feat: add API version parameter to BeyondTrust Provider (#4354)

apis/externalsecrets/v1beta1/secretstore_beyondtrust_types.go

@@ -45,6 +45,8 @@ type BeyondtrustAuth struct {
 type BeyondtrustServer struct {
 	// +required - BeyondTrust Password Safe API URL. https://example.com:443/beyondtrust/api/public/V3.
 	APIURL string `json:"apiUrl"`
+	// +optional - The recommended version is 3.1. If no version is specified, the default API version 3.0 will be used
+	APIVersion string `json:"apiVersion,omitempty"`
 	// The secret retrieval type. SECRET = Secrets Safe (credential, text, file). MANAGED_ACCOUNT = Password Safe account associated with a system.
 	RetrievalType string `json:"retrievalType,omitempty"`
 	// A character that separates the folder names.

config/crds/bases/external-secrets.io_clustersecretstores.yaml

@@ -2989,6 +2989,8 @@ spec:
                         properties:
                           apiUrl:
                             type: string
+                          apiVersion:
+                            type: string
                           clientTimeOutSeconds:
                             description: Timeout specifies a time limit for requests
                               made by this Client. The timeout includes connection

config/crds/bases/external-secrets.io_secretstores.yaml

@@ -2989,6 +2989,8 @@ spec:
                         properties:
                           apiUrl:
                             type: string
+                          apiVersion:
+                            type: string
                           clientTimeOutSeconds:
                             description: Timeout specifies a time limit for requests
                               made by this Client. The timeout includes connection

deploy/crds/bundle.yaml

@@ -3555,6 +3555,8 @@ spec:
                           properties:
                             apiUrl:
                               type: string
+                            apiVersion:
+                              type: string
                             clientTimeOutSeconds:
                               description: Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. Defaults to 45 seconds.
                               type: integer
@@ -10681,6 +10683,8 @@ spec:
                           properties:
                             apiUrl:
                               type: string
+                            apiVersion:
+                              type: string
                             clientTimeOutSeconds:
                               description: Timeout specifies a time limit for requests made by this Client. The timeout includes connection time, any redirects, and reading the response body. Defaults to 45 seconds.
                               type: integer

docs/api/spec.md

@@ -1214,6 +1214,16 @@ string
 </tr>
 <tr>
 <td>
+<code>apiVersion</code></br>
+<em>
+string
+</em>
+</td>
+<td>
+</td>
+</tr>
+<tr>
+<td>
 <code>retrievalType</code></br>
 <em>
 string

docs/provider/beyondtrust.md

@@ -79,6 +79,7 @@ spec:
         retrievalType: MANAGED_ACCOUNT  # or SECRET
         verifyCA: true
         clientTimeOutSeconds: 45
+        apiVersion: "3.0" # The recommended version is 3.1. If no version is specified, the default API version 3.0 will be used.
       auth: 
         certificate: # omit certificates if retrievalType is SECRET
           secretRef:

docs/snippets/beyondtrust-secret-store.yaml

@@ -30,4 +30,5 @@ spec:
       retrievalType: MANAGED_ACCOUNT
       verifyCA: true
       clientTimeOutSeconds: 45
-      apiUrl: https://example.ps-dev.beyondtrustcloud.com:443/BeyondTrust/api/public/v3/
+      apiUrl: https://example.ps-dev.beyondtrustcloud.com:443/BeyondTrust/api/public/v3/
+      apiVersion: "3.1"

pkg/provider/beyondtrust/provider.go

@@ -70,6 +70,7 @@ type AuthenticatorInput struct {
 	HTTPClientObj              utils.HttpClientObj
 	BackoffDefinition          *backoff.ExponentialBackOff
 	APIURL                     string
+	APIVersion                 string
 	ClientID                   string
 	ClientSecret               string
 	APIKey                     string
@@ -147,6 +148,7 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore,
 		ClientID:                   clientID,
 		ClientSecret:               clientSecret,
 		ApiUrl:                     &config.Server.APIURL,
+		ApiVersion:                 config.Server.APIVersion,
 		ClientTimeOutInSeconds:     clientTimeOutInSeconds,
 		Separator:                  &separator,
 		VerifyCa:                   config.Server.VerifyCA,
@@ -171,6 +173,7 @@ func (p *Provider) NewClient(ctx context.Context, store esv1beta1.GenericStore,
 		HTTPClientObj:              *httpClient,
 		BackoffDefinition:          backoffDefinition,
 		APIURL:                     config.Server.APIURL,
+		APIVersion:                 config.Server.APIVersion,
 		ClientID:                   clientID,
 		ClientSecret:               clientSecret,
 		APIKey:                     apiKey,
@@ -270,6 +273,7 @@ func getAuthenticator(input AuthenticatorInput) (*auth.AuthenticationObj, error)
 		HTTPClient:                 input.HTTPClientObj,
 		BackoffDefinition:          input.BackoffDefinition,
 		EndpointURL:                input.APIURL,
+		APIVersion:                 input.APIVersion,
 		ApiKey:                     input.APIKey,
 		Logger:                     input.Logger,
 		RetryMaxElapsedTimeSeconds: input.RetryMaxElapsedTimeMinutes,