Add support for Yandex Lockbox: custom API endpoint

apis/externalsecrets/v1alpha1/secretstore_yandexlockbox_types.go

@@ -26,8 +26,9 @@ type YandexLockboxAuth struct {
 
 // YandexLockboxProvider Configures a store to sync secrets using the Yandex Lockbox provider.
 type YandexLockboxProvider struct {
-	// Yandex.Cloud API endpoint
-	Endpoint string `json:"endpoint,omitempty"`
+	// Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')
+	// +optional
+	APIEndpoint string `json:"apiEndpoint,omitempty"`
 
 	// Auth defines the information necessary to authenticate against Yandex Lockbox
 	Auth YandexLockboxAuth `json:"auth"`

deploy/crds/external-secrets.io_clustersecretstores.yaml

@@ -612,6 +612,9 @@ spec:
                     description: YandexLockbox configures this store to sync secrets
                       using Yandex Lockbox provider
                     properties:
+                      apiEndpoint:
+                        description: Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')
+                        type: string
                       auth:
                         description: Auth defines the information necessary to authenticate
                           against Yandex Lockbox
@@ -637,9 +640,6 @@ spec:
                             - name
                             type: object
                         type: object
-                      endpoint:
-                        description: Yandex.Cloud API endpoint
-                        type: string
                     required:
                     - auth
                     type: object

deploy/crds/external-secrets.io_secretstores.yaml

@@ -612,6 +612,9 @@ spec:
                     description: YandexLockbox configures this store to sync secrets
                       using Yandex Lockbox provider
                     properties:
+                      apiEndpoint:
+                        description: Yandex.Cloud API endpoint (e.g. 'api.cloud.yandex.net:443')
+                        type: string
                       auth:
                         description: Auth defines the information necessary to authenticate
                           against Yandex Lockbox
@@ -637,9 +640,6 @@ spec:
                             - name
                             type: object
                         type: object
-                      endpoint:
-                        description: Yandex.Cloud API endpoint
-                        type: string
                     required:
                     - auth
                     type: object

docs/spec.md

@@ -2339,13 +2339,14 @@ github.com/external-secrets/external-secrets/apis/meta/v1.SecretKeySelector
 <tbody>
 <tr>
 <td>
-<code>endpoint</code></br>
+<code>apiEndpoint</code></br>
 <em>
 string
 </em>
 </td>
 <td>
-<p>Yandex.Cloud API endpoint</p>
+<em>(Optional)</em>
+<p>Yandex.Cloud API endpoint (e.g. &lsquo;api.cloud.yandex.net:443&rsquo;)</p>
 </td>
 </tr>
 <tr>

pkg/provider/yandex/lockbox/client/client.go

@@ -22,7 +22,7 @@ import (
 
 // Creates LockboxClient with the given authorized key.
 type LockboxClientCreator interface {
-	Create(ctx context.Context, endpoint string, authorizedKey *iamkey.Key) (LockboxClient, error)
+	Create(ctx context.Context, apiEndpoint string, authorizedKey *iamkey.Key) (LockboxClient, error)
 }
 
 // Responsible for accessing Lockbox secrets.

pkg/provider/yandex/lockbox/client/fake/fake.go

@@ -30,7 +30,7 @@ type LockboxClientCreator struct {
 	Backend *LockboxBackend
 }
 
-func (lcc *LockboxClientCreator) Create(ctx context.Context, endpoint string, authorizedKey *iamkey.Key) (client.LockboxClient, error) {
+func (lcc *LockboxClientCreator) Create(ctx context.Context, apiEndpoint string, authorizedKey *iamkey.Key) (client.LockboxClient, error) {
 	return &LockboxClient{lcc.Backend, authorizedKey}, nil
 }
 

pkg/provider/yandex/lockbox/client/grpc/grpc.go

@@ -27,7 +27,7 @@ import (
 type LockboxClientCreator struct {
 }
 
-func (lb *LockboxClientCreator) Create(ctx context.Context, endpoint string, authorizedKey *iamkey.Key) (client.LockboxClient, error) {
+func (lb *LockboxClientCreator) Create(ctx context.Context, apiEndpoint string, authorizedKey *iamkey.Key) (client.LockboxClient, error) {
 	credentials, err := ycsdk.ServiceAccountKey(authorizedKey)
 	if err != nil {
 		return nil, err
@@ -35,7 +35,7 @@ func (lb *LockboxClientCreator) Create(ctx context.Context, endpoint string, aut
 
 	sdk, err := ycsdk.Build(ctx, ycsdk.Config{
 		Credentials: credentials,
-		Endpoint:    endpoint,
+		Endpoint:    apiEndpoint,
 	})
 	if err != nil {
 		return nil, err

pkg/provider/yandex/lockbox/lockbox.go

@@ -78,7 +78,7 @@ func (p *lockboxProvider) NewClient(ctx context.Context, store esv1alpha1.Generi
 		return nil, fmt.Errorf("unable to unmarshal authorized key: %w", err)
 	}
 
-	lb, err := p.lockboxClientCreator.Create(ctx, storeSpecYandexLockbox.Endpoint, &authorizedKey)
+	lb, err := p.lockboxClientCreator.Create(ctx, storeSpecYandexLockbox.APIEndpoint, &authorizedKey)
 	if err != nil {
 		return nil, fmt.Errorf("failed to create Yandex.Cloud SDK: %w", err)
 	}