v1alpha1

package
v1.2.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 23, 2024 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the secret-agent v1alpha1 API group +kubebuilder:object:generate=true +groupName=secret-agent.secrets.forgerock.io

Index

Constants

View Source 
const (
	// PathDelimiter is used for reference paths in the SecretAgentConfiguration
	PathDelimiter string = "/"
)

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "secret-agent.secrets.forgerock.io", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

func ConfigurationStructLevelValidator 

func ConfigurationStructLevelValidator(sl validator.StructLevel)

ConfigurationStructLevelValidator ensures configuration is usable

Types

type AlgorithmType 

type AlgorithmType string

AlgorithmType Specifies which keystore algorithm to use +kubebuilder:validation:Enum=ECDSAWithSHA256;SHA256WithRSA 

const (
	AlgorithmTypeECDSAWithSHA256 AlgorithmType = "ECDSAWithSHA256"
	AlgorithmTypeSHA256WithRSA   AlgorithmType = "SHA256WithRSA"
)

AlgorithmType strings

type AppConfig 

type AppConfig struct {
	// +kubebuilder:validation:Required
	CreateKubernetesObjects bool `json:"createKubernetesObjects"`
	// +kubebuilder:validation:Required
	SecretsManager        SecretsManager `json:"secretsManager"`
	SecretsManagerPrefix  string         `json:"secretsManagerPrefix,omitempty"`
	CredentialsSecretName string         `json:"credentialsSecretName,omitempty"`
	GCPProjectID          string         `json:"gcpProjectID,omitempty"`
	AWSRegion             string         `json:"awsRegion,omitempty"`
	AWSKmsKeyId           string         `json:"awsKmsKeyId,omitempty"`
	AzureVaultName        string         `json:"azureVaultName,omitempty"`

	// Optional timeout value to generate a individual secret. Defaults to 40
	// +kubebuilder:default:=40
	SecretTimeout *int `json:"secretTimeout,omitempty"`

	// Optional number of times the operator will attempt to generate secrets. Defaults to 3
	// +kubebuilder:default:=3
	MaxRetries *int `json:"maxRetries,omitempty"`

	// Optional backoff time in seconds before retrying secret generation. Defaults to 2
	// +kubebuilder:default:=2
	BackOffSecs *int `json:"backOffSecs,omitempty"`
}

AppConfig is the configuration for the forgeops-secrets application

func (*AppConfig) DeepCopy 

func (in *AppConfig) DeepCopy() *AppConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AppConfig.

func (*AppConfig) DeepCopyInto 

func (in *AppConfig) DeepCopyInto(out *AppConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type DistinguishedName 

type DistinguishedName struct {
	Country            []string `json:"country,omitempty"`
	Organization       []string `json:"organization,omitempty"`
	OrganizationalUnit []string `json:"organizationUnit,omitempty"`
	Locality           []string `json:"locality,omitempty"`
	Province           []string `json:"province,omitempty"`
	StreetAddress      []string `json:"streetAddress,omitempty"`
	PostalCode         []string `json:"postalCode,omitempty"`
	SerialNumber       string   `json:"serialNumber,omitempty"`
	CommonName         string   `json:"commonName,omitempty"`
}

DistinguishedName certificate subject data

func (*DistinguishedName) DeepCopy 

func (in *DistinguishedName) DeepCopy() *DistinguishedName

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DistinguishedName.

func (*DistinguishedName) DeepCopyInto 

func (in *DistinguishedName) DeepCopyInto(out *DistinguishedName)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KeyConfig 

type KeyConfig struct {
	// +kubebuilder:validation:Required
	Name string `json:"name"`
	// +kubebuilder:validation:Required
	Type KeyConfigType `json:"type"`
	Spec *KeySpec      `json:"spec,omitempty"`
}

KeyConfig is the configuration for a specific data key

func (*KeyConfig) DeepCopy 

func (in *KeyConfig) DeepCopy() *KeyConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeyConfig.

func (*KeyConfig) DeepCopyInto 

func (in *KeyConfig) DeepCopyInto(out *KeyConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KeyConfigType 

type KeyConfigType string

KeyConfigType Specifies which key type to use +kubebuilder:validation:Enum=ca;literal;password;ssh;keyPair;truststore;keytool; 

const (
	KeyConfigTypeCA         KeyConfigType = "ca"
	KeyConfigTypeLiteral    KeyConfigType = "literal"
	KeyConfigTypePassword   KeyConfigType = "password"
	KeyConfigTypeSSH        KeyConfigType = "ssh"
	KeyConfigTypeKeyPair    KeyConfigType = "keyPair"
	KeyConfigTypeTrustStore KeyConfigType = "truststore"
	KeyConfigTypeKeytool    KeyConfigType = "keytool"
)

Key Config Type Strings

type KeySpec 

type KeySpec struct {
	Value                 string             `json:"value,omitempty"`
	Algorithm             AlgorithmType      `json:"algorithm,omitempty"`
	DistinguishedName     *DistinguishedName `json:"distinguishedName,omitempty"`
	SignedWithPath        string             `json:"signedWithPath,omitempty"`
	StoreType             StoreType          `json:"storeType,omitempty"`
	StorePassPath         string             `json:"storePassPath,omitempty"`
	KeyPassPath           string             `json:"keyPassPath,omitempty"`
	Sans                  []string           `json:"sans,omitempty"`
	TruststoreImportPaths []string           `json:"truststoreImportPaths,omitempty"`
	SelfSigned            bool               `json:"selfSigned,omitempty"`
	Duration              *metav1.Duration   `json:"duration,omitempty"`
	UseBinaryCharacters   bool               `json:"useBinaryCharacters,omitempty"`
	IsBase64              bool               `json:"isBase64,omitempty"`
	PEMFormat             bool               `json:"pemFormat,omitempty"`

	// +kubebuilder:validation:Minimun=16
	Length *int `json:"length,omitempty"`

	// +kubebuilder:validation:MinItems=1
	KeytoolAliases []*KeytoolAliasConfig `json:"keytoolAliases,omitempty" validate:"dive,unique=Name"`
}

KeySpec is the configuration for each key

func (*KeySpec) DeepCopy 

func (in *KeySpec) DeepCopy() *KeySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeySpec.

func (*KeySpec) DeepCopyInto 

func (in *KeySpec) DeepCopyInto(out *KeySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KeytoolAliasConfig 

type KeytoolAliasConfig struct {
	// +kubebuilder:validation:Required
	Name string `json:"name"`
	// +kubebuilder:validation:Required
	Cmd        KeytoolCmd `json:"cmd"`
	Args       []string   `json:"args,omitempty"`
	SourcePath string     `json:"sourcePath,omitempty"`
	IsKeyPair  bool       `json:"isKeyPair,omitempty"`
}

KeytoolAliasConfig is the configuration for a keystore alias

func (*KeytoolAliasConfig) DeepCopy 

func (in *KeytoolAliasConfig) DeepCopy() *KeytoolAliasConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new KeytoolAliasConfig.

func (*KeytoolAliasConfig) DeepCopyInto 

func (in *KeytoolAliasConfig) DeepCopyInto(out *KeytoolAliasConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type KeytoolCmd 

type KeytoolCmd string

KeytoolCmd Specifies the keytool command to use. +kubebuilder:validation:Enum=genkeypair;genseckey;importcert;importpassword;importkeystore 

const (
	KeytoolCmdGenkeypair     KeytoolCmd = "genkeypair"
	KeytoolCmdGenseckey      KeytoolCmd = "genseckey"
	KeytoolCmdImportcert     KeytoolCmd = "importcert"
	KeytoolCmdImportpassword KeytoolCmd = "importpassword"
	KeytoolCmdImportkeystore KeytoolCmd = "importkeystore"
)

Key Config Type Strings

type SecretAgentConfState 

type SecretAgentConfState string

SecretAgentConfState is used to keep track of the SAC state 

const (
	SecretAgentConfigurationCompleted  SecretAgentConfState = "Completed"
	SecretAgentConfigurationInProgress SecretAgentConfState = "InProgress"
	SecretAgentConfigurationError      SecretAgentConfState = "ErrorFound"
	SecretAgentConfigurationErrorRetry SecretAgentConfState = "ErrorFoundRetry"
)

SecretsManager Strings

type SecretAgentConfiguration 

type SecretAgentConfiguration struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   SecretAgentConfigurationSpec   `json:"spec,omitempty"`
	Status SecretAgentConfigurationStatus `json:"status,omitempty"`
}

SecretAgentConfiguration is the Schema for the secretagentconfigurations API

func (*SecretAgentConfiguration) DeepCopy 

func (in *SecretAgentConfiguration) DeepCopy() *SecretAgentConfiguration

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretAgentConfiguration.

func (*SecretAgentConfiguration) DeepCopyInto 

func (in *SecretAgentConfiguration) DeepCopyInto(out *SecretAgentConfiguration)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretAgentConfiguration) DeepCopyObject 

func (in *SecretAgentConfiguration) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SecretAgentConfiguration) Default 

func (r *SecretAgentConfiguration) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*SecretAgentConfiguration) SetupWebhookWithManager 

func (r *SecretAgentConfiguration) SetupWebhookWithManager(mgr ctrl.Manager) error

SetupWebhookWithManager registers the webhook with the manager

func (*SecretAgentConfiguration) ValidateCreate 

func (r *SecretAgentConfiguration) ValidateCreate() error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*SecretAgentConfiguration) ValidateDelete 

func (r *SecretAgentConfiguration) ValidateDelete() error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*SecretAgentConfiguration) ValidateSecretConfiguration 

func (r *SecretAgentConfiguration) ValidateSecretConfiguration() error

ValidateSecretConfiguration Validates the SecretAgentConfiguration object

func (*SecretAgentConfiguration) ValidateUpdate 

func (r *SecretAgentConfiguration) ValidateUpdate(old runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type SecretAgentConfigurationList 

type SecretAgentConfigurationList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []SecretAgentConfiguration `json:"items"`
}

SecretAgentConfigurationList contains a list of SecretAgentConfiguration

func (*SecretAgentConfigurationList) DeepCopy 

func (in *SecretAgentConfigurationList) DeepCopy() *SecretAgentConfigurationList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretAgentConfigurationList.

func (*SecretAgentConfigurationList) DeepCopyInto 

func (in *SecretAgentConfigurationList) DeepCopyInto(out *SecretAgentConfigurationList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SecretAgentConfigurationList) DeepCopyObject 

func (in *SecretAgentConfigurationList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SecretAgentConfigurationSpec 

type SecretAgentConfigurationSpec struct {

	// +kubebuilder:validation:Required
	AppConfig AppConfig `json:"appConfig"`
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	Secrets []*SecretConfig `json:"secrets" validate:"dive,unique=Name"`
}

SecretAgentConfigurationSpec defines the desired state of SecretAgentConfiguration

func (*SecretAgentConfigurationSpec) DeepCopy 

func (in *SecretAgentConfigurationSpec) DeepCopy() *SecretAgentConfigurationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretAgentConfigurationSpec.

func (*SecretAgentConfigurationSpec) DeepCopyInto 

func (in *SecretAgentConfigurationSpec) DeepCopyInto(out *SecretAgentConfigurationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretAgentConfigurationStatus 

type SecretAgentConfigurationStatus struct {
	State                       SecretAgentConfState `json:"state,omitempty"`
	TotalManagedSecrets         int                  `json:"totalManagedSecrets,omitempty"`
	TotalKubeSecrets            int                  `json:"totalKubeSecrets,omitempty"`
	TotalSecretManagerSecrets   int                  `json:"totalSecretManagerSecrets,omitempty"`
	ManagedKubeSecrets          []string             `json:"managedKubeSecrets,omitempty"`
	ManagedSecretManagerSecrets []string             `json:"managedSecretManagerSecrets,omitempty"`
}

SecretAgentConfigurationStatus defines the observed state of SecretAgentConfiguration

func (*SecretAgentConfigurationStatus) DeepCopy 

func (in *SecretAgentConfigurationStatus) DeepCopy() *SecretAgentConfigurationStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretAgentConfigurationStatus.

func (*SecretAgentConfigurationStatus) DeepCopyInto 

func (in *SecretAgentConfigurationStatus) DeepCopyInto(out *SecretAgentConfigurationStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretConfig 

type SecretConfig struct {
	// +kubebuilder:validation:Required
	Name string `json:"name"`
	// +kubebuilder:validation:Required
	// +kubebuilder:validation:MinItems=1
	Keys []*KeyConfig `json:"keys" validate:"dive,unique=Name"`
}

SecretConfig is the configuration for a specific Kubernetes secret

func (*SecretConfig) DeepCopy 

func (in *SecretConfig) DeepCopy() *SecretConfig

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretConfig.

func (*SecretConfig) DeepCopyInto 

func (in *SecretConfig) DeepCopyInto(out *SecretConfig)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SecretManagerCredentialKeyName 

type SecretManagerCredentialKeyName string

SecretManagerCredentialKeyName Specifies name of the secret key to be referenced 

const (
	SecretsManagerGoogleApplicationCredentials SecretManagerCredentialKeyName = "GOOGLE_CREDENTIALS_JSON"
	SecretsManagerAwsAccessKeyID               SecretManagerCredentialKeyName = "AWS_ACCESS_KEY_ID"
	SecretsManagerAwsSecretAccessKey           SecretManagerCredentialKeyName = "AWS_SECRET_ACCESS_KEY"
	SecretsManagerAzureTenantID                SecretManagerCredentialKeyName = "AZURE_TENANT_ID"
	SecretsManagerAzureClientID                SecretManagerCredentialKeyName = "AZURE_CLIENT_ID"
	SecretsManagerAzureClientSecret            SecretManagerCredentialKeyName = "AZURE_CLIENT_SECRET"
)

SecretManagerCredentialKeyName Type Strings

type SecretsManager 

type SecretsManager string

SecretsManager Specifies which cloud secret manager will be used +kubebuilder:validation:Enum=none;GCP;AWS;Azure 

const (
	SecretsManagerNone  SecretsManager = "none"
	SecretsManagerGCP   SecretsManager = "GCP"
	SecretsManagerAWS   SecretsManager = "AWS"
	SecretsManagerAzure SecretsManager = "Azure"
)

SecretsManager Strings

type StoreType 

type StoreType string

StoreType Specifies which keystore store type to use +kubebuilder:validation:Enum=pkcs12;jceks;jks 

const (
	StoreTypePkcs12 StoreType = "pkcs12"
	StoreTypeJceks  StoreType = "jceks"
	StoreTypeJks    StoreType = "jks"
)

StoreType strings

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.