v1alpha1

package
v0.27.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 18, 2024 License: Apache-2.0 Imports: 18 Imported by: 10

Documentation

Overview

Package v1alpha1 contains the definition of the sealed-secrets v1alpha1 API. Some of the code in this package is generated.

Index

Constants

View Source 
const (
	// SealedSecretName is the name used in SealedSecret CRD.
	SealedSecretName = "sealed-secret." + GroupName
	// SealedSecretPlural is the collection plural used with SealedSecret API.
	SealedSecretPlural = "sealedsecrets"

	// SealedSecretClusterWideAnnotation is the name for the annotation for
	// setting the secret to be available cluster wide.
	SealedSecretClusterWideAnnotation = annoNs + "cluster-wide"

	// SealedSecretNamespaceWideAnnotation is the name for the annotation for
	// setting the secret to be available namespace wide.
	SealedSecretNamespaceWideAnnotation = annoNs + "namespace-wide"

	// SealedSecretManagedAnnotation is the name for the annotation for
	// flagging existing secrets to be managed by the Sealed Secrets controller.
	SealedSecretManagedAnnotation = annoNs + "managed"

	// SealedSecretPatchAnnotation is the name for the annotation for
	// flagging existing secrets to be patched instead of overwritten by the Sealed Secrets controller.
	SealedSecretPatchAnnotation = annoNs + "patch"

	// SealedSecretSkipSetOwnerReferencesAnnotation is the name for the annotation for
	// flagging the controller not to set owner reference to secret.
	SealedSecretSkipSetOwnerReferencesAnnotation = annoNs + "skip-set-owner-references"
)
View Source 
const GroupName = "bitnami.com"

GroupName is the group name used in this package.

Variables

View Source 
var (
	// SchemeGroupVersion is the group version used to register these objects.
	SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha1"}

	// SchemeBuilder adds this group to scheme.
	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
	// AddToScheme is a global function that registers this API group & version to a scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)
View Source 
var (
	// TODO(mkm): remove after a release.
	AcceptDeprecatedV1Data = false
)

Functions

func EncryptionLabel 

func EncryptionLabel(namespace, name string, scope SealingScope) []byte

EncryptionLabel returns the label meant to be used for encrypting a sealed secret according to scope.

func Resource 

func Resource(resource string) schema.GroupResource

Resource takes an unqualified resource and returns a Group qualified GroupResource.

func StripLastAppliedAnnotations 

func StripLastAppliedAnnotations(annotations map[string]string)

StripLastAppliedAnnotations strips annotations added by tools such as kubectl and kubecfg that contain a full copy of the original object kept in the annotation for strategic-merge-patch purposes. We need to remove these annotations when sealing an existing secret otherwise we'd leak the secrets.

func UpdateScopeAnnotations 

func UpdateScopeAnnotations(anno map[string]string, scope SealingScope) map[string]string

UpdateScopeAnnotations updates the annotation map so that it reflects the desired scope. It does so by updating and/or deleting existing annotations.

Types

type ByCreationTimestamp 

type ByCreationTimestamp []apiv1.Secret

ByCreationTimestamp is used to sort a list of secrets.

func (ByCreationTimestamp) DeepCopy 

func (in ByCreationTimestamp) DeepCopy() ByCreationTimestamp

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ByCreationTimestamp.

func (ByCreationTimestamp) DeepCopyInto 

func (in ByCreationTimestamp) DeepCopyInto(out *ByCreationTimestamp)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (ByCreationTimestamp) Len 

func (s ByCreationTimestamp) Len() int

func (ByCreationTimestamp) Less 

func (s ByCreationTimestamp) Less(i, j int) bool

func (ByCreationTimestamp) Swap 

func (s ByCreationTimestamp) Swap(i, j int)

type SealedSecret 

type SealedSecret struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec SealedSecretSpec `json:"spec"`
	// +optional
	Status *SealedSecretStatus `json:"status,omitempty"`
}

SealedSecret is the K8s representation of a "sealed Secret" - a regular k8s Secret that has been sealed (encrypted) using the controller's key.

func NewSealedSecret 

func NewSealedSecret(codecs runtimeserializer.CodecFactory, pubKey *rsa.PublicKey, secret *v1.Secret) (*SealedSecret, error)

NewSealedSecret creates a new SealedSecret object wrapping the provided secret. This encrypts only the values of each secrets individually, so secrets can be updated one by one.

func NewSealedSecretV1 

func NewSealedSecretV1(codecs runtimeserializer.CodecFactory, pubKey *rsa.PublicKey, secret *v1.Secret) (*SealedSecret, error)

NewSealedSecretV1 creates a new SealedSecret object wrapping the provided secret. This encrypts all the secrets into a single encrypted blob and stores it in the `Data` attribute. Keeping this for backward compatibility.

func (*SealedSecret) DeepCopy 

func (in *SealedSecret) DeepCopy() *SealedSecret

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecret.

func (*SealedSecret) DeepCopyInto 

func (in *SealedSecret) DeepCopyInto(out *SealedSecret)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SealedSecret) DeepCopyObject 

func (in *SealedSecret) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*SealedSecret) Scope 

func (s *SealedSecret) Scope() SealingScope

Scope returns the scope of the sealed secret, as annotated in its metadata.

func (*SealedSecret) Unseal 

func (s *SealedSecret) Unseal(codecs runtimeserializer.CodecFactory, privKeys map[string]*rsa.PrivateKey) (*v1.Secret, error)

Unseal decrypts and returns the embedded v1.Secret.

type SealedSecretCondition 

type SealedSecretCondition struct {
	// Type of condition for a sealed secret.
	// Valid value: "Synced"
	Type SealedSecretConditionType `json:"type" protobuf:"bytes,1,opt,name=type,casttype=DeploymentConditionType"`
	// Status of the condition for a sealed secret.
	// Valid values for "Synced": "True", "False", or "Unknown".
	Status apiv1.ConditionStatus `json:"status" protobuf:"bytes,2,opt,name=status,casttype=k8s.io/api/core/v1.ConditionStatus"`
	// The last time this condition was updated.
	LastUpdateTime metav1.Time `json:"lastUpdateTime,omitempty" protobuf:"bytes,6,opt,name=lastUpdateTime"`
	// Last time the condition transitioned from one status to another.
	LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty" protobuf:"bytes,7,opt,name=lastTransitionTime"`
	// The reason for the condition's last transition.
	Reason string `json:"reason,omitempty" protobuf:"bytes,4,opt,name=reason"`
	// A human readable message indicating details about the transition.
	Message string `json:"message,omitempty" protobuf:"bytes,5,opt,name=message"`
}

SealedSecretCondition describes the state of a sealed secret at a certain point.

func (*SealedSecretCondition) DeepCopy 

func (in *SealedSecretCondition) DeepCopy() *SealedSecretCondition

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretCondition.

func (*SealedSecretCondition) DeepCopyInto 

func (in *SealedSecretCondition) DeepCopyInto(out *SealedSecretCondition)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SealedSecretConditionType 

type SealedSecretConditionType string

SealedSecretConditionType describes the type of SealedSecret condition. 

const (
	// SealedSecretSynced means the SealedSecret has been decrypted and the Secret has been updated successfully.
	SealedSecretSynced SealedSecretConditionType = "Synced"
)

type SealedSecretEncryptedData added in v0.18.3 

type SealedSecretEncryptedData map[string]string

+kubebuilder:pruning:PreserveUnknownFields

func (SealedSecretEncryptedData) DeepCopy added in v0.18.3 

func (in SealedSecretEncryptedData) DeepCopy() SealedSecretEncryptedData

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretEncryptedData.

func (SealedSecretEncryptedData) DeepCopyInto added in v0.18.3 

func (in SealedSecretEncryptedData) DeepCopyInto(out *SealedSecretEncryptedData)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SealedSecretEncryptedData) UnmarshalJSON added in v0.18.3 

func (s *SealedSecretEncryptedData) UnmarshalJSON(data []byte) error

type SealedSecretExpansion 

type SealedSecretExpansion interface {
	Unseal(codecs runtimeserializer.CodecFactory, privKeys map[string]*rsa.PrivateKey) (*v1.Secret, error)
}

SealedSecretExpansion has methods to work with SealedSecrets resources.

type SealedSecretList 

type SealedSecretList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata"`

	Items []SealedSecret `json:"items"`
}

SealedSecretList represents a list of SealedSecrets.

func (*SealedSecretList) DeepCopy 

func (in *SealedSecretList) DeepCopy() *SealedSecretList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretList.

func (*SealedSecretList) DeepCopyInto 

func (in *SealedSecretList) DeepCopyInto(out *SealedSecretList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*SealedSecretList) DeepCopyObject 

func (in *SealedSecretList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type SealedSecretSpec 

type SealedSecretSpec struct {
	// Template defines the structure of the Secret that will be
	// created from this sealed secret.
	// +optional
	Template SecretTemplateSpec `json:"template,omitempty"`

	// Data is deprecated and will be removed eventually. Use per-value EncryptedData instead.
	Data          []byte                    `json:"data,omitempty"`
	EncryptedData SealedSecretEncryptedData `json:"encryptedData"`
}

SealedSecretSpec is the specification of a SealedSecret.

func (*SealedSecretSpec) DeepCopy 

func (in *SealedSecretSpec) DeepCopy() *SealedSecretSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretSpec.

func (*SealedSecretSpec) DeepCopyInto 

func (in *SealedSecretSpec) DeepCopyInto(out *SealedSecretSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SealedSecretStatus 

type SealedSecretStatus struct {
	// ObservedGeneration reflects the generation most recently observed by the sealed-secrets controller.
	// +optional
	ObservedGeneration int64 `json:"observedGeneration,omitempty" protobuf:"varint,3,opt,name=observedGeneration"`

	// Represents the latest available observations of a sealed secret's current state.
	// +optional
	// +patchMergeKey=type
	// +patchStrategy=merge
	Conditions []SealedSecretCondition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,6,rep,name=conditions"`
}

SealedSecretStatus is the most recently observed status of the SealedSecret.

func (*SealedSecretStatus) DeepCopy 

func (in *SealedSecretStatus) DeepCopy() *SealedSecretStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SealedSecretStatus.

func (*SealedSecretStatus) DeepCopyInto 

func (in *SealedSecretStatus) DeepCopyInto(out *SealedSecretStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type SealingScope 

type SealingScope int

SealingScope is an enum that declares the mobility of a sealed secret by defining in which scopes. 

const (
	// The StrictScope pins the sealed secret to a specific namespace and a specific name.
	StrictScope SealingScope = iota
	// The NamespaceWideScope only pins a sealed secret to a specific namespace.
	NamespaceWideScope
	// The ClusterWideScope allows the sealed secret to be unsealed in any namespace of the cluster.
	ClusterWideScope

	// The DefaultScope is currently the StrictScope.
	DefaultScope = StrictScope
)

func SecretScope 

func SecretScope(o metav1.Object) SealingScope

SecretScope returns the scope of a secret to be sealed, as annotated in its metadata.

func (*SealingScope) Set 

func (s *SealingScope) Set(v string) error

func (*SealingScope) String 

func (s *SealingScope) String() string

func (*SealingScope) Type 

func (s *SealingScope) Type() string

Type implements the pflag.Value interface.

type SecretTemplateSpec 

type SecretTemplateSpec struct {
	// Standard object's metadata.
	// More info: https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
	// +optional
	// +nullable
	// +kubebuilder:pruning:PreserveUnknownFields
	metav1.ObjectMeta `json:"metadata,omitempty" protobuf:"bytes,1,opt,name=metadata"`

	// Used to facilitate programmatic handling of secret data.
	// +optional
	Type apiv1.SecretType `json:"type,omitempty" protobuf:"bytes,3,opt,name=type,casttype=SecretType"`

	// Immutable, if set to true, ensures that data stored in the Secret cannot
	// be updated (only object metadata can be modified).
	// If not set to true, the field can be modified at any time.
	// Defaulted to nil.
	// +optional
	Immutable *bool `json:"immutable,omitempty" protobuf:"varint,5,opt,name=immutable"`

	// Keys that should be templated using decrypted data.
	// +optional
	// +nullable
	Data map[string]string `json:"data,omitempty"`
}

SecretTemplateSpec describes the structure a Secret should have when created from a template.

func (*SecretTemplateSpec) DeepCopy 

func (in *SecretTemplateSpec) DeepCopy() *SecretTemplateSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SecretTemplateSpec.

func (*SecretTemplateSpec) DeepCopyInto 

func (in *SecretTemplateSpec) DeepCopyInto(out *SecretTemplateSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.