v0.24.2
-	k8s.io/client-go v0.24.2
-	k8s.io/utils v0.0.0-20220728103510-ee6ede2d64ed
+	github.com/xanzy/go-gitlab v0.73.1
+	golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1
+	google.golang.org/api v0.98.0
+	google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006
+	k8s.io/api v0.25.0
+	k8s.io/apiextensions-apiserver v0.25.0
+	k8s.io/apimachinery v0.25.0
+	k8s.io/client-go v1.5.2
+	k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73
 	sigs.k8s.io/controller-runtime v0.12.3
 	software.sslmate.com/src/go-pkcs12 v0.2.0
 )
 
 require (
-	cloud.google.com/go v0.102.0 // indirect
-	cloud.google.com/go/compute v1.7.0 // indirect
+	cloud.google.com/go v0.104.0 // indirect
+	cloud.google.com/go/compute v1.9.0 // indirect
 	cloud.google.com/go/iam v0.3.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20210617225240-d185dfc1b5a1 // indirect
 	github.com/Azure/go-autorest v14.2.0+incompatible // indirect
-	github.com/Azure/go-autorest/autorest v0.11.27 // indirect
-	github.com/Azure/go-autorest/autorest/adal v0.9.20 // indirect
-	github.com/Azure/go-autorest/autorest/azure/cli v0.4.5 // indirect
+	github.com/Azure/go-autorest/autorest v0.11.28 // indirect
+	github.com/Azure/go-autorest/autorest/adal v0.9.21 // indirect
+	github.com/Azure/go-autorest/autorest/azure/cli v0.4.6 // indirect
 	github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
 	github.com/Azure/go-autorest/autorest/to v0.4.0 // indirect
 	github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
@@ -80,12 +83,10 @@ require (
 	github.com/Masterminds/semver/v3 v3.1.1 // indirect
 	github.com/Microsoft/go-winio v0.4.17 // indirect
 	github.com/ProtonMail/go-crypto v0.0.0-20210428141323-04723f9f07d7 // indirect
-	github.com/PuerkitoBio/purell v1.1.1 // indirect
-	github.com/PuerkitoBio/urlesc v0.0.0-20170810143723-de5bf2ad4578 // indirect
 	github.com/acomagu/bufpipe v1.0.3 // indirect
-	github.com/argoproj/gitops-engine v0.7.0 // indirect
+	github.com/argoproj/gitops-engine v0.7.1-0.20220916142200-3951079de199 // indirect
 	github.com/argoproj/pkg v0.11.1-0.20211203175135-36c59d8fafe0 // indirect
-	github.com/armon/go-metrics v0.3.10 // indirect
+	github.com/armon/go-metrics v0.4.0 // indirect
 	github.com/armon/go-radix v1.0.0 // indirect
 	github.com/beorn7/perks v1.0.1 // indirect
 	github.com/bombsimon/logrusr/v2 v2.0.1 // indirect
@@ -96,16 +97,16 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
 	github.com/dimchansky/utfbom v1.1.1 // indirect
-	github.com/docker/distribution v2.7.1+incompatible // indirect
-	github.com/emicklei/go-restful v2.9.5+incompatible // indirect
+	github.com/docker/distribution v2.8.1+incompatible // indirect
+	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
 	github.com/emirpasic/gods v1.12.0 // indirect
-	github.com/evanphx/json-patch v4.12.0+incompatible // indirect
+	github.com/evanphx/json-patch v5.6.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
 	github.com/fatih/camelcase v1.0.0 // indirect
 	github.com/fatih/color v1.13.0 // indirect
 	github.com/fluxcd/pkg/apis/acl v0.0.3 // indirect
 	github.com/fluxcd/pkg/apis/kustomize v0.4.1 // indirect
-	github.com/fsnotify/fsnotify v1.5.1 // indirect
+	github.com/fsnotify/fsnotify v1.5.4 // indirect
 	github.com/fvbommel/sortorder v1.0.1 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-errors/errors v1.0.1 // indirect
@@ -114,8 +115,8 @@ require (
 	github.com/go-git/go-git/v5 v5.4.2 // indirect
 	github.com/go-logr/logr v1.2.3 // indirect
 	github.com/go-openapi/jsonpointer v0.19.5 // indirect
-	github.com/go-openapi/jsonreference v0.19.5 // indirect
-	github.com/go-openapi/swag v0.19.14 // indirect
+	github.com/go-openapi/jsonreference v0.20.0 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
 	github.com/go-redis/cache/v8 v8.4.2 // indirect
 	github.com/go-redis/redis/v8 v8.11.3 // indirect
 	github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
@@ -125,37 +126,37 @@ require (
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
 	github.com/google/btree v1.0.1 // indirect
-	github.com/google/go-cmp v0.5.8 // indirect
+	github.com/google/gnostic v0.6.9 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
 	github.com/google/go-github/v41 v41.0.0 // indirect
 	github.com/google/go-querystring v1.1.0 // indirect
 	github.com/google/gofuzz v1.2.0 // indirect
-	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
+	github.com/google/pprof v0.0.0-20220829040838-70bd9ae97f40 // indirect
 	github.com/google/shlex v0.0.0-20191202100458-e7afc7fbc510 // indirect
 	github.com/google/uuid v1.3.0 // indirect
 	github.com/googleapis/enterprise-certificate-proxy v0.1.0 // indirect
-	github.com/googleapis/gax-go/v2 v2.4.0 // indirect
-	github.com/googleapis/gnostic v0.5.5 // indirect
+	github.com/googleapis/gax-go/v2 v2.5.1 // indirect
 	github.com/gregjones/httpcache v0.0.0-20190611155906-901d90724c79 // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
 	github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
-	github.com/hashicorp/go-hclog v1.1.0 // indirect
+	github.com/hashicorp/go-hclog v1.3.0 // indirect
 	github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
 	github.com/hashicorp/go-multierror v1.1.1 // indirect
-	github.com/hashicorp/go-plugin v1.4.3 // indirect
+	github.com/hashicorp/go-plugin v1.4.5 // indirect
 	github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
 	github.com/hashicorp/go-rootcerts v1.0.2 // indirect
 	github.com/hashicorp/go-secure-stdlib/mlock v0.1.2 // indirect
-	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.6 // indirect
+	github.com/hashicorp/go-secure-stdlib/parseutil v0.1.7 // indirect
 	github.com/hashicorp/go-secure-stdlib/strutil v0.1.2 // indirect
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
-	github.com/hashicorp/go-uuid v1.0.2 // indirect
-	github.com/hashicorp/go-version v1.4.0 // indirect
+	github.com/hashicorp/go-uuid v1.0.3 // indirect
+	github.com/hashicorp/go-version v1.6.0 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-3 // indirect
-	github.com/hashicorp/vault/sdk v0.5.1 // indirect
-	github.com/hashicorp/yamux v0.0.0-20211028200310-0bc27b27de87 // indirect
-	github.com/imdario/mergo v0.3.12 // indirect
-	github.com/inconshreveable/mousetrap v1.0.0 // indirect
+	github.com/hashicorp/vault/sdk v0.6.0 // indirect
+	github.com/hashicorp/yamux v0.1.1 // indirect
+	github.com/imdario/mergo v0.3.13 // indirect
+	github.com/inconshreveable/mousetrap v1.0.1 // indirect
 	github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/jonboulle/clockwork v0.2.2 // indirect
@@ -165,9 +166,9 @@ require (
 	github.com/kevinburke/ssh_config v0.0.0-20201106050909-4977a11b4351 // indirect
 	github.com/klauspost/compress v1.13.6 // indirect
 	github.com/liggitt/tabwriter v0.0.0-20181228230101-89fcab3d43de // indirect
-	github.com/mailru/easyjson v0.7.6 // indirect
-	github.com/mattn/go-colorable v0.1.12 // indirect
-	github.com/mattn/go-isatty v0.0.14 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.16 // indirect
 	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/mitchellh/copystructure v1.2.0 // indirect
 	github.com/mitchellh/go-homedir v1.1.0 // indirect
@@ -176,10 +177,11 @@ require (
 	github.com/mitchellh/mapstructure v1.5.0 // indirect
 	github.com/mitchellh/reflectwalk v1.0.2 // indirect
 	github.com/moby/spdystream v0.2.0 // indirect
-	github.com/moby/term v0.0.0-20210610120745-9d4ed1856297 // indirect
+	github.com/moby/term v0.0.0-20210619224110-3f7ff695adc6 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.2 // indirect
 	github.com/monochromegane/go-gitignore v0.0.0-20200626010858-205db1a8cc00 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
 	github.com/oklog/run v1.1.0 // indirect
 	github.com/opencontainers/go-digest v1.0.0 // indirect
 	github.com/patrickmn/go-cache v2.1.0+incompatible // indirect
@@ -187,20 +189,20 @@ require (
 	github.com/pierrec/lz4 v2.6.1+incompatible // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/client_golang v1.12.2 // indirect
+	github.com/prometheus/client_golang v1.13.0 // indirect
 	github.com/prometheus/client_model v0.2.0 // indirect
-	github.com/prometheus/common v0.32.1 // indirect
-	github.com/prometheus/procfs v0.7.3 // indirect
+	github.com/prometheus/common v0.37.0 // indirect
+	github.com/prometheus/procfs v0.8.0 // indirect
 	github.com/robfig/cron v1.2.0 // indirect
 	github.com/russross/blackfriday v1.5.2 // indirect
 	github.com/ryanuber/go-glob v1.0.0 // indirect
 	github.com/sergi/go-diff v1.1.0 // indirect
 	github.com/sirupsen/logrus v1.8.1 // indirect
-	github.com/sony/gobreaker v0.4.2-0.20210216022020-dd874f9dd33b // indirect
-	github.com/spf13/cobra v1.4.0 // indirect
+	github.com/sony/gobreaker v0.5.0 // indirect
+	github.com/spf13/cobra v1.5.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
 	github.com/stretchr/testify v1.8.0 // indirect
-	github.com/tidwall/gjson v1.14.1 // indirect
+	github.com/tidwall/gjson v1.14.3 // indirect
 	github.com/tidwall/match v1.1.1 // indirect
 	github.com/tidwall/pretty v1.2.0 // indirect
 	github.com/vmihailenco/go-tinylfu v0.2.1 // indirect
@@ -210,39 +212,39 @@ require (
 	github.com/xlab/treeprint v0.0.0-20181112141820-a009c3971eca // indirect
 	go.opencensus.io v0.23.0 // indirect
 	go.starlark.net v0.0.0-20200306205701-8dd3e2ee1dd5 // indirect
-	go.uber.org/atomic v1.9.0 // indirect
-	golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e // indirect
+	go.uber.org/atomic v1.10.0 // indirect
+	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 // indirect
 	golang.org/x/exp v0.0.0-20210901193431-a062eea981d2 // indirect
-	golang.org/x/net v0.0.0-20220722155237-a158d28d115b // indirect
+	golang.org/x/net v0.0.0-20220909164309-bea034e7d591 // indirect
 	golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4 // indirect
-	golang.org/x/sys v0.0.0-20220722155257-8c9f86f7a55f // indirect
-	golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
+	golang.org/x/sys v0.0.0-20220829200755-d48e67d00261 // indirect
+	golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 // indirect
 	golang.org/x/text v0.3.7 // indirect
-	golang.org/x/time v0.0.0-20220411224347-583f2d630306 // indirect
+	golang.org/x/time v0.0.0-20220722155302-e5dcc9cfc0b9 // indirect
 	golang.org/x/tools v0.1.12 // indirect
 	gomodules.xyz/jsonpatch/v2 v2.2.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
-	google.golang.org/grpc v1.48.0 // indirect
-	google.golang.org/protobuf v1.28.0 // indirect
+	google.golang.org/grpc v1.49.0 // indirect
+	google.golang.org/protobuf v1.28.1 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
-	gopkg.in/ini.v1 v1.66.2 // indirect
+	gopkg.in/ini.v1 v1.67.0 // indirect
 	gopkg.in/square/go-jose.v2 v2.6.0 // indirect
 	gopkg.in/warnings.v0 v0.1.2 // indirect
 	gopkg.in/yaml.v2 v2.4.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 	grpc.go4.org v0.0.0-20170609214715-11d0a25b4919 // indirect
-	k8s.io/apiserver v0.23.1 // indirect
-	k8s.io/cli-runtime v0.23.1 // indirect
-	k8s.io/component-base v0.24.2 // indirect
-	k8s.io/component-helpers v0.23.1 // indirect
-	k8s.io/klog/v2 v2.60.1 // indirect
-	k8s.io/kube-aggregator v0.23.1 // indirect
-	k8s.io/kube-openapi v0.0.0-20220310132336-3f90b8c54bbb // indirect
-	k8s.io/kubectl v0.23.1 // indirect
-	k8s.io/kubernetes v1.23.1 // indirect
-	sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2 // indirect
-	sigs.k8s.io/kustomize/api v0.10.1 // indirect
-	sigs.k8s.io/kustomize/kyaml v0.13.0 // indirect
-	sigs.k8s.io/structured-merge-diff/v4 v4.2.1 // indirect
+	k8s.io/apiserver v0.24.2 // indirect
+	k8s.io/cli-runtime v0.24.2 // indirect
+	k8s.io/component-base v0.25.0 // indirect
+	k8s.io/component-helpers v0.24.2 // indirect
+	k8s.io/klog/v2 v2.80.0 // indirect
+	k8s.io/kube-aggregator v0.24.2 // indirect
+	k8s.io/kube-openapi v0.0.0-20220803164354-a70c9af30aea // indirect
+	k8s.io/kubectl v0.24.2 // indirect
+	k8s.io/kubernetes v1.24.2 // indirect
+	sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect
+	sigs.k8s.io/kustomize/api v0.11.4 // indirect
+	sigs.k8s.io/kustomize/kyaml v0.13.6 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
 	sigs.k8s.io/yaml v1.3.0 // indirect
 )

e2e/run.sh

@@ -39,7 +39,7 @@ kubectl create clusterrolebinding service-account-issuer-discovery-binding \
   --clusterrole=system:service-account-issuer-discovery \
   --group=system:unauthenticated || true
 
-echo -e "Starting the e2e test pod ${E2E_IMAGE_REGISTRY}:${VERSION}"
+echo -e "Starting the e2e test pod ${E2E_IMAGE_NAME}:${VERSION}"
 kubectl run --rm \
   --attach \
   --restart=Never \
@@ -65,13 +65,13 @@ kubectl run --rm \
   --env="VAULT_URL=${VAULT_URL:-}" \
   --env="GITLAB_TOKEN=${GITLAB_TOKEN:-}" \
   --env="GITLAB_PROJECT_ID=${GITLAB_PROJECT_ID:-}" \
+  --env="GITLAB_ENVIRONMENT=${GITLAB_ENVIRONMENT:-}" \
   --env="ORACLE_USER_OCID=${ORACLE_USER_OCID:-}" \
   --env="ORACLE_TENANCY_OCID=${ORACLE_TENANCY_OCID:-}" \
   --env="ORACLE_REGION=${ORACLE_REGION:-}" \
   --env="ORACLE_FINGERPRINT=${ORACLE_FINGERPRINT:-}" \
   --env="ORACLE_KEY=${ORACLE_KEY:-}" \
-  --env="IMAGE_REGISTRY=${IMAGE_REGISTRY}" \
   --env="VERSION=${VERSION}" \
   --env="TEST_SUITES=${TEST_SUITES}" \
   --overrides='{ "apiVersion": "v1", "spec":{"serviceAccountName": "external-secrets-e2e"}}' \
-  e2e --image=${E2E_IMAGE_REGISTRY}:${VERSION}
+  e2e --image=${E2E_IMAGE_NAME}:${VERSION}

e2e/suites/argocd/argocd.go

@@ -3,7 +3,9 @@ Copyright 2020 The cert-manager Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,9 +19,9 @@ import (
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
 
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/fake"
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/fake"
 )
 
 var _ = Describe("argocd", Label("argocd"), func() {

e2e/suites/argocd/install.go

@@ -3,7 +3,9 @@ Copyright 2020 The cert-manager Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -19,7 +21,7 @@ import (
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
 
-	"github.com/external-secrets/external-secrets/e2e/framework/addon"
+	"github.com/external-secrets/external-secrets-e2e/framework/addon"
 )
 
 const (
@@ -49,7 +51,6 @@ func installArgo(cfg *addon.Config) {
 
 func installESO(cfg *addon.Config) {
 	By("installing helm http server")
-	repo := os.Getenv("IMAGE_REGISTRY")
 	tag := os.Getenv("VERSION")
 	addon.InstallGlobalAddon(&addon.HelmServer{
 		ChartDir:      "/k8s/deploy/charts/external-secrets",
@@ -67,15 +68,12 @@ func installESO(cfg *addon.Config) {
 		HelmValues: fmt.Sprintf(`
 installCRDs: true
 image:
-  repository: %s
   tag: %s
 webhook:
   image:
-    repository: %s
     tag: %s
 certController:
   image:
-    repository: %s
-    tag: %s`, repo, tag, repo, tag, repo, tag),
+    tag: %s`, tag, tag, tag),
 	}, cfg)
 }

e2e/suites/argocd/suite_test.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -22,8 +22,8 @@ import (
 	// nolint
 	. "github.com/onsi/gomega"
 
-	"github.com/external-secrets/external-secrets/e2e/framework/addon"
-	"github.com/external-secrets/external-secrets/e2e/framework/util"
+	"github.com/external-secrets/external-secrets-e2e/framework/addon"
+	"github.com/external-secrets/external-secrets-e2e/framework/util"
 )
 
 var _ = SynchronizedBeforeSuite(func() []byte {

e2e/suites/flux/flux.go

@@ -3,7 +3,9 @@ Copyright 2020 The cert-manager Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -17,9 +19,9 @@ import (
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
 
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/fake"
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/fake"
 )
 
 var _ = Describe("flux", Label("flux"), func() {

e2e/suites/flux/install.go

@@ -3,7 +3,9 @@ Copyright 2020 The cert-manager Authors.
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
+
+	http://www.apache.org/licenses/LICENSE-2.0
+
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -23,7 +25,7 @@ import (
 	// nolint
 	. "github.com/onsi/gomega"
 
-	"github.com/external-secrets/external-secrets/e2e/framework/addon"
+	"github.com/external-secrets/external-secrets-e2e/framework/addon"
 )
 
 const (
@@ -47,7 +49,6 @@ func installESO(cfg *addon.Config) {
 	}, cfg)
 
 	By("installing eso through flux helmrelease app")
-	repo := os.Getenv("IMAGE_REGISTRY")
 	tag := os.Getenv("VERSION")
 	addon.InstallGlobalAddon(&addon.FluxHelmRelease{
 		Name:            "external-secrets",
@@ -59,21 +60,18 @@ func installESO(cfg *addon.Config) {
 		HelmValues: fmt.Sprintf(`{
 			"installCRDs": true,
 			"image": {
-			  "repository": "%s",
 			  "tag": "%s"
 			},
 			"webhook": {
 			  "image": {
-				"repository": "%s",
 				"tag": "%s"
 			  }
 			},
 			"certController": {
 			  "image": {
-				"repository": "%s",
 				"tag": "%s"
 			  }
 			}
-		  }`, repo, tag, repo, tag, repo, tag),
+		  }`, tag, tag, tag),
 	}, cfg)
 }

e2e/suites/flux/suite_test.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -22,8 +22,8 @@ import (
 	// nolint
 	. "github.com/onsi/gomega"
 
-	"github.com/external-secrets/external-secrets/e2e/framework/addon"
-	"github.com/external-secrets/external-secrets/e2e/framework/util"
+	"github.com/external-secrets/external-secrets-e2e/framework/addon"
+	"github.com/external-secrets/external-secrets-e2e/framework/util"
 )
 
 var _ = SynchronizedBeforeSuite(func() []byte {

e2e/suites/provider/cases/akeyless/akeyless.go

@@ -19,8 +19,8 @@ import (
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
 
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 )
 
 var _ = Describe("[akeyless]", Label("akeyless"), func() {

e2e/suites/provider/cases/akeyless/provider.go

@@ -36,9 +36,9 @@ import (
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 type akeylessProvider struct {

e2e/suites/provider/cases/alibaba/alibaba.go

@@ -19,8 +19,8 @@ import (
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
 
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 )
 
 var _ = Describe("[alibaba]", Label("alibaba"), func() {

e2e/suites/provider/cases/alibaba/provider.go

@@ -28,9 +28,9 @@ import (
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 type alibabaProvider struct {

e2e/suites/provider/cases/aws/common.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -21,9 +21,9 @@ import (
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	esmetav1 "github.com/external-secrets/external-secrets/apis/meta/v1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 const (

e2e/suites/provider/cases/aws/parameterstore/find_by_name.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,8 +17,8 @@ import (
 
 	v1 "k8s.io/api/core/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 // This case creates multiple secrets with simple key/value pairs

e2e/suites/provider/cases/aws/parameterstore/find_by_tags.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,8 +17,8 @@ import (
 
 	v1 "k8s.io/api/core/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 // This case creates multiple secrets with simple key/value pairs and syncs them using multiple .Spec.Data blocks.

e2e/suites/provider/cases/aws/parameterstore/parameterstore.go

@@ -19,8 +19,8 @@ import (
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
 
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 )
 
 var _ = Describe("[aws] ", Label("aws", "parameterstore"), func() {

e2e/suites/provider/cases/aws/parameterstore/parameterstore_managed.go

@@ -19,10 +19,10 @@ import (
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
 
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/framework/addon"
-	awscommon "github.com/external-secrets/external-secrets/e2e/suites/provider/cases/aws"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/framework/addon"
+	awscommon "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/aws"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 )
 
 // here we use the global eso instance

e2e/suites/provider/cases/aws/parameterstore/provider.go

@@ -32,11 +32,11 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/framework/log"
+	common "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/aws"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	esmetav1 "github.com/external-secrets/external-secrets/apis/meta/v1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/framework/log"
-	common "github.com/external-secrets/external-secrets/e2e/suites/provider/cases/aws"
 )
 
 type Provider struct {

e2e/suites/provider/cases/aws/secretsmanager/provider.go

@@ -33,11 +33,11 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/framework/log"
+	common "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/aws"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	esmetav1 "github.com/external-secrets/external-secrets/apis/meta/v1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/framework/log"
-	common "github.com/external-secrets/external-secrets/e2e/suites/provider/cases/aws"
 )
 
 type Provider struct {

e2e/suites/provider/cases/aws/secretsmanager/secretsmanager.go

@@ -19,8 +19,8 @@ import (
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
 
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 )
 
 var _ = Describe("[aws] ", Label("aws", "secretsmanager"), func() {

e2e/suites/provider/cases/aws/secretsmanager/secretsmanager_managed.go

@@ -19,10 +19,10 @@ import (
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
 
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/framework/addon"
-	awscommon "github.com/external-secrets/external-secrets/e2e/suites/provider/cases/aws"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/framework/addon"
+	awscommon "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/aws"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 )
 
 // here we use the global eso instance

e2e/suites/provider/cases/azure/azure_cert.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -20,8 +20,8 @@ import (
 	v1 "k8s.io/api/core/v1"
 
 	// nolint
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 // azure keyvault type=cert should get a certificate from the api.

e2e/suites/provider/cases/azure/azure_key.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -22,8 +22,8 @@ import (
 	. "github.com/onsi/ginkgo/v2"
 	v1 "k8s.io/api/core/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 // azure keyvault type=key should retrieve a jwk from the api.

e2e/suites/provider/cases/azure/azure_managed.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -19,10 +19,10 @@ import (
 
 	// nolint
 	// . "github.com/onsi/gomega"
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/framework/addon"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/framework/addon"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
 )
 
 const (

e2e/suites/provider/cases/azure/azure_secret.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,8 +17,8 @@ import (
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
 
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 )
 
 // keyvault type=secret should behave just like any other secret store.

e2e/suites/provider/cases/azure/provider.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -29,9 +29,9 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	utilpointer "k8s.io/utils/pointer"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 const providerSecretName = "provider-secret"

e2e/suites/provider/cases/common/common.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -22,9 +22,9 @@ import (
 	"k8s.io/apimachinery/pkg/api/errors"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1alpha1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1alpha1"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 const (
@@ -638,7 +638,7 @@ func DeletionPolicyDelete(f *framework.Framework) (string, func(*framework.TestC
 			gomega.Eventually(func() bool {
 				_, err := f.KubeClientSet.CoreV1().Secrets(f.Namespace.Name).Get(context.Background(), secret.Name, metav1.GetOptions{})
 				return errors.IsNotFound(err)
-			}, time.Minute, time.Second*5).Should(gomega.BeTrue())
+			}, time.Minute*5, time.Second*5).Should(gomega.BeTrue())
 		}
 	}
 }

e2e/suites/provider/cases/common/find_by_name.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,8 +17,8 @@ import (
 
 	v1 "k8s.io/api/core/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 const (

e2e/suites/provider/cases/common/find_by_tags.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,8 +17,8 @@ import (
 
 	v1 "k8s.io/api/core/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 // This case creates multiple secrets with simple key/value pairs and syncs them using multiple .Spec.Data blocks.

e2e/suites/provider/cases/fake/provider.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -26,8 +26,8 @@ import (
 	"k8s.io/apimachinery/pkg/types"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 type Provider struct {

e2e/suites/provider/cases/gcp/gcp.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -24,9 +24,9 @@ import (
 	p12 "software.sslmate.com/src/go-pkcs12"
 
 	// nolint
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
 )
 
 // This test uses the global ESO.

e2e/suites/provider/cases/gcp/gcp_managed.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -19,10 +19,10 @@ import (
 
 	// nolint
 	// . "github.com/onsi/gomega"
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/framework/addon"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/framework/addon"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
 )
 
 const (

e2e/suites/provider/cases/gcp/provider.go

@@ -33,9 +33,9 @@ import (
 	utilpointer "k8s.io/utils/pointer"
 	"sigs.k8s.io/controller-runtime/pkg/controller/controllerutil"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 	gcpsm "github.com/external-secrets/external-secrets/pkg/provider/gcp/secretmanager"
 )
 

e2e/suites/provider/cases/gitlab/gitlab.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -22,8 +22,8 @@ import (
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
 
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 )
 
 var _ = Describe("[gitlab]", Label("gitlab"), func() {

e2e/suites/provider/cases/gitlab/provider.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -27,21 +27,23 @@ import (
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 type gitlabProvider struct {
 	credentials string
 	projectID   string
+	environment string
 	framework   *framework.Framework
 }
 
-func newGitlabProvider(f *framework.Framework, credentials, projectID string) *gitlabProvider {
+func newGitlabProvider(f *framework.Framework, credentials, projectID string, environment string) *gitlabProvider {
 	prov := &gitlabProvider{
 		credentials: credentials,
 		projectID:   projectID,
+		environment: environment,
 		framework:   f,
 	}
 	BeforeEach(prov.BeforeEach)
@@ -51,7 +53,8 @@ func newGitlabProvider(f *framework.Framework, credentials, projectID string) *g
 func newFromEnv(f *framework.Framework) *gitlabProvider {
 	credentials := os.Getenv("GITLAB_TOKEN")
 	projectID := os.Getenv("GITLAB_PROJECT_ID")
-	return newGitlabProvider(f, credentials, projectID)
+	environment := os.Getenv("GITLAB_ENVIRONMENT")
+	return newGitlabProvider(f, credentials, projectID, environment)
 }
 
 func (s *gitlabProvider) CreateSecret(key string, val framework.SecretEntry) {
@@ -102,8 +105,9 @@ func (s *gitlabProvider) BeforeEach() {
 		// Puts access token into StringData
 
 		StringData: map[string]string{
-			"token":     s.credentials,
-			"projectID": s.projectID,
+			"token":       s.credentials,
+			"projectID":   s.projectID,
+			"environment": s.environment,
 		},
 	}
 	err := s.framework.CRClient.Create(context.Background(), gitlabCreds)

e2e/suites/provider/cases/import.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -16,11 +16,11 @@ package suite
 import (
 
 	// import different e2e test suites.
-	_ "github.com/external-secrets/external-secrets/e2e/suites/provider/cases/aws/parameterstore"
-	_ "github.com/external-secrets/external-secrets/e2e/suites/provider/cases/aws/secretsmanager"
-	_ "github.com/external-secrets/external-secrets/e2e/suites/provider/cases/azure"
-	_ "github.com/external-secrets/external-secrets/e2e/suites/provider/cases/gcp"
-	_ "github.com/external-secrets/external-secrets/e2e/suites/provider/cases/kubernetes"
-	_ "github.com/external-secrets/external-secrets/e2e/suites/provider/cases/template"
-	_ "github.com/external-secrets/external-secrets/e2e/suites/provider/cases/vault"
+	_ "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/aws/parameterstore"
+	_ "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/aws/secretsmanager"
+	_ "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/azure"
+	_ "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/gcp"
+	_ "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/kubernetes"
+	_ "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/template"
+	_ "github.com/external-secrets/external-secrets-e2e/suites/provider/cases/vault"
 )

e2e/suites/provider/cases/kubernetes/kubernetes.go

@@ -21,9 +21,9 @@ import (
 	. "github.com/onsi/ginkgo/v2"
 	v1 "k8s.io/api/core/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 	esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
 )
 
 const referentAuth = "with referent auth"

e2e/suites/provider/cases/kubernetes/provider.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -28,9 +28,9 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"sigs.k8s.io/controller-runtime/pkg/client"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 type Provider struct {

e2e/suites/provider/cases/oracle/oracle.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -17,8 +17,8 @@ import (
 	// nolint
 	. "github.com/onsi/ginkgo/v2"
 
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 )
 
 var _ = Describe("[oracle]", Label("oracle"), func() {

e2e/suites/provider/cases/oracle/provider.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -27,9 +27,9 @@ import (
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	utilpointer "k8s.io/utils/pointer"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 type oracleProvider struct {

e2e/suites/provider/cases/template/provider.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -23,8 +23,8 @@ import (
 	. "github.com/onsi/gomega"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 type templateProvider struct {

e2e/suites/provider/cases/template/template.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -18,8 +18,8 @@ import (
 	. "github.com/onsi/ginkgo/v2"
 	v1 "k8s.io/api/core/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
 )
 
 var _ = Describe("[template]", Label("template"), func() {

e2e/suites/provider/cases/vault/provider.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -28,10 +28,10 @@ import (
 	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/framework/addon"
 	esv1beta1 "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
 	esmeta "github.com/external-secrets/external-secrets/apis/meta/v1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/framework/addon"
 )
 
 type vaultProvider struct {

e2e/suites/provider/cases/vault/vault.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -19,9 +19,9 @@ import (
 	. "github.com/onsi/ginkgo/v2"
 	v1 "k8s.io/api/core/v1"
 
+	"github.com/external-secrets/external-secrets-e2e/framework"
+	"github.com/external-secrets/external-secrets-e2e/suites/provider/cases/common"
 	esapi "github.com/external-secrets/external-secrets/apis/externalsecrets/v1beta1"
-	"github.com/external-secrets/external-secrets/e2e/framework"
-	"github.com/external-secrets/external-secrets/e2e/suites/provider/cases/common"
 )
 
 const (

e2e/suites/provider/e2e_test.go

@@ -3,7 +3,7 @@ Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
 
-    http://www.apache.org/licenses/LICENSE-2.0
+	http://www.apache.org/licenses/LICENSE-2.0
 
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
@@ -21,9 +21,9 @@ import (
 	// nolint
 	. "github.com/onsi/gomega"
 
-	"github.com/external-secrets/external-secrets/e2e/framework/addon"
-	"github.com/external-secrets/external-secrets/e2e/framework/util"
-	_ "github.com/external-secrets/external-secrets/e2e/suites/provider/cases"
+	"github.com/external-secrets/external-secrets-e2e/framework/addon"
+	"github.com/external-secrets/external-secrets-e2e/framework/util"
+	_ "github.com/external-secrets/external-secrets-e2e/suites/provider/cases"
 )
 
 var _ = SynchronizedBeforeSuite(func() []byte {

go.mod

@@ -48,20 +48,19 @@ require (
 	github.com/PaesslerAG/jsonpath v0.1.1
 	github.com/ahmetb/gen-crd-api-reference-docs v0.3.0
 	github.com/akeylesslabs/akeyless-go-cloud-id v0.3.4
-	github.com/akeylesslabs/akeyless-go/v2 v2.19.0
-	github.com/aliyun/alibaba-cloud-sdk-go v1.61.1782
+	github.com/akeylesslabs/akeyless-go/v2 v2.20.0
+	github.com/aliyun/alibaba-cloud-sdk-go v1.61.1799
 	github.com/aws/aws-sdk-go v1.44.101
-	github.com/crossplane/crossplane-runtime v0.17.0
+	github.com/crossplane/crossplane-runtime v0.18.0
 	github.com/go-logr/logr v1.2.3
 	github.com/go-test/deep v1.0.4 // indirect
-	github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
 	github.com/google/go-cmp v0.5.9
 	github.com/google/uuid v1.3.0
 	github.com/googleapis/gax-go/v2 v2.5.1
 	github.com/hashicorp/vault/api v1.8.0
 	github.com/hashicorp/vault/api/auth/approle v0.3.0
 	github.com/hashicorp/vault/api/auth/kubernetes v0.3.0
-	github.com/hashicorp/vault/api/auth/ldap v0.2.0
+	github.com/hashicorp/vault/api/auth/ldap v0.3.0
 	github.com/huandu/xstrings v1.3.2 // indirect
 	github.com/lestrrat-go/jwx v1.2.25
 	github.com/onsi/ginkgo/v2 v2.1.6
@@ -79,7 +78,7 @@ require (
 	go.uber.org/zap v1.23.0
 	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90
 	golang.org/x/oauth2 v0.0.0-20220909003341-f21342109be1
-	google.golang.org/api v0.96.0
+	google.golang.org/api v0.98.0
 	google.golang.org/genproto v0.0.0-20220920201722-2b89144ce006
 	google.golang.org/grpc v1.49.0
 	gopkg.in/yaml.v3 v3.0.1
@@ -90,12 +89,13 @@ require (
 	k8s.io/client-go v1.5.2
 	k8s.io/utils v0.0.0-20220823124924-e9cbc92d1a73
 	sigs.k8s.io/controller-runtime v0.12.3
-	sigs.k8s.io/controller-tools v0.9.2
+	sigs.k8s.io/controller-tools v0.10.0
 )
 
 require github.com/1Password/connect-sdk-go v1.5.0
 
 require (
+	github.com/hashicorp/golang-lru v0.5.4
 	github.com/maxbrunsfeld/counterfeiter/v6 v6.5.0
 	sigs.k8s.io/yaml v1.3.0
 )
@@ -137,6 +137,7 @@ require (
 	github.com/gobuffalo/flect v0.3.0 // indirect
 	github.com/goccy/go-json v0.9.11 // indirect
 	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang-jwt/jwt/v4 v4.4.2 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.2 // indirect
 	github.com/golang/snappy v0.0.4 // indirect
@@ -159,7 +160,6 @@ require (
 	github.com/hashicorp/go-sockaddr v1.0.2 // indirect
 	github.com/hashicorp/go-uuid v1.0.3 // indirect
 	github.com/hashicorp/go-version v1.6.0 // indirect
-	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/hashicorp/hcl v1.0.1-vault-3 // indirect
 	github.com/hashicorp/vault/sdk v0.6.0 // indirect
 	github.com/hashicorp/yamux v0.1.1 // indirect

go.sum

@@ -128,15 +128,15 @@ github.com/ahmetb/gen-crd-api-reference-docs v0.3.0/go.mod h1:TdjdkYhlOifCQWPs1U
 github.com/ajstarks/svgo v0.0.0-20180226025133-644b8db467af/go.mod h1:K08gAheRH3/J6wwsYMMT4xOr94bZjxIelGM0+d/wbFw=
 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.4 h1:vTckjyBhHOBiOWSC/oaEU2Oo4OH5eAlQiwKu2RMxsFg=
 github.com/akeylesslabs/akeyless-go-cloud-id v0.3.4/go.mod h1:As/RomC2w/fa3y+yHRlVHPmkbP+zrKBFRow41y5dk+E=
-github.com/akeylesslabs/akeyless-go/v2 v2.19.0 h1:pLKRzH3zQQFdqMJdOAMXd2v3vW+22MWuJbJ9TMk0nts=
-github.com/akeylesslabs/akeyless-go/v2 v2.19.0/go.mod h1:uOdXD49NCCe4rexeSc2aBU5Qv4KZgJE6YlbtYalvb+I=
+github.com/akeylesslabs/akeyless-go/v2 v2.20.0 h1:+/Ov25TCJ+sSf+lWtzxnBac5OELbO8BkYStQZulWAKM=
+github.com/akeylesslabs/akeyless-go/v2 v2.20.0/go.mod h1:uOdXD49NCCe4rexeSc2aBU5Qv4KZgJE6YlbtYalvb+I=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/alecthomas/units v0.0.0-20190924025748-f65c72e2690d/go.mod h1:rBZYJk541a8SKzHPHnH3zbiI+7dagKZ0cgpgrD7Fyho=
-github.com/aliyun/alibaba-cloud-sdk-go v1.61.1782 h1:V2YZ958RM7bUN0htJUrqRO7E9FKLtiwrH4tH33y2vv4=
-github.com/aliyun/alibaba-cloud-sdk-go v1.61.1782/go.mod h1:RcDobYh8k5VP6TNybz9m++gL3ijVI5wueVr0EM10VsU=
+github.com/aliyun/alibaba-cloud-sdk-go v1.61.1799 h1:1yWRr3Wo1HGl6XjrRfT0RyUlpzZhtAoLE5nRrZmoG+c=
+github.com/aliyun/alibaba-cloud-sdk-go v1.61.1799/go.mod h1:RcDobYh8k5VP6TNybz9m++gL3ijVI5wueVr0EM10VsU=
 github.com/antihax/optional v1.0.0/go.mod h1:uupD/76wgC+ih3iEmQUL+0Ugr19nfwCT1kdvxnR2qWY=
 github.com/antlr/antlr4/runtime/Go/antlr v0.0.0-20210826220005-b48c857c3a0e/go.mod h1:F7bn7fEU90QkQ3tnmaTx3LTKLEDqnwWODIYppRQ5hnY=
 github.com/armon/circbuf v0.0.0-20150827004946-bbbad097214e/go.mod h1:3U/XgcO3hCbHZ8TKRvWD2dDTCfh9M9ya+I9JpbB7O8o=
@@ -207,8 +207,8 @@ github.com/cpuguy83/go-md2man/v2 v2.0.1/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46t
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
 github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
 github.com/creack/pty v1.1.11/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
-github.com/crossplane/crossplane-runtime v0.17.0 h1:gt2JcOYcVBw/luQToq2hUkoersL12ICuV0YzKI5lyCs=
-github.com/crossplane/crossplane-runtime v0.17.0/go.mod h1:IPT3HTsovwmbw3i+SdsOyaC3r3b7TW+otBMmZsHLnSU=
+github.com/crossplane/crossplane-runtime v0.18.0 h1:j1VxhKWp3iQKr1XNiMoBKmEvN2Z98E7rR0tyimu7dj4=
+github.com/crossplane/crossplane-runtime v0.18.0/go.mod h1:o9ExoilV6k2M3qzSFoRVX4phuww0mLmjs1WrDTvsR4s=
 github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
@@ -462,7 +462,6 @@ github.com/hashicorp/go-hclog v1.3.0/go.mod h1:W4Qnvbt70Wk/zYJryRzDRU/4r0kIg0PVH
 github.com/hashicorp/go-immutable-radix v1.0.0/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
 github.com/hashicorp/go-immutable-radix v1.3.1 h1:DKHmCUm2hRBK510BaiZlwvpD40f8bJFeZnpfm2KLowc=
 github.com/hashicorp/go-immutable-radix v1.3.1/go.mod h1:0y9vanUI8NX6FsYoO3zeMjhV/C5i9g4Q3DwcSNZ4P60=
-github.com/hashicorp/go-kms-wrapping/entropy v0.1.0/go.mod h1:d1g9WGtAunDNpek8jUIEJnBlbgKS1N2Q61QkHiZyR1g=
 github.com/hashicorp/go-kms-wrapping/entropy/v2 v2.0.0/go.mod h1:xvb32K2keAc+R8DSFG2IwDcydK9DBQE+fGA5fsw6hSk=
 github.com/hashicorp/go-msgpack v0.5.3/go.mod h1:ahLV/dePpqEmjfWmKiqvPkv/twdG7iPBM1vqhUKIvfM=
 github.com/hashicorp/go-multierror v1.0.0/go.mod h1:dHtQlpGsu+cZNNAkkCN/P3hoUDHhCYQXV3UM06sGGrk=
@@ -515,16 +514,14 @@ github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
 github.com/hashicorp/serf v0.8.2/go.mod h1:6hOLApaqBFA1NXqRQAsxw9QxuDEvNxSQRwA/JwenrHc=
-github.com/hashicorp/vault/api v1.7.2/go.mod h1:xbfA+1AvxFseDzxxdWaL0uO99n1+tndus4GCrtouy0M=
 github.com/hashicorp/vault/api v1.8.0 h1:7765sW1XBt+qf4XKIYE4ebY9qc/yi9V2/egzGSUNMZU=
 github.com/hashicorp/vault/api v1.8.0/go.mod h1:uJrw6D3y9Rv7hhmS17JQC50jbPDAZdjZoTtrCCxxs7E=
 github.com/hashicorp/vault/api/auth/approle v0.3.0 h1:Ib0oCNXsCq/QZhPYtXPzJEbGS5WR/KoZf8c84QoFdkU=
 github.com/hashicorp/vault/api/auth/approle v0.3.0/go.mod h1:hm51TbjzUkPO0Y17wkrpwOpvyyMRpXJNueTHiG04t3k=
 github.com/hashicorp/vault/api/auth/kubernetes v0.3.0 h1:HkaCmTKzcgLa2tjdiAid1rbmyQNmQGHfnmvIIM2WorY=
 github.com/hashicorp/vault/api/auth/kubernetes v0.3.0/go.mod h1:l1B4MGtLc+P37MabBQiIhP3qd9agj0vqhETmaQjjC/Y=
-github.com/hashicorp/vault/api/auth/ldap v0.2.0 h1:pBzFM1Fu0IgS7mfKxVEiCsuPbHEgE5EbXzp6RgN9uXQ=
-github.com/hashicorp/vault/api/auth/ldap v0.2.0/go.mod h1:ezky0BvVjLnFBPN4XrFR272iJRoJVdxxor7sVKr0u3k=
-github.com/hashicorp/vault/sdk v0.5.1/go.mod h1:DoGraE9kKGNcVgPmTuX357Fm6WAx1Okvde8Vp3dPDoU=
+github.com/hashicorp/vault/api/auth/ldap v0.3.0 h1:G2Hk03lwqaeHcjBmYtR+aHDzttw5qE3r3oQr+F4O7Ro=
+github.com/hashicorp/vault/api/auth/ldap v0.3.0/go.mod h1:WhIWEHgzyr99FQbna94Y0twKmz3sbtPGbVtIy40Oyik=
 github.com/hashicorp/vault/sdk v0.6.0 h1:6Z+In5DXHiUfZvIZdMx7e2loL1PPyDjA4bVh9ZTIAhs=
 github.com/hashicorp/vault/sdk v0.6.0/go.mod h1:+DRpzoXIdMvKc88R4qxr+edwy/RvH5QK8itmxLiDHLc=
 github.com/hashicorp/yamux v0.0.0-20180604194846-3520598351bb/go.mod h1:+NfK9FKeTrX5uv1uIXGdwYDTeHna2qgaIlx54MXqjAM=
@@ -1289,8 +1286,8 @@ google.golang.org/api v0.75.0/go.mod h1:pU9QmyHLnzlpar1Mjt4IbapUCy8J+6HD6GeELN69
 google.golang.org/api v0.78.0/go.mod h1:1Sg78yoMLOhlQTeF+ARBoytAcH1NNyyl390YMy6rKmw=
 google.golang.org/api v0.80.0/go.mod h1:xY3nI94gbvBrE0J6NHXhxOmW97HG7Khjkku6AFB3Hyg=
 google.golang.org/api v0.84.0/go.mod h1:NTsGnUFJMYROtiquksZHBWtHfeMC7iYthki7Eq3pa8o=
-google.golang.org/api v0.96.0 h1:F60cuQPJq7K7FzsxMYHAUJSiXh2oKctHxBMbDygxhfM=
-google.golang.org/api v0.96.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s=
+google.golang.org/api v0.98.0 h1:yxZrcxXESimy6r6mdL5Q6EnZwmewDJK2dVg3g75s5Dg=
+google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ13s=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
@@ -1532,8 +1529,8 @@ rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/apiserver-network-proxy/konnectivity-client v0.0.30/go.mod h1:fEO7lRTdivWO2qYVCVG7dEADOMo/MLDCVr8So2g88Uw=
 sigs.k8s.io/controller-runtime v0.12.3 h1:FCM8xeY/FI8hoAfh/V4XbbYMY20gElh9yh+A98usMio=
 sigs.k8s.io/controller-runtime v0.12.3/go.mod h1:qKsk4WE6zW2Hfj0G4v10EnNB2jMG1C+NTb8h+DwCoU0=
-sigs.k8s.io/controller-tools v0.9.2 h1:AkTE3QAdz9LS4iD3EJvHyYxBkg/g9fTbgiYsrcsFCcM=
-sigs.k8s.io/controller-tools v0.9.2/go.mod h1:NUkn8FTV3Sad3wWpSK7dt/145qfuQ8CKJV6j4jHC5rM=
+sigs.k8s.io/controller-tools v0.10.0 h1:0L5DTDTFB67jm9DkfrONgTGmfc/zYow0ZaHyppizU2U=
+sigs.k8s.io/controller-tools v0.10.0/go.mod h1:uvr0EW6IsprfB0jpQq6evtKy+hHyHCXNfdWI5ONPx94=
 sigs.k8s.io/json v0.0.0-20211208200746-9f7c6b3444d2/go.mod h1:B+TnT182UBxE84DiCz4CVE26eOSDAeYCpfDnC2kdKMY=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k=
 sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=

hack/crd.generate.sh

@@ -10,9 +10,9 @@ cd "${SCRIPT_DIR}"/../
 
 go run sigs.k8s.io/controller-tools/cmd/controller-gen \
   object:headerFile="hack/boilerplate.go.txt" \
-  paths="./..."
+  paths="./apis/..."
 go run sigs.k8s.io/controller-tools/cmd/controller-gen crd \
-  paths="./..." \
+  paths="./apis/..." \
   output:crd:artifacts:config="${CRD_DIR}/bases"
 
 # Remove extra header lines in generated CRDs