v1alpha1

package
v0.13.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 28, 2020 License: Apache-2.0 Imports: 12 Imported by: 0

Documentation

Overview

Package v1alpha1 contains the definition of the sealed-secrets v1alpha1 API. Some of the code in this package is generated.

Index

Constants

View Source
const (
	// SealedSecretName is the name used in SealedSecret CRD
	SealedSecretName = "sealed-secret." + GroupName
	// SealedSecretPlural is the collection plural used with SealedSecret API
	SealedSecretPlural = "sealedsecrets"

	// SealedSecretClusterWideAnnotation is the name for the annotation for
	// setting the secret to be available cluster wide.
	SealedSecretClusterWideAnnotation = annoNs + "cluster-wide"

	// SealedSecretNamespaceWideAnnotation is the name for the annotation for
	// setting the secret to be available namespace wide.
	SealedSecretNamespaceWideAnnotation = annoNs + "namespace-wide"

	// SealedSecretManagedAnnotation is the name for the annotation for
	// flaging the existing secrets be managed by SealedSecret controller.
	SealedSecretManagedAnnotation = annoNs + "managed"
)
View Source
const GroupName = "bitnami.com"

GroupName is the group name used in this package

Variables

View Source
var (
	// SchemeGroupVersion is the group version used to register these objects
	SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

	// SchemeBuilder adds this group to scheme
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	// AddToScheme is a global function that registers this API group & version to a scheme
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source
var (
	// TODO(mkm): remove after a release
	AcceptDeprecatedV1Data = false
)

Functions

func EncryptionLabel added in v0.9.0

func EncryptionLabel(namespace, name string, scope SealingScope) []byte

EncryptionLabel returns the label meant to be used for encrypting a sealed secret according to scope.

func Resource

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource

func StripLastAppliedAnnotations added in v0.8.3

func StripLastAppliedAnnotations(annotations map[string]string)

StripLastAppliedAnnotations strips annotations added by tools such as kubectl and kubecfg that contain a full copy of the original object kept in the annotation for strategic-merge-patch purposes. We need to remove these annotations when sealing an existing secret otherwise we'd leak the secrets.

func UpdateScopeAnnotations added in v0.11.0

func UpdateScopeAnnotations(anno map[string]string, scope SealingScope) map[string]string

UpdateScopeAnnotations updates the annotation map so that it reflects the desired scope. It does so by updating and/or deleting existing annotations.

Types

type ByCreationTimestamp added in v0.8.0

type ByCreationTimestamp []apiv1.Secret

ByCreationTimestamp is used to sort a list of secrets

func (ByCreationTimestamp) DeepCopy added in v0.12.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ByCreationTimestamp.

func (ByCreationTimestamp) DeepCopyInto added in v0.12.0

func (in ByCreationTimestamp) DeepCopyInto(out *ByCreationTimestamp)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (ByCreationTimestamp) Len added in v0.8.0

func (s ByCreationTimestamp) Len() int

func (ByCreationTimestamp) Less added in v0.8.0

func (s ByCreationTimestamp) Less(i, j int) bool

func (ByCreationTimestamp) Swap added in v0.8.0

func (s ByCreationTimestamp) Swap(i, j int)

type SealedSecret

type SealedSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec SealedSecretSpec `json:"spec"`
	// +optional
	Status *SealedSecretStatus `json:"status,omitempty"`
}

SealedSecret is the K8s representation of a "sealed Secret" - a regular k8s Secret that has been sealed (encrypted) using the controller's key.

func NewSealedSecret

func NewSealedSecret(codecs runtimeserializer.CodecFactory, pubKey *rsa.PublicKey, secret *v1.Secret) (*SealedSecret, error)

NewSealedSecret creates a new SealedSecret object wrapping the provided secret. This encrypts only the values of each secrets individually, so secrets can be updated one by one.

func NewSealedSecretV1 added in v0.7.0

func NewSealedSecretV1(codecs runtimeserializer.CodecFactory, pubKey *rsa.PublicKey, secret *v1.Secret) (*SealedSecret, error)

NewSealedSecretV1 creates a new SealedSecret object wrapping the provided secret. This encrypts all the secrets into a single encrypted blob and stores it in the `Data` attribute. Keeping this for backward compatibility.

func (*SealedSecret) DeepCopy

func (in *SealedSecret) DeepCopy() *SealedSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecret.

func (*SealedSecret) DeepCopyInto

func (in *SealedSecret) DeepCopyInto(out *SealedSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SealedSecret) DeepCopyObject

func (in *SealedSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SealedSecret) Scope added in v0.9.7

func (s *SealedSecret) Scope() SealingScope

Scope returns the scope of the sealed secret, as annotated in its metadata.

func (*SealedSecret) Unseal

func (s *SealedSecret) Unseal(codecs runtimeserializer.CodecFactory, privKeys map[string]*rsa.PrivateKey) (*v1.Secret, error)

Unseal decrypts and returns the embedded v1.Secret.

type SealedSecretCondition added in v0.8.0

type SealedSecretCondition struct {
	// Type of condition for a sealed secret.
	// Valid value: "Synced"
	Type SealedSecretConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=DeploymentConditionType"`
	// Status of the condition for a sealed secret.
	// Valid values for "Synced": "True", "False", or "Unknown".
	Status apiv1.ConditionStatus `json:"status" protobuf:"bytes,2,opt,name=status,casttype=k8s.io/api/core/v1.ConditionStatus"`
	// The last time this condition was updated.
	LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty" protobuf:"bytes,6,opt,name=lastUpdateTime"`
	// Last time the condition transitioned from one status to another.
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,7,opt,name=lastTransitionTime"`
	// The reason for the condition's last transition.
	Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"`
	// A human readable message indicating details about the transition.
	Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"`
}

SealedSecretCondition describes the state of a sealed secret at a certain point.

func (*SealedSecretCondition) DeepCopy added in v0.8.0

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretCondition.

func (*SealedSecretCondition) DeepCopyInto added in v0.8.0

func (in *SealedSecretCondition) DeepCopyInto(out *SealedSecretCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SealedSecretConditionType added in v0.8.0

type SealedSecretConditionType string

SealedSecretConditionType describes the type of SealedSecret condition

const (
	// SealedSecretSynced means the SealedSecret has been decrypted and the Secret has been updated successfully.
	SealedSecretSynced SealedSecretConditionType = "Synced"
)

type SealedSecretExpansion added in v0.8.0

type SealedSecretExpansion interface {
	Unseal(codecs runtimeserializer.CodecFactory, privKeys map[string]*rsa.PrivateKey) (*v1.Secret, error)
}

SealedSecretExpansion has methods to work with SealedSecrets resources.

type SealedSecretList

type SealedSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []SealedSecret `json:"items"`
}

SealedSecretList represents a list of SealedSecrets

func (*SealedSecretList) DeepCopy

func (in *SealedSecretList) DeepCopy() *SealedSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretList.

func (*SealedSecretList) DeepCopyInto

func (in *SealedSecretList) DeepCopyInto(out *SealedSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SealedSecretList) DeepCopyObject

func (in *SealedSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SealedSecretSpec

type SealedSecretSpec struct {
	// Template defines the structure of the Secret that will be
	// created from this sealed secret.
	// +optional
	Template SecretTemplateSpec `json:"template,omitempty"`

	// Data is deprecated and will be removed eventually. Use per-value EncryptedData instead.
	Data          []byte            `json:"data,omitempty"`
	EncryptedData map[string]string `json:"encryptedData"`
}

SealedSecretSpec is the specification of a SealedSecret

func (*SealedSecretSpec) DeepCopy

func (in *SealedSecretSpec) DeepCopy() *SealedSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretSpec.

func (*SealedSecretSpec) DeepCopyInto

func (in *SealedSecretSpec) DeepCopyInto(out *SealedSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SealedSecretStatus added in v0.8.0

type SealedSecretStatus struct {
	// ObservedGeneration reflects the generation most recently observed by the sealed-secrets controller.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,3,opt,name=observedGeneration"`

	// Represents the latest available observations of a sealed secret's current state.
	// +optional
	// +patchMergeKey=type
	// +patchStrategy=merge
	Conditions []SealedSecretCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"`
}

SealedSecretStatus is the most recently observed status of the SealedSecret.

func (*SealedSecretStatus) DeepCopy added in v0.8.0

func (in *SealedSecretStatus) DeepCopy() *SealedSecretStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretStatus.

func (*SealedSecretStatus) DeepCopyInto added in v0.8.0

func (in *SealedSecretStatus) DeepCopyInto(out *SealedSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SealingScope added in v0.9.0

type SealingScope int

SealingScope is an enum that declares the mobility of a sealed secret by defining in which scopes

const (
	// The StrictScope pins the sealed secret to a specific namespace and a specific name.
	StrictScope SealingScope = iota
	// The NamespaceWideScope only pins a sealed secret to a specific namespace.
	NamespaceWideScope
	// The ClusterWideScope allows the sealed secret to be unsealed in any namespace of the cluster.
	ClusterWideScope

	// The DefaultScope is currently the StrictScope.
	DefaultScope = StrictScope
)

func SecretScope added in v0.9.7

func SecretScope(o metav1.Object) SealingScope

SecretScope returns the scope of a secret to be sealed, as annotated in its metadata.

func (*SealingScope) Set added in v0.9.0

func (s *SealingScope) Set(v string) error

func (*SealingScope) String added in v0.9.0

func (s *SealingScope) String() string

func (*SealingScope) Type added in v0.9.0

func (s *SealingScope) Type() string

Type implements the pflag.Value interface

type SecretTemplateSpec added in v0.8.0

type SecretTemplateSpec struct {
	// Standard object's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
	// +optional
	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

	// Used to facilitate programmatic handling of secret data.
	// +optional
	Type apiv1.SecretType `json:"type,omitempty" protobuf:"bytes,3,opt,name=type,casttype=SecretType"`
}

SecretTemplateSpec describes the structure a Secret should have when created from a template

func (*SecretTemplateSpec) DeepCopy added in v0.8.0

func (in *SecretTemplateSpec) DeepCopy() *SecretTemplateSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretTemplateSpec.

func (*SecretTemplateSpec) DeepCopyInto added in v0.8.0

func (in *SecretTemplateSpec) DeepCopyInto(out *SecretTemplateSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL